urlscan.io logo urlscan.io
SecurityTrails logo

threatpost.com Open in urlscan Pro
35.173.160.135  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://threatpost.com/malware-hunter-crawls-internet-looking-for-rat-c2s/125360/
Effective URL: https://threatpost.com/malware-hunter-crawls-internet-looking-for-rat-c2s/125360/
Submission: On March 23 via api from SI — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 104 IPs in 10 countries across 82 domains to perform 424 HTTP transactions. The main IP is 35.173.160.135, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is threatpost.com. The Cisco Umbrella rank of the primary domain is 152275.
TLS certificate: Issued by DigiCert TLS RSA SHA256 2020 CA1 on June 2nd 2021. Valid for: a year.
This is the only time threatpost.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
34 35.173.160.135 14618 (AMAZON-AES)
11 65.9.66.117 16509 (AMAZON-02)
3 2a00:1450:400... 15169 (GOOGLE)
7 2606:4700:303... 13335 (CLOUDFLAR...)
13 2600:9000:231... 16509 (AMAZON-02)
10 2600:9000:214... 16509 (AMAZON-02)
1 9 2a00:1450:400... 15169 (GOOGLE)
1 185.85.15.23 200107 (KL-EXT)
5 65.9.71.173 16509 (AMAZON-02)
1 9 151.101.130.137 54113 (FASTLY)
5 2a00:1450:400... 15169 (GOOGLE)
7 216.58.201.66 15169 (GOOGLE)
1 104.89.31.187 16625 (AKAMAI-AS)
1 46.105.202.126 16276 (OVH)
6 2a00:1450:400... 15169 (GOOGLE)
3 5 2620:116:800d... 16509 (AMAZON-02)
1 151.101.12.157 54113 (FASTLY)
5 2a00:1450:400... 15169 (GOOGLE)
2 54.154.124.119 16509 (AMAZON-02)
1 151.101.2.137 54113 (FASTLY)
9 18.223.60.0 16509 (AMAZON-02)
6 151.101.66.137 54113 (FASTLY)
4 2a00:1450:400... 15169 (GOOGLE)
2 2606:4700:20:... 13335 (CLOUDFLAR...)
2 54.36.109.183 16276 (OVH)
1 52.19.107.252 16509 (AMAZON-02)
2 15.236.176.210 16509 (AMAZON-02)
1 1 54.75.68.230 16509 (AMAZON-02)
1 64.140.160.2 18450 (WEBNX)
4 2602:803:c004... 26667 (RUBICONPR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 3 145.40.89.200 54825 (PACKET)
3 23.37.38.181 16625 (AKAMAI-AS)
3 18.196.121.26 16509 (AMAZON-02)
3 185.64.189.112 62713 (AS-PUBMATIC)
9 63.32.154.251 16509 (AMAZON-02)
1 18.193.246.175 16509 (AMAZON-02)
2 18 34.98.64.218 15169 (GOOGLE)
3 18.156.195.47 16509 (AMAZON-02)
2 6 134.209.129.254 14061 (DIGITALOC...)
2 6 72.251.249.9 29791 (VOXEL-DOT...)
3 13 185.33.221.52 29990 (ASN-APPNEX)
5 213.19.147.42 3356 (LEVEL3)
1 2600:9000:231... 16509 (AMAZON-02)
11 2a00:1450:400... 15169 (GOOGLE)
1 104.244.42.195 13414 (TWITTER)
1 104.244.42.69 13414 (TWITTER)
19 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
1 18.194.97.167 16509 (AMAZON-02)
1 2a02:26f0:6c0... 20940 (AKAMAI-ASN1)
1 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
3 2a00:1450:400... 15169 (GOOGLE)
17 2a00:1450:400... 15169 (GOOGLE)
2 4 2620:1ec:22::14 8068 (MICROSOFT...)
1 1 2620:1ec:21::14 8068 (MICROSOFT...)
1 13.107.42.14 8068 (MICROSOFT...)
1 2 142.250.185.198 15169 (GOOGLE)
6 2a00:1450:400... 15169 (GOOGLE)
1 195.66.82.41 197205 (MERCIS-AS)
1 37.187.27.147 16276 (OVH)
5 2a00:1450:400... 15169 (GOOGLE)
10 2a00:1450:400... 15169 (GOOGLE)
2 142.250.186.34 15169 (GOOGLE)
9 20 142.250.185.194 15169 (GOOGLE)
3 10 2.20.85.164 16625 (AKAMAI-AS)
2 104.111.242.245 16625 (AKAMAI-AS)
1 35.241.31.249 15169 (GOOGLE)
1 2 2a02:2638:1::13 44788 (ASN-CRITE...)
2 178.250.2.146 44788 (ASN-CRITE...)
5 23.218.208.200 16625 (AKAMAI-AS)
3 23.218.208.187 16625 (AKAMAI-AS)
2 2 151.101.130.49 54113 (FASTLY)
5 5 54.93.153.188 16509 (AMAZON-02)
5 8 3.126.56.137 16509 (AMAZON-02)
3 7 3.33.220.150 16509 (AMAZON-02)
3 3 185.29.132.241 30419 (MEDIAMATH...)
5 5 37.157.4.29 198622 (ADFORM)
1 1 165.227.252.242 14061 (DIGITALOC...)
1 205.185.216.42 20446 (STACKPATH...)
3 6 13.248.245.213 16509 (AMAZON-02)
1 2620:1ec:29::45 8068 (MICROSOFT...)
6 104.89.20.125 16625 (AKAMAI-AS)
2 3 2a05:d018:d29... 16509 (AMAZON-02)
3 5 18.185.196.75 16509 (AMAZON-02)
1 2620:1ec:c11:... 8068 (MICROSOFT...)
4 7 52.46.154.242 16509 (AMAZON-02)
5 5 70.42.32.31 22075 (AS-OUTBRAIN)
2 4 69.173.144.138 26667 (RUBICONPR...)
4 4 69.173.144.165 26667 (RUBICONPR...)
1 35.244.174.68 15169 (GOOGLE)
1 2a00:1288:80:... 203220 (YAHOO-DEB)
2 3 52.95.125.22 16509 (AMAZON-02)
2 18.195.155.181 16509 (AMAZON-02)
2 2 23.37.42.132 16625 (AKAMAI-AS)
1 178.162.133.148 60781 (LEASEWEB-...)
3 178.162.133.149 60781 (LEASEWEB-...)
2 2 54.86.196.175 14618 (AMAZON-AES)
1 2600:1f18:444... 14618 (AMAZON-AES)
1 14 54.194.49.117 16509 (AMAZON-02)
2 67.202.105.22 32748 (STEADFAST)
1 51.89.9.252 16276 (OVH)
2 185.86.139.104 201081 (SMARTADSE...)
1 1 193.0.160.128 54312 (ROCKETFUEL)
1 192.132.33.46 18568 (BIDTELLECT)
1 2 52.30.140.199 16509 (AMAZON-02)
1 1 185.33.220.145 29990 (ASN-APPNEX)
1 1 188.34.190.35 24940 (HETZNER-AS)
3 4 64.202.112.255 23352 (SERVERCEN...)
1 1 52.1.164.170 14618 (AMAZON-AES)
1 1 54.146.66.83 14618 (AMAZON-AES)
1 132.226.41.106 31898 (ORACLE-BM...)
1 169.197.150.7 398989 (DEEPINTENT)
1 1 104.111.215.191 16625 (AKAMAI-AS)
2 2 54.77.108.6 16509 (AMAZON-02)
2 3.248.94.125 16509 (AMAZON-02)
1 1 198.148.27.139 19189 (PULSEPOINT)
1 1 124.146.215.46 2514 (INFOSPHER...)
2 2 185.184.8.65 204995 (RTB-HOUSE...)
1 69.173.151.100 26667 (RUBICONPR...)
1 88.214.206.142 46636 (NATCOWEB)
3 185.86.137.132 201081 (SMARTADSE...)
1 1 85.114.159.93 24961 (MYLOC-AS ...)
424 104
34    35.173.160.135 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-35-173-160-135.compute-1.amazonaws.com
threatpost.com
kasperskycontenthub.com
11    65.9.66.117 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-65-9-66-117.fra56.r.cloudfront.net
tagan.adlightning.com
3    2a00:1450:4001:802::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagservices.com
7    2606:4700:3030::ac43:cf70 (United States)

ASN13335 (CLOUDFLARENET, US)
qd.admetricspro.com
13    2600:9000:2315:1200:2:9275:3d40:93a1 (United States)

ASN16509 (AMAZON-02, US)
assets.threatpost.com
10    2600:9000:214f:9c00:0:5c46:4f40:93a1 (United States)

ASN16509 (AMAZON-02, US)
media.threatpost.com
9    2a00:1450:4001:827::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.com
1    185.85.15.23 (Germany)

ASN200107 (KL-EXT, CH)
media.kaspersky.com
5    65.9.71.173 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-65-9-71-173.fra56.r.cloudfront.net
c.amazon-adsystem.com
9    151.101.130.137 (United States)

ASN54113 (FASTLY, US)
cd.connatix.com
cds.connatix.com
capi.connatix.com
img.connatix.com
5    2a00:1450:4001:813::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
7    216.58.201.66 (United States)

ASN15169 (GOOGLE, US)
PTR: prg03s01-in-f66.1e100.net
securepubads.g.doubleclick.net
1    104.89.31.187 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-89-31-187.deploy.static.akamaitechnologies.com
secure.cdn.fastclick.net
1    46.105.202.126 (France)

ASN16276 (OVH, FR)
cdn.id5-sync.com
6    2a00:1450:4001:810::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
5    2620:116:800d:21:8c6e:cf2c:8d6:9fb5 (United States)

ASN16509 (AMAZON-02, US)
secure.quantserve.com
pixel.quantserve.com
1    151.101.12.157 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)
static.ads-twitter.com
5    2a00:1450:4001:830::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.gstatic.com
fonts.gstatic.com
2    54.154.124.119 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-154-124-119.eu-west-1.compute.amazonaws.com
dpm.demdex.net
1    151.101.2.137 (United States)

ASN54113 (FASTLY, US)
lit.connatix.com
9    18.223.60.0 (Columbus, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-223-60-0.us-east-2.compute.amazonaws.com
capi-tier-1-us-east-2.connatix.com
6    151.101.66.137 (United States)

ASN54113 (FASTLY, US)
vid.connatix.com
4    2a00:1450:4001:802::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
imasdk.googleapis.com
2    2606:4700:20::ac43:4bf1 (United States)

ASN13335 (CLOUDFLARENET, US)
script.4dex.io
2    54.36.109.183 (France)

ASN16276 (OVH, FR)
PTR: p08.id5-sync.com
id5-sync.com
1    52.19.107.252 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-19-107-252.eu-west-1.compute.amazonaws.com
kaspersky.demdex.net
2    15.236.176.210 (Paris, France)

ASN16509 (AMAZON-02, US)
PTR: ec2-15-236-176-210.eu-west-3.compute.amazonaws.com
kaspersky.d3.sc.omtrdc.net
1    54.75.68.230 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-75-68-230.eu-west-1.compute.amazonaws.com
cm.everesttech.net
1    64.140.160.2 (Ogden, United States)

ASN18450 (WEBNX, US)
PTR: threatintelligenceplatform.com
geo.ipify.org
4    2602:803:c004:200::140 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)
fastlane.rubiconproject.com
1    2606:4700::6812:372 (United States)

ASN13335 (CLOUDFLARENET, US)
mp.4dex.io
3    145.40.89.200 (Ashburn, United States)

ASN54825 (PACKET, US)
prebid.a-mo.net
3    23.37.38.181 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-37-38-181.deploy.static.akamaitechnologies.com
htlb.casalemedia.com
3    18.196.121.26 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-196-121-26.eu-central-1.compute.amazonaws.com
btlr.sharethrough.com
3    185.64.189.112 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)
hbopenbid.pubmatic.com
9    63.32.154.251 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-63-32-154-251.eu-west-1.compute.amazonaws.com
ads.servenobid.com
1    18.193.246.175 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-193-246-175.eu-central-1.compute.amazonaws.com
tlx.3lift.com
18    34.98.64.218 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 218.64.98.34.bc.googleusercontent.com
teachingaids-d.openx.net
us-u.openx.net
u.openx.net
eu-u.openx.net
gift-connect-d.openx.net
3    18.156.195.47 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-156-195-47.eu-central-1.compute.amazonaws.com
c2shb.ssp.yahoo.com
6    134.209.129.254 (North Bergen, United States)

ASN14061 (DIGITALOCEAN-ASN, US)
e.serverbid.com
6    72.251.249.9 (Amsterdam, Netherlands)

ASN29791 (VOXEL-DOT-NET, US)
ap.lijit.com
ce.lijit.com
13    185.33.221.52 (Amsterdam, Netherlands)

ASN29990 (ASN-APPNEX, US)
PTR: 725.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
ib.adnxs.com
5    213.19.147.42 (United Kingdom)

ASN3356 (LEVEL3, US)
tag.1rx.io
1    2600:9000:2315:c000:6:44e3:f8c0:93a1 (United States)

ASN16509 (AMAZON-02, US)
rules.quantcount.com
11    2a00:1450:4001:828::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
s0.2mdn.net
1    104.244.42.195 (United States)

ASN13414 (TWITTER, US)
analytics.twitter.com
1    104.244.42.69 (United States)

ASN13414 (TWITTER, US)
t.co
19    2a00:1450:4001:809::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
pagead2.googlesyndication.com
2    2a00:1450:400c:c03::9d (Brussels, Belgium)

ASN15169 (GOOGLE, US)
stats.g.doubleclick.net
2    2a00:1450:4001:801::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.de
1    18.194.97.167 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-194-97-167.eu-central-1.compute.amazonaws.com
ads.adaptv.advertising.com
1    2a02:26f0:6c00::210:ba08 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
snap.licdn.com
1    2a00:1450:4001:810::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
adservice.google.de
2    2a00:1450:4001:80f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
adservice.google.com
3    2a00:1450:4001:82f::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
1105ae95aa1529a70b513af5de3aa4db.safeframe.googlesyndication.com
17    2a00:1450:4001:82a::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
tpc.googlesyndication.com
4    2620:1ec:22::14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
px.ads.linkedin.com
1    2620:1ec:21::14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
www.linkedin.com
1    13.107.42.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
px4.ads.linkedin.com
2    142.250.185.198 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s52-in-f6.1e100.net
9582686.fls.doubleclick.net
6    2a00:1450:4001:82b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
adservice.google.de
googleads.g.doubleclick.net
1    195.66.82.41 (Paris, France)

ASN197205 (MERCIS-AS, FR)
PTR: mmtro.com
mmtro.com
1    37.187.27.147 (France)

ASN16276 (OVH, FR)
PTR: js12.adlooxtracking.com
j.adlooxtracking.com
5    2a00:1450:4001:803::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
10    2a00:1450:4001:802::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
cdn.ampproject.org
2    142.250.186.34 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s04-in-f2.1e100.net
googleads4.g.doubleclick.net
20    142.250.185.194 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s52-in-f2.1e100.net
cm.g.doubleclick.net
10    2.20.85.164 (Milan, Italy)

ASN16625 (AKAMAI-AS, US)
PTR: a2-20-85-164.deploy.static.akamaitechnologies.com
dsum-sec.casalemedia.com
js-sec.indexww.com
ssum-sec.casalemedia.com
2    104.111.242.245 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-242-245.deploy.static.akamaitechnologies.com
sync.teads.tv
1    35.241.31.249 (Mountain View, United States)

ASN15169 (GOOGLE, US)
PTR: 249.31.241.35.bc.googleusercontent.com
data00.adlooxtracking.com
2    2a02:2638:1::13 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
gum.criteo.com
2    178.250.2.146 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
mug.criteo.com
5    23.218.208.200 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-218-208-200.deploy.static.akamaitechnologies.com
ads.pubmatic.com
3    23.218.208.187 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-218-208-187.deploy.static.akamaitechnologies.com
acdn.adnxs.com
2    151.101.130.49 (United States)

ASN54113 (FASTLY, US)
sync-tm.everesttech.net
5    54.93.153.188 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-93-153-188.eu-central-1.compute.amazonaws.com
pixel.advertising.com
8    3.126.56.137 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-126-56-137.eu-central-1.compute.amazonaws.com
ups.analytics.yahoo.com
7    3.33.220.150 (United States)

ASN16509 (AMAZON-02, US)
PTR: a12b7a488abeaa9e4.awsglobalaccelerator.com
match.adsrvr.org
3    185.29.132.241 (United Kingdom)

ASN30419 (MEDIAMATH-INC, US)
sync.mathtag.com
5    37.157.4.29 (Denmark)

ASN198622 (ADFORM, DK)
c1.adform.net
1    165.227.252.242 (North Bergen, United States)

ASN14061 (DIGITALOCEAN-ASN, US)
sync.serverbid.com
1    205.185.216.42 (United States)

ASN20446 (STACKPATH-CDN, US)
PTR: map2.hwcdn.net
serverbid-sync.nyc3.cdn.digitaloceanspaces.com
6    13.248.245.213 (United States)

ASN16509 (AMAZON-02, US)
PTR: a0f671730127a0812.awsglobalaccelerator.com
eb2.3lift.com
1    2620:1ec:29::45 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
public.servenobid.com
6    104.89.20.125 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-89-20-125.deploy.static.akamaitechnologies.com
eus.rubiconproject.com
3    2a05:d018:d29:3601:4405:fc16:ad1d:f00e (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
pr-bh.ybp.yahoo.com
5    18.185.196.75 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-185-196-75.eu-central-1.compute.amazonaws.com
x.bidswitch.net
1    2620:1ec:c11::200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
c.bing.com
7    52.46.154.242 (Ashburn, United States)

ASN16509 (AMAZON-02, US)
s.amazon-adsystem.com
5    70.42.32.31 (United States)

ASN22075 (AS-OUTBRAIN, US)
PTR: ny.outbrain.com
b1sync.zemanta.com
4    69.173.144.138 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)
pixel.rubiconproject.com
4    69.173.144.165 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)
token.rubiconproject.com
1    35.244.174.68 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 68.174.244.35.bc.googleusercontent.com
id.rlcdn.com
1    2a00:1288:80:807::1 (United Kingdom)

ASN203220 (YAHOO-DEB, GB)
ads.yahoo.com
3    52.95.125.22 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
aax-eu.amazon-adsystem.com
2    18.195.155.181 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-195-155-181.eu-central-1.compute.amazonaws.com
cs.emxdgt.com
2    23.37.42.132 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-37-42-132.deploy.static.akamaitechnologies.com
secure-assets.rubiconproject.com
1    178.162.133.148 (Rijswijk, Netherlands)

ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL)
PTR: ams-1.go.sonobi.com
go.sonobi.com
3    178.162.133.149 (Rijswijk, Netherlands)

ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL)
PTR: ams-1-sync.go.sonobi.com
sync.go.sonobi.com
2    54.86.196.175 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-86-196-175.compute-1.amazonaws.com
i.liadm.com
1    2600:1f18:444a:4602:f850:4eec:7dd:fbc1 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
i6.liadm.com
14    54.194.49.117 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-194-49-117.eu-west-1.compute.amazonaws.com
g2.gumgum.com
rtb.gumgum.com
2    67.202.105.22 (United States)

ASN32748 (STEADFAST, US)
PTR: ip22.67-202-105.static.steadfastdns.net
pixel.33across.com
ssc-cms.33across.com
1    51.89.9.252 (London, United Kingdom)

ASN16276 (OVH, FR)
PTR: ip252.ip-51-89-9.eu
onetag-sys.com
2    185.86.139.104 (France)

ASN201081 (SMARTADSERVER, FR)
ssbsync.smartadserver.com
1    193.0.160.128 (United States)

ASN54312 (ROCKETFUEL, US)
p.rfihub.com
1    192.132.33.46 (United States)

ASN18568 (BIDTELLECT, US)
PTR: 46.bidtellect.com
bttrack.com
2    52.30.140.199 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-30-140-199.eu-west-1.compute.amazonaws.com
sync.crwdcntrl.net
1    185.33.220.145 (Amsterdam, Netherlands)

ASN29990 (ASN-APPNEX, US)
PTR: 623.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
secure.adnxs.com
1    188.34.190.35 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.35.190.34.188.clients.your-server.de
bidswitch-eu.splicky.com
4    64.202.112.255 (Leesburg, United States)

ASN23352 (SERVERCENTRAL, US)
PTR: ny.outbrain.com
sync.outbrain.com
1    52.1.164.170 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-1-164-170.compute-1.amazonaws.com
sync.srv.stackadapt.com
1    54.146.66.83 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-146-66-83.compute-1.amazonaws.com
sync.ipredictive.com
1    132.226.41.106 (Ashburn, United States)

ASN31898 (ORACLE-BMC-31898, US)
sync.technoratimedia.com
1    169.197.150.7 (United States)

ASN398989 (DEEPINTENT, US)
PTR: g.deepintent.com
match.deepintent.com
1    104.111.215.191 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-215-191.deploy.static.akamaitechnologies.com
stags.bluekai.com
2    54.77.108.6 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-77-108-6.eu-west-1.compute.amazonaws.com
ad.360yield.com
2    3.248.94.125 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-248-94-125.eu-west-1.compute.amazonaws.com
usersync.gumgum.com
1    198.148.27.139 (New York, United States)

ASN19189 (PULSEPOINT, US)
bh.contextweb.com
1    124.146.215.46 (Japan)

ASN2514 (INFOSPHERE NTT PC Communications, Inc., JP)
tg.socdm.com
2    185.184.8.65 (Amsterdam, Netherlands)

ASN204995 (RTB-HOUSE-AMS, PL)
PTR: ip-185-184-8-65.rtbhouse.net
creativecdn.com
1    69.173.151.100 (United States)

ASN26667 (RUBICONPROJECT, US)
pixel-us-east.rubiconproject.com
1    88.214.206.142 (United Kingdom)

ASN46636 (NATCOWEB, US)
cs.admanmedia.com
3    185.86.137.132 (France)

ASN201081 (SMARTADSERVER, FR)
rtb-csync.smartadserver.com
1    85.114.159.93 (Germany)

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)
PTR: dsp.adfarm1.adition.com
dsp.adfarm1.adition.com
Apex Domain
Subdomains		 Transfer
55 threatpost.com
threatpost.com — Cisco Umbrella Rank: 152275
assets.threatpost.com — Cisco Umbrella Rank: 415104
media.threatpost.com — Cisco Umbrella Rank: 280247
758 KB
39 googlesyndication.com
pagead2.googlesyndication.com — Cisco Umbrella Rank: 90
1105ae95aa1529a70b513af5de3aa4db.safeframe.googlesyndication.com
tpc.googlesyndication.com — Cisco Umbrella Rank: 122
260 KB
38 doubleclick.net
securepubads.g.doubleclick.net — Cisco Umbrella Rank: 159
stats.g.doubleclick.net — Cisco Umbrella Rank: 68
9582686.fls.doubleclick.net — Cisco Umbrella Rank: 289584
googleads.g.doubleclick.net — Cisco Umbrella Rank: 38
googleads4.g.doubleclick.net — Cisco Umbrella Rank: 276
cm.g.doubleclick.net — Cisco Umbrella Rank: 176
265 KB
25 connatix.com
cd.connatix.com — Cisco Umbrella Rank: 3021
cds.connatix.com — Cisco Umbrella Rank: 3082
capi.connatix.com — Cisco Umbrella Rank: 2633
lit.connatix.com — Cisco Umbrella Rank: 6531
capi-tier-1-us-east-2.connatix.com
vid.connatix.com — Cisco Umbrella Rank: 3623
img.connatix.com — Cisco Umbrella Rank: 3711
2 MB
21 rubiconproject.com
fastlane.rubiconproject.com — Cisco Umbrella Rank: 412
eus.rubiconproject.com — Cisco Umbrella Rank: 503
pixel.rubiconproject.com — Cisco Umbrella Rank: 289
token.rubiconproject.com — Cisco Umbrella Rank: 595
secure-assets.rubiconproject.com — Cisco Umbrella Rank: 944
pixel-us-east.rubiconproject.com — Cisco Umbrella Rank: 942
39 KB
18 openx.net
teachingaids-d.openx.net — Cisco Umbrella Rank: 17237
us-u.openx.net — Cisco Umbrella Rank: 323
u.openx.net — Cisco Umbrella Rank: 621
eu-u.openx.net — Cisco Umbrella Rank: 1751
gift-connect-d.openx.net — Cisco Umbrella Rank: 11553
3 KB
17 adnxs.com
ib.adnxs.com — Cisco Umbrella Rank: 205
acdn.adnxs.com — Cisco Umbrella Rank: 523
secure.adnxs.com — Cisco Umbrella Rank: 359
77 KB
16 gumgum.com
g2.gumgum.com — Cisco Umbrella Rank: 1487
rtb.gumgum.com — Cisco Umbrella Rank: 991
usersync.gumgum.com — Cisco Umbrella Rank: 4784
5 KB
15 yahoo.com
c2shb.ssp.yahoo.com — Cisco Umbrella Rank: 682
ups.analytics.yahoo.com — Cisco Umbrella Rank: 268
pr-bh.ybp.yahoo.com — Cisco Umbrella Rank: 416
ads.yahoo.com — Cisco Umbrella Rank: 816
5 KB
15 amazon-adsystem.com
c.amazon-adsystem.com — Cisco Umbrella Rank: 275
s.amazon-adsystem.com — Cisco Umbrella Rank: 260
aax-eu.amazon-adsystem.com — Cisco Umbrella Rank: 1352
48 KB
11 2mdn.net
s0.2mdn.net — Cisco Umbrella Rank: 246
2 MB
11 google.com
www.google.com — Cisco Umbrella Rank: 2
adservice.google.com — Cisco Umbrella Rank: 57
3 KB
11 adlightning.com
tagan.adlightning.com — Cisco Umbrella Rank: 1314
250 KB
10 ampproject.org
cdn.ampproject.org — Cisco Umbrella Rank: 343
222 KB
10 servenobid.com
ads.servenobid.com — Cisco Umbrella Rank: 1811
public.servenobid.com — Cisco Umbrella Rank: 3714
7 KB
10 casalemedia.com
htlb.casalemedia.com — Cisco Umbrella Rank: 409
dsum-sec.casalemedia.com — Cisco Umbrella Rank: 496
ssum-sec.casalemedia.com — Cisco Umbrella Rank: 476
9 KB
9 googleapis.com
imasdk.googleapis.com — Cisco Umbrella Rank: 399
fonts.googleapis.com — Cisco Umbrella Rank: 35
704 KB
8 pubmatic.com
hbopenbid.pubmatic.com — Cisco Umbrella Rank: 417
ads.pubmatic.com — Cisco Umbrella Rank: 419
29 KB
7 adsrvr.org
match.adsrvr.org — Cisco Umbrella Rank: 293
2 KB
7 serverbid.com
e.serverbid.com — Cisco Umbrella Rank: 2774
sync.serverbid.com — Cisco Umbrella Rank: 5262
1 KB
7 3lift.com
tlx.3lift.com — Cisco Umbrella Rank: 512
eb2.3lift.com — Cisco Umbrella Rank: 346
4 KB
7 admetricspro.com
qd.admetricspro.com — Cisco Umbrella Rank: 18070
324 KB
6 linkedin.com
px.ads.linkedin.com — Cisco Umbrella Rank: 434
www.linkedin.com — Cisco Umbrella Rank: 609
px4.ads.linkedin.com — Cisco Umbrella Rank: 5153
4 KB
6 advertising.com
ads.adaptv.advertising.com — Cisco Umbrella Rank: 1091
pixel.advertising.com — Cisco Umbrella Rank: 307
2 KB
6 lijit.com
ap.lijit.com — Cisco Umbrella Rank: 594
ce.lijit.com — Cisco Umbrella Rank: 734
3 KB
6 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 31
40 KB
5 smartadserver.com
ssbsync.smartadserver.com — Cisco Umbrella Rank: 1266
rtb-csync.smartadserver.com — Cisco Umbrella Rank: 603
2 KB
5 zemanta.com
b1sync.zemanta.com — Cisco Umbrella Rank: 528
2 KB
5 bidswitch.net
x.bidswitch.net — Cisco Umbrella Rank: 257
2 KB
5 adform.net
c1.adform.net — Cisco Umbrella Rank: 524
2 KB
5 1rx.io
tag.1rx.io — Cisco Umbrella Rank: 1169
sync.1rx.io Failed
850 B
5 gstatic.com
www.gstatic.com
fonts.gstatic.com
205 KB
5 quantserve.com
secure.quantserve.com — Cisco Umbrella Rank: 839
pixel.quantserve.com — Cisco Umbrella Rank: 381
11 KB
5 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 54
380 KB
4 outbrain.com
sync.outbrain.com — Cisco Umbrella Rank: 720
1 KB
4 sonobi.com
go.sonobi.com — Cisco Umbrella Rank: 680
sync.go.sonobi.com — Cisco Umbrella Rank: 843
2 KB
4 criteo.com
gum.criteo.com — Cisco Umbrella Rank: 347
mug.criteo.com — Cisco Umbrella Rank: 3185
1 KB
4 google.de
www.google.de — Cisco Umbrella Rank: 6433
adservice.google.de — Cisco Umbrella Rank: 8832
2 KB
3 liadm.com
i.liadm.com — Cisco Umbrella Rank: 467
i6.liadm.com — Cisco Umbrella Rank: 1591
1 KB
3 mathtag.com
sync.mathtag.com — Cisco Umbrella Rank: 384
2 KB
3 indexww.com
js-sec.indexww.com — Cisco Umbrella Rank: 604
5 KB
3 sharethrough.com
btlr.sharethrough.com — Cisco Umbrella Rank: 989
337 B
3 a-mo.net
prebid.a-mo.net — Cisco Umbrella Rank: 1055
829 B
3 everesttech.net
cm.everesttech.net — Cisco Umbrella Rank: 878
sync-tm.everesttech.net — Cisco Umbrella Rank: 490
896 B
3 4dex.io
script.4dex.io — Cisco Umbrella Rank: 1689
mp.4dex.io — Cisco Umbrella Rank: 2262
24 KB
3 demdex.net
dpm.demdex.net — Cisco Umbrella Rank: 184
kaspersky.demdex.net — Cisco Umbrella Rank: 215069
5 KB
3 id5-sync.com
cdn.id5-sync.com — Cisco Umbrella Rank: 1490
id5-sync.com — Cisco Umbrella Rank: 488
12 KB
3 googletagservices.com
www.googletagservices.com — Cisco Umbrella Rank: 147
100 KB
2 creativecdn.com
creativecdn.com — Cisco Umbrella Rank: 614
695 B
2 360yield.com
ad.360yield.com — Cisco Umbrella Rank: 630
624 B
2 crwdcntrl.net
sync.crwdcntrl.net — Cisco Umbrella Rank: 628
859 B
2 33across.com
pixel.33across.com — Cisco Umbrella Rank: 2310
ssc-cms.33across.com — Cisco Umbrella Rank: 807
2 emxdgt.com
cs.emxdgt.com — Cisco Umbrella Rank: 806
2 teads.tv
sync.teads.tv — Cisco Umbrella Rank: 870
344 B
2 adlooxtracking.com
j.adlooxtracking.com — Cisco Umbrella Rank: 8396
data00.adlooxtracking.com — Cisco Umbrella Rank: 7160
65 KB
2 omtrdc.net
kaspersky.d3.sc.omtrdc.net — Cisco Umbrella Rank: 205395
560 B
2 kasperskycontenthub.com
kasperskycontenthub.com — Cisco Umbrella Rank: 320047
1 KB
1 adition.com
dsp.adfarm1.adition.com — Cisco Umbrella Rank: 1438
487 B
1 admanmedia.com
cs.admanmedia.com — Cisco Umbrella Rank: 1485
225 B
1 socdm.com
tg.socdm.com — Cisco Umbrella Rank: 1283
689 B
1 contextweb.com
bh.contextweb.com — Cisco Umbrella Rank: 517
382 B
1 bluekai.com
stags.bluekai.com — Cisco Umbrella Rank: 437
1 KB
1 deepintent.com
match.deepintent.com — Cisco Umbrella Rank: 813
44 B
1 technoratimedia.com
sync.technoratimedia.com — Cisco Umbrella Rank: 1024
293 B
1 ipredictive.com
sync.ipredictive.com — Cisco Umbrella Rank: 880
428 B
1 stackadapt.com
sync.srv.stackadapt.com — Cisco Umbrella Rank: 781
578 B
1 splicky.com
bidswitch-eu.splicky.com — Cisco Umbrella Rank: 22662
221 B
1 bttrack.com
bttrack.com — Cisco Umbrella Rank: 659
380 B
1 rfihub.com
p.rfihub.com — Cisco Umbrella Rank: 631
755 B
1 onetag-sys.com
onetag-sys.com — Cisco Umbrella Rank: 797
814 B
1 rlcdn.com
id.rlcdn.com — Cisco Umbrella Rank: 565
1 bing.com
c.bing.com — Cisco Umbrella Rank: 193
595 B
1 digitaloceanspaces.com
serverbid-sync.nyc3.cdn.digitaloceanspaces.com — Cisco Umbrella Rank: 6046
5 KB
1 mmtro.com
mmtro.com — Cisco Umbrella Rank: 15625
438 B
1 licdn.com
snap.licdn.com — Cisco Umbrella Rank: 799
3 KB
1 t.co
t.co — Cisco Umbrella Rank: 448
338 B
1 twitter.com
analytics.twitter.com — Cisco Umbrella Rank: 464
1 quantcount.com
rules.quantcount.com — Cisco Umbrella Rank: 792
354 B
1 ipify.org
geo.ipify.org — Cisco Umbrella Rank: 37428
585 B
1 ads-twitter.com
static.ads-twitter.com — Cisco Umbrella Rank: 531
13 KB
1 fastclick.net
secure.cdn.fastclick.net — Cisco Umbrella Rank: 1623
17 KB
1 kaspersky.com
media.kaspersky.com — Cisco Umbrella Rank: 98638
48 KB
424 82
Domain Requested by
32 threatpost.com threatpost.com
20 cm.g.doubleclick.net 9 redirects googleads.g.doubleclick.net
u.openx.net
eb2.3lift.com
ssum-sec.casalemedia.com
g2.gumgum.com
19 pagead2.googlesyndication.com srcdoc
securepubads.g.doubleclick.net
tpc.googlesyndication.com
1105ae95aa1529a70b513af5de3aa4db.safeframe.googlesyndication.com
tagan.adlightning.com
googleads.g.doubleclick.net
17 tpc.googlesyndication.com tagan.adlightning.com
1105ae95aa1529a70b513af5de3aa4db.safeframe.googlesyndication.com
threatpost.com
tpc.googlesyndication.com
13 rtb.gumgum.com 1 redirects g2.gumgum.com
13 ib.adnxs.com 3 redirects qd.admetricspro.com
cds.connatix.com
googleads.g.doubleclick.net
acdn.adnxs.com
13 assets.threatpost.com threatpost.com
assets.threatpost.com
11 s0.2mdn.net imasdk.googleapis.com
threatpost.com
1105ae95aa1529a70b513af5de3aa4db.safeframe.googlesyndication.com
s0.2mdn.net
11 tagan.adlightning.com threatpost.com
tagan.adlightning.com
1105ae95aa1529a70b513af5de3aa4db.safeframe.googlesyndication.com
10 cdn.ampproject.org threatpost.com
10 media.threatpost.com threatpost.com
9 ads.servenobid.com qd.admetricspro.com
public.servenobid.com
ssum-sec.casalemedia.com
g2.gumgum.com
ssbsync.smartadserver.com
9 capi-tier-1-us-east-2.connatix.com cd.connatix.com
9 www.google.com 1 redirects threatpost.com
tagan.adlightning.com
1105ae95aa1529a70b513af5de3aa4db.safeframe.googlesyndication.com
8 ups.analytics.yahoo.com 5 redirects
7 s.amazon-adsystem.com 4 redirects eb2.3lift.com
ssum-sec.casalemedia.com
7 match.adsrvr.org 3 redirects u.openx.net
eb2.3lift.com
ssum-sec.casalemedia.com
7 us-u.openx.net 2 redirects googleads.g.doubleclick.net
u.openx.net
7 securepubads.g.doubleclick.net tagan.adlightning.com
www.googletagservices.com
securepubads.g.doubleclick.net
threatpost.com
7 qd.admetricspro.com threatpost.com
qd.admetricspro.com
6 eus.rubiconproject.com qd.admetricspro.com
eus.rubiconproject.com
serverbid-sync.nyc3.cdn.digitaloceanspaces.com
g2.gumgum.com
6 eb2.3lift.com 3 redirects qd.admetricspro.com
eb2.3lift.com
6 e.serverbid.com 2 redirects qd.admetricspro.com
serverbid-sync.nyc3.cdn.digitaloceanspaces.com
6 vid.connatix.com cd.connatix.com
cds.connatix.com
6 www.google-analytics.com www.googletagmanager.com
www.google-analytics.com
threatpost.com
5 b1sync.zemanta.com 5 redirects
5 x.bidswitch.net 3 redirects eb2.3lift.com
ssum-sec.casalemedia.com
5 c1.adform.net 5 redirects
5 pixel.advertising.com 5 redirects
5 ads.pubmatic.com cds.connatix.com
qd.admetricspro.com
serverbid-sync.nyc3.cdn.digitaloceanspaces.com
g2.gumgum.com
5 dsum-sec.casalemedia.com 2 redirects googleads.g.doubleclick.net
ssum-sec.casalemedia.com
5 googleads.g.doubleclick.net threatpost.com
1105ae95aa1529a70b513af5de3aa4db.safeframe.googlesyndication.com
5 fonts.googleapis.com 1105ae95aa1529a70b513af5de3aa4db.safeframe.googlesyndication.com
threatpost.com
s0.2mdn.net
5 tag.1rx.io qd.admetricspro.com
cds.connatix.com
5 www.googletagmanager.com threatpost.com
www.googletagmanager.com
5 cds.connatix.com threatpost.com
cd.connatix.com
5 c.amazon-adsystem.com qd.admetricspro.com
c.amazon-adsystem.com
4 sync.outbrain.com 3 redirects g2.gumgum.com
4 token.rubiconproject.com 4 redirects
4 pixel.rubiconproject.com 2 redirects g2.gumgum.com
4 eu-u.openx.net u.openx.net
4 fonts.gstatic.com fonts.googleapis.com
4 px.ads.linkedin.com 2 redirects eb2.3lift.com
4 pixel.quantserve.com 3 redirects threatpost.com
4 ap.lijit.com qd.admetricspro.com
serverbid-sync.nyc3.cdn.digitaloceanspaces.com
public.servenobid.com
4 fastlane.rubiconproject.com qd.admetricspro.com
4 imasdk.googleapis.com cd.connatix.com
imasdk.googleapis.com
3 rtb-csync.smartadserver.com ssbsync.smartadserver.com
3 sync.go.sonobi.com serverbid-sync.nyc3.cdn.digitaloceanspaces.com
public.servenobid.com
3 aax-eu.amazon-adsystem.com 2 redirects
3 pr-bh.ybp.yahoo.com 2 redirects ssum-sec.casalemedia.com
3 sync.mathtag.com 3 redirects
3 u.openx.net cds.connatix.com
qd.admetricspro.com
3 acdn.adnxs.com cds.connatix.com
qd.admetricspro.com
3 js-sec.indexww.com cds.connatix.com
qd.admetricspro.com
3 1105ae95aa1529a70b513af5de3aa4db.safeframe.googlesyndication.com securepubads.g.doubleclick.net
tagan.adlightning.com
3 c2shb.ssp.yahoo.com qd.admetricspro.com
3 teachingaids-d.openx.net qd.admetricspro.com
cds.connatix.com
3 hbopenbid.pubmatic.com qd.admetricspro.com
cds.connatix.com
3 btlr.sharethrough.com qd.admetricspro.com
3 htlb.casalemedia.com qd.admetricspro.com
cds.connatix.com
3 prebid.a-mo.net 1 redirects qd.admetricspro.com
cds.connatix.com
3 www.googletagservices.com threatpost.com
1105ae95aa1529a70b513af5de3aa4db.safeframe.googlesyndication.com
2 creativecdn.com 2 redirects
2 usersync.gumgum.com g2.gumgum.com
2 ad.360yield.com 2 redirects
2 sync.crwdcntrl.net 1 redirects ssum-sec.casalemedia.com
2 ce.lijit.com 2 redirects
2 ssbsync.smartadserver.com public.servenobid.com
g2.gumgum.com
2 i.liadm.com 2 redirects
2 ssum-sec.casalemedia.com 1 redirects public.servenobid.com
2 secure-assets.rubiconproject.com 2 redirects
2 cs.emxdgt.com serverbid-sync.nyc3.cdn.digitaloceanspaces.com
g2.gumgum.com
2 sync-tm.everesttech.net 2 redirects
2 mug.criteo.com
2 gum.criteo.com 1 redirects
2 sync.teads.tv googleads.g.doubleclick.net
2 googleads4.g.doubleclick.net 1105ae95aa1529a70b513af5de3aa4db.safeframe.googlesyndication.com
2 9582686.fls.doubleclick.net 1 redirects www.googletagmanager.com
2 adservice.google.com tagan.adlightning.com
9582686.fls.doubleclick.net
2 adservice.google.de tagan.adlightning.com
adservice.google.com
2 www.google.de threatpost.com
2 stats.g.doubleclick.net www.google-analytics.com
2 kaspersky.d3.sc.omtrdc.net media.kaspersky.com
2 id5-sync.com qd.admetricspro.com
cdn.id5-sync.com
2 script.4dex.io qd.admetricspro.com
script.4dex.io
2 img.connatix.com threatpost.com
2 dpm.demdex.net media.kaspersky.com
threatpost.com
2 kasperskycontenthub.com threatpost.com
1 dsp.adfarm1.adition.com 1 redirects
1 cs.admanmedia.com ssbsync.smartadserver.com
1 pixel-us-east.rubiconproject.com serverbid-sync.nyc3.cdn.digitaloceanspaces.com
1 tg.socdm.com 1 redirects
1 ssc-cms.33across.com g2.gumgum.com
1 bh.contextweb.com 1 redirects
1 stags.bluekai.com 1 redirects
1 match.deepintent.com g2.gumgum.com
1 sync.technoratimedia.com g2.gumgum.com
1 sync.ipredictive.com 1 redirects
1 sync.srv.stackadapt.com 1 redirects
1 bidswitch-eu.splicky.com 1 redirects
1 secure.adnxs.com 1 redirects
1 bttrack.com ssum-sec.casalemedia.com
1 p.rfihub.com 1 redirects
1 onetag-sys.com public.servenobid.com
1 pixel.33across.com public.servenobid.com
1 g2.gumgum.com public.servenobid.com
1 i6.liadm.com serverbid-sync.nyc3.cdn.digitaloceanspaces.com
1 gift-connect-d.openx.net serverbid-sync.nyc3.cdn.digitaloceanspaces.com
1 go.sonobi.com serverbid-sync.nyc3.cdn.digitaloceanspaces.com
1 ads.yahoo.com
1 id.rlcdn.com
1 c.bing.com eb2.3lift.com
1 public.servenobid.com qd.admetricspro.com
1 serverbid-sync.nyc3.cdn.digitaloceanspaces.com qd.admetricspro.com
1 sync.serverbid.com 1 redirects
1 data00.adlooxtracking.com j.adlooxtracking.com
1 j.adlooxtracking.com 1105ae95aa1529a70b513af5de3aa4db.safeframe.googlesyndication.com
1 mmtro.com 1105ae95aa1529a70b513af5de3aa4db.safeframe.googlesyndication.com
1 px4.ads.linkedin.com
1 www.linkedin.com 1 redirects
1 snap.licdn.com www.googletagmanager.com
1 ads.adaptv.advertising.com cds.connatix.com
1 t.co threatpost.com
1 analytics.twitter.com tagan.adlightning.com
1 rules.quantcount.com secure.quantserve.com
1 tlx.3lift.com qd.admetricspro.com
1 mp.4dex.io qd.admetricspro.com
1 geo.ipify.org qd.admetricspro.com
1 cm.everesttech.net 1 redirects
1 kaspersky.demdex.net tagan.adlightning.com
1 lit.connatix.com cd.connatix.com
1 www.gstatic.com www.google.com
1 static.ads-twitter.com www.googletagmanager.com
1 secure.quantserve.com www.googletagmanager.com
1 cdn.id5-sync.com tagan.adlightning.com
1 secure.cdn.fastclick.net tagan.adlightning.com
1 capi.connatix.com cd.connatix.com
1 cd.connatix.com 1 redirects
1 media.kaspersky.com threatpost.com
0 sync.1rx.io Failed public.servenobid.com
g2.gumgum.com
424 141
Subject Issuer Validity Valid
threatpost.com
DigiCert TLS RSA SHA256 2020 CA1		 2021-06-02 -
2022-07-03		 a year crt.sh
*.adlightning.com
Amazon		 2021-06-24 -
2022-07-23		 a year crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2022-02-28 -
2022-05-23		 3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2021-08-11 -
2022-08-10		 a year crt.sh
assets.threatpost.com
Amazon		 2022-01-05 -
2023-02-03		 a year crt.sh
media.threatpost.com
Amazon		 2022-01-05 -
2023-02-03		 a year crt.sh
kasperskycontenthub.com
DigiCert TLS RSA SHA256 2020 CA1		 2021-06-02 -
2022-07-03		 a year crt.sh
www.google.com
GTS CA 1C3		 2022-03-17 -
2022-06-09		 3 months crt.sh
media.kaspersky.com
DigiCert TLS RSA SHA256 2020 CA1		 2021-04-23 -
2022-04-28		 a year crt.sh
c.amazon-adsystem.com
Amazon		 2021-07-06 -
2022-06-27		 a year crt.sh
*.connatix.com
Go Daddy Secure Certificate Authority - G2		 2021-08-20 -
2022-09-21		 a year crt.sh
*.google-analytics.com
GTS CA 1C3		 2022-02-28 -
2022-05-23		 3 months crt.sh
secure.cdn.fastclick.net
DigiCert SHA2 Secure Server CA		 2022-01-15 -
2023-01-17		 a year crt.sh
cdn.id5-sync.com
R3		 2022-02-02 -
2022-05-03		 3 months crt.sh
*.quantserve.com
DigiCert TLS RSA SHA256 2020 CA1		 2021-09-22 -
2022-09-21		 a year crt.sh
ads-twitter.com
DigiCert TLS RSA SHA256 2020 CA1		 2021-07-21 -
2022-07-26		 a year crt.sh
*.gstatic.com
GTS CA 1C3		 2022-03-17 -
2022-06-09		 3 months crt.sh
*.demdex.net
DigiCert TLS RSA SHA256 2020 CA1		 2021-10-19 -
2022-11-19		 a year crt.sh
upload.video.google.com
GTS CA 1C3		 2022-02-28 -
2022-05-23		 3 months crt.sh
*.id5-sync.com
R3		 2022-03-08 -
2022-06-06		 3 months crt.sh
*.d3.sc.omtrdc.net
DigiCert TLS RSA SHA256 2020 CA1		 2022-02-17 -
2023-03-07		 a year crt.sh
*.ipify.org
Sectigo RSA Domain Validation Secure Server CA		 2022-02-07 -
2023-03-10		 a year crt.sh
*.rubiconproject.com
DigiCert TLS RSA SHA256 2020 CA1		 2022-03-08 -
2023-04-04		 a year crt.sh
*.a-mo.net
R3		 2022-02-18 -
2022-05-19		 3 months crt.sh
san.casalemedia.com
GeoTrust RSA CA 2018		 2021-12-12 -
2022-12-13		 a year crt.sh
*.sharethrough.com
Amazon		 2021-08-13 -
2022-09-11		 a year crt.sh
*.pubmatic.com
DigiCert Baltimore TLS RSA SHA256 2020 CA1		 2021-08-04 -
2022-09-04		 a year crt.sh
ads.servenobid.com
Amazon		 2021-06-28 -
2022-07-27		 a year crt.sh
*.3lift.com
Amazon		 2021-06-12 -
2022-07-11		 a year crt.sh
*.openx.net
GeoTrust RSA CA 2018		 2021-07-08 -
2022-08-08		 a year crt.sh
web.ssp.yahoo.com
DigiCert SHA2 High Assurance Server CA		 2022-03-08 -
2022-08-31		 6 months crt.sh
e.serverbid.com
R3		 2022-01-17 -
2022-04-17		 3 months crt.sh
*.lijit.com
Go Daddy Secure Certificate Authority - G2		 2021-03-11 -
2022-04-12		 a year crt.sh
*.adnxs.com
GeoTrust ECC CA 2018		 2022-02-11 -
2023-03-14		 a year crt.sh
*.1rx.io
Sectigo RSA Domain Validation Secure Server CA		 2021-06-01 -
2022-07-02		 a year crt.sh
*.doubleclick.net
GTS CA 1C3		 2022-02-28 -
2022-05-23		 3 months crt.sh
*.twitter.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2022-03-07 -
2023-03-06		 a year crt.sh
t.co
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2022-03-07 -
2023-03-06		 a year crt.sh
*.google.com
GTS CA 1C3		 2022-03-17 -
2022-06-09		 3 months crt.sh
www.google.de
GTS CA 1C3		 2022-02-28 -
2022-05-23		 3 months crt.sh
*.v.ssp.yahoo.com
DigiCert SHA2 High Assurance Server CA		 2022-03-15 -
2022-09-07		 6 months crt.sh
snap.licdn.com
DigiCert SHA2 Secure Server CA		 2022-03-01 -
2023-03-01		 a year crt.sh
*.google.de
GTS CA 1C3		 2022-02-28 -
2022-05-23		 3 months crt.sh
tpc.googlesyndication.com
GTS CA 1C3		 2022-02-28 -
2022-05-23		 3 months crt.sh
*.mmtro.com
R3		 2022-01-26 -
2022-04-26		 3 months crt.sh
*.adlooxtracking.com
R3		 2022-02-07 -
2022-05-08		 3 months crt.sh
misc-sni.google.com
GTS CA 1C3		 2022-02-28 -
2022-05-23		 3 months crt.sh
teads.tv
R3		 2022-01-03 -
2022-04-03		 3 months crt.sh
*.criteo.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2022-02-04 -
2022-05-03		 3 months crt.sh
cdn.adnxs.com
GeoTrust RSA CA 2018		 2021-12-10 -
2022-12-09		 a year crt.sh
*.adsrvr.org
GlobalSign GCC R3 DV TLS CA 2020		 2021-03-18 -
2022-04-19		 a year crt.sh
*.nyc3.cdn.digitaloceanspaces.com
DigiCert TLS RSA SHA256 2020 CA1		 2021-03-30 -
2022-04-30		 a year crt.sh
public.servenobid.com
DigiCert TLS RSA SHA256 2020 CA1		 2022-02-17 -
2023-02-17		 a year crt.sh
www.linkedin.com
DigiCert SHA2 Secure Server CA		 2022-03-01 -
2022-09-01		 6 months crt.sh
*.bidswitch.net
Sectigo RSA Domain Validation Secure Server CA		 2020-04-23 -
2022-05-04		 2 years crt.sh
www.bing.com
Microsoft RSA TLS CA 01		 2022-03-16 -
2022-09-16		 6 months crt.sh
*.rlcdn.com
Sectigo RSA Domain Validation Secure Server CA		 2022-02-03 -
2023-02-25		 a year crt.sh
*.emxdgt.com
Go Daddy Secure Certificate Authority - G2		 2021-05-18 -
2022-06-19		 a year crt.sh
*.go.sonobi.com
Go Daddy Secure Certificate Authority - G2		 2021-12-08 -
2023-01-09		 a year crt.sh
*.gumgum.com
Amazon		 2021-06-05 -
2022-07-04		 a year crt.sh
*.33across.com
Sectigo RSA Domain Validation Secure Server CA		 2021-09-23 -
2022-09-30		 a year crt.sh
*.onetag-sys.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2022-01-10 -
2023-01-03		 a year crt.sh
*.smartadserver.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2022-01-25 -
2023-01-25		 a year crt.sh
*.ybp.yahoo.com
DigiCert SHA2 High Assurance Server CA		 2022-01-18 -
2022-07-13		 6 months crt.sh
*.bttrack.com
Sectigo RSA Domain Validation Secure Server CA		 2022-03-21 -
2023-04-20		 a year crt.sh
*.technoratimedia.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2021-09-17 -
2022-10-05		 a year crt.sh
*.deepintent.com
Go Daddy Secure Certificate Authority - G2		 2020-04-09 -
2022-06-08		 2 years crt.sh
*.ad-server.k8s.ie.ggops.com
Amazon		 2022-02-15 -
2023-03-16		 a year crt.sh
*.admanmedia.com
Go Daddy Secure Certificate Authority - G2		 2021-04-20 -
2022-05-22		 a year crt.sh

This page contains 63 frames:

Primary Page: https://threatpost.com/malware-hunter-crawls-internet-looking-for-rat-c2s/125360/
Frame ID: 33361BD0FFE42D78B97B2077AC56FC81
Requests: 146 HTTP requests in this frame

Frame: https://cds.connatix.com/p/155403/connatix.player.dc.js
Frame ID: 897B1380C1A735586871B8C9A25D3F4F
Requests: 22 HTTP requests in this frame

Frame: https://kaspersky.demdex.net/dest5.html?d_nsid=0
Frame ID: 081792D0CE1BFACC9E60156123A275CB
Requests: 1 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.506.0_en.html
Frame ID: 0405E046A865760357C840414596F8F2
Requests: 1 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.506.0_en.html
Frame ID: CD8FEED6018E9FC4AF1DF955EF0C4BA0
Requests: 1 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.506.0_en.html
Frame ID: 74F4AC05A8BB6886E28C563F71890DCE
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: 0B05EFA7266A85627629C23644C61433
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: 44B98D0FC64E4CFAE3716EA877F886ED
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: 9895F3C82A1F4523DA5E5A5FCC96C511
Requests: 1 HTTP requests in this frame

Frame: https://cds.connatix.com/p/plugins/prebid6.7.0-1.js
Frame ID: C654FAC6694C0BEC369C7F61B922BD6D
Requests: 19 HTTP requests in this frame

Frame: https://1105ae95aa1529a70b513af5de3aa4db.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 0814EF39B3D9A35282B854D0E4E4DA8A
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 2B13F3C74CAE2AA72DAE5DC8900C0BCD
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 36EBAFAD0498DB9F773DD7CB17429EA6
Requests: 2 HTTP requests in this frame

Frame: https://9582686.fls.doubleclick.net/activityi;dc_pre=CKr8seDt2_YCFUSwUQoddgEPEQ;src=9582686;type=globalc;cat=globa0;ord=6281985282534;gtm=2od3e0;auiddc=1351215056.1648025593;u1=B2C;u2=no_locale;u4=threatpost.com;u5=%2Fmalware-hunter-crawls-internet-looking-for-rat-c2s%2F125360%2F;u6=;u7=43773785847027393794548580237456872318-1699936158.1648025592;u9=_malware-hunter-crawls-internet-looking-for-rat-c2s_125360_;~oref=https%3A%2F%2Fthreatpost.com%2Fmalware-hunter-crawls-internet-looking-for-rat-c2s%2F125360%2F
Frame ID: 8D3985841FBCDB0130415842BE750B96
Requests: 1 HTTP requests in this frame

Frame: https://adservice.google.com/ddm/fls/i/dc_pre=CKr8seDt2_YCFUSwUQoddgEPEQ;src=9582686;type=globalc;cat=globa0;ord=6281985282534;gtm=2od3e0;auiddc=1351215056.1648025593;u1=B2C;u2=no_locale;u4=threatpost.com;u5=%2Fmalware-hunter-crawls-internet-looking-for-rat-c2s%2F125360%2F;u6=;u7=43773785847027393794548580237456872318-1699936158.1648025592;u9=_malware-hunter-crawls-internet-looking-for-rat-c2s_125360_;~oref=https%3A%2F%2Fthreatpost.com%2Fmalware-hunter-crawls-internet-looking-for-rat-c2s%2F125360%2F
Frame ID: 336EE40653D8B1BD8C87FA58098694DD
Requests: 1 HTTP requests in this frame

Frame: https://adservice.google.de/ddm/fls/i/dc_pre=CKr8seDt2_YCFUSwUQoddgEPEQ;src=9582686;type=globalc;cat=globa0;ord=6281985282534;gtm=2od3e0;auiddc=1351215056.1648025593;u1=B2C;u2=no_locale;u4=threatpost.com;u5=%2Fmalware-hunter-crawls-internet-looking-for-rat-c2s%2F125360%2F;u6=;u7=43773785847027393794548580237456872318-1699936158.1648025592;u9=_malware-hunter-crawls-internet-looking-for-rat-c2s_125360_;~oref=https%3A%2F%2Fthreatpost.com%2Fmalware-hunter-crawls-internet-looking-for-rat-c2s%2F125360%2F
Frame ID: E31818D47A27D98694592CBFC1ACDF4E
Requests: 1 HTTP requests in this frame

Frame: https://tagan.adlightning.com/math-aids-threatpost/bl-01880f1-a9073723.js
Frame ID: 49AC3E1B390017F01779993F1C986E72
Requests: 21 HTTP requests in this frame

Frame: https://tagan.adlightning.com/math-aids-threatpost/bl-01880f1-a9073723.js
Frame ID: 2038282ADBF6CD6B331D24E0B419C810
Requests: 18 HTTP requests in this frame

Frame: https://1105ae95aa1529a70b513af5de3aa4db.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 761F181BEA0D63F24218FBD6D99D4187
Requests: 18 HTTP requests in this frame

Frame: https://1105ae95aa1529a70b513af5de3aa4db.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: A68AE42B66E16B95C7D37B2EF54600D9
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJnYKBCaoPjrARiQ4ZLCATAB&v=APEucNXgQqHUwCGVjRqhbDIWA6J9YwnCUU55T2L7dcothzBNnoySLpiDgleCXLCRLqHxDN5rwxlyQrclsXwkUkTr27v9Be839TO8LMfFj77LesMN6IfTZkM
Frame ID: 2959AA40992B1BA91398CE24B1F8E3E9
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPDkLxCoi2UY--HEmAEwAQ&v=APEucNXKHB7-pggQf1BkwWy3FUfHxlxrkmxE3fTbRBOeuIWKhlz7OWDtds_aDYqFxJoy1PA0Bz5Ez4A14Yx9vjjjwfmKr1HHGw4lF2Au54_nI3IVcmTc31E
Frame ID: DA8A198955F15F6BD0A4997364233443
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AjeQJNaRiR8LZBWZ1BNlWzxwEzsrjIi19CGdKdRdCctONUPOWOKCPofIWWc9-pJFAgBe8NQTQNOGrVdKhzienDU2DTyw&cry=1&dbm_d=AKAmf-CIacHD8MLGf2GhUFyD97t2y07CJ_PsdbueW2AbOLgAdoZgIWRH_nq2I5EuMLuafnJ1lfv6mZVjKzVlNfKtzGRSnW8PQ6aC5yd6_7jTY9QyCNbLpTvXC5Nw5nTwHmALdz8hDZa4KN0ajS27hVgp230k_eNNSLW3xwD9AjEe_hPiNZ9A-JnAPm64nof904aUrg7NSwdjZH3yBkXBLQDdzZRtmGlRuyFdxt-4YVUNjA7AvTd4BRURK8zUE-IMg7rPDXCe3P6cEJA3H8siYmYmChezh-8tq2XDjVxxXZDDqR8KDMEkqIuiE956zC24nvZM_wI0iTEdEPxVQj99OSXjfl_5aZmkZQ5NGY11CE9TPM7zr-96LdFbHPgJkI6gxEXgFAp5QW4PNOWFU9jSEvwv-_yl6oT_z3saVR8DBYYZxVPkX0PeUgkwZ4GDz3ZTlJ9CZyMhRdMjtmFq2a3J_A7p5C6F2fn-TnaaIJKAcnlR3-Imx3xY-rjqA6BpN1dwP7FpGTiWlJmKO5VAgE37d_QMkJbAUTBWuO80zBhubSHcIrj8L8ZBXAIGUeomPOL11KNMErW8kAQ3vWuu_mmiWxedQ-E3-ng5hEmCkcEX5LwPWaRQ9PGuc4IeZTzgvRYTTkDzgaaCZ_bHyhmkovwVT1FdDcuc9XKXT8oDglNPViuL7pL8se5TT2IpmsLKMI-YDs1VVXktKp32FW2wjCbVtmx_v1FTfQ7PeRfp8WxhxHIZHTVov_L3AJSURC2NOcvJ2qqxUlt_ovUEW5cTTQ0isXuYOsvCvkekJj-rIIB78HKVdAECITgBZP1KvwD7CYJeiLPTTYkof-d9-U3b9vXBwXsS1_jyXvajJVleiFwgIEusg4V8XkbSSiZ33GyiqMnIdggNwOKkJImmm0FmRuw6HEljr_BS3xmkhQM0BT5jtkXJkOClR-zQmqCBaHlIxobSedatg7MOMmz304Mu4LTQR3x97Kf6xGLL9yn-LbNZd0aNG4KZQJjjS3GOXFn2ZDdtXC0G7YjCJtNJ9fstaPxcOP8d5LdO6di36GHGsuk-NrWWv1OmtVP-QidNY0TWEec2Gs7W2pkOhMcvN2szAqx12iHBovCegyYQ33A2pbZfdOT9hcsBr9rWVmjC34JwcLEj9uJLbbO-50dx3S3FZdNlx0gfFcnAfgC-zFkxUX-ZQ1HXTsWz9HKJoAp5yHK9ZCFZ2-P9pevCqDMRPprMzA9SUN9K_CgEy4SfydiPU_KBUXFmGqWDPLdbuWNZbaiRQA4-dFq0E_7ilxNvQASTV5HsjA02RWHjYhVUAUALeBtRADRTeXtt-gCgALg2XCIRQaVXDzIWhaEvoJgGMXdDWonOK1vAIg0fvHZZ-YImfzMF4_tVaa6u7burEFWLytskiUjm0mX1BYj-eLEhrpV8xng3Y_AX1GzZDROE-hvx7tKuf356Q80SvgW7cX-kELq6I4n-qVCkARhRTEAZgP77NCckpzXa3WJVOU9J3-uLTMGTrf5Ai0F8vkLiwSTi-ao37-Vp7qYKy-SpZd3mLcnGOP7FTcEHBxG8wVIKUn8LI7RyFC6wIbfTeLsqj8lODJQcck_9t5K6MBCEt6ryhWR87HVXgcBTnvIdGfpPaAJsl8O7SvqzEdYdIBNNZpilJ5bYk1glRrJ1vrq3swTAQhtmtxNRfTrYaWG6-XNkCr1vhte4hnzYWa0tib4wGDZ_w647kd5MZBeHoMziddm_yw6m95asg1SbJBcVxBGcU6Uas5AMeXtTxPIGPVpNZqQjKjb8iIrUyJ1C-iq9JdzpHHMCnoh5oWvqDhKwIGJlC36xWp896pNkzwaPbBbka7SS0foLCWMPvIIQWNHqbCTSZWKP-i2LUwWdkF8dxe9fwvidvpb29-iWoTBCZctXzpWghAySXmtl9KWFg0zX_kc3AM9ivKoa5luYEYuXjSbv0TV3OzAyfWOMGTC0QHQU51CAx303Sugyaz0sevZmxZL3DbGODNolqAfWXS35YgxOBg6Rus8-nnhP-ucEulnCvHEAMERdH86gDTH9aV5dPVOeya_aU79KFf2eUjgJbsHnH2SLFUYkQ1RcSlBRJhdgSqmQW4jTliYykHyQB2og0DfwYlDol_PyOb72tdx5fja4HksoO1tJM5uv0yd-cr1aoSAmjYs0X7T_dCft9nsC5_G5Jv4D30fOTt3gQAJ-IaXkqpYVFfCdHaV8_XHkpSVtQTMSd14FeXrDtYgWUkRw6Sw1MbGgR-sZtjirwb35sse0qsL4GD2Icg8fiXWm1epmEtQCIpH3gTuRRlkMe4ZUHUMaNGrN5d8xh7ZwZdV2SSEpXXmOP697m4NDgorQu0Xf5-k_sRzvKD7CE7iMMAtkKkjBA6WA3ZnH5hSRAc5UHfazOMwBiI6kS4dryvPAHGMMhh3cjrz5yRUPsHul6grSfJj2QI335yNVIZ-rq7WdmGYaj_jV4bS6MBr-YH1lQTjLRgxW8GPmBSEIcZM3t4svvoMspaAMx4YWUxqS7szVmbp80uSQ_98VmUNegZ4DwYBKZy6ZkA6cWaVwhL2RBICR8nQJW_q9hJbHt13qErUDq6eIALJ4HymlfaU385W17jL_iXCzqcjIoDhbbvDWI7-rutb6tXflc79X_Wqc3W2rmbcW0TUe5djs2gW5WVp438Z2Ea7ubca-Nzhw7n4RhpzALs6zMrbhIhZ586mjnORS92oCpWZblSOlbeWzN5ZpFt51Hlkc7_oWw8kHbSneUm09rrwnsIrjs5k59TVKpA2UfunXljXf4Go4XSKvy8AZxMZuU_7jbHrjauHTTkRjtv2d5qiNy4J9qdAXwDvgGKr5MHh-ZQs3JGW8ARh2PwdcCtasOmIBrvNRK4ftbNER3ThrQECwjiwQtifWKcz3ccCaj8G5VPgKGlBEQNdJLkkqR6hKnSoOpfBSkCInrYzoEwTHm8kJgRRMmR8N9ziePe7EF0CbrRQMQAQId0ZLlG6Zzut055TLMskUsZA3IY4H5UGzPaBlrHYLKI-5w76vwVZRBhKMgGN1Js8M8ywOPFzG2wwFusPxOZgrORS7WSeg7Cr5h0MzhA3imFE_Z29iLzmfI-eHqg&cid=CAASJ-Ro1YdurFjZbeg31nYEQ1KP5gxSBLRE4-169CLChc5yK-EHBHkswA&rfl=2%2Chttps%253A%252F%252Fthreatpost.com%252F%240
Frame ID: 1738680F501FA72CD51A7F64E1F77C29
Requests: 10 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 25079EA485B281E07AE0E42BC90063B3
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/17744649143931551434/index.html
Frame ID: 74C02B289C29E992EF635435C8E65519
Requests: 7 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 04526EB099321B4844A3B3283A845732
Requests: 3 HTTP requests in this frame

Frame: https://js-sec.indexww.com/um/ixmatch.html
Frame ID: DCD24D4B7AFE4DA1C9CF919C13E97686
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156858&gdpr=0&gdpr_consent=
Frame ID: 83B049E8B740DB0EE574375904AA09C5
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: D25EAEE9F2C8DC059DC837070D72B5F3
Requests: 3 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: CED60757AE310EB5E546BE04B74FBF82
Requests: 3 HTTP requests in this frame

Frame: https://u.openx.net/w/1.0/pd?gdpr=0&gdpr_consent=
Frame ID: ECEDCA9E066DE68DA923AA90322D1A75
Requests: 7 HTTP requests in this frame

Frame: https://u.openx.net/w/1.0/pd?gdpr=0&gdpr_consent=
Frame ID: C136E11338116C046C3A5C45D7A49AA1
Requests: 7 HTTP requests in this frame

Frame: https://js-sec.indexww.com/um/ixmatch.html
Frame ID: FE2DDEF5188164DE4615AC9575931B8B
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156858&gdpr=0&gdpr_consent=
Frame ID: 6F7F7667AD06CA95560E9B851B479B9D
Requests: 1 HTTP requests in this frame

Frame: https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/ss/2000891.html
Frame ID: 83E66B9E86CC27B631221B223E577926
Requests: 8 HTTP requests in this frame

Frame: https://js-sec.indexww.com/um/ixmatch.html
Frame ID: 5F78F79C5FAB2E3BA3C26201842E5F00
Requests: 1 HTTP requests in this frame

Frame: https://ap.lijit.com/beacon?informer=13394437
Frame ID: 2C48D924CEFE2AE9A6CF645442CA43FE
Requests: 1 HTTP requests in this frame

Frame: https://eb2.3lift.com/sync?&ld=1
Frame ID: 11C2AA6147393ABD03F7CE09D1F7743F
Requests: 11 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156858
Frame ID: 05E0EBD74C18101367666210EB55D479
Requests: 1 HTTP requests in this frame

Frame: https://public.servenobid.com/sync.html
Frame ID: 23C2E1B38CDCB35396BAD6D378B6C9B8
Requests: 9 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: AB8B1ADBCC44402CE7AEBFD7EBDD4780
Requests: 3 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html
Frame ID: C22A7F59E51898FC477FA4567E166C82
Requests: 10 HTTP requests in this frame

Frame: https://u.openx.net/w/1.0/pd
Frame ID: 2442275AA2382DFE9AF7C7731FB841CD
Requests: 1 HTTP requests in this frame

Frame: https://cs.emxdgt.com/um?ssp=pbs&redirect=https%3A%2F%2Fe.serverbid.com%2Fudb%2F9969%2Fsync%2Fi.gif%3FpartnerId%3D44%26userId%3D%24UID
Frame ID: A1E1E831902D91B596770AC4DB4C0942
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?p=17632&endpoint=us-east
Frame ID: F224CFBCE6A2AEB577AC152A2306E71C
Requests: 3 HTTP requests in this frame

Frame: https://go.sonobi.com/uc.html?pubid=e55fb5d7c2
Frame ID: EDC76AD52E6204B066991404D60096AC
Requests: 1 HTTP requests in this frame

Frame: https://gift-connect-d.openx.net/w/1.0/cm?id=fd531c74-f5ed-4e60-8874-939fb2acafa1&r=https%3A%2F%2Fe.serverbid.com%2Fudb%2F9969%2Fsync%2Fi.gif%3FpartnerId%3D19%26userId%3D
Frame ID: CBEBF82BEECE26D3FFEE39841806BE04
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156319&userIdMacro=PM_UID&predirect=https%3A%2F%2Fe.serverbid.com%2Fudb%2F9969%2Fsync%2Fi.gif%3FpartnerId%3D4%26userId%3DPM_UID
Frame ID: FA59C0B66F34801F8B57F782377B1C73
Requests: 1 HTTP requests in this frame

Frame: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Frame ID: 80894A88E6BC9AC624601CE8B5145423
Requests: 16 HTTP requests in this frame

Frame: https://pixel.33across.com/ps?m=xch&rt=html&id=0010b00002Mq2FYAAZ&ru=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D304%26uid%3D33XUSERID33X
Frame ID: DEF2B7C56CE8BE771B339C52B8A7AAB3
Requests: 1 HTTP requests in this frame

Frame: https://onetag-sys.com/usync/?pubId=694e68b73971b58&gdpr=0&gdpr_consent=&us_privacy=1YN-&https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D318%26uid%3D
Frame ID: 08F26C94481F6A8E1CB0ACB442EF91AC
Requests: 1 HTTP requests in this frame

Frame: https://ssbsync.smartadserver.com/api/sync?callerId=9&gdpr=0&gdpr_consent=&us_privacy=1YN-&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D317%26uid%3D%24UID
Frame ID: 5AA9AD665A27E18772387088B40BA37A
Requests: 6 HTTP requests in this frame

Frame: https://ssum-sec.casalemedia.com/usermatch?s=195491&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D
Frame ID: 00BB57836170F94A2C93C46237D61525
Requests: 10 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usersync?b=mmh&i=ed87623a-dffb-4100-90e0-bb28ed7073f6&gdpr=0&gdpr_consent=
Frame ID: 718DB4951FC9A06428E984B829873598
Requests: 1 HTTP requests in this frame

Frame: https://usersync.gumgum.com/usersync?b=atm&i=Yjrf9wAAAGHUlwP7&gdpr=0&gdpr_consent=
Frame ID: 17B0DC5F7FD61AD5C4F2A4EF61695809
Requests: 1 HTTP requests in this frame

Frame: https://cm.g.doubleclick.net/pixel?google_nid=gumgum_dbm&google_hm=ZV8xZmRiNDdkMC1hYzQyLTRlNTEtOGU0NS04MjVjNDQ1MjI4MDM=&gdpr=0&gdpr_consent=
Frame ID: 1A98E873955F558D4B57D78B816B76BE
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=0&gdprConsent=
Frame ID: AE36D0D20F8BF6DFE75C4964376C3E60
Requests: 1 HTTP requests in this frame

Frame: https://ssc-cms.33across.com/ps/?m=xch&rt=html&id=0013300001r0t9mAAA&ru=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dtta%26i%3D33XUSERID33X
Frame ID: 9B6A7A3D78B2A6A01EFD2273F5C5D5B0
Requests: 1 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usersync?b=ttd&i=962dd896-ae01-413a-80d7-db66f5020af3&t=1650617598
Frame ID: 8C25DD8A47CE4D1C46ECBF205783DC1F
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?p=gumgum
Frame ID: B5F60658F5ECB995A7A63C0F14E75591
Requests: 3 HTTP requests in this frame

Frame: https://cs.emxdgt.com/um?redirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Demx%26i%3D%24UID
Frame ID: A30A035BC7949E4B2BAE943DB40EDCEC
Requests: 1 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usersync?b=sus&i=Yjrf-sCo8XYAAFCE0IEAAAAA
Frame ID: 63AFE597A627E818AC471A93F8D5135B
Requests: 1 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usersync?b=rth&i=BVHCmpEv01LIZbWN00PA&pi=gumgum&tc=1
Frame ID: 81D7EAE1A8F1B8B8E182BC9E5BE4BB80
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Malware Hunter Crawls Internet Looking for RAT C2s | Threatpost

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
  • /wp-(?:content|includes)/
Overall confidence: 100%
Detected patterns
  • adnxs\.(?:net|com)
Overall confidence: 100%
Detected patterns
  • 2mdn\.net
Overall confidence: 100%
Detected patterns
  • googletagservices\.com/tag/js/gpt(?:_mobile)?\.js
Overall confidence: 100%
Detected patterns
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Overall confidence: 100%
Detected patterns
  • googlesyndication\.com/
  • 2mdn\.net
Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js
Overall confidence: 100%
Detected patterns
  • <!-- (?:End )?Google Tag Manager -->
  • googletagmanager\.com/gtm\.js
  • googletagmanager\.com/gtag/js
Overall confidence: 100%
Detected patterns
  • snap\.licdn\.com/li\.lms-analytics/insight\.min\.js
Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.openx\.net
Overall confidence: 100%
Detected patterns
  • /prebid\.js
  • adnxs\.com/[^"]*(?:prebid|/pb\.js)
Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.pubmatic\.com
Overall confidence: 100%
Detected patterns
  • \.quantserve\.com/quant\.js
Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.rubiconproject\.com
Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Overall confidence: 100%
Detected patterns
  • /recaptcha/api\.js

Page Statistics

424
Requests

84 %
HTTPS

27 %
IPv6

82
Domains

141
Subdomains

104
IPs

10
Countries

7491 kB
Transfer

15500 kB
Size

100
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 44
  • https://cd.connatix.com/connatix.player.js HTTP 302
  • https://cds.connatix.com/p/155403/connatix.player.dc.js
Request Chain 97
  • https://cm.everesttech.net/cm/dd?d_uuid=36674683789198166813550287922905169188 HTTP 302
  • https://dpm.demdex.net/ibs:dpid=411&dpuuid=Yjrf9wAAAGHUlwP7
Request Chain 180
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=39138&time=1648025593144&url=https%3A%2F%2Fthreatpost.com%2Fmalware-hunter-crawls-internet-looking-for-rat-c2s%2F125360%2F HTTP 302
  • https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D39138%26time%3D1648025593144%26url%3Dhttps%253A%252F%252Fthreatpost.com%252Fmalware-hunter-crawls-internet-looking-for-rat-c2s%252F125360%252F%26liSync%3Dtrue HTTP 302
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=39138&time=1648025593144&url=https%3A%2F%2Fthreatpost.com%2Fmalware-hunter-crawls-internet-looking-for-rat-c2s%2F125360%2F&liSync=true HTTP 302
  • https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=39138&time=1648025593144&url=https%3A%2F%2Fthreatpost.com%2Fmalware-hunter-crawls-internet-looking-for-rat-c2s%2F125360%2F&liSync=true&e_ipv6=AQLZljUj00Q-MQAAAX-1-uVHhbixLwVYACL1pYvNt2o0ddxIZHbTf0AbNLOaYUZI0WM0boX3V7rKLRdkyB__5mcRZhuX
Request Chain 185
  • https://9582686.fls.doubleclick.net/activityi;src=9582686;type=globalc;cat=globa0;ord=6281985282534;gtm=2od3e0;auiddc=1351215056.1648025593;u1=B2C;u2=no_locale;u4=threatpost.com;u5=%2Fmalware-hunter-crawls-internet-looking-for-rat-c2s%2F125360%2F;u6=;u7=43773785847027393794548580237456872318-1699936158.1648025592;u9=_malware-hunter-crawls-internet-looking-for-rat-c2s_125360_;~oref=https%3A%2F%2Fthreatpost.com%2Fmalware-hunter-crawls-internet-looking-for-rat-c2s%2F125360%2F HTTP 302
  • https://9582686.fls.doubleclick.net/activityi;dc_pre=CKr8seDt2_YCFUSwUQoddgEPEQ;src=9582686;type=globalc;cat=globa0;ord=6281985282534;gtm=2od3e0;auiddc=1351215056.1648025593;u1=B2C;u2=no_locale;u4=threatpost.com;u5=%2Fmalware-hunter-crawls-internet-looking-for-rat-c2s%2F125360%2F;u6=;u7=43773785847027393794548580237456872318-1699936158.1648025592;u9=_malware-hunter-crawls-internet-looking-for-rat-c2s_125360_;~oref=https%3A%2F%2Fthreatpost.com%2Fmalware-hunter-crawls-internet-looking-for-rat-c2s%2F125360%2F
Request Chain 260
  • https://www.google.com/pagead/drt/ui HTTP 302
  • https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Request Chain 261
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm&gdpr=0 HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECfj2luyT3_BkfgwCS2JUpA&google_cver=1&gdpr=0
Request Chain 262
  • https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&gdpr=0&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
  • https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgdpr%3D0%26google_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&gdpr=0&ixi=0&C=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?gdpr=0&google_nid=casale_media2_dsp_secure&google_cm&google_hm=Yjrf.noNB57K5wdhKQJBxAAA HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECfj2luyT3_BkfgwCS2JUpA&google_cver=1&gdpr=0&google_hm=2
Request Chain 263
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm&gdpr=0 HTTP 302
  • https://ib.adnxs.com/setuid?entity=101&gdpr=0&code=CAESEFK2SGB4onJEqLMg5_ZevSc&google_cver=1
Request Chain 264
  • https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Nzg4NTgxMTgyODg0NDgyMjA1OA%3D%3D
Request Chain 266
  • https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm&gdpr=0 HTTP 302
  • https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESELVWe0ik0I-fTvPbfIaPOE0&google_cver=1&gdpr=0
Request Chain 267
  • https://us-u.openx.net/w/1.0/cm?id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&gdpr=0&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=Zjg1YTk0YzgtNmJmOS0yYTg0LWQxM2EtNjRlMTE4NmQ2ODE5
Request Chain 268
  • https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm&gdpr=0 HTTP 302
  • https://sync.teads.tv/um?eid=3&uid=CAESECxXC90gJkN27bQP5cusJC4&google_cver=1&gdpr=0
Request Chain 289
  • https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fthreatpost.com%2F&domain=threatpost.com&cw=1&lsw=1 HTTP 302
  • https://mug.criteo.com/sid?cpp=AhWX0Xw2R21WalRGM0lxT3JCVmpPM2pGelpoQWFLNGRsdmt5UzhwY0dDaFpCbzFjZGxHTzV5UFBDODI1Szdna20xQ0RUNDNZNTdnWklXbGUvcERJQWt3d3dBZWdRNkYvUFBVdnh0QWRScTR3VFc1WEVURjZnTlZMTDhJWFgzMldXUlBXa3J4MFlpOWdCVG4rRGE4V2xVZmN4TGJsKzd6VmwxdFlET1EwRkxjOWtOUC9iZ3BTdUdSaW5xQXdpc1Zlb2JqUVdPTkxhUVZYQ2FOQXcyelJsaE5OcmNOTFM4b3h0ME9hVlU5cWdydTF1QUxnPXw&cppv=2
Request Chain 298
  • https://sync-tm.everesttech.net/upi/pid/m7y5t93k?gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fpixel.advertising.com%2Fups%2F55986%2Fsync%3Fuid%3D%24%7BUSER_ID%7D%26_origin%3D0&gdpr=0&gdpr_consent= HTTP 302
  • https://pixel.advertising.com/ups/55986/sync?uid=Yjrf9wAAAGHUlwP7&_origin=0&gdpr=0&gdpr_consent= HTTP 302
  • https://ups.analytics.yahoo.com/ups/55986/sync?uid=Yjrf9wAAAGHUlwP7&_origin=0&gdpr=0&gdpr_consent=&apid=UPad9279c9-aa86-11ec-a09e-020390defe0c HTTP 302
  • https://ups.analytics.yahoo.com/ups/55986/sync?uid=Yjrf9wAAAGHUlwP7&_origin=0&gdpr=0&gdpr_consent=&apid=UPad9279c9-aa86-11ec-a09e-020390defe0c&verify=true
Request Chain 299
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=adaptv&ttd_tpi=1 HTTP 302
  • https://match.adsrvr.org/track/cmb/generic?ttd_pid=adaptv&ttd_tpi=1 HTTP 302
  • https://ups.analytics.yahoo.com/ups/55953/sync?uid=962dd896-ae01-413a-80d7-db66f5020af3&_origin=1&gdpr=1&gdpr_consent=
Request Chain 300
  • https://pixel.advertising.com/ups/57304/sync?gdpr=&gdpr_consent=&_origin=0&redir=true HTTP 302
  • https://pixel.advertising.com/ups/57304/sync?gdpr=&gdpr_consent=&_origin=0&redir=true&verify=true HTTP 302
  • https://ups.analytics.yahoo.com/ups/57304/sync?gdpr=&gdpr_consent=&_origin=0&redir=true&apid=UPad9279c9-aa86-11ec-a09e-020390defe0c HTTP 302
  • https://ups.analytics.yahoo.com/ups/57304/sync?gdpr=&gdpr_consent=&_origin=0&redir=true&apid=UPad9279c9-aa86-11ec-a09e-020390defe0c&verify=true HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=adaptv_dbm&google_cm&google_hm=VVBhZDkyNzljOS1hYTg2LTExZWMtYTA5ZS0wMjAzOTBkZWZlMGM%3D HTTP 302
  • https://pixel.advertising.com/ups/57304/sync?uid=CAESEO3lDx1sjjueI0kH9C49o6E&google_cver=1 HTTP 302
  • https://ups.analytics.yahoo.com/ups/57304/sync?uid=CAESEO3lDx1sjjueI0kH9C49o6E&google_cver=1&apid=UPad9279c9-aa86-11ec-a09e-020390defe0c
Request Chain 302
  • https://sync.mathtag.com/sync/img?mt_exid=5&redir=https%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D536872786%26val%3D%5BMM_UUID%5D HTTP 302
  • https://eu-u.openx.net/w/1.0/sd?id=536872786&val=22ff623a-dffb-4200-a1c0-54dbc297aa72
Request Chain 303
  • https://pixel.quantserve.com/pixel/p-25CIknq_eSg16.gif?idmatch=0&gdpr=0 HTTP 302
  • https://us-u.openx.net/w/1.0/sd?id=537072956&&val=J2_w8HU7pak8a_uhcmnu9CQ_pag8Pvb3JWzm-XEC
Request Chain 304
  • https://c1.adform.net/serving/cookie/match?party=22 HTTP 302
  • https://c1.adform.net/serving/cookie/match?CC=1&party=22 HTTP 302
  • https://eu-u.openx.net/w/1.0/sd?id=537113484&val=1869514360088373970
Request Chain 307
  • https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc HTTP 302
  • https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESELVWe0ik0I-fTvPbfIaPOE0&google_cver=1
Request Chain 308
  • https://sync.mathtag.com/sync/img?mt_exid=5&redir=https%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D536872786%26val%3D%5BMM_UUID%5D HTTP 302
  • https://eu-u.openx.net/w/1.0/sd?id=536872786&val=ed87623a-dffb-4100-90e0-bb28ed7073f6
Request Chain 309
  • https://pixel.quantserve.com/pixel/p-25CIknq_eSg16.gif?idmatch=0&gdpr=0 HTTP 302
  • https://us-u.openx.net/w/1.0/sd?id=537072956&&val=J2_w8HU7pak8a_uhcmnu9CQ_pag8Pvb3JWzm-XEC
Request Chain 310
  • https://c1.adform.net/serving/cookie/match?party=22 HTTP 302
  • https://c1.adform.net/serving/cookie/match?CC=1&party=22 HTTP 302
  • https://eu-u.openx.net/w/1.0/sd?id=537113484&val=1686885154496756674
Request Chain 313
  • https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc HTTP 302
  • https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESELVWe0ik0I-fTvPbfIaPOE0&google_cver=1
Request Chain 322
  • https://sync.serverbid.com/ss/2000891.html HTTP 302
  • https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/ss/2000891.html
Request Chain 325
  • https://eb2.3lift.com/sync HTTP 302
  • https://eb2.3lift.com/sync?&ld=1
Request Chain 333
  • https://eb2.3lift.com/ebda?sync=1&gdpr=1&cmp_cs= HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=NDYyMDY4NDgwNDQ1NzQ0MTAzMDcxNw%3D%3D
Request Chain 335
  • https://eb2.3lift.com/sync/google/demand?sync=1&gdpr=1&gdpr_consent= HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=triplelift&gdpr=1&gdpr_consent=&us_privacy=&google_hm=NDYyMDY4NDgwNDQ1NzQ0MTAzMDcxNw%3D%3D
Request Chain 337
  • https://pr-bh.ybp.yahoo.com/sync/triplelift/4620684804457441030717?gdpr=1&gdpr_consent= HTTP 302
  • https://eb2.3lift.com/xuid?mid=2662&xuid=y-bHx5G39E2oTpavaOWDoO9HYad1jvXo1pIAxDqm21kw--~A&dongle=0883
Request Chain 340
  • https://s.amazon-adsystem.com/x/757c0557066e95cfd4c7?gdpr=1&gdpr_consent=&uid=4620684804457441030717 HTTP 302
  • https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&dl=3lift&gdpr=1&gdpr_consent=&uid=4620684804457441030717&dcc=t
Request Chain 341
  • https://b1sync.zemanta.com/usersync/triplelift?gdpr=1&gdpr_consent= HTTP 302
  • https://eb2.3lift.com/xuid?mid=2460&dongle=dba8&xuid=&gdpr=1
Request Chain 343
  • https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id= HTTP 302
  • https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=&dcc=t HTTP 302
  • https://pixel.rubiconproject.com/token?pid=2179&pt=n&puid=ALAYrKxXQsWyIJrHcEd0tA&rk=usync-na HTTP 302
  • https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=ALAYrKxXQsWyIJrHcEd0tA
Request Chain 344
  • https://token.rubiconproject.com/token?pid=2249&pt=n HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=N2I1MjA2ZTY1MDU5N2IwNzVmNjcwZTY3M2QxNDA2NjQyMmUyOTM3NQ
Request Chain 346
  • https://token.rubiconproject.com/token?pid=26594 HTTP 302
  • https://ads.yahoo.com/cms/v1?nwid=10000010181&eid=L13BVWZ9-1T-7EZD&sigv=1&esig=2~772d716347837d8fcc5c7bc25fc2a2c6c0fd951c
Request Chain 347
  • https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id= HTTP 302
  • https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id=&dcc=t HTTP 302
  • https://pixel.rubiconproject.com/token?pid=2179&pt=n&puid=qpstN9X2QzmH26Ybk9aP8g&rk=usync-other HTTP 302
  • https://aax-eu.amazon-adsystem.com/s/ecm3?ex=rubiconprojectHMT&id=qpstN9X2QzmH26Ybk9aP8g
Request Chain 348
  • https://token.rubiconproject.com/token?pid=36584 HTTP 302
  • https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=L13BVWZ9-1T-7EZD
Request Chain 349
  • https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm&google_sc HTTP 302
  • https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEMpBD9GZEZHbTdlBWEd_SaU&google_cver=1
Request Chain 350
  • https://token.rubiconproject.com/token?pid=25470 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDEzQlZXWjktMVQtN0VaRA==
Request Chain 352
  • https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=17632&endpoint=us-east HTTP 301
  • https://eus.rubiconproject.com/usync.html?p=17632&endpoint=us-east
Request Chain 356
  • https://ib.adnxs.com/getuid?https%3A%2F%2Fe.serverbid.com%2Fudb%2F9969%2Fsync%2Fi.gif%3FpartnerId%3D28%26userId%3D%24UID HTTP 302
  • https://e.serverbid.com/udb/9969/sync/i.gif?partnerId=28&userId=7885811828844822058
Request Chain 357
  • https://ssum-sec.casalemedia.com/usermatchredir?s=185073&cb=https%3A%2F%2Fe.serverbid.com%2Fudb%2F9969%2Fsync%2Fi.gif%3FpartnerId%3D1%26userId%3D HTTP 302
  • https://e.serverbid.com/udb/9969/sync/i.gif?partnerId=1&userId=Yjrf.noNB57K5wdhKQJBxAAA%261115
Request Chain 360
  • https://pixel.advertising.com/ups/56621/occ HTTP 302
  • https://ups.analytics.yahoo.com/ups/56621/occ?apid=UPad9279c9-aa86-11ec-a09e-020390defe0c HTTP 302
  • https://e.serverbid.com/udb/9969/sync/i.gif?partnerId=29&userId=UPad9279c9-aa86-11ec-a09e-020390defe0c
Request Chain 361
  • https://e.serverbid.com/udb/9969/match?redir=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Dco%26nuid%3D HTTP 302
  • https://sync.go.sonobi.com/us.gif?nw=co&nuid=ue1-sb1-36e87130-fe31-414b-a1bc-a58b28b6edb3
Request Chain 362
  • https://e.serverbid.com/udb/9969/match?redir=https%3A%2F%2Fi.liadm.com%2Fs%2F56939%3Fbidder_id%3D203802%26bidder_uuid%3D HTTP 302
  • https://i.liadm.com/s/56939?bidder_id=203802&bidder_uuid=ue1-sb1-36e87130-fe31-414b-a1bc-a58b28b6edb3 HTTP 303
  • https://i.liadm.com/s/56939?bidder_id=203802&bidder_uuid=ue1-sb1-36e87130-fe31-414b-a1bc-a58b28b6edb3&_li_chk=true&previous_uuid=3f2dd594b1c2437ba3daa184b381630a HTTP 303
  • https://i6.liadm.com/s/56939?bidder_id=203802&bidder_uuid=ue1-sb1-36e87130-fe31-414b-a1bc-a58b28b6edb3
Request Chain 369
  • https://ib.adnxs.com/getuid?https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D312%26uid%3D%24UID HTTP 302
  • https://ads.servenobid.com/sync?pid=312&uid=7885811828844822058
Request Chain 370
  • https://ce.lijit.com/merge?pid=273657&3pid=273657&gdpr=0&gdpr_consent=&us_privacy=1YN-&&location=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D310%26uid%3D%5BSOVRNID%5D HTTP 302
  • https://ce.lijit.com/merge?pid=273657&3pid=273657&gdpr=0&gdpr_consent=&us_privacy=1YN-&location=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D310%26uid%3D%5BSOVRNID%5D&dnr=1 HTTP 302
  • https://ads.servenobid.com/sync?pid=310&uid=be4b9180a229236247304b8a
Request Chain 373
  • https://p.rfihub.com/cm?pub=44007&in=1 HTTP 302
  • https://ads.servenobid.com/sync?pid=324&uid=5109685622694528826
Request Chain 375
  • https://prebid.a-mo.net/cchain/0?gdpr=0&gdpr_consent=&us_privacy=1YN-&&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D327%26uid%3D HTTP 302
  • https://ads.servenobid.com/sync?pid=327&uid=0e4a0f67-a119-49bc-85ea-f922d2c0c9f3&gdpr=0&gdpr_consent=&us_privacy=1YN-
Request Chain 376
  • https://ups.analytics.yahoo.com/ups/58559/occ HTTP 302
  • https://ads.servenobid.com/sync?pid=337&uid=y-6sqdysVE2uExSzNHj79I43DBjRfHEZ2dn5QyrG4-~A
Request Chain 377
  • https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=Yjrf-noNB57K5wdhKQJBxAAABFsAAAAB HTTP 302
  • https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=Yjrf-noNB57K5wdhKQJBxAAABFsAAAAB&dcc=t
Request Chain 383
  • https://b1sync.zemanta.com/usersync/index/?us_privacy=&gdpr=1&gdpr_consent= HTTP 302
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=17&external_user_id=&gdpr=1
Request Chain 384
  • https://sync.crwdcntrl.net/qmap?c=6725&tp=INDX&tpid=Yjrf.noNB57K5wdhKQJBxAAA%261115&gdpr=1&gdpr_consent=&us_privacy= HTTP 302
  • https://sync.crwdcntrl.net/qmap?c=6725&tp=INDX&tpid=Yjrf.noNB57K5wdhKQJBxAAA%261115&gdpr=1&gdpr_consent=&us_privacy=&ct=y
Request Chain 386
  • https://secure.adnxs.com/getuid?https://rtb.gumgum.com/usersync?b=apn&i=$UID HTTP 302
  • https://rtb.gumgum.com/usersync?b=apn&i=7885811828844822058
Request Chain 387
  • https://x.bidswitch.net/sync?ssp=gumgum2&user_id=e_1fdb47d0-ac42-4e51-8e45-825c44522803&gdpr=0&gdpr_consent=&us_privacy=1--- HTTP 302
  • https://x.bidswitch.net/ul_cb/sync?ssp=gumgum2&user_id=e_1fdb47d0-ac42-4e51-8e45-825c44522803&gdpr=0&gdpr_consent=&us_privacy=1--- HTTP 302
  • https://bidswitch-eu.splicky.com/cm?bidswitch_ssp_id=gumgum2&bsw_custom_parameter=beebf8ce-b9c0-46a0-98dc-69f902b39712 HTTP 302
  • https://x.bidswitch.net/sync?dsp_id=311&user_id=&user_group=2&ssp=gumgum2&expires=10&bsw_param=beebf8ce-b9c0-46a0-98dc-69f902b39712 HTTP 302
  • https://rtb.gumgum.com/usersync?b=bsw&i=beebf8ce-b9c0-46a0-98dc-69f902b39712
Request Chain 388
  • https://sync.outbrain.com/redirectObuid?platformId=GUMGU18H7EL9NI653I7DPEH51&gdpr=0&gdprConsent=&platformRdUrl=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dobn%26i%3D%7BOB_UID%7D%26r%3D%7BobRdUrl%7D HTTP 302
  • https://rtb.gumgum.com/usersync?b=obn&i=ENC%28HgFSHcn2nntWlDev6zEZ1rX7-GT29f2BfaxURfO8xZoaeoEF6EUvcmKYfC7q_FR5%29&r=https%3A%2F%2Fsync.outbrain.com%2FsyncUser%3FplatformId%3D%7Bplatform_id%7D%26platformUid%3D%7Bplatform_uid%7D%26obuid%3DENC%28HgFSHcn2nntWlDev6zEZ1rX7-GT29f2BfaxURfO8xZoaeoEF6EUvcmKYfC7q_FR5%29 HTTP 302
  • https://sync.outbrain.com/syncUser?platformId=GUMGU18H7EL9NI653I7DPEH51&platformUid=e_1fdb47d0-ac42-4e51-8e45-825c44522803&obuid=ENC(HgFSHcn2nntWlDev6zEZ1rX7-GT29f2BfaxURfO8xZoaeoEF6EUvcmKYfC7q_FR5) HTTP 302
  • https://sync.outbrain.com/syncPartner?platformId=GUMGU18H7EL9NI653I7DPEH51 HTTP 302
  • https://b1sync.zemanta.com/usersync/outbrain/?puid=HgFSHcn2nntWlDev6zEZ1rX7-GT29f2BfaxURfO8xZoaeoEF6EUvcmKYfC7q_FR5 HTTP 302
  • https://sync.outbrain.com/cookie-sync?p=zemanta&uid=GkqupoTjpjztjZryub99
Request Chain 389
  • https://us-u.openx.net/w/1.0/cm?_={CACHEBUSTER}&id=47f31213-389c-4904-aaa6-9b11aab9c211&gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dopx%26i%3D HTTP 302
  • https://rtb.gumgum.com/usersync?b=opx&i=2308e372-8a9b-4c76-a3a1-2eb51adfa73f
Request Chain 390
  • https://sync.srv.stackadapt.com/sync?nid=1&gdpr=0&gdpr_consent= HTTP 302
  • https://rtb.gumgum.com/usersync?b=sta&i=0-899f4cc0-e638-4df4-4f07-ce1eed124909$ip$217.64.151.30
Request Chain 391
  • https://pr-bh.ybp.yahoo.com/sync/gumgum?gdpr=0&gdpr_consent= HTTP 302
  • https://rtb.gumgum.com/usersync?b=oth&i=y-ElhjQA1E2pc3IgtB8PWxvcNuQT_9849DpeE9~A
Request Chain 392
  • https://sync.ipredictive.com/d/sync/cookie/generic?partner=gumgum&cspid=9&append=1&cb=${ADELPHIC_CACHE_BUSTER}&gdpr=0&gdpr_consent=&us_privacy=1---&redirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dvnt%26i%3D HTTP 302
  • https://rtb.gumgum.com/usersync?b=vnt&i=af527914-aa86-11ec-b3ae-b9599d422bef
Request Chain 395
  • https://b1sync.zemanta.com/usersync/gumgum/?puid=e_1fdb47d0-ac42-4e51-8e45-825c44522803&gdpr=0&gdpr_consent=&us_privacy=1--- HTTP 302
  • https://stags.bluekai.com/site/23178?id=GkqupoTjpjztjZryub99&redir=https%3A%2F%2Fb1sync.zemanta.com%2Fusersync%2Fbluekai%2Fcallback%2F%3Fd%3DNB2HI4DTHIXS64TUMIXGO5LNM52W2LTDN5WS65LTMVZHG6LOMM7WEPL2MVWSMZLYMNUGC3THMU6WO5LNM52W2JTHMRYHEPJQEZUT2R3LOF2XA32UNJYGU6TUNJNHE6LVMI4TSJTVONPXA4TJOZQWG6J5GEWS2LI&gdpr=0&us_privacy=1--- HTTP 302
  • https://b1sync.zemanta.com/usersync/bluekai/callback/?d=NB2HI4DTHIXS64TUMIXGO5LNM52W2LTDN5WS65LTMVZHG6LOMM7WEPL2MVWSMZLYMNUGC3THMU6WO5LNM52W2JTHMRYHEPJQEZUT2R3LOF2XA32UNJYGU6TUNJNHE6LVMI4TSJTVONPXA4TJOZQWG6J5GEWS2LI HTTP 302
  • https://rtb.gumgum.com/usersync?b=zem&gdpr=0&i=GkqupoTjpjztjZryub99&us_privacy=1---
Request Chain 396
  • https://ad.360yield.com/server_match?partner_id=N&r=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Didi%26i%3D%7BPUB_USER_ID%7D HTTP 302
  • https://ad.360yield.com/ul_cb/server_match?partner_id=N&r=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Didi%26i%3D%7BPUB_USER_ID%7D HTTP 302
  • https://usersync.gumgum.com/usersync?b=idi&i=134d2cd4-3af3-4192-89a0-b8b7e9fdfa6f
Request Chain 398
  • https://bh.contextweb.com/bh/rtset?pid=558355&ev=1&rurl=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dpln%26i%3D%25%25VGUID%25%25 HTTP 302
  • https://rtb.gumgum.com/usersync?b=pln&i=WyXjWJMTPDD2&ev=1&pid=558355
Request Chain 401
  • https://sync.mathtag.com/sync/img?mt_exid=71&gdpr=0&gdpr_consent=&redir=https%3a%2f%2frtb.gumgum.com%2fusersync%3fb%3dmmh%26i%3d%5bMM_UUID%5d HTTP 302
  • https://rtb.gumgum.com/usersync?b=mmh&i=ed87623a-dffb-4100-90e0-bb28ed7073f6&gdpr=0&gdpr_consent=
Request Chain 402
  • https://sync-tm.everesttech.net/upi/pid/URnmbSKM?redir=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Datm%26i%3D%24%7BTM_USER_ID%7D&gdpr=0&gdpr_consent= HTTP 302
  • https://usersync.gumgum.com/usersync?b=atm&i=Yjrf9wAAAGHUlwP7&gdpr=0&gdpr_consent=
Request Chain 406
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=gumgum&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
  • https://rtb.gumgum.com/usersync?b=ttd&i=962dd896-ae01-413a-80d7-db66f5020af3&t=1650617598
Request Chain 407
  • https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=gumgum HTTP 301
  • https://eus.rubiconproject.com/usync.html?p=gumgum
Request Chain 409
  • https://tg.socdm.com/aux/idsync?proto=gumgum HTTP 302
  • https://rtb.gumgum.com/usersync?b=sus&i=Yjrf-sCo8XYAAFCE0IEAAAAA
Request Chain 410
  • https://creativecdn.com/cm-notify?pi=gumgum HTTP 302
  • https://creativecdn.com/cm-notify?pi=gumgum&tc=1 HTTP 302
  • https://rtb.gumgum.com/usersync?b=rth&i=BVHCmpEv01LIZbWN00PA&pi=gumgum&tc=1
Request Chain 415
  • https://c1.adform.net/serving/cookie/match?party=10&sspurl=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D22%26partneruserid%3DYOUR_USER_ID&gdpr=0&gdpr_consent= HTTP 302
  • https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=22&partneruserid=1869514360088373970&gdpr=0&gdpr_consent=
Request Chain 416
  • https://dsp.adfarm1.adition.com/cookie/?ssp=5&gdpr=0&gdpr_consent= HTTP 302
  • https://rtb-csync.smartadserver.com/redir/?partnerid=49&partneruserid=7078216046387067029&gdpr=0&gdpr_consent=
Request Chain 417
  • https://pixel.quantserve.com/pixel/p-EtBqU4Lj3YbAv.gif?idmatch=0&gdpr=0&gdpr_consent= HTTP 302
  • https://rtb-csync.smartadserver.com/redir/?partnerid=80&&partneruserid=6nmzPLgt5mXxfbhtv3-tOOkp5mTxKLU76Hq-4mja

424 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
threatpost.com/malware-hunter-crawls-internet-looking-for-rat-c2s/125360/ 		83 KB
21 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://threatpost.com/malware-hunter-crawls-internet-looking-for-rat-c2s/125360/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx /
Resource Hash
e99fc6b4bdc590600048d586a940b5dcba666ff9478ca9e8d83998efb82a6df5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9

Response headers

Server
nginx
Date
Wed, 23 Mar 2022 08:53:09 GMT
Content-Type
text/html; charset=UTF-8
Transfer-Encoding
chunked
Connection
close
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
X-XSS-Protection
1; mode=block
Link
<https://threatpost.com/wp-json/>; rel="https://api.w.org/" <https://threatpost.com/wp-json/wp/v2/posts/125360>; rel="alternate"; type="application/json" <https://threatpost.com/?p=125360>; rel=shortlink
X-Frame-Options
SAMEORIGIN
X-Debug-Auth
off
X-Request-Host
threatpost.com
x-cache-hit
HIT
Content-Encoding
gzip
museosans-900italic-webfont.woff2
threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 		15 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-900italic-webfont.woff2
Requested by
Host: threatpost.com
URL: https://threatpost.com/malware-hunter-crawls-internet-looking-for-rat-c2s/125360/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx /
Resource Hash
8edaef698e025c37ba9e8d632a895d7252c62251df3f095d5cff17b6f3304854

Request headers

Referer
https://threatpost.com/malware-hunter-crawls-internet-looking-for-rat-c2s/125360/
Origin
https://threatpost.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date
Wed, 23 Mar 2022 08:53:09 GMT
Last-Modified
Fri, 18 Mar 2022 15:46:00 GMT
Server
nginx
ETag
"6234a938-3ca8"
Content-Type
font/woff2
Access-Control-Allow-Origin
*
Connection
close
Accept-Ranges
bytes
Content-Length
15528
museosans-900-webfont.woff2
threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 		20 KB
21 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-900-webfont.woff2
Requested by
Host: threatpost.com
URL: https://threatpost.com/malware-hunter-crawls-internet-looking-for-rat-c2s/125360/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx /
Resource Hash
4823c011e4b4cb4b7f35ced3ab09d57215ee243676d9bfcc24d10ec77d3db398

Request headers

Referer
https://threatpost.com/malware-hunter-crawls-internet-looking-for-rat-c2s/125360/
Origin
https://threatpost.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date
Wed, 23 Mar 2022 08:53:09 GMT
Last-Modified
Fri, 18 Mar 2022 15:46:01 GMT
Server
nginx
ETag
"6234a939-5124"
Content-Type
font/woff2
Access-Control-Allow-Origin
*
Connection
close
Accept-Ranges
bytes
Content-Length
20772
museosans-700italic-webfont.woff2
threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 		15 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-700italic-webfont.woff2
Requested by
Host: threatpost.com
URL: https://threatpost.com/malware-hunter-crawls-internet-looking-for-rat-c2s/125360/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx /
Resource Hash
859faa9b9ed0990288b2f393a102b1fe2668ac79088b113b6f0beaee521221eb

Request headers

Referer
https://threatpost.com/malware-hunter-crawls-internet-looking-for-rat-c2s/125360/
Origin
https://threatpost.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date
Wed, 23 Mar 2022 08:53:09 GMT
Last-Modified
Fri, 18 Mar 2022 15:46:00 GMT
Server
nginx
ETag
"6234a938-3dcc"
Content-Type
font/woff2
Access-Control-Allow-Origin
*
Connection
close
Accept-Ranges
bytes
Content-Length
15820
museosans-700-webfont.woff2
threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 		20 KB
21 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-700-webfont.woff2
Requested by
Host: threatpost.com
URL: https://threatpost.com/malware-hunter-crawls-internet-looking-for-rat-c2s/125360/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx /
Resource Hash
ae00ae9c862bc8b8923efd1d9a18befa912678a869d4dd01179a59ed3de731be

Request headers

Referer
https://threatpost.com/malware-hunter-crawls-internet-looking-for-rat-c2s/125360/
Origin
https://threatpost.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date
Wed, 23 Mar 2022 08:53:09 GMT
Last-Modified
Fri, 18 Mar 2022 15:46:00 GMT
Server
nginx
ETag
"6234a938-51a4"
Content-Type
font/woff2
Access-Control-Allow-Origin
*
Connection
close
Accept-Ranges
bytes
Content-Length
20900
museosans-500italic-webfont.woff2
threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 		23 KB
23 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-500italic-webfont.woff2
Requested by
Host: threatpost.com
URL: https://threatpost.com/malware-hunter-crawls-internet-looking-for-rat-c2s/125360/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx /
Resource Hash
17aee1fe3d7d16e647b97f568230c2ff36c1855ce35ce930c26aec5d2c58eaf4

Request headers

Referer
https://threatpost.com/malware-hunter-crawls-internet-looking-for-rat-c2s/125360/
Origin
https://threatpost.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date
Wed, 23 Mar 2022 08:53:09 GMT
Last-Modified
Fri, 18 Mar 2022 15:46:01 GMT
Server
nginx
ETag
"6234a939-5c74"
Content-Type
font/woff2
Access-Control-Allow-Origin
*
Connection
close
Accept-Ranges
bytes
Content-Length
23668
museosans-500-webfont.woff2
threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 		20 KB
21 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-500-webfont.woff2
Requested by
Host: threatpost.com
URL: https://threatpost.com/malware-hunter-crawls-internet-looking-for-rat-c2s/125360/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx /
Resource Hash
2de77164bb9924542e1dea4ee4a0ff27d40b51a3d7939dac7db11a95045c9b7d

Request headers

Referer
https://threatpost.com/malware-hunter-crawls-internet-looking-for-rat-c2s/125360/
Origin
https://threatpost.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date
Wed, 23 Mar 2022 08:53:09 GMT
Last-Modified
Fri, 18 Mar 2022 15:46:01 GMT
Server
nginx
ETag
"6234a939-5194"
Content-Type
font/woff2
Access-Control-Allow-Origin
*
Connection
close
Accept-Ranges
bytes
Content-Length
20884
museosans-300italic-webfont.woff2
threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 		23 KB
23 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-300italic-webfont.woff2
Requested by
Host: threatpost.com
URL: https://threatpost.com/malware-hunter-crawls-internet-looking-for-rat-c2s/125360/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx /
Resource Hash
f8a2b5b62eb722c3379b30cf0cc58d3176ee6be48036d6ad2aa838d2029c4189

Request headers

Referer
https://threatpost.com/malware-hunter-crawls-internet-looking-for-rat-c2s/125360/
Origin
https://threatpost.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date
Wed, 23 Mar 2022 08:53:10 GMT
Last-Modified
Fri, 18 Mar 2022 15:46:01 GMT
Server
nginx
ETag
"6234a939-5bac"
Content-Type
font/woff2
Access-Control-Allow-Origin
*
Connection
close
Accept-Ranges
bytes
Content-Length
23468
museosans-300-webfont.woff2
threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 		20 KB
21 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-300-webfont.woff2
Requested by
Host: threatpost.com
URL: https://threatpost.com/malware-hunter-crawls-internet-looking-for-rat-c2s/125360/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx /
Resource Hash
45ddc09b0ad6ab916bd9a0282070b161045e186fc025303f4aa1aa821fc45ac7

Request headers

Referer
https://threatpost.com/malware-hunter-crawls-internet-looking-for-rat-c2s/125360/
Origin
https://threatpost.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date
Wed, 23 Mar 2022 08:53:10 GMT
Last-Modified
Fri, 18 Mar 2022 15:46:00 GMT
Server
nginx
ETag
"6234a938-51b8"
Content-Type
font/woff2
Access-Control-Allow-Origin
*
Connection
close
Accept-Ranges
bytes
Content-Length
20920
museosans-100italic-webfont.woff2
threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 		23 KB
23 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-100italic-webfont.woff2
Requested by
Host: threatpost.com
URL: https://threatpost.com/malware-hunter-crawls-internet-looking-for-rat-c2s/125360/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx /
Resource Hash
038fc4d49a9191d416d49841f371b6e0b06bb40f719124099d40fe8f393b9e2c

Request headers

Referer
https://threatpost.com/malware-hunter-crawls-internet-looking-for-rat-c2s/125360/
Origin
https://threatpost.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date
Wed, 23 Mar 2022 08:53:10 GMT
Last-Modified
Fri, 18 Mar 2022 15:46:01 GMT
Server
nginx
ETag
"6234a939-5b34"
Content-Type
font/woff2
Access-Control-Allow-Origin
*
Connection
close
Accept-Ranges
bytes
Content-Length
23348
museosans-100-webfont.woff2
threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 		20 KB
20 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-100-webfont.woff2
Requested by
Host: threatpost.com
URL: https://threatpost.com/malware-hunter-crawls-internet-looking-for-rat-c2s/125360/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx /
Resource Hash
06fc565587b8b700936a1677218cb269a6cc31ca5f701eb45461e86a3d54d5c7

Request headers

Referer
https://threatpost.com/malware-hunter-crawls-internet-looking-for-rat-c2s/125360/
Origin
https://threatpost.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date
Wed, 23 Mar 2022 08:53:10 GMT
Last-Modified
Fri, 18 Mar 2022 15:46:00 GMT
Server
nginx
ETag
"6234a938-50c8"
Content-Type
font/woff2
Access-Control-Allow-Origin
*
Connection
close
Accept-Ranges
bytes
Content-Length
20680
op.js
tagan.adlightning.com/math-aids-threatpost/ 		44 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tagan.adlightning.com/math-aids-threatpost/op.js
Requested by
Host: threatpost.com
URL: https://threatpost.com/malware-hunter-crawls-internet-looking-for-rat-c2s/125360/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.66.117 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-65-9-66-117.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
04044475412dd2e4c5fc05ebc20fec41c2b49a9156f9852fb9c32a8313039625

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-amz-version-id
VtYCYaHJUQ8BKcvcLscysUuH9U9dSmkT
content-encoding
gzip
etag
"d5868f6cca704ca508ad4e8e96ff95a3"
age
383
x-cache
Hit from cloudfront
content-length
18558
x-amz-meta-git_commit
7b120a5
last-modified
Wed, 23 Mar 2022 04:17:55 GMT
server
AmazonS3
date
Wed, 23 Mar 2022 08:53:10 GMT
content-type
application/javascript
via
1.1 a383f82b5d4e98bbd66535c2c4b20c9e.cloudfront.net (CloudFront)
cache-control
max-age=3600
x-amz-cf-pop
FRA56-C1
accept-ranges
bytes
x-amz-cf-id
RT6urmTm267JhZiuO9yF0MOUeIuOrQ29qvKkRapD1S65H2NkgVvu0Q==
gpt.js
www.googletagservices.com/tag/js/ 		82 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/tag/js/gpt.js
Requested by
Host: threatpost.com
URL: https://threatpost.com/malware-hunter-crawls-internet-looking-for-rat-c2s/125360/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
62ec898619d3d5d8a54961bcf98740e0d129146fd4213dd06c8d8a515ec226a7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 23 Mar 2022 08:53:10 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
27963
x-xss-protection
0
server
sffe
etag
"1166 / 13 of 1000 / last-modified: 1648025023"
vary
Accept-Encoding
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type
text/javascript
cache-control
private, max-age=900, stale-while-revalidate=3600
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
expires
Wed, 23 Mar 2022 08:53:10 GMT
ros-layout.js
qd.admetricspro.com/js/threatpost/ 		26 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://qd.admetricspro.com/js/threatpost/ros-layout.js
Requested by
Host: threatpost.com
URL: https://threatpost.com/malware-hunter-crawls-internet-looking-for-rat-c2s/125360/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3030::ac43:cf70 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2a647d79b31b4b19f30c795aac862bcf5b424731c732e239775127b8ac4aae0a

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 23 Mar 2022 08:53:09 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Wed, 09 Mar 2022 04:05:55 GMT
server
cloudflare
etag
W/"67e2-5d9c136d2119a-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TyIgqSqmo86DDnaVuzf88Fhq4JaknKye0FU%2Fqh2J5ZqXWgQzujIsb1tWLZzREzjf6ddiRuHy5kx6lC7BsoyoPF26tc0dLIlBlFNc3%2B4LzIEQqfvF8rz5Feh%2BaZGZQ1O2DkbCyPLgZwWPijIUBRJVPJPa"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=14400
cf-ray
6f05ef5eec790e0e-MXP
expires
Wed, 23 Mar 2022 09:00:07 GMT
cmp.js
qd.admetricspro.com/js/threatpost/ 		310 KB
90 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://qd.admetricspro.com/js/threatpost/cmp.js
Requested by
Host: threatpost.com
URL: https://threatpost.com/malware-hunter-crawls-internet-looking-for-rat-c2s/125360/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3030::ac43:cf70 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
519815bc4a3dd9a571cb56f57c7c6abfbda2b4e2de8c4b884a7535a1705438f2

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 23 Mar 2022 08:53:10 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Tue, 01 Jun 2021 14:47:10 GMT
server
cloudflare
etag
W/"4d957-5c3b56abf6028-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4Za6aO54pD4QZjetdxF8Hx0R69qvpzw3yoeHW0gbH7wdrYAUNjuXer72W9cV%2FNMTxPP4l9qNDAdy7QdPaPiMHzfJ8%2F5zA0I6YUU1qJHY6MWR8u2qRWw1MtwhIErS4bNpBjUQtWQXdpXMkxVBkGIjUvap"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=14400
cf-ray
6f05ef65ba2e0e0e-MXP
expires
Wed, 23 Mar 2022 08:59:48 GMT
uspcmp.js
qd.admetricspro.com/js/threatpost/ 		148 KB
58 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://qd.admetricspro.com/js/threatpost/uspcmp.js
Requested by
Host: threatpost.com
URL: https://threatpost.com/malware-hunter-crawls-internet-looking-for-rat-c2s/125360/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3030::ac43:cf70 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1ae61ed61290f9bf2619f52667aafa622c805072c75765025f0b61a23862005f

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 23 Mar 2022 08:53:10 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Sat, 08 Aug 2020 22:40:07 GMT
server
cloudflare
etag
W/"24e50-5ac65673cef1c-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=anJcMjwJuLtXnOUOnl4bpzaRm%2BNGPKajtNnsWtRAg96FH6eCmS0HKat89PqESul5SFZ2uI88TWLitGYnO%2BNuKX3gXfEjyr0DIAO5TLl3MZ6kqtKXOybmJcE06bADJfz9C40AOGgP7PDhfehg46Vv7dRF"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=14400
cf-ray
6f05ef65ba320e0e-MXP
expires
Wed, 23 Mar 2022 08:59:00 GMT
targeting.js
qd.admetricspro.com/js/threatpost/ 		393 B
549 B 		Script
General
Check archive.org
Download Go to
Full URL
https://qd.admetricspro.com/js/threatpost/targeting.js
Requested by
Host: threatpost.com
URL: https://threatpost.com/malware-hunter-crawls-internet-looking-for-rat-c2s/125360/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3030::ac43:cf70 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
03cc687f0c8a2d1694e509b91fcd6c62c0fbdbdbdb850b8007b8052f649c7f77

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 23 Mar 2022 08:53:10 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Wed, 04 Aug 2021 21:50:12 GMT
server
cloudflare
etag
W/"189-5c8c2c96f96c7-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TvwvfiUu8i3HhKktBejMT0C4nh01r123CEdp%2B9nm%2B6cJd78bIoafA%2Fspon68kHxzCo5ikW%2FPusnmwAx5NolFKHOnYzGN1lL155sYSFaE9X3k%2FTsp74h6RiRraA9CwVuhN6G%2Fc73HTsGZ5m5Mr2fAhWVv"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=14400
cf-ray
6f05ef65ba330e0e-MXP
expires
Wed, 23 Mar 2022 08:59:41 GMT
prebid.js
qd.admetricspro.com/js/threatpost/ 		430 KB
124 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://qd.admetricspro.com/js/threatpost/prebid.js
Requested by
Host: threatpost.com
URL: https://threatpost.com/malware-hunter-crawls-internet-looking-for-rat-c2s/125360/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3030::ac43:cf70 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c8c03fd4dea0f2c83fa05b10dfd913bfcff51d05e0c6e84b7f340b857fdda517

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 23 Mar 2022 08:53:10 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Thu, 14 Oct 2021 15:35:01 GMT
server
cloudflare
etag
W/"6b738-5ce51d26ef74c-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=p5uULU%2FyK21MbhYzBxPyY%2BPqXp0kIJX1QUqBR2diiV0ASnQAg0X4nedI5nr7s53t0UfWm%2BeWtEDYmdc9P3RzSqGp6zdFLUvcSa34g3Nc%2FS%2FzMTwGnm7yngWBsfs%2BcHZTGMyNmIns%2BZ%2FVasbG6a58VG%2F5"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=14400
cf-ray
6f05ef65ba360e0e-MXP
expires
Wed, 23 Mar 2022 08:59:48 GMT
engine.js
qd.admetricspro.com/js/threatpost/ 		35 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://qd.admetricspro.com/js/threatpost/engine.js
Requested by
Host: threatpost.com
URL: https://threatpost.com/malware-hunter-crawls-internet-looking-for-rat-c2s/125360/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3030::ac43:cf70 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6e6377776a1104aed9b11142115b22dcaad3cf78ae76d255e454b04b7189af32

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 23 Mar 2022 08:53:09 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Mon, 24 Jan 2022 02:31:38 GMT
server
cloudflare
etag
W/"8cae-5d64ac49b9c1c-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cTTHKQwMYGx8Brce%2F%2FgddN51Mo%2BAlAqkCGdO5wMXdKl%2Fv5xG2VYFctfKYUZ0LIIx1RU7iCCT%2B6pW%2FGo%2F3m3TS1hfPOTWsILkvY7QgnoJbHo8GLuMsf%2F%2BPG6ZZ9xlTvwWBSludnHdNYke3ScU%2FDwxUGdS"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=14400
cf-ray
6f05ef5eec810e0e-MXP
expires
Wed, 23 Mar 2022 08:57:42 GMT
/
assets.threatpost.com/wp-content/plugins/bwp-minify/min/ 		294 KB
42 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=816b5101
Requested by
Host: threatpost.com
URL: https://threatpost.com/malware-hunter-crawls-internet-looking-for-rat-c2s/125360/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2315:1200:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
62cbf085d014439b719c84c3d2f3222fde66e299c2da1b41dfc4dbb315db0456
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 23 Mar 2022 08:53:09 GMT
content-encoding
gzip
x-amz-cf-pop
DUS51-P2
x-cache
Miss from cloudfront
content-length
42696
x-cache-hit
HIT
last-modified
Fri, 18 Mar 2022 15:46:00 GMT
server
nginx
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
text/css; charset=utf-8
via
1.1 021d8c03b9a9a9281489f9b9055209cc.cloudfront.net (CloudFront)
cache-control
max-age=86400
x-debug-auth
off
x-request-host
assets.threatpost.com
x-amz-cf-id
VQFx_0PJMSlb5BZYOPhUf1JCHUfIdeCZeAIi22k5Zxtt4jXCkdR4tQ==
expires
Wed, 23 Mar 2022 22:15:53 GMT
jquery-1.12.4-wp.js
threatpost.com/wp-content/plugins/kaspersky-enable-jquery-migrate-helper/js/jquery/ 		95 KB
37 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://threatpost.com/wp-content/plugins/kaspersky-enable-jquery-migrate-helper/js/jquery/jquery-1.12.4-wp.js?ver=1.12.4-wp
Requested by
Host: threatpost.com
URL: https://threatpost.com/malware-hunter-crawls-internet-looking-for-rat-c2s/125360/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx /
Resource Hash
3bb2621a4c0c710f6e78404473aebff8e115a28f8d53f44339b867c63ad93b26

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/malware-hunter-crawls-internet-looking-for-rat-c2s/125360/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma
public
Date
Wed, 23 Mar 2022 08:53:10 GMT
Content-Encoding
gzip
Last-Modified
Fri, 18 Mar 2022 15:45:59 GMT
Server
nginx
ETag
W/"6234a937-17a56"
Transfer-Encoding
chunked
Content-Type
application/x-javascript
Cache-Control
max-age=604800, public
Connection
close
Expires
Wed, 30 Mar 2022 08:53:10 GMT
alert_text.js
threatpost.com/wp-content/plugins/kaspersky-cookies-notification/scripts/ 		107 B
461 B 		Script
General
Check archive.org
Download Go to
Full URL
https://threatpost.com/wp-content/plugins/kaspersky-cookies-notification/scripts/alert_text.js?ver=1647618361
Requested by
Host: threatpost.com
URL: https://threatpost.com/malware-hunter-crawls-internet-looking-for-rat-c2s/125360/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx /
Resource Hash
68cdaaeccd079ab33df06d3e5fb47594a4458a6491d48a8ae2f394defb419eb5

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/malware-hunter-crawls-internet-looking-for-rat-c2s/125360/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma
public
Date
Wed, 23 Mar 2022 08:53:10 GMT
Content-Encoding
gzip
Last-Modified
Fri, 18 Mar 2022 15:46:01 GMT
Server
nginx
ETag
W/"6234a939-6b"
Transfer-Encoding
chunked
Content-Type
application/x-javascript
Cache-Control
max-age=604800, public
Connection
close
Expires
Wed, 30 Mar 2022 08:53:10 GMT
alert.js
threatpost.com/wp-content/plugins/kaspersky-cookies-notification/scripts/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://threatpost.com/wp-content/plugins/kaspersky-cookies-notification/scripts/alert.js?ver=1647618361
Requested by
Host: threatpost.com
URL: https://threatpost.com/malware-hunter-crawls-internet-looking-for-rat-c2s/125360/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx /
Resource Hash
500288356853c7199a27a6a2cdcd14b217d18dd9c8103272d8e6def6acbe2580

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/malware-hunter-crawls-internet-looking-for-rat-c2s/125360/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma
public
Date
Wed, 23 Mar 2022 08:53:10 GMT
Content-Encoding
gzip
Last-Modified
Fri, 18 Mar 2022 15:46:01 GMT
Server
nginx
ETag
W/"6234a939-104a"
Transfer-Encoding
chunked
Content-Type
application/x-javascript
Cache-Control
max-age=604800, public
Connection
close
Expires
Wed, 30 Mar 2022 08:53:10 GMT
public.js
threatpost.com/wp-content/plugins/honeypot-comments/public/assets/js/ 		116 B
495 B 		Script
General
Check archive.org
Download Go to
Full URL
https://threatpost.com/wp-content/plugins/honeypot-comments/public/assets/js/public.js?ver=1.0.0
Requested by
Host: threatpost.com
URL: https://threatpost.com/malware-hunter-crawls-internet-looking-for-rat-c2s/125360/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx /
Resource Hash
931dc539e87db7f509be9c77dfcc9b2baee0b91e5236aa04580ab14ed81e2cc0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/malware-hunter-crawls-internet-looking-for-rat-c2s/125360/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma
public
Date
Wed, 23 Mar 2022 08:53:10 GMT
Content-Encoding
gzip
Last-Modified
Wed, 11 Jun 2014 19:20:42 GMT
Server
nginx
ETag
W/"5398ac0a-74"
Transfer-Encoding
chunked
Content-Type
application/x-javascript
Cache-Control
max-age=604800, public
Connection
close
Expires
Wed, 30 Mar 2022 08:53:10 GMT
kaspersky-twitter-pullquote.js
threatpost.com/wp-content/plugins/kspr_twitter_pullquote/js/ 		599 B
713 B 		Script
General
Check archive.org
Download Go to
Full URL
https://threatpost.com/wp-content/plugins/kspr_twitter_pullquote/js/kaspersky-twitter-pullquote.js?ver=1.0
Requested by
Host: threatpost.com
URL: https://threatpost.com/malware-hunter-crawls-internet-looking-for-rat-c2s/125360/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx /
Resource Hash
1791bf831c158912a11ca40bcf5f3573fc54ec8f8343c37780dab679c0203d63

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/malware-hunter-crawls-internet-looking-for-rat-c2s/125360/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma
public
Date
Wed, 23 Mar 2022 08:53:10 GMT
Content-Encoding
gzip
Last-Modified
Fri, 18 Mar 2022 15:46:01 GMT
Server
nginx
ETag
W/"6234a939-257"
Transfer-Encoding
chunked
Content-Type
application/x-javascript
Cache-Control
max-age=604800, public
Connection
close
Expires
Wed, 30 Mar 2022 08:53:10 GMT
loadmore.js
threatpost.com/wp-content/themes/threatpost-2018/assets/js/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://threatpost.com/wp-content/themes/threatpost-2018/assets/js/loadmore.js?ver=5.9.2
Requested by
Host: threatpost.com
URL: https://threatpost.com/malware-hunter-crawls-internet-looking-for-rat-c2s/125360/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx /
Resource Hash
e0f1df7af81fd8eb920863093c426fdafd241b8d9aeb6126fb2fd24f36c061b3

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/malware-hunter-crawls-internet-looking-for-rat-c2s/125360/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma
public
Date
Wed, 23 Mar 2022 08:53:10 GMT
Content-Encoding
gzip
Last-Modified
Fri, 18 Mar 2022 15:46:00 GMT
Server
nginx
ETag
W/"6234a938-11e7"
Transfer-Encoding
chunked
Content-Type
application/x-javascript
Cache-Control
max-age=604800, public
Connection
close
Expires
Wed, 30 Mar 2022 08:53:10 GMT
social-share.js
threatpost.com/wp-content/plugins/kaspersky-social-sharing/assets/js/ 		18 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://threatpost.com/wp-content/plugins/kaspersky-social-sharing/assets/js/social-share.js?ver=1.0.0
Requested by
Host: threatpost.com
URL: https://threatpost.com/malware-hunter-crawls-internet-looking-for-rat-c2s/125360/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx /
Resource Hash
546be401414bcb20cdea07cdbcd806409b9629e4895737e214401948c40409f3

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/malware-hunter-crawls-internet-looking-for-rat-c2s/125360/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma
public
Date
Wed, 23 Mar 2022 08:53:10 GMT
Content-Encoding
gzip
Last-Modified
Fri, 18 Mar 2022 15:46:00 GMT
Server
nginx
ETag
W/"6234a938-484d"
Transfer-Encoding
chunked
Content-Type
application/x-javascript
Cache-Control
max-age=604800, public
Connection
close
Expires
Wed, 30 Mar 2022 08:53:10 GMT
malwarehunter.png
media.threatpost.com/wp-content/uploads/sites/103/2017/05/06225023/ 		23 KB
23 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://media.threatpost.com/wp-content/uploads/sites/103/2017/05/06225023/malwarehunter.png
Requested by
Host: threatpost.com
URL: https://threatpost.com/malware-hunter-crawls-internet-looking-for-rat-c2s/125360/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:214f:9c00:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
86820e93561ef23be7da69650fc742c9fd33c9c6d3127ecbc5a817e4db27eef9

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 23 Mar 2022 08:46:43 GMT
via
1.1 055d899361491602a9ef1eb0cdc5e336.cloudfront.net (CloudFront), 1.1 f2db75b601dc30df73b1beb29596a374.cloudfront.net (CloudFront)
last-modified
Tue, 03 Jul 2018 01:47:19 GMT
server
AmazonS3
age
387
etag
"6a8cd45b3dff1cb1a342699739fea1c9"
x-cache
Hit from cloudfront
content-type
image/png
cache-control
max-age=31536000
x-amz-cf-pop
FRA50-C1, FRA53-C1
accept-ranges
bytes
content-length
23386
x-amz-cf-id
75pShVDJrYKOvnKN86urF3Kl6WHxMs1QyaPXmZViNjp4y4c7hdve_A==
expires
Wed, 03 Jul 2019 01:47:17 GMT
Solarwind2-540x270.jpg
media.threatpost.com/wp-content/uploads/sites/103/2021/01/11123653/ 		45 KB
45 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://media.threatpost.com/wp-content/uploads/sites/103/2021/01/11123653/Solarwind2-540x270.jpg
Requested by
Host: threatpost.com
URL: https://threatpost.com/malware-hunter-crawls-internet-looking-for-rat-c2s/125360/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:214f:9c00:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
e298a771bf168d9527f16852278457046395969089f365956e1a6fe81a66ff0a

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Fri, 15 Oct 2021 06:01:23 GMT
via
1.1 6ea9fcffa719a56ee2be748a73d37974.cloudfront.net (CloudFront), 1.1 f2db75b601dc30df73b1beb29596a374.cloudfront.net (CloudFront)
last-modified
Mon, 11 Jan 2021 17:37:00 GMT
server
AmazonS3
age
13747907
etag
"ed64e9705ab0f3603f765520246999e0"
x-cache
Hit from cloudfront
content-type
image/jpeg
cache-control
max-age=31536000
x-amz-cf-pop
FRA50-C1, FRA53-C1
accept-ranges
bytes
content-length
45937
x-amz-cf-id
HNDXOA3PbLONH8NZcSABKK1MvyGx1JlUV9iIQ-GIOTKiIJ-XhwsN9w==
expires
Tue, 11 Jan 2022 17:36:58 GMT
scripts.js
kasperskycontenthub.com/threatpost-global/wp-content/plugins/kaspersky-embeds/js/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://kasperskycontenthub.com/threatpost-global/wp-content/plugins/kaspersky-embeds/js/scripts.js?ver=1.0
Requested by
Host: threatpost.com
URL: https://threatpost.com/malware-hunter-crawls-internet-looking-for-rat-c2s/125360/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx /
Resource Hash
b1f863d13dbad7d5240f577a73b47b06227d218909259042da95301e2eb8be55

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma
public
Date
Wed, 23 Mar 2022 08:53:10 GMT
Content-Encoding
gzip
Last-Modified
Fri, 18 Mar 2022 15:46:01 GMT
Server
nginx
ETag
W/"6234a939-828"
Transfer-Encoding
chunked
Content-Type
application/x-javascript
Cache-Control
max-age=604800, public
Connection
close
Expires
Wed, 30 Mar 2022 08:53:10 GMT
api.js
www.google.com/recaptcha/ 		852 B
968 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api.js?render=explicit&ver=202124050927
Requested by
Host: threatpost.com
URL: https://threatpost.com/malware-hunter-crawls-internet-looking-for-rat-c2s/125360/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
c9d6a2a58b9c7f4ee284526ef182398d1686c5de84286fd58ae111b172d4d456
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 23 Mar 2022 08:53:10 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
GSE
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=300
cross-origin-resource-policy
cross-origin
content-security-policy
frame-ancestors 'self'
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
555
x-xss-protection
1; mode=block
expires
Wed, 23 Mar 2022 08:53:10 GMT
main.js
threatpost.com/wp-content/plugins/kaspersky-gravity-forms-dynamic-recaptcha/assets/js/ 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://threatpost.com/wp-content/plugins/kaspersky-gravity-forms-dynamic-recaptcha/assets/js/main.js?ver=202124050927
Requested by
Host: threatpost.com
URL: https://threatpost.com/malware-hunter-crawls-internet-looking-for-rat-c2s/125360/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx /
Resource Hash
4d52f37b83f70c5035632548c652508d793eec55e17f2ac19552f4fa19d323be

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/malware-hunter-crawls-internet-looking-for-rat-c2s/125360/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma
public
Date
Wed, 23 Mar 2022 08:53:10 GMT
Content-Encoding
gzip
Last-Modified
Fri, 18 Mar 2022 15:46:01 GMT
Server
nginx
ETag
W/"6234a939-ab4"
Transfer-Encoding
chunked
Content-Type
application/x-javascript
Cache-Control
max-age=604800, public
Connection
close
Expires
Wed, 30 Mar 2022 08:53:10 GMT
s_code_single_suite.js
media.kaspersky.com/tracking/omniture/ 		172 KB
48 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://media.kaspersky.com/tracking/omniture/s_code_single_suite.js?ver=5.9.2
Requested by
Host: threatpost.com
URL: https://threatpost.com/malware-hunter-crawls-internet-looking-for-rat-c2s/125360/
Protocol
H2
Security
TLS 1.3, , CHACHA20_POLY1305
Server
185.85.15.23 , Germany, ASN200107 (KL-EXT, CH),
Reverse DNS
Software
/ Kaspersky Labs, Kaspersky Labs
Resource Hash
dba466c43a288cc89aa2166d63cd97219a544b6fadb70508323701819052dbb3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
content-encoding
gzip
etag
"019696dc39d81:0"
x-powered-by
Kaspersky Labs, Kaspersky Labs
alt-svc
h3=":443"; ma=86400; persist=1
content-length
49223
x-xss-protection
1; mode=block
last-modified
Thu, 17 Mar 2022 08:54:18 GMT
server
x-frame-options
SAMEORIGIN
date
Wed, 23 Mar 2022 08:53:10 GMT
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=3600
x-server
fr1/KLM6
accept-ranges
bytes
x-content-type-options
nosniff
main.js
threatpost.com/wp-content/themes/threatpost-2018/assets/js/ 		114 KB
40 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://threatpost.com/wp-content/themes/threatpost-2018/assets/js/main.js?ver=202107061113
Requested by
Host: threatpost.com
URL: https://threatpost.com/malware-hunter-crawls-internet-looking-for-rat-c2s/125360/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx /
Resource Hash
4e0b5563ff1fc5175d65e11e1546bee1945486d65d76c9248bdd77487532dadf

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/malware-hunter-crawls-internet-looking-for-rat-c2s/125360/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma
public
Date
Wed, 23 Mar 2022 08:53:10 GMT
Content-Encoding
gzip
Last-Modified
Fri, 18 Mar 2022 15:46:01 GMT
Server
nginx
ETag
W/"6234a939-1c643"
Transfer-Encoding
chunked
Content-Type
application/x-javascript
Cache-Control
max-age=604800, public
Connection
close
Expires
Wed, 30 Mar 2022 08:53:10 GMT
regenerator-runtime.min.js
threatpost.com/wp-includes/js/dist/vendor/ 		6 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://threatpost.com/wp-includes/js/dist/vendor/regenerator-runtime.min.js?ver=0.13.9
Requested by
Host: threatpost.com
URL: https://threatpost.com/malware-hunter-crawls-internet-looking-for-rat-c2s/125360/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx /
Resource Hash
a3e64300797e8078baa41dbc49e2affc1d2bedd04a470f0c929ed7fac698fbcd

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/malware-hunter-crawls-internet-looking-for-rat-c2s/125360/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma
public
Date
Wed, 23 Mar 2022 08:53:10 GMT
Content-Encoding
gzip
Last-Modified
Fri, 11 Mar 2022 00:51:39 GMT
Server
nginx
ETag
W/"622a9d1b-195e"
Transfer-Encoding
chunked
Content-Type
application/x-javascript
Cache-Control
max-age=604800, public
Connection
close
Expires
Wed, 30 Mar 2022 08:53:10 GMT
wp-polyfill.min.js
threatpost.com/wp-includes/js/dist/vendor/ 		19 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://threatpost.com/wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=3.15.0
Requested by
Host: threatpost.com
URL: https://threatpost.com/malware-hunter-crawls-internet-looking-for-rat-c2s/125360/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx /
Resource Hash
e20ddb9ed1fa044cb624f0253bb06b13c92ed9915063bd63a5806440c6b1ce7c

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/malware-hunter-crawls-internet-looking-for-rat-c2s/125360/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma
public
Date
Wed, 23 Mar 2022 08:53:10 GMT
Content-Encoding
gzip
Last-Modified
Fri, 11 Mar 2022 00:51:39 GMT
Server
nginx
ETag
W/"622a9d1b-4b3d"
Transfer-Encoding
chunked
Content-Type
application/x-javascript
Cache-Control
max-age=604800, public
Connection
close
Expires
Wed, 30 Mar 2022 08:53:10 GMT
dom-ready.min.js
threatpost.com/wp-includes/js/dist/ 		1 KB
989 B 		Script
General
Check archive.org
Download Go to
Full URL
https://threatpost.com/wp-includes/js/dist/dom-ready.min.js?ver=ecda74de0221e1c2ce5c57cbb5af09d5
Requested by
Host: threatpost.com
URL: https://threatpost.com/malware-hunter-crawls-internet-looking-for-rat-c2s/125360/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx /
Resource Hash
e127aead57cd6625f795f8c41d8b7c463c2c50158e3a3dc398424db2b16bd5db

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/malware-hunter-crawls-internet-looking-for-rat-c2s/125360/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma
public
Date
Wed, 23 Mar 2022 08:53:10 GMT
Content-Encoding
gzip
Last-Modified
Fri, 11 Mar 2022 00:51:39 GMT
Server
nginx
ETag
W/"622a9d1b-4e9"
Transfer-Encoding
chunked
Content-Type
application/x-javascript
Cache-Control
max-age=604800, public
Connection
close
Expires
Wed, 30 Mar 2022 08:53:10 GMT
hooks.min.js
threatpost.com/wp-includes/js/dist/ 		6 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://threatpost.com/wp-includes/js/dist/hooks.min.js?ver=1e58c8c5a32b2e97491080c5b10dc71c
Requested by
Host: threatpost.com
URL: https://threatpost.com/malware-hunter-crawls-internet-looking-for-rat-c2s/125360/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx /
Resource Hash
e5935466216a250bb06338805b32ffb19eeda9042ead790ebc6e5dda27820adb

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/malware-hunter-crawls-internet-looking-for-rat-c2s/125360/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma
public
Date
Wed, 23 Mar 2022 08:53:10 GMT
Content-Encoding
gzip
Last-Modified
Fri, 11 Mar 2022 00:51:39 GMT
Server
nginx
ETag
W/"622a9d1b-163a"
Transfer-Encoding
chunked
Content-Type
application/x-javascript
Cache-Control
max-age=604800, public
Connection
close
Expires
Wed, 30 Mar 2022 08:53:10 GMT
i18n.min.js
threatpost.com/wp-includes/js/dist/ 		10 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://threatpost.com/wp-includes/js/dist/i18n.min.js?ver=30fcecb428a0e8383d3776bcdd3a7834
Requested by
Host: threatpost.com
URL: https://threatpost.com/malware-hunter-crawls-internet-looking-for-rat-c2s/125360/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx /
Resource Hash
22c90613db09ef65c964b143e6adbe584b42eae85c9b7a75fa27c22b25cccb90

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/malware-hunter-crawls-internet-looking-for-rat-c2s/125360/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma
public
Date
Wed, 23 Mar 2022 08:53:11 GMT
Content-Encoding
gzip
Last-Modified
Fri, 11 Mar 2022 00:51:39 GMT
Server
nginx
ETag
W/"622a9d1b-28a7"
Transfer-Encoding
chunked
Content-Type
application/x-javascript
Cache-Control
max-age=604800, public
Connection
close
Expires
Wed, 30 Mar 2022 08:53:11 GMT
a11y.min.js
threatpost.com/wp-includes/js/dist/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://threatpost.com/wp-includes/js/dist/a11y.min.js?ver=68e470cf840f69530e9db3be229ad4b6
Requested by
Host: threatpost.com
URL: https://threatpost.com/malware-hunter-crawls-internet-looking-for-rat-c2s/125360/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx /
Resource Hash
927e16d837ac9f46ddb4a64c8fea1cbe39343902c91b14e11b484e9b01f98cdd

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/malware-hunter-crawls-internet-looking-for-rat-c2s/125360/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma
public
Date
Wed, 23 Mar 2022 08:53:11 GMT
Content-Encoding
gzip
Last-Modified
Fri, 11 Mar 2022 00:51:39 GMT
Server
nginx
ETag
W/"622a9d1b-bfd"
Transfer-Encoding
chunked
Content-Type
application/x-javascript
Cache-Control
max-age=604800, public
Connection
close
Expires
Wed, 30 Mar 2022 08:53:11 GMT
jquery.json.min.js
threatpost.com/wp-content/plugins/gravityforms/js/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://threatpost.com/wp-content/plugins/gravityforms/js/jquery.json.min.js?ver=2.5.16.3
Requested by
Host: threatpost.com
URL: https://threatpost.com/malware-hunter-crawls-internet-looking-for-rat-c2s/125360/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx /
Resource Hash
693c8b61667ac94847264924178702a190c5113b41b82085dad0641f89e3f864

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/malware-hunter-crawls-internet-looking-for-rat-c2s/125360/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma
public
Date
Wed, 23 Mar 2022 08:53:11 GMT
Content-Encoding
gzip
Last-Modified
Fri, 18 Mar 2022 15:46:01 GMT
Server
nginx
ETag
W/"6234a939-730"
Transfer-Encoding
chunked
Content-Type
application/x-javascript
Cache-Control
max-age=604800, public
Connection
close
Expires
Wed, 30 Mar 2022 08:53:11 GMT
gravityforms.min.js
threatpost.com/wp-content/plugins/gravityforms/js/ 		43 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://threatpost.com/wp-content/plugins/gravityforms/js/gravityforms.min.js?ver=2.5.16.3
Requested by
Host: threatpost.com
URL: https://threatpost.com/malware-hunter-crawls-internet-looking-for-rat-c2s/125360/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx /
Resource Hash
69f0ade8cca67112ef495f707fb73c68fd5099a6cd9c51d9ba9ceda8dcca16f7

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/malware-hunter-crawls-internet-looking-for-rat-c2s/125360/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma
public
Date
Wed, 23 Mar 2022 08:53:11 GMT
Content-Encoding
gzip
Last-Modified
Fri, 18 Mar 2022 15:45:59 GMT
Server
nginx
ETag
W/"6234a937-abe0"
Transfer-Encoding
chunked
Content-Type
application/x-javascript
Cache-Control
max-age=604800, public
Connection
close
Expires
Wed, 30 Mar 2022 08:53:11 GMT
conditional_logic.min.js
threatpost.com/wp-content/plugins/gravityforms/js/ 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://threatpost.com/wp-content/plugins/gravityforms/js/conditional_logic.min.js?ver=2.5.16.3
Requested by
Host: threatpost.com
URL: https://threatpost.com/malware-hunter-crawls-internet-looking-for-rat-c2s/125360/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx /
Resource Hash
7104f88840a420f1702717d900db98910deb6141ad639bb7338b88993e989c72

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/malware-hunter-crawls-internet-looking-for-rat-c2s/125360/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma
public
Date
Wed, 23 Mar 2022 08:53:11 GMT
Content-Encoding
gzip
Last-Modified
Fri, 18 Mar 2022 15:46:01 GMT
Server
nginx
ETag
W/"6234a939-213f"
Transfer-Encoding
chunked
Content-Type
application/x-javascript
Cache-Control
max-age=604800, public
Connection
close
Expires
Wed, 30 Mar 2022 08:53:11 GMT
placeholders.jquery.min.js
threatpost.com/wp-content/plugins/gravityforms/js/ 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://threatpost.com/wp-content/plugins/gravityforms/js/placeholders.jquery.min.js?ver=2.5.16.3
Requested by
Host: threatpost.com
URL: https://threatpost.com/malware-hunter-crawls-internet-looking-for-rat-c2s/125360/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx /
Resource Hash
d62a7b7ec5313469ebff5c006b9068dc44d6d1c122cf787ffa29a10113b34060

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/malware-hunter-crawls-internet-looking-for-rat-c2s/125360/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma
public
Date
Wed, 23 Mar 2022 08:53:11 GMT
Content-Encoding
gzip
Last-Modified
Fri, 18 Mar 2022 15:46:01 GMT
Server
nginx
ETag
W/"6234a939-121f"
Transfer-Encoding
chunked
Content-Type
application/x-javascript
Cache-Control
max-age=604800, public
Connection
close
Expires
Wed, 30 Mar 2022 08:53:11 GMT
apstag.js
c.amazon-adsystem.com/aax2/ 		134 KB
36 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://c.amazon-adsystem.com/aax2/apstag.js
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/engine.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.71.173 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-65-9-71-173.fra56.r.cloudfront.net
Software
Server /
Resource Hash
3ef5bfd224e0baa902eb88c94979cfaeccf2169a996c601fa3de4c3f3b33da01

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-amz-version-id
cDw9qPFdR3WLu_gch_nIk4UAdfcPuNG7
content-encoding
gzip
etag
4e3fad24a118a07cea7ce88b2721a583
age
829
x-cache
Hit from cloudfront
server
Server
x-amz-rid
0SCDTP3TTPE8CZB60Z1H
date
Wed, 23 Mar 2022 08:39:24 GMT
vary
Accept-Encoding
content-type
application/javascript
via
1.1 673c96d1f19de21216629aa48d90ac92.cloudfront.net (CloudFront)
cache-control
public, max-age=900
x-amz-cf-pop
FRA56-C1
accept-ranges
bytes
timing-allow-origin
*
x-amz-cf-id
LYothz7nZoTSMvqpDwBtIOj-T-vRR9g2YnySrq2aRE6YCcaZcbMb9w==
connatix.player.dc.js
cds.connatix.com/p/155403/ Frame 897B
Redirect Chain
  • https://cd.connatix.com/connatix.player.js
  • https://cds.connatix.com/p/155403/connatix.player.dc.js
855 KB
199 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cds.connatix.com/p/155403/connatix.player.dc.js
Requested by
Host: threatpost.com
URL: https://threatpost.com/malware-hunter-crawls-internet-looking-for-rat-c2s/125360/
Protocol
H2
Server
151.101.130.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
a5c6db4b3bc25eee635355573d9cbd9be7e8f40b0f56f350eafa8a0f0c0213b5

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 23 Mar 2022 08:53:09 GMT
content-encoding
br
last-modified
Tue, 22 Mar 2022 08:52:26 GMT
age
86173
etag
"ecf316b60f3b40672f84028062c804ab"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
access-control-max-age
86400
cache-control
public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges
bytes
content-length
203528

Redirect headers

location
https://cds.connatix.com/p/155403/connatix.player.dc.js
date
Wed, 23 Mar 2022 08:53:09 GMT
cache-control
no-cache, no-store, must-revalidate, max-age=0
accept-ranges
bytes
content-length
0
access-control-max-age
86400
hls.5b3b785f487abbe00eee.js
cds.connatix.com/p/155403/ Frame 897B 		0
47 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://cds.connatix.com/p/155403/hls.5b3b785f487abbe00eee.js
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.130.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 23 Mar 2022 08:53:10 GMT
content-encoding
br
last-modified
Tue, 22 Mar 2022 08:52:26 GMT
age
86173
etag
"182f65d040bfb9544bd8f71472475672"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
access-control-max-age
86400
cache-control
public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges
bytes
content-length
48258
/
kasperskycontenthub.com/ 		0
399 B 		Script
General
Check archive.org
Download Go to
Full URL
https://kasperskycontenthub.com/?dm=ed1f9e435dc885292eab65620c51f3fb&action=load&blogid=103&siteid=1&t=1066022849&back=https%3A%2F%2Fthreatpost.com%2Fmalware-hunter-crawls-internet-looking-for-rat-c2s%2F125360%2F
Requested by
Host: threatpost.com
URL: https://threatpost.com/malware-hunter-crawls-internet-looking-for-rat-c2s/125360/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date
Wed, 23 Mar 2022 08:53:11 GMT
X-Content-Type-Options
nosniff
Server
nginx
X-Frame-Options
SAMEORIGIN
Connection
close
Content-Type
application/javascript
x-cache-hit
MISS
Transfer-Encoding
chunked
X-Debug-Auth
off
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Request-Host
kasperskycontenthub.com
X-XSS-Protection
1; mode=block
gtm.js
www.googletagmanager.com/ 		178 KB
59 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-PM29HLF
Requested by
Host: threatpost.com
URL: https://threatpost.com/malware-hunter-crawls-internet-looking-for-rat-c2s/125360/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
dd374d780cdf98511afffc1e7c421d37fc59771b6317086c2d7f2bc4ca321f0f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 23 Mar 2022 08:53:10 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
60667
x-xss-protection
0
last-modified
Wed, 23 Mar 2022 06:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Wed, 23 Mar 2022 08:53:10 GMT
gtm.js
www.googletagmanager.com/ 		502 KB
116 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-WZ7LJ3
Requested by
Host: threatpost.com
URL: https://threatpost.com/malware-hunter-crawls-internet-looking-for-rat-c2s/125360/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
5fa0e87692bef096dfd735b2c3d345eb9967633438beb7989a96009e9f480f19
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 23 Mar 2022 08:53:10 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
118691
x-xss-protection
0
last-modified
Wed, 23 Mar 2022 07:39:36 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Wed, 23 Mar 2022 08:53:10 GMT
icons.svg
threatpost.com/wp-content/themes/threatpost-2018//assets/sprite/ 		13 KB
13 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://threatpost.com/wp-content/themes/threatpost-2018//assets/sprite/icons.svg
Requested by
Host: threatpost.com
URL: https://threatpost.com/malware-hunter-crawls-internet-looking-for-rat-c2s/125360/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx /
Resource Hash
97f5070aadd9475bb56a49a7bc1114e9fe1b992b55f2b227502f35f8bba71d74

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/malware-hunter-crawls-internet-looking-for-rat-c2s/125360/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date
Wed, 23 Mar 2022 08:53:11 GMT
Last-Modified
Fri, 18 Mar 2022 15:46:01 GMT
Server
nginx
ETag
"6234a939-328e"
Content-Type
image/svg+xml
Access-Control-Allow-Origin
*
Connection
close
Accept-Ranges
bytes
Content-Length
12942
icons.svg
threatpost.com/wp-content/themes/threatpost-2018/assets/sprite/ 		13 KB
13 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://threatpost.com/wp-content/themes/threatpost-2018/assets/sprite/icons.svg
Requested by
Host: threatpost.com
URL: https://threatpost.com/malware-hunter-crawls-internet-looking-for-rat-c2s/125360/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx /
Resource Hash
97f5070aadd9475bb56a49a7bc1114e9fe1b992b55f2b227502f35f8bba71d74

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/malware-hunter-crawls-internet-looking-for-rat-c2s/125360/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date
Wed, 23 Mar 2022 08:53:11 GMT
Last-Modified
Fri, 18 Mar 2022 15:46:01 GMT
Server
nginx
ETag
"6234a939-328e"
Content-Type
image/svg+xml
Access-Control-Allow-Origin
*
Connection
close
Accept-Ranges
bytes
Content-Length
12942
logo.png
assets.threatpost.com/wp-content/themes/threatpost-2018/assets/images/ 		19 KB
19 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.threatpost.com/wp-content/themes/threatpost-2018/assets/images/logo.png
Requested by
Host: assets.threatpost.com
URL: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=816b5101
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2315:1200:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
39af7c1116fb967a330e8770f775e6b5ee871add01ed45c98a1634911cebfb0a

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=816b5101
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
public
date
Wed, 23 Mar 2022 08:53:10 GMT
via
1.1 021d8c03b9a9a9281489f9b9055209cc.cloudfront.net (CloudFront)
last-modified
Fri, 18 Mar 2022 15:46:01 GMT
server
nginx
x-amz-cf-pop
DUS51-P2
etag
"6234a939-4a32"
x-cache
Miss from cloudfront
content-type
image/png
cache-control
max-age=604800, public
accept-ranges
bytes
content-length
18994
x-amz-cf-id
kw7NNIF3v3iMhreW5q_dL10vFAC0ug2ug9yzxGJNPpK-LesCZEa4fg==
expires
Wed, 30 Mar 2022 08:53:10 GMT
museosans-700-webfont.woff2
assets.threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 		20 KB
21 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://assets.threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-700-webfont.woff2
Requested by
Host: assets.threatpost.com
URL: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=816b5101
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2315:1200:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
ae00ae9c862bc8b8923efd1d9a18befa912678a869d4dd01179a59ed3de731be

Request headers

Referer
https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=816b5101
Origin
https://threatpost.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 23 Mar 2022 08:53:11 GMT
via
1.1 e4aaaf9d55a242f83ddc793442b0ebe2.cloudfront.net (CloudFront)
last-modified
Fri, 18 Mar 2022 15:46:01 GMT
server
nginx
x-amz-cf-pop
DUS51-P2
etag
"6234a939-51a4"
x-cache
Miss from cloudfront
content-type
font/woff2
access-control-allow-origin
*
accept-ranges
bytes
content-length
20900
x-amz-cf-id
EtLMHaAALABxh9zykhIYO6uwSupH43wuzzKPBur0N4yob66OLQd-Wg==
museosans-100-webfont.woff2
assets.threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 		20 KB
21 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://assets.threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-100-webfont.woff2
Requested by
Host: assets.threatpost.com
URL: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=816b5101
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2315:1200:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
06fc565587b8b700936a1677218cb269a6cc31ca5f701eb45461e86a3d54d5c7

Request headers

Referer
https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=816b5101
Origin
https://threatpost.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 23 Mar 2022 08:53:11 GMT
via
1.1 e4aaaf9d55a242f83ddc793442b0ebe2.cloudfront.net (CloudFront)
last-modified
Fri, 18 Mar 2022 15:46:01 GMT
server
nginx
x-amz-cf-pop
DUS51-P2
etag
"6234a939-50c8"
x-cache
Miss from cloudfront
content-type
font/woff2
access-control-allow-origin
*
accept-ranges
bytes
content-length
20680
x-amz-cf-id
q9EJurp9zb1gKyiZTsl6N1jB6fRorIBHa5Haa_RjIqNC_R8F9UcRJQ==
museosans-300-webfont.woff2
assets.threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 		20 KB
21 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://assets.threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-300-webfont.woff2
Requested by
Host: assets.threatpost.com
URL: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=816b5101
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2315:1200:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
45ddc09b0ad6ab916bd9a0282070b161045e186fc025303f4aa1aa821fc45ac7

Request headers

Referer
https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=816b5101
Origin
https://threatpost.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 23 Mar 2022 08:53:11 GMT
via
1.1 e4aaaf9d55a242f83ddc793442b0ebe2.cloudfront.net (CloudFront)
last-modified
Fri, 18 Mar 2022 15:46:01 GMT
server
nginx
x-amz-cf-pop
DUS51-P2
etag
"6234a939-51b8"
x-cache
Miss from cloudfront
content-type
font/woff2
access-control-allow-origin
*
accept-ranges
bytes
content-length
20920
x-amz-cf-id
TC8V6BVwraHqnZgIgh8UV67PuAo6RW8pkwEEdxzIxT-4zQOIZfFM-Q==
museosans-500-webfont.woff2
assets.threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 		20 KB
21 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://assets.threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-500-webfont.woff2
Requested by
Host: assets.threatpost.com
URL: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=816b5101
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2315:1200:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
2de77164bb9924542e1dea4ee4a0ff27d40b51a3d7939dac7db11a95045c9b7d

Request headers

Referer
https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=816b5101
Origin
https://threatpost.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 23 Mar 2022 08:53:11 GMT
via
1.1 e4aaaf9d55a242f83ddc793442b0ebe2.cloudfront.net (CloudFront)
last-modified
Fri, 18 Mar 2022 15:46:01 GMT
server
nginx
x-amz-cf-pop
DUS51-P2
etag
"6234a939-5194"
x-cache
Miss from cloudfront
content-type
font/woff2
access-control-allow-origin
*
accept-ranges
bytes
content-length
20884
x-amz-cf-id
IztiRqUtBxUKyVTpNnfuNB9Msxy2n5tTnMevjFvNeXbGJgD0QUMHIw==
avatar_def-60x60.png
media.threatpost.com/wp-content/uploads/sites/103/2021/06/10095238/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://media.threatpost.com/wp-content/uploads/sites/103/2021/06/10095238/avatar_def-60x60.png
Requested by
Host: threatpost.com
URL: https://threatpost.com/malware-hunter-crawls-internet-looking-for-rat-c2s/125360/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:214f:9c00:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
b19ed6f6f0d9f58ca899fb554fa2799f0dc313ea37ed6f5cb5bb226b6e901494

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Fri, 07 Jan 2022 02:54:31 GMT
via
1.1 f6c241b75ae7d21ac836339454ab90b8.cloudfront.net (CloudFront), 1.1 f2db75b601dc30df73b1beb29596a374.cloudfront.net (CloudFront)
last-modified
Thu, 10 Jun 2021 13:54:04 GMT
server
AmazonS3
age
6501520
etag
"d99f14b242d6b0de008c150f840feaff"
x-cache
Hit from cloudfront
content-type
image/png
cache-control
max-age=31536000
x-amz-cf-pop
FRA50-C1, FRA53-C1
accept-ranges
bytes
content-length
1821
x-amz-cf-id
k6R3i0G5PieYsit2hMZgvOK5jiN8_YSuWZqaWh189AKS_XBg9DydlA==
expires
Fri, 10 Jun 2022 13:54:03 GMT
mail-plane-light.svg
assets.threatpost.com/wp-content/themes/threatpost-2018/assets/images/ 		828 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.threatpost.com/wp-content/themes/threatpost-2018/assets/images/mail-plane-light.svg
Requested by
Host: assets.threatpost.com
URL: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=816b5101
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2315:1200:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
5a7ed822968963e31d88424c96387ad9f4fd4f4b5a5b581a33f65e3784d162cf

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=816b5101
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 23 Mar 2022 08:53:10 GMT
via
1.1 021d8c03b9a9a9281489f9b9055209cc.cloudfront.net (CloudFront)
last-modified
Fri, 18 Mar 2022 15:46:01 GMT
server
nginx
x-amz-cf-pop
DUS51-P2
etag
"6234a939-33c"
x-cache
Miss from cloudfront
content-type
image/svg+xml
access-control-allow-origin
*
accept-ranges
bytes
content-length
828
x-amz-cf-id
KajdJMLn_BfRIYwEY8GRs_GTKIMYzgX8lO9SWIPBuk7KZKcpK5aGbw==
museosans-700italic-webfont.woff2
assets.threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 		15 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://assets.threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-700italic-webfont.woff2
Requested by
Host: assets.threatpost.com
URL: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=816b5101
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2315:1200:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
859faa9b9ed0990288b2f393a102b1fe2668ac79088b113b6f0beaee521221eb

Request headers

Referer
https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=816b5101
Origin
https://threatpost.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 23 Mar 2022 08:53:11 GMT
via
1.1 e4aaaf9d55a242f83ddc793442b0ebe2.cloudfront.net (CloudFront)
last-modified
Fri, 18 Mar 2022 15:46:00 GMT
server
nginx
x-amz-cf-pop
DUS51-P2
etag
"6234a938-3dcc"
x-cache
Miss from cloudfront
content-type
font/woff2
access-control-allow-origin
*
accept-ranges
bytes
content-length
15820
x-amz-cf-id
sSak4rQ3OoUyDtlmlBK-ARht73Q2F30MaUU9_gCR_Kg-okk8VCnUVA==
malware-download-540x270.jpg
media.threatpost.com/wp-content/uploads/sites/103/2020/10/05121235/ 		19 KB
20 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://media.threatpost.com/wp-content/uploads/sites/103/2020/10/05121235/malware-download-540x270.jpg
Requested by
Host: threatpost.com
URL: https://threatpost.com/malware-hunter-crawls-internet-looking-for-rat-c2s/125360/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:214f:9c00:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
0b53158fac1f17ebd5a4939bd127529b81b44c261bbf65506b151ccae4071617

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 00:51:27 GMT
via
1.1 ea2e21f6a5c3ec2f96b0dac1b769e00e.cloudfront.net (CloudFront), 1.1 f2db75b601dc30df73b1beb29596a374.cloudfront.net (CloudFront)
last-modified
Mon, 05 Oct 2020 16:12:38 GMT
server
AmazonS3
age
3657704
etag
"1c68adeae4917b89a73ad10abd2eec7d"
x-cache
Hit from cloudfront
content-type
image/jpeg
cache-control
max-age=31536000
x-amz-cf-pop
FRA50-C1, FRA53-C1
accept-ranges
bytes
content-length
19516
x-amz-cf-id
iNSso6mMMfyDZin5Kd7q7890l1v2_Nkz2tL1vtK5_6FVUwDlbCnLIA==
expires
Tue, 05 Oct 2021 16:12:37 GMT
ransomware-540x270.jpg
media.threatpost.com/wp-content/uploads/sites/103/2020/10/14114608/ 		22 KB
22 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://media.threatpost.com/wp-content/uploads/sites/103/2020/10/14114608/ransomware-540x270.jpg
Requested by
Host: threatpost.com
URL: https://threatpost.com/malware-hunter-crawls-internet-looking-for-rat-c2s/125360/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:214f:9c00:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
c6c4147f80da55b9177793bae26fb3124c29c619ba0029896e98af3038eff0c4

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 31 Aug 2021 05:10:27 GMT
via
1.1 5317564e96c9dceb46123f6c5f149a03.cloudfront.net (CloudFront), 1.1 f2db75b601dc30df73b1beb29596a374.cloudfront.net (CloudFront)
last-modified
Wed, 14 Oct 2020 15:46:12 GMT
server
AmazonS3
age
17638963
etag
"ece4d3c40b67b0f0839f7ed23b15e0df"
x-cache
Hit from cloudfront
content-type
image/jpeg
cache-control
max-age=31536000
x-amz-cf-pop
FRA50-C1, FRA53-C1
accept-ranges
bytes
content-length
22053
x-amz-cf-id
CMb5oWwwWbcOE-A4WUnXgf0Jvdw1m6k5kKMl-XB9fhI5zz3YIPlrIw==
expires
Thu, 14 Oct 2021 15:46:11 GMT
14_kaspersky_secure_futures_magazine_composable_infrastructure-64x64.jpg
media.threatpost.com/wp-content/uploads/sites/103/2022/03/01154703/ 		2 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://media.threatpost.com/wp-content/uploads/sites/103/2022/03/01154703/14_kaspersky_secure_futures_magazine_composable_infrastructure-64x64.jpg
Requested by
Host: threatpost.com
URL: https://threatpost.com/malware-hunter-crawls-internet-looking-for-rat-c2s/125360/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:214f:9c00:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
7e75ade51afcae47ec8dedc46bd50962ebb58b46638a69951f1f494c5052fe14

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 08 Mar 2022 15:57:05 GMT
via
1.1 57d93b321db68494cc6755a0d3fb29cc.cloudfront.net (CloudFront), 1.1 f2db75b601dc30df73b1beb29596a374.cloudfront.net (CloudFront)
last-modified
Tue, 01 Mar 2022 20:47:09 GMT
server
AmazonS3
age
1270566
etag
"502f5a6c66ba05c0831f656eb6cc29dd"
x-cache
Hit from cloudfront
content-type
image/jpeg
cache-control
max-age=31536000
x-amz-cf-pop
FRA2-C2, FRA53-C1
accept-ranges
bytes
content-length
2476
x-amz-cf-id
c0EFcZsub4xTHN0khJGaqtX7fK35aZfIZLzW6Bl5twSMDVERp4AbHA==
expires
Wed, 01 Mar 2023 20:47:08 GMT
checklist2-64x64.jpg
media.threatpost.com/wp-content/uploads/sites/103/2021/10/19100940/ 		2 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://media.threatpost.com/wp-content/uploads/sites/103/2021/10/19100940/checklist2-64x64.jpg
Requested by
Host: threatpost.com
URL: https://threatpost.com/malware-hunter-crawls-internet-looking-for-rat-c2s/125360/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:214f:9c00:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
7fd9983a3429d6ead1f66bf933770f9b790818b189e39ff0f2a0d3f590bbf67b

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Fri, 25 Feb 2022 18:49:28 GMT
via
1.1 fb8c0300277bd0137c1693d3d64ab550.cloudfront.net (CloudFront), 1.1 f2db75b601dc30df73b1beb29596a374.cloudfront.net (CloudFront)
last-modified
Tue, 19 Oct 2021 14:09:44 GMT
server
AmazonS3
age
2210623
etag
"14bf40c9dffffaec5cd1337f170dac93"
x-cache
Hit from cloudfront
content-type
image/jpeg
cache-control
max-age=31536000
x-amz-cf-pop
FRA50-C1, FRA53-C1
accept-ranges
bytes
content-length
2112
x-amz-cf-id
WKbwY1Yz2WaFPSYk1VE5EmfjVFAFry-zAr7MVwsfTnsUg-ujJiVbXQ==
expires
Wed, 19 Oct 2022 14:09:43 GMT
5-Steps-For-Securing-Your-Remote-Work-Space-e1645021300212-64x64.jpg
media.threatpost.com/wp-content/uploads/sites/103/2021/09/09141032/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://media.threatpost.com/wp-content/uploads/sites/103/2021/09/09141032/5-Steps-For-Securing-Your-Remote-Work-Space-e1645021300212-64x64.jpg
Requested by
Host: threatpost.com
URL: https://threatpost.com/malware-hunter-crawls-internet-looking-for-rat-c2s/125360/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:214f:9c00:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
1f3d8b57f69b73694c38ba6bbf8ddc46c8a5e52db401795fa8ab80643e14236d

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Thu, 24 Feb 2022 21:12:50 GMT
via
1.1 666eddda46892ed48d8d771b6142ac24.cloudfront.net (CloudFront), 1.1 f2db75b601dc30df73b1beb29596a374.cloudfront.net (CloudFront)
last-modified
Wed, 16 Feb 2022 14:21:42 GMT
server
AmazonS3
age
2288421
etag
"8d2fd78b5abc332b1098cc4de81608b9"
x-cache
Hit from cloudfront
content-type
image/jpeg
cache-control
max-age=31536000
x-amz-cf-pop
FRA56-P2, FRA53-C1
accept-ranges
bytes
content-length
1940
x-amz-cf-id
IAgpQUK-KAbwBjkt8aW4uz3AJ0ChpAx4As5It8v-umOl_9ozpe4nJg==
expires
Thu, 16 Feb 2023 14:21:40 GMT
nuclear-bomb-explosion-1478796377Hhl-64x64.jpeg
media.threatpost.com/wp-content/uploads/sites/103/2021/09/29112739/ 		2 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://media.threatpost.com/wp-content/uploads/sites/103/2021/09/29112739/nuclear-bomb-explosion-1478796377Hhl-64x64.jpeg
Requested by
Host: threatpost.com
URL: https://threatpost.com/malware-hunter-crawls-internet-looking-for-rat-c2s/125360/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:214f:9c00:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
6c8e343da3b15a6a26e0367b83d1c97813863ea6e6a905bd9e69870bb0a0ebd0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 21:08:04 GMT
via
1.1 9c7c26f5beeb09381cea450ea3581b36.cloudfront.net (CloudFront), 1.1 f2db75b601dc30df73b1beb29596a374.cloudfront.net (CloudFront)
last-modified
Wed, 29 Sep 2021 15:27:43 GMT
server
AmazonS3
age
3584707
etag
"6d0d1a22dbbe088376115135bb5be675"
x-cache
Hit from cloudfront
content-type
image/jpeg
cache-control
max-age=31536000
x-amz-cf-pop
FRA50-C1, FRA53-C1
accept-ranges
bytes
content-length
2337
x-amz-cf-id
Jg5J3mm8jCzxTy-MjW8_RkVFb_Lut5Es4FxrtWkInl3uFr1gZ3KF8w==
expires
Thu, 29 Sep 2022 15:27:42 GMT
Log4J_shell_thrpst-e1643986376319-64x64.jpg
media.threatpost.com/wp-content/uploads/sites/103/2021/12/30110920/ 		2 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://media.threatpost.com/wp-content/uploads/sites/103/2021/12/30110920/Log4J_shell_thrpst-e1643986376319-64x64.jpg
Requested by
Host: threatpost.com
URL: https://threatpost.com/malware-hunter-crawls-internet-looking-for-rat-c2s/125360/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:214f:9c00:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
41f047950d4db7e04d250ebe65613aaaf482546a855d9321d1536ecb8ab6cccf

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Fri, 04 Feb 2022 18:59:05 GMT
via
1.1 e38834cd8f7f79ef118dc9bba0861780.cloudfront.net (CloudFront), 1.1 f2db75b601dc30df73b1beb29596a374.cloudfront.net (CloudFront)
last-modified
Fri, 04 Feb 2022 14:52:59 GMT
server
AmazonS3
age
4024446
etag
"8b8e89e4e306930920312db10e2c0dbf"
x-cache
Hit from cloudfront
content-type
image/jpeg
cache-control
max-age=31536000
x-amz-cf-pop
FRA50-C1, FRA53-C1
accept-ranges
bytes
content-length
2455
x-amz-cf-id
oqr4fnq4lC3IsQf6SuGGoX6FPek6RQ_kkjIpanFKAa4SdxDowbSz9A==
expires
Sat, 04 Feb 2023 14:52:57 GMT
twitter-blue.svg
assets.threatpost.com/wp-content/themes/threatpost-2018/assets/images/ 		868 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.threatpost.com/wp-content/themes/threatpost-2018/assets/images/twitter-blue.svg
Requested by
Host: assets.threatpost.com
URL: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=816b5101
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2315:1200:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
420508fc523520f35de5c851905543294123d7676b5a5668744691f2abe9e730

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=816b5101
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 23 Mar 2022 08:53:10 GMT
via
1.1 021d8c03b9a9a9281489f9b9055209cc.cloudfront.net (CloudFront)
last-modified
Fri, 18 Mar 2022 15:46:00 GMT
server
nginx
x-amz-cf-pop
DUS51-P2
etag
"6234a938-364"
x-cache
Miss from cloudfront
content-type
image/svg+xml
access-control-allow-origin
*
accept-ranges
bytes
content-length
868
x-amz-cf-id
hLSbV0uRBh0sRhw3bSY1n58gxvFr6Va7UxPRiQO1KgwPswHZJ0PkHg==
player.css
cds.connatix.com/p/155403/ 		56 KB
9 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cds.connatix.com/p/155403/player.css
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.130.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
9310c3290722edb39dfc8e9065d9b52f8629a7d969e42868f0eac42b9b7edf3a

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 23 Mar 2022 08:53:10 GMT
content-encoding
br
last-modified
Tue, 22 Mar 2022 08:52:26 GMT
age
86174
etag
"a69488f3f35ac4bbb9526cd82833f6e9"
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
access-control-max-age
86400
cache-control
public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges
bytes
content-length
8634
mail-plane-large-dark.svg
assets.threatpost.com/wp-content/themes/threatpost-2018/assets/images/ 		812 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.threatpost.com/wp-content/themes/threatpost-2018/assets/images/mail-plane-large-dark.svg
Requested by
Host: assets.threatpost.com
URL: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=816b5101
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2315:1200:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
a9d2b2df99c1a115d5394c70a898d8801092208dc582f8bd6fb01b35c30d6b22

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=816b5101
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 23 Mar 2022 08:53:10 GMT
via
1.1 021d8c03b9a9a9281489f9b9055209cc.cloudfront.net (CloudFront)
last-modified
Fri, 18 Mar 2022 15:46:01 GMT
server
nginx
x-amz-cf-pop
DUS51-P2
etag
"6234a939-32c"
x-cache
Miss from cloudfront
content-type
image/svg+xml
access-control-allow-origin
*
accept-ranges
bytes
content-length
812
x-amz-cf-id
HtknuWQQlFmHd8JJXc5qF13INJET4Hvfop6D1ORsTfKWaJrg3yJHOw==
logo-white.png
assets.threatpost.com/wp-content/themes/threatpost-2018/assets/images/ 		10 KB
10 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.threatpost.com/wp-content/themes/threatpost-2018/assets/images/logo-white.png
Requested by
Host: assets.threatpost.com
URL: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=816b5101
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2315:1200:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
e4058d4ee9da1ceaddfa91ddb63650ba67285f1bbfee487d9dfe648bced669a0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=816b5101
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
public
date
Wed, 23 Mar 2022 08:53:10 GMT
via
1.1 021d8c03b9a9a9281489f9b9055209cc.cloudfront.net (CloudFront)
last-modified
Fri, 18 Mar 2022 15:46:00 GMT
server
nginx
x-amz-cf-pop
DUS51-P2
etag
"6234a938-260a"
x-cache
Miss from cloudfront
content-type
image/png
cache-control
max-age=604800, public
accept-ranges
bytes
content-length
9738
x-amz-cf-id
AYWQE8kY3L58W4jO1_JWmI13KvfohW1DKDexALSG7iUMFirC8KiV8w==
expires
Wed, 30 Mar 2022 08:53:10 GMT
b-7b120a5-9b871d4e.js
tagan.adlightning.com/math-aids-threatpost/ 		73 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.66.117 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-65-9-66-117.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
4658e1122a2190db712f6731d3e8c14b027f0a42bd7c1333b11d272f8e9ea3fd

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Fri, 01 Oct 2021 20:58:51 GMT
content-encoding
gzip
age
14903660
x-cache
Hit from cloudfront
content-length
28179
x-amz-meta-git_commit
7b120a5
last-modified
Mon, 16 Aug 2021 17:49:31 GMT
server
AmazonS3
etag
"c42a7ac1ac405f3f0cad04305cad5553"
x-amz-version-id
HCJNSpgvHPkSF2.YDap.Qx6PnxOllH79
via
1.1 a383f82b5d4e98bbd66535c2c4b20c9e.cloudfront.net (CloudFront)
cache-control
max-age=31536000
x-amz-cf-pop
FRA56-C1
accept-ranges
bytes
content-type
application/javascript
x-amz-cf-id
jhO5iwV7SkJcT9A73s19ty2y4nFSkwls357NeSAff8xX_gnyAJ39hQ==
bl-01880f1-a9073723.js
tagan.adlightning.com/math-aids-threatpost/ 		43 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tagan.adlightning.com/math-aids-threatpost/bl-01880f1-a9073723.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.66.117 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-65-9-66-117.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
a440f79bde57295a7e4aca47491ccc4e78276e5fa6e45dcf6950b4505b73910d

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 23 Mar 2022 04:46:04 GMT
content-encoding
gzip
age
14827
x-cache
Hit from cloudfront
content-length
18321
x-amz-meta-git_commit
01880f1
last-modified
Wed, 23 Mar 2022 04:17:07 GMT
server
AmazonS3
etag
"67b38948668385d16e6c6a475993bd69"
x-amz-version-id
ipASxP7_QoCuXx_1kgV0xXHQdY1VBp66
via
1.1 a383f82b5d4e98bbd66535c2c4b20c9e.cloudfront.net (CloudFront)
cache-control
max-age=31536000
x-amz-cf-pop
FRA56-C1
accept-ranges
bytes
content-type
application/javascript
x-amz-cf-id
nOi_k3dHiYMJ9i2kAXccyAyo9_rlHRQEaAA3e7s8soSHfRiu6o2Y6g==
pubads_impl_2022031601.js
securepubads.g.doubleclick.net/gpt/ 		365 KB
124 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022031601.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.58.201.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
prg03s01-in-f66.1e100.net
Software
sffe /
Resource Hash
5042f25c3eb1530880fa3b05325462c028492caf22141409999cdd7e6364b8ba
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 23 Mar 2022 07:23:46 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
5364
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
126823
x-xss-protection
0
last-modified
Wed, 16 Mar 2022 08:34:12 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type
text/javascript
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
expires
Thu, 23 Mar 2023 07:23:46 GMT
ppub_config
securepubads.g.doubleclick.net/pagead/ 		141 B
737 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=threatpost.com
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.58.201.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
prg03s01-in-f66.1e100.net
Software
cafe /
Resource Hash
d4c4215f41a4bb6f12e0d100854eecc6bc5c57ef23af0e945b8359d7727ae94e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin
*
date
Wed, 23 Mar 2022 08:53:10 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
101
x-xss-protection
0
expires
Wed, 23 Mar 2022 08:53:10 GMT
pls
capi.connatix.com/core/ Frame 897B 		14 KB
6 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://capi.connatix.com/core/pls?v=155403
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.130.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
84a5b63538c9d121742bdd65c64a29dfadef478bf3f634d5facf297d5011a6ca

Request headers

Referer
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type
multipart/form-data

Response headers

date
Wed, 23 Mar 2022 08:53:11 GMT
content-encoding
gzip
fastly-original-body-size
0
vary
Accept-Encoding
content-type
application/x-protobuf
access-control-allow-origin
https://threatpost.com
access-control-max-age
86400
access-control-allow-credentials
true
accept-ranges
bytes
content-length
6217
config
c.amazon-adsystem.com/cdn/prod/ 		662 B
1018 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.amazon-adsystem.com/cdn/prod/config?src=600&u=https%3A%2F%2Fthreatpost.com&pubid=cb8cfc89-e83e-44aa-a3a2-ff78eda781ef
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.71.173 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-65-9-71-173.fra56.r.cloudfront.net
Software
Server /
Resource Hash
6493fe707262fb8d9bc0e4d487e319fc9ebe7de26ebe7e3b4f58a5d17f03a9ea

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 23 Mar 2022 08:16:02 GMT
via
1.1 673c96d1f19de21216629aa48d90ac92.cloudfront.net (CloudFront)
server
Server
age
2227
x-cache
Hit from cloudfront
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://threatpost.com
cache-control
max-age=21550, s-maxage=21600
access-control-allow-credentials
true
x-amz-cf-pop
FRA56-C1
content-length
662
x-amz-cf-id
DlxjdOdrKzMfbt7mGyjDHlOFUFDsdMfQ7K7hk_flAOPPegKTM4KA3A==
aps_csm.js
c.amazon-adsystem.com/bao-csm/aps-comm/ 		6 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.71.173 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-65-9-71-173.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-amz-version-id
khsXo6Z3HSo5bHNWbmb1eMp88IHhxPc.
content-encoding
gzip
etag
W/"a4d296427fc806b21335359e398c025c"
age
15185
x-cache
Hit from cloudfront
access-control-max-age
3000
access-control-allow-origin
*
last-modified
Thu, 17 Mar 2022 02:21:48 GMT
server
AmazonS3
date
Wed, 23 Mar 2022 05:01:46 GMT
vary
Origin
access-control-allow-methods
GET
content-type
application/javascript
via
1.1 579a21a67e4dc50a655a7c0e9675261c.cloudfront.net (CloudFront)
cache-control
public, max-age=86400
x-amz-cf-pop
FRA56-C1
x-amz-cf-id
qiW18oLtoYXe_wt12DwBb1LYx9CZ5E5xswCaHBdoSUM5qffRU4ZYJg==
vendor-list.json
qd.admetricspro.com/js/cmp2/ 		256 KB
37 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://qd.admetricspro.com/js/cmp2/vendor-list.json
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/cmp.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3030::ac43:cf70 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1aeb3ee07f4b462935c5d8047ff038c8e279d75f9be1dcd0b848ba68223a3ee2

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 23 Mar 2022 08:53:11 GMT
content-encoding
br
cf-cache-status
DYNAMIC
last-modified
Mon, 31 May 2021 16:54:38 GMT
server
cloudflare
etag
W/"3ffae-5c3a314b5dcb2"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VPr68IaZ%2Fi6aLGRDyfvGh6AQ7lW%2F764cdyD4dF64cSnOsmZWkzwi2vOh1kYEQj%2BmgTkFdV7k1Udhl%2Bvin%2B%2FDC4aNeLumjsFkXoxhzFXwr1ROhKmbT9jiaiqvM%2FuuPVqOOE6wK2wmoLMf28PoAMtqOKz0"}],"group":"cf-nel","max_age":604800}
content-type
application/json
access-control-allow-origin
*
cache-control
max-age=600
cf-ray
6f05ef685cc03758-MXP
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires
Wed, 23 Mar 2022 09:03:11 GMT
pubcid.min.js
secure.cdn.fastclick.net/js/pubcid/latest/ 		53 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://secure.cdn.fastclick.net/js/pubcid/latest/pubcid.min.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.89.31.187 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-89-31-187.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
a4350fed8ed92bbf4f462fc245028928ac33afa25d2231b28c334b91cd0d3952

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 23 Mar 2022 08:53:11 GMT
content-encoding
gzip
last-modified
Tue, 01 Jun 2021 17:06:57 GMT
server
Apache
etag
"d398-5c3b75e9ebb41-gzip"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=900
accept-ranges
bytes
content-length
17087
expires
Wed, 23 Mar 2022 09:08:11 GMT
id5-api.js
cdn.id5-sync.com/api/1.0/ 		40 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.id5-sync.com/api/1.0/id5-api.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
46.105.202.126 , France, ASN16276 (OVH, FR),
Reverse DNS
Software
/
Resource Hash
9476350068dbd8b61373906f6d9dba49ed31ed5d64d6ee2d48da082c44a447dc
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
content-encoding
br
x-cacheable
Matched cache
x-cdn-pop-ip
137.74.120.0/27
date
Wed, 23 Mar 2022 08:19:42 GMT
content-type
text/javascript;charset=utf-8
cache-control
max-age=3600
x-cdn-pop
sbg
content-disposition
attachment;filename="id5-api.js"
accept-ranges
bytes
content-length
11181
x-request-id
477660031
analytics.js
www.google-analytics.com/ 		49 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PM29HLF
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 02 Nov 2021 17:39:06 GMT
server
Golfe2
age
4701
date
Wed, 23 Mar 2022 07:34:50 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
20006
expires
Wed, 23 Mar 2022 09:34:50 GMT
quant.js
secure.quantserve.com/ 		24 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://secure.quantserve.com/quant.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PM29HLF
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:116:800d:21:8c6e:cf2c:8d6:9fb5 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
8d6580af877387b05d9ffac3ebeacfe25a7728c77adef6d9b32fd72ccbe21468

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 23 Mar 2022 08:53:11 GMT
content-encoding
gzip
etag
"u2JtyZzqnTXwzBUswy2r+w=="
vary
Accept-Encoding
content-type
application/javascript
cache-control
private, max-age=604800
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
expires
Wed, 30 Mar 2022 08:53:11 GMT
uwt.js
static.ads-twitter.com/ 		52 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.ads-twitter.com/uwt.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PM29HLF
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.12.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
3d2931b4c2530b3eb7be0d6a3f76160c8ade300ebbe9ded97aba80973b149351

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 23 Mar 2022 08:53:11 GMT
content-encoding
gzip
last-modified
Tue, 22 Mar 2022 21:56:52 GMT
etag
"91eb408d013331970edc7ee2ce214534+gzip+gzip"
vary
Accept-Encoding,Host
x-tw-cdn
FT
p3p
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
cache-control
no-cache
x-cache
HIT, HIT
accept-ranges
bytes
content-type
application/javascript; charset=utf-8
content-length
12516
x-served-by
cache-iad-kiad7000170-IAD, cache-fra19147-FRA
gtm.js
www.googletagmanager.com/ 		413 KB
105 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-T45JW6B&l=dataLayer
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WZ7LJ3
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
596040c64e8754089e1dcaed49da9be58ba538ede4879ca13ee0d78828bed19d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 23 Mar 2022 08:53:11 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
107833
x-xss-protection
0
last-modified
Wed, 23 Mar 2022 07:36:12 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Wed, 23 Mar 2022 08:53:11 GMT
recaptcha__de.js
www.gstatic.com/recaptcha/releases/zLD1nfkNCJC1kEswSRdSyd-p/ 		360 KB
143 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/recaptcha/releases/zLD1nfkNCJC1kEswSRdSyd-p/recaptcha__de.js
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api.js?render=explicit&ver=202124050927
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
b7aaea908b866c1619b9bf156a002c22b717a771bf22d9a2965151f9cf969670
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://threatpost.com/
Origin
https://threatpost.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 23 Mar 2022 08:42:06 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
665
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
145350
x-xss-protection
0
last-modified
Mon, 14 Mar 2022 04:02:07 GMT
server
sffe
cross-origin-opener-policy
same-origin-allow-popups; report-to="recaptcha"
vary
Accept-Encoding
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Thu, 23 Mar 2023 08:42:06 GMT
id
dpm.demdex.net/ 		368 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://dpm.demdex.net/id?d_visid_ver=4.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=983502BE532960BE0A490D4C%40AdobeOrg&d_nsid=0&ts=1648025591703
Requested by
Host: media.kaspersky.com
URL: https://media.kaspersky.com/tracking/omniture/s_code_single_suite.js?ver=5.9.2
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.154.124.119 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-154-124-119.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
f9bf0a7c93552b516a12d0de482da5a5c0cca521bef71ee8bfa3961316e598f7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://threatpost.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

DCS
dcs-prod-irl1-1-v030-0d2b4133c.edge-irl1.demdex.com UNKNOWN
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
content-encoding
gzip
X-TID
qwJv8PitQyo=
Vary
Origin
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin
https://threatpost.com
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json;charset=utf-8
Content-Length
311
Expires
Thu, 01 Jan 1970 00:00:00 UTC
blockedDomains_7.bin
lit.connatix.com/08d79ac9-d151-59b7-8ffc-1666f862d246/ Frame 897B 		117 B
340 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://lit.connatix.com/08d79ac9-d151-59b7-8ffc-1666f862d246/blockedDomains_7.bin
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.2.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
212b40ce7f28d7399bd126ea5aca480c7c44c2034f30b3cad9572869903e4bd7

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 23 Mar 2022 08:53:11 GMT
content-encoding
gzip
last-modified
Tue, 22 Mar 2022 20:21:47 GMT
age
44984
etag
"1bdfc507f9205d892ded18596961ada1"
vary
Accept-Encoding
content-type
application/octet-stream
access-control-allow-origin
*
access-control-max-age
86400
cache-control
public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges
bytes
content-length
104
sr
capi-tier-1-us-east-2.connatix.com/tr/ Frame 897B 		0
315 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://capi-tier-1-us-east-2.connatix.com/tr/sr?v=155403
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.223.60.0 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-223-60-0.us-east-2.compute.amazonaws.com
Software
Kestrel /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type
multipart/form-data

Response headers

date
Wed, 23 Mar 2022 08:53:11 GMT
content-encoding
gzip
server
Kestrel
vary
Accept-Encoding
content-type
application/x-protobuf
access-control-allow-origin
https://threatpost.com
access-control-allow-credentials
true
Connection
keep-alive
Content-Length
20
gpt.js
securepubads.g.doubleclick.net/tag/js/ 		82 KB
27 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/tag/js/gpt.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
216.58.201.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
prg03s01-in-f66.1e100.net
Software
sffe /
Resource Hash
08d1e9cd1cbc7d8d9af2d32a3fa74b62acb5b6dba1f3992f17393475dc986d52
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 23 Mar 2022 08:53:11 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
27970
x-xss-protection
0
server
sffe
etag
"1166 / 888 of 1000 / last-modified: 1648025023"
vary
Accept-Encoding
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type
text/javascript
cache-control
private, max-age=900, stale-while-revalidate=3600
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
expires
Wed, 23 Mar 2022 08:53:11 GMT
4_media.bin
vid.connatix.com/pid-c2ecd04f-0dca-4ffa-8761-d93b34717380/60764267-557e-410f-85cb-f102d92ee134/ec81e931-eac8-4b1a-b28c-19f27db7b253/ Frame 897B 		564 B
581 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://vid.connatix.com/pid-c2ecd04f-0dca-4ffa-8761-d93b34717380/60764267-557e-410f-85cb-f102d92ee134/ec81e931-eac8-4b1a-b28c-19f27db7b253/4_media.bin
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.66.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
affff4f3ff5172af7bae54310f79b9fb990fba71ca0d6fa4531a5da12bc67e63

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 23 Mar 2022 08:53:11 GMT
content-encoding
gzip
last-modified
Thu, 25 Feb 2021 19:24:19 GMT
age
67931
etag
"69b871caec6d6b564949ad6a3c8856cc"
vary
Accept-Encoding
content-type
application/octet-stream
access-control-allow-origin
*
access-control-max-age
86400
cache-control
public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges
bytes
content-length
344
ima3.js
imasdk.googleapis.com/js/sdkloader/ Frame 897B 		371 KB
124 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://imasdk.googleapis.com/js/sdkloader/ima3.js
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:802::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
9e3f824116bf1ec3acc0dd7c003055cfb201ab314633e5874a4c4df752bfa018
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 23 Mar 2022 08:53:11 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
cross-origin-opener-policy
same-origin; report-to="ads-doubleclick-instream-static"
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type
text/javascript
cache-control
private, max-age=900, stale-while-revalidate=3600
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
126251
x-xss-protection
0
expires
Wed, 23 Mar 2022 08:53:11 GMT
1.png
img.connatix.com/pid-c2ecd04f-0dca-4ffa-8761-d93b34717380/c2ecd04f-0dca-4ffa-8761-d93b34717380/ 		6 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://img.connatix.com/pid-c2ecd04f-0dca-4ffa-8761-d93b34717380/c2ecd04f-0dca-4ffa-8761-d93b34717380/1.png
Requested by
Host: threatpost.com
URL: https://threatpost.com/malware-hunter-crawls-internet-looking-for-rat-c2s/125360/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.130.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
739ab1cbd5fc795c806cfbc012e937834a1d566f02ed72ff02af2700c0629eb4

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 23 Mar 2022 08:53:11 GMT
content-encoding
br
age
1820588
etag
"CDlq0wWU2N6Hha9Y1OkqKS7K/JyWAUvXYL5GlZ2se8g"
access-control-max-age
86400
fastly-io-info
ifsz=8114 idim=288x42 ifmt=png ofsz=6487 odim=288x42 ofmt=png
access-control-allow-origin
*
cache-control
max-age=2592000, public
fastly-stats
io=1
accept-ranges
bytes
content-type
image/png
content-length
6487
localstore.js
script.4dex.io/ 		483 B
935 B 		Script
General
Check archive.org
Download Go to
Full URL
https://script.4dex.io/localstore.js
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::ac43:4bf1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e8fe64429e5900c16c7f8dd7861704e2f4d38e00cbb16bc18820b46d92461389

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 23 Mar 2022 08:53:11 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
85032
x-amz-request-id
txcb277395650a4fbcbe1a5-00623993cb
x-amz-id-2
txcb277395650a4fbcbe1a5-00623993cb
last-modified
Tue, 22 Mar 2022 09:15:21 GMT
server
cloudflare
etag
W/"922cffdd75f7192f75231d92684885aa"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BZGod5nlr4LTuiubqbUUfYBfCsmUnfDTT9hMhweilVBb01paetyg9RXDLffALadEiNRXXUlMNru5nw94do2nlIPOYwmy19LDwLMqCkSx9OuvZnt7ASfuY0mXFnwWLOsPRpMtWEbrYb5iS5ln"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=1800
x-amz-version-id
1647940521027959
cf-ray
6f05ef6b4cdf3746-MXP
724.json
id5-sync.com/g/v2/ 		213 B
532 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://id5-sync.com/g/v2/724.json
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.36.109.183 , France, ASN16276 (OVH, FR),
Reverse DNS
p08.id5-sync.com
Software
/
Resource Hash
45d975f40037989634e600e6197fa2aca146ea43ab225d8f7e47d918b1dbdd49
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Referer
https://threatpost.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type
text/plain

Response headers

Access-Control-Allow-Origin
https://threatpost.com
Date
Wed, 23 Mar 2022 08:53:11 GMT
Access-Control-Allow-Credentials
true
Vary
Origin
Transfer-Encoding
chunked
Strict-Transport-Security
max-age=63072000; includeSubDomains; preload
Content-Type
application/json;charset=UTF-8
bid
c.amazon-adsystem.com/e/dtb/ 		64 B
532 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fthreatpost.com%2Fmalware-hunter-crawls-internet-looking-for-rat-c2s%2F125360%2F&pid=jyAw8Q1sEUy5w&cb=0&ws=1600x1200&v=7.74.0&t=1200&slots=%5B%7B%22sd%22%3A%22div-gpt-ad-6794670-2%22%2C%22s%22%3A%5B%22728x90%22%2C%22970x250%22%2C%22970x90%22%5D%2C%22sn%22%3A%22%2F22404337467%2C21707124336%2Fthreatpost-970x250-ATF%22%7D%2C%7B%22sd%22%3A%22div-gpt-ad-6794670-3%22%2C%22s%22%3A%5B%22300x250%22%2C%22336x280%22%5D%2C%22sn%22%3A%22%2F22404337467%2C21707124336%2Fthreatpost-300x250-ATF%22%7D%2C%7B%22sd%22%3A%22div-gpt-ad-6794670-5%22%2C%22s%22%3A%5B%22300x250%22%2C%22300x600%22%5D%2C%22sn%22%3A%22%2F22404337467%2C21707124336%2Fthreatpost-300x600-ATF%22%7D%2C%7B%22sd%22%3A%22div-gpt-ad-6794670-1%22%2C%22s%22%3A%5B%222x2%22%5D%2C%22sn%22%3A%22%2F22404337467%2C21707124336%2Fthreatpost-2x2-Skin%22%7D%5D&pubid=cb8cfc89-e83e-44aa-a3a2-ff78eda781ef&gdpre=0&gdprl=%7B%22status%22%3A%22tcfv2-success%22%7D
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.71.173 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-65-9-71-173.fra56.r.cloudfront.net
Software
Server /
Resource Hash
d278491b1de51ad826d16be5ab27b1746999c02d45200f107218427e34eed798
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 23 Mar 2022 08:53:11 GMT
via
1.1 673c96d1f19de21216629aa48d90ac92.cloudfront.net (CloudFront)
server
Server
x-amz-cf-pop
FRA56-C1
x-amz-rid
0KC5N6XFY5SZVB98RW0Z
vary
Accept-Encoding,User-Agent
x-cache
Miss from cloudfront
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
https://threatpost.com
access-control-allow-credentials
true
permissions-policy
interest-cohort=()
strict-transport-security
max-age=47474747; includeSubDomains; preload
timing-allow-origin
*
content-length
64
x-amz-cf-id
RYgQJtGwywiPJAXewPwaTiOE5B2kp_oewVyRhINzPwIe-VoZ8vyDVQ==
dest5.html
kaspersky.demdex.net/ Frame 0817 		7 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://kaspersky.demdex.net/dest5.html?d_nsid=0
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.19.107.252 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-19-107-252.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/

Response headers

Accept-Ranges
bytes
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding
gzip
Content-Type
text/html;charset=UTF-8
date
Wed, 23 Mar 2022 08:53:11 GMT
DCS
dcs-prod-irl1-2-v030-0da722906.edge-irl1.demdex.com UNKNOWN
Expires
Thu, 01 Jan 1970 00:00:00 UTC
last-modified
Tue, 15 Mar 2022 12:36:14 GMT
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
vary
accept-encoding
X-TID
QlXNJUrMR18=
transfer-encoding
chunked
Connection
keep-alive
id
kaspersky.d3.sc.omtrdc.net/ 		2 B
316 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://kaspersky.d3.sc.omtrdc.net/id?d_visid_ver=4.4.0&d_fieldgroup=A&mcorgid=983502BE532960BE0A490D4C%40AdobeOrg&mid=43773785847027393794548580237456872318&ts=1648025591950
Requested by
Host: media.kaspersky.com
URL: https://media.kaspersky.com/tracking/omniture/s_code_single_suite.js?ver=5.9.2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
15.236.176.210 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-15-236-176-210.eu-west-3.compute.amazonaws.com
Software
jag /
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://threatpost.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

date
Wed, 23 Mar 2022 08:53:11 GMT
x-content-type-options
nosniff
server
jag
xserver
anedge-7f6b754cd4-jsk8q
vary
Origin
x-c
main-1629.I879dac.M0-556
p3p
CP="This is not a P3P policy"
access-control-allow-origin
https://threatpost.com
cache-control
no-cache, no-store, max-age=0, no-transform, private
access-control-allow-credentials
true
content-type
application/x-javascript;charset=utf-8
content-length
2
x-xss-protection
1; mode=block
ibs:dpid=411&dpuuid=Yjrf9wAAAGHUlwP7
dpm.demdex.net/
Redirect Chain
  • https://cm.everesttech.net/cm/dd?d_uuid=36674683789198166813550287922905169188
  • https://dpm.demdex.net/ibs:dpid=411&dpuuid=Yjrf9wAAAGHUlwP7
42 B
945 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dpm.demdex.net/ibs:dpid=411&dpuuid=Yjrf9wAAAGHUlwP7
Requested by
Host: threatpost.com
URL: https://threatpost.com/malware-hunter-crawls-internet-looking-for-rat-c2s/125360/
Protocol
HTTP/1.1
Server
54.154.124.119 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-154-124-119.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

DCS
dcs-prod-irl1-1-v030-0cacb0317.edge-irl1.demdex.com UNKNOWN
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
content-encoding
gzip
X-Content-Type-Options
nosniff
X-TID
LQkitroFQ20=
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection
keep-alive
Content-Type
image/gif
Content-Length
59
Expires
Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

Location
https://dpm.demdex.net/ibs:dpid=411&dpuuid=Yjrf9wAAAGHUlwP7
Date
Wed, 23 Mar 2022 08:53:11 GMT
Cache-Control
no-cache
Server
AMO-cookiemap/1.1
Connection
keep-alive
Content-Length
0
P3P
CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
flipboard.svg
assets.threatpost.com/wp-content/plugins/kaspersky-social-sharing/assets/img/ 		236 B
564 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.threatpost.com/wp-content/plugins/kaspersky-social-sharing/assets/img/flipboard.svg
Requested by
Host: assets.threatpost.com
URL: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=816b5101
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2315:1200:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
506d565f94cecbb486394c545a96e8459217f8d045496b511e8c815142abfc70

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=816b5101
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 23 Mar 2022 08:53:11 GMT
via
1.1 021d8c03b9a9a9281489f9b9055209cc.cloudfront.net (CloudFront)
last-modified
Fri, 18 Mar 2022 15:46:01 GMT
server
nginx
x-amz-cf-pop
DUS51-P2
etag
"6234a939-ec"
x-cache
Miss from cloudfront
content-type
image/svg+xml
access-control-allow-origin
*
accept-ranges
bytes
content-length
236
x-amz-cf-id
Ff9BVU3Undm5yHns7h4WOVmZDwkTNRshKkiHUOPZd6-cisizICP1zg==
fontawesome-webfont.woff2
assets.threatpost.com/wp-content/plugins/kaspersky-social-sharing/assets/fonts/ 		75 KB
76 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://assets.threatpost.com/wp-content/plugins/kaspersky-social-sharing/assets/fonts/fontawesome-webfont.woff2?v=4.7.0
Requested by
Host: assets.threatpost.com
URL: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=816b5101
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2315:1200:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe

Request headers

Referer
https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=816b5101
Origin
https://threatpost.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 23 Mar 2022 08:53:11 GMT
via
1.1 e4aaaf9d55a242f83ddc793442b0ebe2.cloudfront.net (CloudFront)
last-modified
Fri, 18 Mar 2022 15:46:01 GMT
server
nginx
x-amz-cf-pop
DUS51-P2
etag
"6234a939-12d68"
x-cache
Miss from cloudfront
content-type
font/woff2
access-control-allow-origin
*
accept-ranges
bytes
content-length
77160
x-amz-cf-id
iAn8N0MYcZIov1tyJv7lDXwtcPSUQXZo_zQ9Wcw52f09W17wJJ_hgw==
v1
geo.ipify.org/api/ 		376 B
585 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://geo.ipify.org/api/v1?apiKey=at_riPAQYz3EiQ6JhsH05bmtozma13RA
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/uspcmp.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
64.140.160.2 Ogden, United States, ASN18450 (WEBNX, US),
Reverse DNS
threatintelligenceplatform.com
Software
nginx /
Resource Hash
6c95865bdf42646146cd2475b0a8a4969d1588d6d95dd3ee39aeb824e36e2723
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date
Wed, 23 Mar 2022 08:53:12 GMT
Content-Encoding
gzip
Vary
Accept-Encoding
Server
nginx
X-Frame-Options
SAMEORIGIN
Content-Type
application/json
Access-Control-Allow-Origin
*
Cache-Control
no-cache, private
Transfer-Encoding
chunked
Connection
keep-alive
hls.5b3b785f487abbe00eee.js
cds.connatix.com/p/155403/ Frame 897B 		162 KB
47 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cds.connatix.com/p/155403/hls.5b3b785f487abbe00eee.js
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.130.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
e2c4332b6cd0fea250e89907921adaf7e597b52808cf19c995d6173ae0263f21

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 23 Mar 2022 08:53:11 GMT
content-encoding
br
last-modified
Tue, 22 Mar 2022 08:52:26 GMT
age
86174
etag
"182f65d040bfb9544bd8f71472475672"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
access-control-max-age
86400
cache-control
public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges
bytes
content-length
48258
fastlane.json
fastlane.rubiconproject.com/a/api/ 		615 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=19254&site_id=300372&zone_id=1509502&size_id=2&alt_size_ids=55%2C57&p_pos=atf&rp_schain=1.0,1!admetricspro.com,1005,1,,,&eid_id5-sync.com=0%5E1%5E&rf=https%3A%2F%2Fthreatpost.com%2Fmalware-hunter-crawls-internet-looking-for-rat-c2s%2F125360%2F&kw=Hacks%2CMalware%2CVulnerabilities%2CWebSecurity%2CMobileSecurity%2CPrivacy%2CDanielHatheway%2CGhostRAT%2CJohnMatherly%2Cmalware%2Cmalwarecrawler%2CMalwaredetection%2CMalwareHunter%2CRATs%2CRecordedFuture%2Cremoteaccesstrojans%2CShodan&tg_i.ref=https%3A%2F%2Fthreatpost.com%2Fmalware-hunter-crawls-internet-looking-for-rat-c2s%2F125360%2F&tg_i.page=https%3A%2F%2Fthreatpost.com%2Fmalware-hunter-crawls-internet-looking-for-rat-c2s%2F125360%2F&tg_i.domain=threatpost.com&tg_i.dfp_ad_unit_code=22404337467%2C21707124336%2Fthreatpost-970x250-ATF&tg_i.pbadslot=22404337467%2C21707124336%2Fthreatpost-970x250-ATF&tk_flint=pbjs_lite_v5.17.0&x_source.tid=674c15f6-1e64-48d9-88c3-a851e90fb534&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.5290207575576393
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
2602:803:c004:200::140 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.21.4 /
Resource Hash
c6b6f00ee05a1c3c9a6b36fc360ae5b28f0c2ae93742d04c570b2860b7dd37ab

Request headers

Referer
https://threatpost.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Wed, 23 Mar 2022 08:53:11 GMT
Server
nginx/1.21.4
Vary
Accept-Encoding
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin
https://threatpost.com
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json
Content-Length
615
Expires
Wed, 17 Sep 1975 21:32:10 GMT
fastlane.json
fastlane.rubiconproject.com/a/api/ 		613 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=19254&site_id=300372&zone_id=1509502&size_id=15&alt_size_ids=16&p_pos=atf&rp_schain=1.0,1!admetricspro.com,1005,1,,,&eid_id5-sync.com=0%5E1%5E&rf=https%3A%2F%2Fthreatpost.com%2Fmalware-hunter-crawls-internet-looking-for-rat-c2s%2F125360%2F&kw=Hacks%2CMalware%2CVulnerabilities%2CWebSecurity%2CMobileSecurity%2CPrivacy%2CDanielHatheway%2CGhostRAT%2CJohnMatherly%2Cmalware%2Cmalwarecrawler%2CMalwaredetection%2CMalwareHunter%2CRATs%2CRecordedFuture%2Cremoteaccesstrojans%2CShodan&tg_i.ref=https%3A%2F%2Fthreatpost.com%2Fmalware-hunter-crawls-internet-looking-for-rat-c2s%2F125360%2F&tg_i.page=https%3A%2F%2Fthreatpost.com%2Fmalware-hunter-crawls-internet-looking-for-rat-c2s%2F125360%2F&tg_i.domain=threatpost.com&tg_i.dfp_ad_unit_code=22404337467%2C21707124336%2Fthreatpost-300x250-ATF&tg_i.pbadslot=22404337467%2C21707124336%2Fthreatpost-300x250-ATF&tk_flint=pbjs_lite_v5.17.0&x_source.tid=d6943812-d0ce-48c0-9a0e-aed4a9161c22&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.6355428695272307
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
2602:803:c004:200::140 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.21.4 /
Resource Hash
6a59b3b2b9adb8fdab08c5a194bed57c4dedc9e9e5f3f886fba7eb63be329602

Request headers

Referer
https://threatpost.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Wed, 23 Mar 2022 08:53:11 GMT
Server
nginx/1.21.4
Vary
Accept-Encoding
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin
https://threatpost.com
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json
Content-Length
613
Expires
Wed, 17 Sep 1975 21:32:10 GMT
fastlane.json
fastlane.rubiconproject.com/a/api/ 		613 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=19254&site_id=300372&zone_id=1509506&size_id=15&alt_size_ids=10&p_pos=atf&rp_schain=1.0,1!admetricspro.com,1005,1,,,&eid_id5-sync.com=0%5E1%5E&rf=https%3A%2F%2Fthreatpost.com%2Fmalware-hunter-crawls-internet-looking-for-rat-c2s%2F125360%2F&kw=Hacks%2CMalware%2CVulnerabilities%2CWebSecurity%2CMobileSecurity%2CPrivacy%2CDanielHatheway%2CGhostRAT%2CJohnMatherly%2Cmalware%2Cmalwarecrawler%2CMalwaredetection%2CMalwareHunter%2CRATs%2CRecordedFuture%2Cremoteaccesstrojans%2CShodan&tg_i.ref=https%3A%2F%2Fthreatpost.com%2Fmalware-hunter-crawls-internet-looking-for-rat-c2s%2F125360%2F&tg_i.page=https%3A%2F%2Fthreatpost.com%2Fmalware-hunter-crawls-internet-looking-for-rat-c2s%2F125360%2F&tg_i.domain=threatpost.com&tg_i.dfp_ad_unit_code=22404337467%2C21707124336%2Fthreatpost-300x600-ATF&tg_i.pbadslot=22404337467%2C21707124336%2Fthreatpost-300x600-ATF&tk_flint=pbjs_lite_v5.17.0&x_source.tid=dbe2185b-fbf2-4596-98e5-f961826decbf&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.6877746087537102
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
2602:803:c004:200::140 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.21.4 /
Resource Hash
40e2c6351168bf86a17a2468c0482dd8602696e5fed9cbc4da4c58f19e67f6c4

Request headers

Referer
https://threatpost.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Wed, 23 Mar 2022 08:53:11 GMT
Server
nginx/1.21.4
Vary
Accept-Encoding
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin
https://threatpost.com
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json
Content-Length
613
Expires
Wed, 17 Sep 1975 21:32:10 GMT
fastlane.json
fastlane.rubiconproject.com/a/api/ 		613 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=19254&site_id=300372&zone_id=1509502&size_id=15&alt_size_ids=10&p_pos=atf&rp_schain=1.0,1!admetricspro.com,1005,1,,,&eid_id5-sync.com=0%5E1%5E&rf=https%3A%2F%2Fthreatpost.com%2Fmalware-hunter-crawls-internet-looking-for-rat-c2s%2F125360%2F&kw=Hacks%2CMalware%2CVulnerabilities%2CWebSecurity%2CMobileSecurity%2CPrivacy%2CDanielHatheway%2CGhostRAT%2CJohnMatherly%2Cmalware%2Cmalwarecrawler%2CMalwaredetection%2CMalwareHunter%2CRATs%2CRecordedFuture%2Cremoteaccesstrojans%2CShodan&tg_i.ref=https%3A%2F%2Fthreatpost.com%2Fmalware-hunter-crawls-internet-looking-for-rat-c2s%2F125360%2F&tg_i.page=https%3A%2F%2Fthreatpost.com%2Fmalware-hunter-crawls-internet-looking-for-rat-c2s%2F125360%2F&tg_i.domain=threatpost.com&tg_i.dfp_ad_unit_code=22404337467%2C21707124336%2Fthreatpost-300x600-ATF&tg_i.pbadslot=22404337467%2C21707124336%2Fthreatpost-300x600-ATF&tk_flint=pbjs_lite_v5.17.0&x_source.tid=dbe2185b-fbf2-4596-98e5-f961826decbf&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.9640122523607628
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
2602:803:c004:200::140 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.21.4 /
Resource Hash
2059117e54e3b32c07d7c90c99de9a29e903b81c85ec64d800af3652c4de42d4

Request headers

Referer
https://threatpost.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Wed, 23 Mar 2022 08:53:11 GMT
Server
nginx/1.21.4
Vary
Accept-Encoding
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin
https://threatpost.com
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json
Content-Length
613
Expires
Wed, 17 Sep 1975 21:32:10 GMT
prebid
mp.4dex.io/ 		99 B
544 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://mp.4dex.io/prebid
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:372 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c11ba090b410063c755ddd6a7023319e23ba732728f1b7467d5c2a9074b33103

Request headers

Referer
https://threatpost.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type
text/plain

Response headers

cf-ray
6f05ef6c5c4e021d-ZRH
pragma
no-cache
date
Wed, 23 Mar 2022 08:53:11 GMT
via
1.1 google
cf-cache-status
DYNAMIC
x-warn
Selecting bids. No selected bids
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin, Accept-Encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
https://threatpost.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
content-encoding
gzip
server
cloudflare
expires
0
c
prebid.a-mo.net/a/ 		0
347 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://prebid.a-mo.net/a/c
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
145.40.89.200 Ashburn, United States, ASN54825 (PACKET, US),
Reverse DNS
Software
envoy /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://threatpost.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://threatpost.com
date
Wed, 23 Mar 2022 08:53:11 GMT
cache-control
max-age=0, private, must-revalidate
access-control-allow-credentials
true
server
envoy
x-envoy-upstream-service-time
219
vary
origin, Accept-Encoding
cygnus
htlb.casalemedia.com/ 		1 KB
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://htlb.casalemedia.com/cygnus?s=438654&v=7.2&ac=j&sd=1&r=%7B%22id%22%3A%22145412a5b320f2f%22%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fthreatpost.com%2Fmalware-hunter-crawls-internet-looking-for-rat-c2s%2F125360%2F%22%2C%22ref%22%3A%22https%3A%2F%2Fthreatpost.com%2Fmalware-hunter-crawls-internet-looking-for-rat-c2s%2F125360%2F%22%2C%22domain%22%3A%22threatpost.com%22%2C%22publisher%22%3A%7B%22domain%22%3A%22threatpost.com%22%7D%2C%22keywords%22%3A%22Hacks%2CMalware%2CVulnerabilities%2CWebSecurity%2CMobileSecurity%2CPrivacy%2CDanielHatheway%2CGhostRAT%2CJohnMatherly%2Cmalware%2Cmalwarecrawler%2CMalwaredetection%2CMalwareHunter%2CRATs%2CRecordedFuture%2Cremoteaccesstrojans%2CShodan%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%2C%22ixdiag%22%3A%7B%22msd%22%3A4%2C%22msi%22%3A4%2C%22mfu%22%3A0%2C%22bu%22%3A3%2C%22iu%22%3A0%2C%22nu%22%3A0%2C%22ou%22%3A0%2C%22allu%22%3A3%2C%22ren%22%3Afalse%2C%22version%22%3A%225.17.0%22%2C%22userIds%22%3A%5B%22id5id%22%5D%2C%22fpd%22%3Atrue%7D%7D%2C%22imp%22%3A%5B%7B%22id%22%3A%2215647250e3b0739%22%2C%22banner%22%3A%7B%22topframe%22%3A1%2C%22format%22%3A%5B%7B%22w%22%3A728%2C%22h%22%3A90%2C%22ext%22%3A%7B%22siteID%22%3A%22438654%22%2C%22dfp_ad_unit_code%22%3A%22%2F22404337467%2C21707124336%2Fthreatpost-970x250-ATF%22%2C%22sid%22%3A%22728x90%22%7D%7D%2C%7B%22w%22%3A970%2C%22h%22%3A250%2C%22ext%22%3A%7B%22siteID%22%3A%22438654%22%2C%22dfp_ad_unit_code%22%3A%22%2F22404337467%2C21707124336%2Fthreatpost-970x250-ATF%22%2C%22sid%22%3A%22970x250%22%7D%7D%2C%7B%22w%22%3A970%2C%22h%22%3A90%2C%22ext%22%3A%7B%22siteID%22%3A%22438654%22%2C%22dfp_ad_unit_code%22%3A%22%2F22404337467%2C21707124336%2Fthreatpost-970x250-ATF%22%2C%22sid%22%3A%22970x90%22%7D%7D%5D%7D%7D%2C%7B%22id%22%3A%2216e7a039af81a9a%22%2C%22banner%22%3A%7B%22topframe%22%3A1%2C%22format%22%3A%5B%7B%22w%22%3A300%2C%22h%22%3A250%2C%22ext%22%3A%7B%22siteID%22%3A%22438649%22%2C%22dfp_ad_unit_code%22%3A%22%2F22404337467%2C21707124336%2Fthreatpost-300x250-ATF%22%2C%22sid%22%3A%22300x250%22%7D%7D%2C%7B%22w%22%3A336%2C%22h%22%3A280%2C%22ext%22%3A%7B%22siteID%22%3A%22438649%22%2C%22dfp_ad_unit_code%22%3A%22%2F22404337467%2C21707124336%2Fthreatpost-300x250-ATF%22%2C%22sid%22%3A%22336x280%22%7D%7D%5D%7D%7D%2C%7B%22id%22%3A%22174048a587351a3%22%2C%22banner%22%3A%7B%22topframe%22%3A1%2C%22format%22%3A%5B%7B%22w%22%3A300%2C%22h%22%3A250%2C%22ext%22%3A%7B%22siteID%22%3A%22438650%22%2C%22dfp_ad_unit_code%22%3A%22%2F22404337467%2C21707124336%2Fthreatpost-300x600-ATF%22%2C%22sid%22%3A%22300x250%22%7D%7D%2C%7B%22w%22%3A300%2C%22h%22%3A600%2C%22ext%22%3A%7B%22siteID%22%3A%22438650%22%2C%22dfp_ad_unit_code%22%3A%22%2F22404337467%2C21707124336%2Fthreatpost-300x600-ATF%22%2C%22sid%22%3A%22300x600%22%7D%7D%5D%7D%7D%5D%2C%22source%22%3A%7B%22ext%22%3A%7B%22schain%22%3A%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22admetricspro.com%22%2C%22sid%22%3A%221005%22%2C%22hp%22%3A1%7D%5D%7D%7D%7D%2C%22user%22%3A%7B%7D%7D
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.37.38.181 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-37-38-181.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
d56518b04c5ed836ec77b2ab5cd502b4b53f341072449ec065a80dc3d8b3ee0f

Request headers

Referer
https://threatpost.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Wed, 23 Mar 2022 08:53:11 GMT
content-encoding
gzip
x-ak-initial-geo
CC:[DE], RC:[HE], CN:[EU], CIP:[217.64.151.30], XFF:[]
server
Apache
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
https://threatpost.com
x-cs-client-geo
12
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
true
content-length
808
x-ak-client-geo
12
expires
Wed, 23 Mar 2022 08:53:11 GMT
v1
btlr.sharethrough.com/universal/ 		0
112 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.196.121.26 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-196-121-26.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://threatpost.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://threatpost.com
date
Wed, 23 Mar 2022 08:53:11 GMT
access-control-allow-credentials
true
vary
Origin
v1
btlr.sharethrough.com/universal/ 		0
113 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.196.121.26 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-196-121-26.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://threatpost.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://threatpost.com
date
Wed, 23 Mar 2022 08:53:11 GMT
access-control-allow-credentials
true
vary
Origin
v1
btlr.sharethrough.com/universal/ 		0
112 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.196.121.26 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-196-121-26.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://threatpost.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://threatpost.com
date
Wed, 23 Mar 2022 08:53:11 GMT
access-control-allow-credentials
true
vary
Origin
translator
hbopenbid.pubmatic.com/ 		0
59 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://threatpost.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://threatpost.com
date
Wed, 23 Mar 2022 08:53:10 GMT
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
adreq
ads.servenobid.com/ 		680 B
609 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ads.servenobid.com/adreq?cb=1494
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
63.32.154.251 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-63-32-154-251.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
0aacd34f6a182c0b56a19a6aa9c1b751446377d88fc631ae282361fbd9da3814

Request headers

Referer
https://threatpost.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type
text/plain

Response headers

date
Wed, 23 Mar 2022 08:53:12 GMT
content-encoding
gzip
amp-access-control-allow-source-origin
*
vary
accept-encoding
content-type
application/json
access-control-allow-origin
https://threatpost.com
access-control-expose-headers
AMP-Access-Control-Allow-Source-Origin
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials
true
auction
tlx.3lift.com/header/ 		2 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://tlx.3lift.com/header/auction?lib=prebid&v=5.17.0&referrer=https%3A%2F%2Fthreatpost.com%2Fmalware-hunter-crawls-internet-looking-for-rat-c2s%2F125360%2F&tmax=1200
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.193.246.175 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-193-246-175.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
04359b624601ed5a59756d9b88168fe743d7720a2d446b20e0168e126b2f6680
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://threatpost.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Wed, 23 Mar 2022 08:53:11 GMT
content-encoding
gzip
accept-ch
sec-ch-device-memory,sec-ch-dpr,sec-ch-prefers-color-scheme,sec-ch-ua-bitness,sec-ch-ect,sec-ch-downlink,sec-ch-rtt,sec-ch-ua-arch,sec-ch-viewport-width,sec-ch-ua-platform-version,sec-ch-ua-full-version,sec-ch-ua-model,sec-ch-viewport-height,sec-ch-width,sec-ch-save-data
content-type
application/json; charset=utf-8
access-control-allow-origin
https://threatpost.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
content-length
1289
x-xss-protection
0
expires
Thu, 15 Oct 1992 20:10:00 GMT
arj
teachingaids-d.openx.net/w/1.0/ 		73 B
377 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://teachingaids-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fthreatpost.com%2Fmalware-hunter-crawls-internet-looking-for-rat-c2s%2F125360%2F&ch=UTF-8&res=1600x1200x24&ifr=false&tz=0&tws=1600x1200&be=1&bc=hb_pb_3.0.3&dddid=674c15f6-1e64-48d9-88c3-a851e90fb534%2C674c15f6-1e64-48d9-88c3-a851e90fb534%2Cd6943812-d0ce-48c0-9a0e-aed4a9161c22%2Cdbe2185b-fbf2-4596-98e5-f961826decbf%2Cdbe2185b-fbf2-4596-98e5-f961826decbf&nocache=1648025592123&id5id=0&pubcid=348ecf1e-fab5-4ba3-8309-9114aca09b75&schain=1.0%2C1!admetricspro.com%2C1005%2C1%2C%2C%2C&aus=728x90%2C970x250%2C970x90%7C728x90%2C970x250%2C970x90%7C300x250%2C336x280%7C300x250%2C300x600%7C300x250%2C300x600&divids=div-gpt-ad-6794670-2%2Cdiv-gpt-ad-6794670-2%2Cdiv-gpt-ad-6794670-3%2Cdiv-gpt-ad-6794670-5%2Cdiv-gpt-ad-6794670-5&aucs=%252F22404337467%252C21707124336%252Fthreatpost-970x250-ATF%2C%252F22404337467%252C21707124336%252Fthreatpost-970x250-ATF%2C%252F22404337467%252C21707124336%252Fthreatpost-300x250-ATF%2C%252F22404337467%252C21707124336%252Fthreatpost-300x600-ATF%2C%252F22404337467%252C21707124336%252Fthreatpost-300x600-ATF&auid=540932704%2C540932709%2C540932713%2C540932715%2C540932720
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/17.2.1 /
Resource Hash
d74b681a36d8b36349fe6792610e52898762d4ef25e9bebef8346c27a5394f88

Request headers

Referer
https://threatpost.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Wed, 23 Mar 2022 08:53:11 GMT
content-encoding
gzip
server
OXGW/17.2.1
vary
Accept, Accept-Encoding
p3p
CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin
https://threatpost.com
cache-control
private, max-age=0, no-cache
access-control-allow-credentials
true
content-type
application/json
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
78
via
1.1 google
expires
Mon, 26 Jul 1997 05:00:00 GMT
bidRequest
c2shb.ssp.yahoo.com/ 		62 B
291 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a9695ad017373d9b19cda6b03bc00b5&pos=threatpost.com_desktop_728x90-atf&cmd=bid&eidid5-sync.com=0&secure=1
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
18.156.195.47 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-156-195-47.eu-central-1.compute.amazonaws.com
Software
ATS/9.1.0.33 /
Resource Hash
cf3e0af34996fa015664fc06f5ace11387f23230f049d7262fb6b44ed00790e7

Request headers

Referer
https://threatpost.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type
text/plain

Response headers

date
Wed, 23 Mar 2022 08:53:11 GMT
server
ATS/9.1.0.33
age
0
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods
POST,GET,HEAD,OPTIONS
content-type
application/json;charset=utf-8
access-control-allow-origin
https://threatpost.com
access-control-allow-credentials
true
content-length
62
bidRequest
c2shb.ssp.yahoo.com/ 		62 B
92 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a9695ad017373d9b19cda6b03bc00b5&pos=threatpost.com_desktop_300x250-atf&cmd=bid&eidid5-sync.com=0&secure=1
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
18.156.195.47 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-156-195-47.eu-central-1.compute.amazonaws.com
Software
ATS/9.1.0.33 /
Resource Hash
0671231fad499da37af091deceac9702ba44cca916f1627b542811ed43c497be

Request headers

Referer
https://threatpost.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type
text/plain

Response headers

date
Wed, 23 Mar 2022 08:53:11 GMT
server
ATS/9.1.0.33
age
0
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods
POST,GET,HEAD,OPTIONS
content-type
application/json;charset=utf-8
access-control-allow-origin
https://threatpost.com
access-control-allow-credentials
true
content-length
62
bidRequest
c2shb.ssp.yahoo.com/ 		62 B
92 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a9695ad017373d9b19cda6b03bc00b5&pos=threatpost.com_desktop_300x600-atf&cmd=bid&eidid5-sync.com=0&secure=1
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
18.156.195.47 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-156-195-47.eu-central-1.compute.amazonaws.com
Software
ATS/9.1.0.33 /
Resource Hash
3fb80de836c28d0fa5a7ff018dc5f6280b6212df5817001900251f1cbfa0d113

Request headers

Referer
https://threatpost.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type
text/plain

Response headers

date
Wed, 23 Mar 2022 08:53:11 GMT
server
ATS/9.1.0.33
age
0
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods
POST,GET,HEAD,OPTIONS
content-type
application/json;charset=utf-8
access-control-allow-origin
https://threatpost.com
access-control-allow-credentials
true
content-length
62
v2
e.serverbid.com/api/ 		711 B
984 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://e.serverbid.com/api/v2
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
134.209.129.254 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
/
Resource Hash
f4b064d961dd5c30917481f9cf22f400d352737e7dac10d70e574877eef1e8ea

Request headers

Referer
https://threatpost.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://threatpost.com
date
Wed, 23 Mar 2022 08:53:11 GMT
access-control-allow-credentials
true
content-length
711
vary
Origin
content-type
application/json
bid
ap.lijit.com/rtb/ 		94 B
744 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ap.lijit.com/rtb/bid?src=prebid_prebid_5.17.0
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
72.251.249.9 Amsterdam, Netherlands, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software
/
Resource Hash
df55b357ed0056f2363a6bb015036e7251bd01c320f8f544c8edae00a1467cd8

Request headers

Referer
https://threatpost.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type
text/plain

Response headers

Date
Wed, 23 Mar 2022 08:53:11 GMT
Content-Encoding
gzip
Vary
Accept-Encoding, User-Agent
Access-Control-Allow-Methods
GET, POST, DELETE, PUT
Content-Type
application/json
Access-Control-Allow-Origin
https://threatpost.com
Access-Control-Allow-Credentials
true
X-Sovrn-Pod
ad_ap3ams1
Access-Control-Allow-Headers
X-Requested-With, Content-Type
Content-Length
98
prebid
ib.adnxs.com/ut/v3/ 		46 KB
15 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.221.52 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
725.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
99fa487ff6a7f0b6d82e03ad41034c7ba1cb6c24a0f7d07c18976662d1a416d0
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://threatpost.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type
text/plain

Response headers

Date
Wed, 23 Mar 2022 08:53:11 GMT
Content-Encoding
gzip
Transfer-Encoding
chunked
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection
keep-alive
X-Proxy-Origin
217.64.151.30; 217.64.151.30; 725.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
X-XSS-Protection
0
Pragma
no-cache
AN-X-Request-Uuid
49fe3d93-554a-439b-b1d4-a5d269728c82
Server
nginx/1.21.3
Vary
Accept-Encoding
Content-Type
application/json; charset=utf-8
Access-Control-Allow-Origin
https://threatpost.com
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Expires
Sat, 15 Nov 2008 16:00:00 GMT
mvo
tag.1rx.io/rmp/216477/0/ 		0
170 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://tag.1rx.io/rmp/216477/0/mvo?z=1r&hbv=5.17,2.1
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
213.19.147.42 , United Kingdom, ASN3356 (LEVEL3, US),
Reverse DNS
Software
Tengine /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://threatpost.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://threatpost.com
pragma
no-cache
date
Wed, 23 Mar 2022 08:53:11 GMT
cache-control
private, max-age=0, no-cache, no-store
access-control-allow-credentials
true
server
Tengine
724.json
id5-sync.com/g/v2/ 		213 B
532 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://id5-sync.com/g/v2/724.json
Requested by
Host: cdn.id5-sync.com
URL: https://cdn.id5-sync.com/api/1.0/id5-api.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.36.109.183 , France, ASN16276 (OVH, FR),
Reverse DNS
p08.id5-sync.com
Software
/
Resource Hash
904dea2fcdbd8ecb335da751b9526073a48c967188262cf98d3729317567366d
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Referer
https://threatpost.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type
text/plain

Response headers

Access-Control-Allow-Origin
https://threatpost.com
Date
Wed, 23 Mar 2022 08:53:11 GMT
Access-Control-Allow-Credentials
true
Vary
Origin
Transfer-Encoding
chunked
Strict-Transport-Security
max-age=63072000; includeSubDomains; preload
Content-Type
application/json;charset=UTF-8
rules-p-_7kVx0t9Jqj90.js
rules.quantcount.com/ 		2 B
354 B 		Script
General
Check archive.org
Download Go to
Full URL
https://rules.quantcount.com/rules-p-_7kVx0t9Jqj90.js
Requested by
Host: secure.quantserve.com
URL: https://secure.quantserve.com/quant.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2315:c000:6:44e3:f8c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 23 Mar 2022 08:13:29 GMT
via
1.1 c9ca35e5541827c5873bfdb59f015b20.cloudfront.net (CloudFront)
server
AmazonS3
age
2382
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=3600
cross-origin-resource-policy
cross-origin
x-cache
Hit from cloudfront
x-amz-cf-pop
DUS51-P2
content-length
2
x-amz-cf-id
7C7jvzONLYp-CL-m19Lzobuc5gbSA51lxcPy9VDlINRaJsH-U-Xm6w==
collect
www.google-analytics.com/j/ 		2 B
22 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j96&aip=1&a=88985980&t=pageview&_s=1&dl=https%3A%2F%2Fthreatpost.com%2Fmalware-hunter-crawls-internet-looking-for-rat-c2s%2F125360%2F&ul=en-us&de=UTF-8&dt=Malware%20Hunter%20Crawls%20Internet%20Looking%20for%20RAT%20C2s%20%7C%20Threatpost&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEABAAAAAC~&jid=1409895446&gjid=1569945625&cid=1699936158.1648025592&tid=UA-35676203-21&_gid=1581084601.1648025592&_r=1&gtm=2wg3e0PM29HLF&z=9100350
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://threatpost.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Wed, 23 Mar 2022 08:53:11 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://threatpost.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/ 		35 B
55 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google-analytics.com/collect?v=1&_v=j96&aip=1&a=88985980&t=event&ni=0&_s=1&dl=https%3A%2F%2Fthreatpost.com%2Fmalware-hunter-crawls-internet-looking-for-rat-c2s%2F125360%2F&ul=en-us&de=UTF-8&dt=Malware%20Hunter%20Crawls%20Internet%20Looking%20for%20RAT%20C2s%20%7C%20Threatpost&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=VISIBILITY&ea=elementVisibility%20%2F%20%5BHeader%5D%20%2F%20Social%20Networks%20View&_u=YEDAAEABAAAAAC~&jid=&gjid=&cid=1699936158.1648025592&tid=UA-35676203-21&_gid=1581084601.1648025592&gtm=2wg3e0PM29HLF&z=1544887877
Requested by
Host: threatpost.com
URL: https://threatpost.com/malware-hunter-crawls-internet-looking-for-rat-c2s/125360/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 23 Mar 2022 00:22:43 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
30628
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT
bridge3.506.0_en.html
imasdk.googleapis.com/js/core/ Frame 0405 		591 KB
192 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://imasdk.googleapis.com/js/core/bridge3.506.0_en.html
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
974feb3b255709419aa9d75228aee116a3a57e4fec91ee42cdceea855b198530
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
cross-origin-resource-policy
cross-origin
cross-origin-opener-policy
same-origin; report-to="ads-doubleclick-instream-static"
report-to
{"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-length
196692
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
date
Fri, 18 Mar 2022 20:25:13 GMT
expires
Sat, 18 Mar 2023 20:25:13 GMT
cache-control
public, max-age=31536000
last-modified
Fri, 18 Mar 2022 20:22:23 GMT
content-type
text/html
age
390478
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
client.js
s0.2mdn.net/instream/video/ Frame 897B 		44 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/instream/video/client.js
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
d0bffc7261df1454c5e05475cda7d9e6647318dc6c3936767e1252bfe8849c54
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 23 Mar 2022 08:53:11 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
16746
x-xss-protection
0
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Wed, 23 Mar 2022 08:53:11 GMT
bridge3.506.0_en.html
imasdk.googleapis.com/js/core/ Frame CD8F 		591 KB
192 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://imasdk.googleapis.com/js/core/bridge3.506.0_en.html
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
974feb3b255709419aa9d75228aee116a3a57e4fec91ee42cdceea855b198530
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
cross-origin-resource-policy
cross-origin
cross-origin-opener-policy
same-origin; report-to="ads-doubleclick-instream-static"
report-to
{"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-length
196692
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
date
Fri, 18 Mar 2022 20:25:13 GMT
expires
Sat, 18 Mar 2023 20:25:13 GMT
cache-control
public, max-age=31536000
last-modified
Fri, 18 Mar 2022 20:22:23 GMT
content-type
text/html
age
390478
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
bridge3.506.0_en.html
imasdk.googleapis.com/js/core/ Frame 74F4 		591 KB
192 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://imasdk.googleapis.com/js/core/bridge3.506.0_en.html
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
974feb3b255709419aa9d75228aee116a3a57e4fec91ee42cdceea855b198530
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
cross-origin-resource-policy
cross-origin
cross-origin-opener-policy
same-origin; report-to="ads-doubleclick-instream-static"
report-to
{"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-length
196692
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
date
Fri, 18 Mar 2022 20:25:13 GMT
expires
Sat, 18 Mar 2023 20:25:13 GMT
cache-control
public, max-age=31536000
last-modified
Fri, 18 Mar 2022 20:22:23 GMT
content-type
text/html
age
390478
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
adagio.js
script.4dex.io/ 		72 KB
23 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://script.4dex.io/adagio.js
Requested by
Host: script.4dex.io
URL: https://script.4dex.io/localstore.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::ac43:4bf1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3373dca69883fd4d5298c955d822359a23e9c3658b63e06b483e251c10024f21

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 23 Mar 2022 08:53:11 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
84643
access-control-max-age
3000
access-control-allow-methods
GET
x-amz-request-id
tx6f2ea791109f4903a1561-0062399424
x-amz-id-2
tx6f2ea791109f4903a1561-0062399424
last-modified
Tue, 22 Mar 2022 09:15:19 GMT
server
cloudflare
etag
W/"f6062b9ed3c12dab430d5d33afafadb4"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ePpY9DS9g1RVZTnxr6YTPL06QUx8aQeBU6483Fgyu1JYI%2FplIfIBfWY650R5d1HuCSAT%2BHtC9FMRUaT6pJH5MLXHBvIqvDXFrAAkdybYwBNph9PMmFazhcmEivHWta8uMwVsPOeu%2F5BqfoXK"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=1800
access-control-allow-credentials
true
x-amz-version-id
1647940519211847
cf-ray
6f05ef6ddea43743-MXP
access-control-allow-headers
Authorization
adsct
analytics.twitter.com/i/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://analytics.twitter.com/i/adsct?type=javascript&version=2.0.10&p_id=Twitter&p_user_id=0&txn_id=ntt0j&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&event_id=ae05c718-9ea8-4072-af9d-e21c127fbad0&tw_document_href=https%3A%2F%2Fthreatpost.com%2Fmalware-hunter-crawls-internet-looking-for-rat-c2s%2F125360%2F&tpx_cb=twttr.conversion.loadPixels
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.244.42.195 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_o /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=631138519

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-response-time
102
date
Wed, 23 Mar 2022 08:53:12 UTC
cache-control
no-cache, no-store, max-age=0
server
tsa_o
x-connection-hash
dfbde6a2c52657b99fd2d92151e3a79429960594ea48d7cbe1960961354073ea
content-length
0
strict-transport-security
max-age=631138519
adsct
t.co/i/ 		43 B
338 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://t.co/i/adsct?type=javascript&version=2.0.10&p_id=Twitter&p_user_id=0&txn_id=ntt0j&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&event_id=ae05c718-9ea8-4072-af9d-e21c127fbad0&tw_document_href=https%3A%2F%2Fthreatpost.com%2Fmalware-hunter-crawls-internet-looking-for-rat-c2s%2F125360%2F
Requested by
Host: threatpost.com
URL: https://threatpost.com/malware-hunter-crawls-internet-looking-for-rat-c2s/125360/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.244.42.69 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_o /
Resource Hash
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-response-time
106
date
Wed, 23 Mar 2022 08:53:11 GMT
server
tsa_o
strict-transport-security
max-age=0
content-type
image/gif;charset=utf-8
cache-control
no-cache, no-store, max-age=0
x-connection-hash
8fa8702fa6d695865c2fc358a5313624ee6c99542154373b9faed8cacdfb71af
content-length
43
omweb-v1.js
pagead2.googlesyndication.com/omsdk/releases/live/ Frame 0B05 		37 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Requested by
Host: srcdoc
URL: about:srcdoc
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e2511b147f3cf95f742758d3e2062eac98f5265a859dc07959eb8a32f0a2f528
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 23 Mar 2022 08:11:08 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
2524
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
12861
x-xss-protection
0
last-modified
Tue, 26 Oct 2021 20:08:54 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="omsdk-team-release-policy"
vary
Accept-Encoding
report-to
{"group":"omsdk-team-release-policy","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/omsdk-team-release-policy"}]}
content-type
text/javascript
cache-control
public, max-age=3600
accept-ranges
bytes
expires
Wed, 23 Mar 2022 09:11:08 GMT
omweb-v1.js
pagead2.googlesyndication.com/omsdk/releases/live/ Frame 44B9 		37 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Requested by
Host: srcdoc
URL: about:srcdoc
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e2511b147f3cf95f742758d3e2062eac98f5265a859dc07959eb8a32f0a2f528
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 23 Mar 2022 08:11:08 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
2524
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
12861
x-xss-protection
0
last-modified
Tue, 26 Oct 2021 20:08:54 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="omsdk-team-release-policy"
vary
Accept-Encoding
report-to
{"group":"omsdk-team-release-policy","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/omsdk-team-release-policy"}]}
content-type
text/javascript
cache-control
public, max-age=3600
accept-ranges
bytes
expires
Wed, 23 Mar 2022 09:11:08 GMT
omweb-v1.js
pagead2.googlesyndication.com/omsdk/releases/live/ Frame 9895 		37 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Requested by
Host: srcdoc
URL: about:srcdoc
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e2511b147f3cf95f742758d3e2062eac98f5265a859dc07959eb8a32f0a2f528
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 23 Mar 2022 08:11:08 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
2524
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
12861
x-xss-protection
0
last-modified
Tue, 26 Oct 2021 20:08:54 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="omsdk-team-release-policy"
vary
Accept-Encoding
report-to
{"group":"omsdk-team-release-policy","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/omsdk-team-release-policy"}]}
content-type
text/javascript
cache-control
public, max-age=3600
accept-ranges
bytes
expires
Wed, 23 Mar 2022 09:11:08 GMT
ao
capi-tier-1-us-east-2.connatix.com/tr/ Frame 897B 		0
315 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://capi-tier-1-us-east-2.connatix.com/tr/ao?v=155403
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.223.60.0 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-223-60-0.us-east-2.compute.amazonaws.com
Software
Kestrel /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type
multipart/form-data

Response headers

date
Wed, 23 Mar 2022 08:53:12 GMT
content-encoding
gzip
server
Kestrel
vary
Accept-Encoding
content-type
application/x-protobuf
access-control-allow-origin
https://threatpost.com
access-control-allow-credentials
true
Connection
keep-alive
Content-Length
20
g
capi-tier-1-us-east-2.connatix.com/rtb/ Frame 897B 		1 KB
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://capi-tier-1-us-east-2.connatix.com/rtb/g?v=155403
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.223.60.0 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-223-60-0.us-east-2.compute.amazonaws.com
Software
Kestrel /
Resource Hash
be89dc987b295bbe3aa422b18e9a5a7b5071743e80d64a0f803aeb94c2f1b364

Request headers

Referer
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type
multipart/form-data

Response headers

date
Wed, 23 Mar 2022 08:53:11 GMT
content-encoding
gzip
server
Kestrel
vary
Accept-Encoding
content-type
application/x-protobuf
access-control-allow-origin
https://threatpost.com
access-control-allow-credentials
true
Connection
keep-alive
Content-Length
837
bid
c.amazon-adsystem.com/e/dtb/ 		23 B
490 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fthreatpost.com%2Fmalware-hunter-crawls-internet-looking-for-rat-c2s%2F125360%2F&pid=jyAw8Q1sEUy5w&cb=1&ws=1600x1200&v=7.74.0&t=2000&slots=%5B%7B%22id%22%3A%22Amazon_400x225%22%2C%22mt%22%3A%22v%22%7D%5D&cfgv=1&pubid=cb8cfc89-e83e-44aa-a3a2-ff78eda781ef&gdpre=0&gdprl=%7B%22status%22%3A%22tcfv2-success%22%7D
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.71.173 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-65-9-71-173.fra56.r.cloudfront.net
Software
Server /
Resource Hash
89b4aa9e9bf8516c2ab7b5134f65d47b02071637259a14c9f60dccc207e05ce4
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 23 Mar 2022 08:53:12 GMT
via
1.1 673c96d1f19de21216629aa48d90ac92.cloudfront.net (CloudFront)
server
Server
x-amz-cf-pop
FRA56-C1
x-amz-rid
T5DS183QR5M3P8X4S66W
vary
Accept-Encoding,User-Agent
x-cache
Miss from cloudfront
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
https://threatpost.com
access-control-allow-credentials
true
permissions-policy
interest-cohort=()
strict-transport-security
max-age=47474747; includeSubDomains; preload
timing-allow-origin
*
content-length
23
x-amz-cf-id
90GtBYPwYR6ru1bNwo_7DqNQEdOmlXjBXWotGc6S9OSKtmly_Mnw1Q==
ps
capi-tier-1-us-east-2.connatix.com/tr/ Frame 897B 		0
315 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://capi-tier-1-us-east-2.connatix.com/tr/ps?v=155403
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.223.60.0 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-223-60-0.us-east-2.compute.amazonaws.com
Software
Kestrel /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type
multipart/form-data

Response headers

date
Wed, 23 Mar 2022 08:53:12 GMT
content-encoding
gzip
server
Kestrel
vary
Accept-Encoding
content-type
application/x-protobuf
access-control-allow-origin
https://threatpost.com
access-control-allow-credentials
true
Connection
keep-alive
Content-Length
20
1_th.jpg
img.connatix.com/pid-c2ecd04f-0dca-4ffa-8761-d93b34717380/60764267-557e-410f-85cb-f102d92ee134/ec81e931-eac8-4b1a-b28c-19f27db7b253/ 		8 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://img.connatix.com/pid-c2ecd04f-0dca-4ffa-8761-d93b34717380/60764267-557e-410f-85cb-f102d92ee134/ec81e931-eac8-4b1a-b28c-19f27db7b253/1_th.jpg?crop=400:225,smart&width=400&height=225&format=jpeg&quality=60&fit=crop
Requested by
Host: threatpost.com
URL: https://threatpost.com/malware-hunter-crawls-internet-looking-for-rat-c2s/125360/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.130.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
fb0dcdaaeb7111c27b3087fa2317998bd05ea0c4bc1d169add4dcbe8bba4f48b

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 23 Mar 2022 08:53:12 GMT
content-encoding
br
age
75126
etag
"fcY2kU87VUnJVmokYr9+CVfAAdtvW7Hli8s/enmAjrA"
access-control-max-age
86400
fastly-io-info
ifsz=87337 idim=2560x1440 ifmt=jpeg ofsz=8320 odim=400x225 ofmt=jpeg
access-control-allow-origin
*
cache-control
max-age=2592000, public
fastly-stats
io=1
accept-ranges
bytes
content-type
image/jpeg
content-length
7911
prebid6.7.0-1.js
cds.connatix.com/p/plugins/ Frame C654 		456 KB
119 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cds.connatix.com/p/plugins/prebid6.7.0-1.js
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.130.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
084885652dacd1b70a7979e7631caa6fe5985a5c1b872c28dd890d9ea39cec3d

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 23 Mar 2022 08:53:12 GMT
content-encoding
br
last-modified
Wed, 09 Feb 2022 14:06:45 GMT
age
1892530
etag
"c647c6ead685f3c1b8ba4c8a5de1eb5a"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
access-control-max-age
86400
cache-control
public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges
bytes
content-length
121193
collect
stats.g.doubleclick.net/j/ 		4 B
441 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-35676203-21&cid=1699936158.1648025592&jid=1409895446&gjid=1569945625&_gid=1581084601.1648025592&_u=YEBAAEAAAAAAAC~&z=1191542941
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c03::9d Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://threatpost.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
date
Wed, 23 Mar 2022 08:53:12 GMT
content-type
text/plain
access-control-allow-origin
https://threatpost.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.com/ads/ 		42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-35676203-21&cid=1699936158.1648025592&jid=1409895446&_u=YEBAAEAAAAAAAC~&z=2131873738
Requested by
Host: threatpost.com
URL: https://threatpost.com/malware-hunter-crawls-internet-looking-for-rat-c2s/125360/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 23 Mar 2022 08:53:12 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.de/ads/ 		42 B
501 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-35676203-21&cid=1699936158.1648025592&jid=1409895446&_u=YEBAAEAAAAAAAC~&z=2131873738
Requested by
Host: threatpost.com
URL: https://threatpost.com/malware-hunter-crawls-internet-looking-for-rat-c2s/125360/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 23 Mar 2022 08:53:12 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
playlist.m3u8
vid.connatix.com/pid-c2ecd04f-0dca-4ffa-8761-d93b34717380/60764267-557e-410f-85cb-f102d92ee134/ec81e931-eac8-4b1a-b28c-19f27db7b253/413f1877-f5e7-43ec-9be1-f42536ca8431_/ Frame 897B 		309 B
271 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://vid.connatix.com/pid-c2ecd04f-0dca-4ffa-8761-d93b34717380/60764267-557e-410f-85cb-f102d92ee134/ec81e931-eac8-4b1a-b28c-19f27db7b253/413f1877-f5e7-43ec-9be1-f42536ca8431_/playlist.m3u8
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/155403/hls.5b3b785f487abbe00eee.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.66.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
05a58707d25ec9885faf81f026410f37d3757c0689d56b7ec1fc8b2f9cffb9d1

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 23 Mar 2022 08:53:12 GMT
content-encoding
gzip
last-modified
Thu, 25 Feb 2021 19:24:19 GMT
age
75079
etag
"8a966507b13615ecdc1330a4bc9dcfe1"
vary
Accept-Encoding
content-type
application/x-mpegURL
access-control-allow-origin
*
access-control-max-age
86400
cache-control
public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges
bytes
content-length
164
pixel;r=551258774;source=gtm;rf=0;a=p-_7kVx0t9Jqj90;url=https%3A%2F%2Fthreatpost.com%2Fmalware-hunter-crawls-internet-looking-for-rat-c2s%2F125360%2F;uht=2;fpan=1;fpa=P0-686673234-1648025592820;pbc...
pixel.quantserve.com/ 		35 B
372 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.quantserve.com/pixel;r=551258774;source=gtm;rf=0;a=p-_7kVx0t9Jqj90;url=https%3A%2F%2Fthreatpost.com%2Fmalware-hunter-crawls-internet-looking-for-rat-c2s%2F125360%2F;uht=2;fpan=1;fpa=P0-686673234-1648025592820;pbc=;ns=0;ce=1;qjs=1;qv=a98acd33-20220316110313;cm=;gdpr=0;us_privacy=1---;ref=;d=threatpost.com;je=0;sr=1600x1200x24;dst=0;et=1648025592820;tzo=0;ogl=image.https%3A%2F%2Fmedia%252Ethreatpost%252Ecom%2Fwp-content%2Fuploads%2Fsites%2F103%2F2017%2F05%2F06225023%2Fmalwa%2Ctype.article%2Ctitle.Malware%20Hunter%20Crawls%20Internet%20Looking%20for%20RAT%20C2s%2Cdescription.A%20new%20crawler%20from%20Shodan%20and%20Recorded%20Future%20called%20Malware%20Hunter%20seeks%20out%20co%2Curl.https%3A%2F%2Fthreatpost%252Ecom%2Fmalware-hunter-crawls-internet-looking-for-rat-c2s%2F125360
Requested by
Host: threatpost.com
URL: https://threatpost.com/malware-hunter-crawls-internet-looking-for-rat-c2s/125360/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:116:800d:21:8c6e:cf2c:8d6:9fb5 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
Security Headers
Name Value
Strict-Transport-Security max-age=86400

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 23 Mar 2022 08:53:12 GMT
strict-transport-security
max-age=86400
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
cache-control
private, no-cache, no-store, proxy-revalidate
content-type
image/gif
content-length
35
expires
Fri, 04 Aug 1978 12:00:00 GMT
0.m3u8
vid.connatix.com/pid-c2ecd04f-0dca-4ffa-8761-d93b34717380/60764267-557e-410f-85cb-f102d92ee134/ec81e931-eac8-4b1a-b28c-19f27db7b253/413f1877-f5e7-43ec-9be1-f42536ca8431_/ Frame 897B 		608 B
339 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://vid.connatix.com/pid-c2ecd04f-0dca-4ffa-8761-d93b34717380/60764267-557e-410f-85cb-f102d92ee134/ec81e931-eac8-4b1a-b28c-19f27db7b253/413f1877-f5e7-43ec-9be1-f42536ca8431_/0.m3u8
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/155403/hls.5b3b785f487abbe00eee.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.66.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
58e2951cc7b1da5d75691227b26936001c5854209d2592d151803bfe03592cdf

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 23 Mar 2022 08:53:12 GMT
content-encoding
gzip
last-modified
Thu, 25 Feb 2021 19:24:18 GMT
age
75077
etag
"b99ee3d98f3e3b40e123cbdf8af0f2d3"
vary
Accept-Encoding
content-type
application/x-mpegURL
access-control-allow-origin
*
access-control-max-age
86400
cache-control
public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges
bytes
content-length
248
c
prebid.a-mo.net/a/ Frame C654 		0
229 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://prebid.a-mo.net/a/c
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.7.0-1.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
145.40.89.200 Ashburn, United States, ASN54825 (PACKET, US),
Reverse DNS
Software
envoy /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://threatpost.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://threatpost.com
date
Wed, 23 Mar 2022 08:53:12 GMT
cache-control
max-age=0, private, must-revalidate
access-control-allow-credentials
true
server
envoy
x-envoy-upstream-service-time
215
vary
origin, Accept-Encoding
mvo
tag.1rx.io/rmp/216476/0/ Frame C654 		0
170 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://tag.1rx.io/rmp/216476/0/mvo?z=1r&hbv=6.7,2.1
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.7.0-1.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
213.19.147.42 , United Kingdom, ASN3356 (LEVEL3, US),
Reverse DNS
Software
Tengine /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://threatpost.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://threatpost.com
pragma
no-cache
date
Wed, 23 Mar 2022 08:53:12 GMT
cache-control
private, max-age=0, no-cache, no-store
access-control-allow-credentials
true
server
Tengine
mvo
tag.1rx.io/rmp/216475/0/ Frame C654 		0
170 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://tag.1rx.io/rmp/216475/0/mvo?z=1r&hbv=6.7,2.1
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.7.0-1.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
213.19.147.42 , United Kingdom, ASN3356 (LEVEL3, US),
Reverse DNS
Software
Tengine /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://threatpost.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://threatpost.com
pragma
no-cache
date
Wed, 23 Mar 2022 08:53:12 GMT
cache-control
private, max-age=0, no-cache, no-store
access-control-allow-credentials
true
server
Tengine
mvo
tag.1rx.io/rmp/233098/0/ Frame C654 		0
170 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://tag.1rx.io/rmp/233098/0/mvo?z=1r&hbv=6.7,2.1
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.7.0-1.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
213.19.147.42 , United Kingdom, ASN3356 (LEVEL3, US),
Reverse DNS
Software
Tengine /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://threatpost.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://threatpost.com
pragma
no-cache
date
Wed, 23 Mar 2022 08:53:12 GMT
cache-control
private, max-age=0, no-cache, no-store
access-control-allow-credentials
true
server
Tengine
openrtb
ads.adaptv.advertising.com/rtb/ Frame C654 		0
215 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ads.adaptv.advertising.com/rtb/openrtb?ext_id=TeachingAidsLLC
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.7.0-1.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.194.97.167 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-194-97-167.eu-central-1.compute.amazonaws.com
Software
adaptv/1.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://threatpost.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://threatpost.com
access-control-allow-credentials
true
server
adaptv/1.0
Connection
keep-alive
content-length
0
content-type
application/json
translator
hbopenbid.pubmatic.com/ Frame C654 		0
115 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.7.0-1.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://threatpost.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://threatpost.com
date
Wed, 23 Mar 2022 08:53:12 GMT
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cygnus
htlb.casalemedia.com/ Frame C654 		37 B
330 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://htlb.casalemedia.com/cygnus?s=435871&v=8.1&ac=j&sd=1&nf=1&t=900&r=%7B%22id%22%3A%2213d89a11fe7422e%22%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fthreatpost.com%2Fmalware-hunter-crawls-internet-looking-for-rat-c2s%2F125360%2F%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%2C%22ixdiag%22%3A%7B%22msd%22%3A0%2C%22msi%22%3A0%2C%22mfu%22%3A0%2C%22bu%22%3A0%2C%22iu%22%3A1%2C%22nu%22%3A0%2C%22ou%22%3A0%2C%22allu%22%3A1%2C%22ren%22%3Afalse%2C%22version%22%3A%226.7.0%22%2C%22userIds%22%3A%5B%22pubcid%22%5D%2C%22dms%22%3Atrue%7D%7D%2C%22imp%22%3A%5B%7B%22id%22%3A%2214fa992d5ffd261%22%2C%22ext%22%3A%7B%22siteID%22%3A%22435871%22%2C%22sid%22%3A%22400x225%22%2C%22fl%22%3A%22x%22%7D%2C%22video%22%3A%7B%22mimes%22%3A%5B%22video%2Fmp4%22%2C%22video%2Fwebm%22%2C%22application%2Fjavascript%22%2C%22video%2Fogg%22%2C%22video%2Fmpeg%22%5D%2C%22minduration%22%3A0%2C%22maxduration%22%3A180%2C%22protocols%22%3A%5B1%2C2%2C3%2C4%2C5%2C6%2C7%2C8%5D%2C%22playerSize%22%3A%5B%5B400%2C225%5D%5D%2C%22linearity%22%3A1%2C%22api%22%3A%5B1%2C2%5D%2C%22skip%22%3A1%2C%22skipmin%22%3A31%2C%22skipafter%22%3A5%2C%22placement%22%3A1%2C%22w%22%3A400%2C%22h%22%3A225%7D%2C%22bidfloor%22%3A0.25%2C%22bidfloorcur%22%3A%22USD%22%7D%5D%2C%22at%22%3A1%2C%22source%22%3A%7B%22ext%22%3A%7B%22schain%22%3A%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22admetricspro.com%22%2C%22hp%22%3A1%2C%22sid%22%3A%221005%22%2C%22rid%22%3A%22fb88db07-fdcd-4cc2-806c-98a745f60a83%22%7D%5D%7D%7D%7D%2C%22user%22%3A%7B%22eids%22%3A%5B%7B%22source%22%3A%22pubcid.org%22%2C%22uids%22%3A%5B%7B%22id%22%3A%220799785b-0b09-4bd7-9e0c-f6b0b6a89584%22%7D%5D%7D%5D%2C%22ext%22%3A%7B%22consent%22%3A%22%22%7D%7D%2C%22regs%22%3A%7B%22ext%22%3A%7B%22gdpr%22%3A0%7D%7D%7D
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.7.0-1.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.37.38.181 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-37-38-181.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
f4af4128fc5aab9d5276da9d30a452f5a7ddca4e8230babdca0cd2abe0e3b416

Request headers

Referer
https://threatpost.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Wed, 23 Mar 2022 08:53:12 GMT
x-ak-initial-geo
CC:[DE], RC:[HE], CN:[EU], CIP:[217.64.151.30], XFF:[]
server
Apache
content-type
application/json
access-control-allow-origin
https://threatpost.com
x-cs-client-geo
12
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
true
content-length
37
x-ak-client-geo
12
expires
Wed, 23 Mar 2022 08:53:12 GMT
avjp
teachingaids-d.openx.net/v/1.0/ Frame C654 		106 B
127 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://teachingaids-d.openx.net/v/1.0/avjp?ju=https%3A%2F%2Fthreatpost.com%2Fmalware-hunter-crawls-internet-looking-for-rat-c2s%2F125360%2F&ch=UTF-8&res=1600x1200x24&ifr=true&tz=0&tws=1600x1200&be=1&bc=hb_pb_3.0.3&dddid=ec829e15-d3d1-4792-97bc-4616c9a7d709&nocache=1648025592920&gdpr=0&pubcid=0799785b-0b09-4bd7-9e0c-f6b0b6a89584&schain=1.0%2C1!admetricspro.com%2C1005%2C1%2Cfb88db07-fdcd-4cc2-806c-98a745f60a83%2C%2C&openrtb=%7B%22imp%22%3A%5B%7B%22video%22%3A%7B%22w%22%3A400%2C%22h%22%3A225%2C%22skippable%22%3Atrue%2C%22mimes%22%3A%5B%22video%2Fmp4%22%2C%22video%2Fwebm%22%2C%22application%2Fjavascript%22%2C%22video%2Fogg%22%2C%22video%2Fmpeg%22%5D%2C%22protocols%22%3A%5B5%2C2%2C3%2C6%5D%2C%22linearity%22%3A1%2C%22api%22%3A%5B1%2C2%5D%2C%22maxduration%22%3A180%7D%7D%5D%7D&auid=540882779&vwd=400&vht=225&aumfs=250
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.7.0-1.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/17.2.1 /
Resource Hash
730fa1f3e8b3c4a223c4e69f4a27e690a4552f96ab97dba05b943dff44967658

Request headers

Referer
https://threatpost.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Wed, 23 Mar 2022 08:53:12 GMT
via
1.1 google
server
OXGW/17.2.1
p3p
CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin
https://threatpost.com
cache-control
private, max-age=0, no-cache
access-control-allow-credentials
true
content-type
application/json
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
106
expires
Mon, 26 Jul 1997 05:00:00 GMT
prebid
ib.adnxs.com/ut/v3/ Frame C654 		139 B
984 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.7.0-1.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.221.52 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
725.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
5c3afbf6dab5fbbeb2e281b49511fb98b6b6768745af2a5f29dae6465971396e
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://threatpost.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Wed, 23 Mar 2022 08:53:12 GMT
X-Proxy-Origin
217.64.151.30; 217.64.151.30; 725.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid
03c671c6-da49-4110-930a-e8ddc1177ff1
Server
nginx/1.21.3
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
https://threatpost.com
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json; charset=utf-8
Content-Length
139
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
prebid
ib.adnxs.com/ut/v3/ Frame C654 		139 B
984 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.7.0-1.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.221.52 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
725.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
29901ae7864cb7a6e4cfa5389d060445b2eafd37dd5a72ee31be4718c7b207d1
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://threatpost.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Wed, 23 Mar 2022 08:53:12 GMT
X-Proxy-Origin
217.64.151.30; 217.64.151.30; 725.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid
301a11d0-057f-4eee-994e-35d6a1f91088
Server
nginx/1.21.3
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
https://threatpost.com
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json; charset=utf-8
Content-Length
139
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
translator
hbopenbid.pubmatic.com/ Frame C654 		0
59 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.7.0-1.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://threatpost.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://threatpost.com
date
Wed, 23 Mar 2022 08:53:11 GMT
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
mvo
tag.1rx.io/rmp/233148/0/ Frame C654 		0
170 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://tag.1rx.io/rmp/233148/0/mvo?z=1r&hbv=6.7,2.1
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.7.0-1.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
213.19.147.42 , United Kingdom, ASN3356 (LEVEL3, US),
Reverse DNS
Software
Tengine /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://threatpost.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://threatpost.com
pragma
no-cache
date
Wed, 23 Mar 2022 08:53:12 GMT
cache-control
private, max-age=0, no-cache, no-store
access-control-allow-credentials
true
server
Tengine
avjp
teachingaids-d.openx.net/v/1.0/ Frame C654 		106 B
127 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://teachingaids-d.openx.net/v/1.0/avjp?ju=https%3A%2F%2Fthreatpost.com%2Fmalware-hunter-crawls-internet-looking-for-rat-c2s%2F125360%2F&ch=UTF-8&res=1600x1200x24&ifr=true&tz=0&tws=1600x1200&be=1&bc=hb_pb_3.0.3&dddid=9d40eec1-60b2-4d06-9a95-4d288a19b921&nocache=1648025592935&gdpr=0&pubcid=0799785b-0b09-4bd7-9e0c-f6b0b6a89584&schain=1.0%2C1!admetricspro.com%2C1005%2C1%2Cfb88db07-fdcd-4cc2-806c-98a745f60a83%2C%2C&openrtb=%7B%22imp%22%3A%5B%7B%22video%22%3A%7B%22w%22%3A400%2C%22h%22%3A225%2C%22skippable%22%3Atrue%2C%22mimes%22%3A%5B%22video%2Fmp4%22%2C%22video%2Fwebm%22%2C%22application%2Fjavascript%22%2C%22video%2Fogg%22%2C%22video%2Fmpeg%22%5D%2C%22protocols%22%3A%5B5%2C2%2C3%2C6%5D%2C%22linearity%22%3A1%2C%22api%22%3A%5B1%2C2%5D%2C%22maxduration%22%3A180%7D%7D%5D%7D&auid=540882778&vwd=400&vht=225&aumfs=250
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.7.0-1.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/17.2.1 /
Resource Hash
730fa1f3e8b3c4a223c4e69f4a27e690a4552f96ab97dba05b943dff44967658

Request headers

Referer
https://threatpost.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Wed, 23 Mar 2022 08:53:12 GMT
via
1.1 google
server
OXGW/17.2.1
p3p
CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin
https://threatpost.com
cache-control
private, max-age=0, no-cache
access-control-allow-credentials
true
content-type
application/json
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
106
expires
Mon, 26 Jul 1997 05:00:00 GMT
cygnus
htlb.casalemedia.com/ Frame C654 		37 B
330 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://htlb.casalemedia.com/cygnus?s=435870&v=8.1&ac=j&sd=1&nf=1&t=900&r=%7B%22id%22%3A%222709df1f06f1622%22%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fthreatpost.com%2Fmalware-hunter-crawls-internet-looking-for-rat-c2s%2F125360%2F%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%2C%22ixdiag%22%3A%7B%22msd%22%3A0%2C%22msi%22%3A0%2C%22mfu%22%3A0%2C%22bu%22%3A0%2C%22iu%22%3A1%2C%22nu%22%3A0%2C%22ou%22%3A0%2C%22allu%22%3A1%2C%22ren%22%3Afalse%2C%22version%22%3A%226.7.0%22%2C%22userIds%22%3A%5B%22pubcid%22%5D%2C%22dms%22%3Atrue%7D%7D%2C%22imp%22%3A%5B%7B%22id%22%3A%2228ea184dc2073b7%22%2C%22ext%22%3A%7B%22siteID%22%3A%22435870%22%2C%22sid%22%3A%22400x225%22%2C%22fl%22%3A%22x%22%7D%2C%22video%22%3A%7B%22mimes%22%3A%5B%22video%2Fmp4%22%2C%22video%2Fwebm%22%2C%22application%2Fjavascript%22%2C%22video%2Fogg%22%2C%22video%2Fmpeg%22%5D%2C%22minduration%22%3A0%2C%22maxduration%22%3A180%2C%22protocols%22%3A%5B1%2C2%2C3%2C4%2C5%2C6%2C7%2C8%5D%2C%22playerSize%22%3A%5B%5B400%2C225%5D%5D%2C%22linearity%22%3A1%2C%22api%22%3A%5B1%2C2%5D%2C%22skip%22%3A1%2C%22skipmin%22%3A31%2C%22skipafter%22%3A5%2C%22placement%22%3A1%2C%22w%22%3A400%2C%22h%22%3A225%7D%2C%22bidfloor%22%3A0.25%2C%22bidfloorcur%22%3A%22USD%22%7D%5D%2C%22at%22%3A1%2C%22source%22%3A%7B%22ext%22%3A%7B%22schain%22%3A%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22admetricspro.com%22%2C%22hp%22%3A1%2C%22sid%22%3A%221005%22%2C%22rid%22%3A%22fb88db07-fdcd-4cc2-806c-98a745f60a83%22%7D%5D%7D%7D%7D%2C%22user%22%3A%7B%22eids%22%3A%5B%7B%22source%22%3A%22pubcid.org%22%2C%22uids%22%3A%5B%7B%22id%22%3A%220799785b-0b09-4bd7-9e0c-f6b0b6a89584%22%7D%5D%7D%5D%2C%22ext%22%3A%7B%22consent%22%3A%22%22%7D%7D%2C%22regs%22%3A%7B%22ext%22%3A%7B%22gdpr%22%3A0%7D%7D%7D
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.7.0-1.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.37.38.181 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-37-38-181.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
095f52671e363414bb1d9038d5be6b484e53d5b7bc968d6d3a6d01d8d606b6ca

Request headers

Referer
https://threatpost.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Wed, 23 Mar 2022 08:53:12 GMT
x-ak-initial-geo
CC:[DE], RC:[HE], CN:[EU], CIP:[217.64.151.30], XFF:[]
server
Apache
content-type
application/json
access-control-allow-origin
https://threatpost.com
x-cs-client-geo
12
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
true
content-length
37
x-ak-client-geo
12
expires
Wed, 23 Mar 2022 08:53:12 GMT
0.mp4
vid.connatix.com/pid-c2ecd04f-0dca-4ffa-8761-d93b34717380/60764267-557e-410f-85cb-f102d92ee134/ec81e931-eac8-4b1a-b28c-19f27db7b253/413f1877-f5e7-43ec-9be1-f42536ca8431_/ Frame 897B 		1 KB
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://vid.connatix.com/pid-c2ecd04f-0dca-4ffa-8761-d93b34717380/60764267-557e-410f-85cb-f102d92ee134/ec81e931-eac8-4b1a-b28c-19f27db7b253/413f1877-f5e7-43ec-9be1-f42536ca8431_/0.mp4
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/155403/hls.5b3b785f487abbe00eee.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.66.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
446960d738c0cbc761a215d48853920b79bfd23568fd20ec0e06495b54dd01d6

Request headers

Referer
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Range
bytes=0-1361

Response headers

date
Wed, 23 Mar 2022 08:53:12 GMT
last-modified
Thu, 25 Feb 2021 19:24:18 GMT
age
74969
etag
"f62421b665fa4bcb590a8744b82bf19b"
access-control-max-age
86400
content-type
video/mp4
Content-Range
bytes 0-1361/5239582
cache-control
public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges
bytes
access-control-allow-origin
*
Content-Length
1362
0.mp4
vid.connatix.com/pid-c2ecd04f-0dca-4ffa-8761-d93b34717380/60764267-557e-410f-85cb-f102d92ee134/ec81e931-eac8-4b1a-b28c-19f27db7b253/413f1877-f5e7-43ec-9be1-f42536ca8431_/ Frame 897B 		669 KB
669 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://vid.connatix.com/pid-c2ecd04f-0dca-4ffa-8761-d93b34717380/60764267-557e-410f-85cb-f102d92ee134/ec81e931-eac8-4b1a-b28c-19f27db7b253/413f1877-f5e7-43ec-9be1-f42536ca8431_/0.mp4
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/155403/hls.5b3b785f487abbe00eee.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.66.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
b77a28e8a0577938555b03d80158bdfdb945154afde9e0b460752f5f7db74c35

Request headers

Referer
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Range
bytes=1362-686151

Response headers

date
Wed, 23 Mar 2022 08:53:12 GMT
last-modified
Thu, 25 Feb 2021 19:24:18 GMT
age
74969
etag
"f62421b665fa4bcb590a8744b82bf19b"
access-control-max-age
86400
content-type
video/mp4
Content-Range
bytes 1362-686151/5239582
cache-control
public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges
bytes
access-control-allow-origin
*
Content-Length
684790
collect
www.google-analytics.com/j/ 		2 B
22 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j96&a=88985980&t=pageview&_s=1&dl=https%3A%2F%2Fthreatpost.com%2Fmalware-hunter-crawls-internet-looking-for-rat-c2s%2F125360%2F&dp=%2Fmalware-hunter-crawls-internet-looking-for-rat-c2s%2F125360%2F&ul=en-us&de=UTF-8&dt=Malware%20Hunter%20Crawls%20Internet%20Looking%20for%20RAT%20C2s%20%7C%20Threatpost&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aEDAAEABAAAAAC~&jid=875250025&gjid=444575245&cid=1699936158.1648025592&uid=43773785847027393794548580237456872318&tid=UA-63997723-2&_gid=1581084601.1648025592&_r=1&gtm=2wg3e0WZ7LJ3&cd14=no_locale&cd15=43773785847027393794548580237456872318&cd53=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F99.0.4844.51%20Safari%2F537.36&cd16=1699936158.1648025592&z=370228189
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://threatpost.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Wed, 23 Mar 2022 08:53:12 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://threatpost.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2
expires
Fri, 01 Jan 1990 00:00:00 GMT
analytics.js
www.google-analytics.com/ 		49 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WZ7LJ3
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 02 Nov 2021 17:39:06 GMT
server
Golfe2
age
4702
date
Wed, 23 Mar 2022 07:34:50 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
20006
expires
Wed, 23 Mar 2022 09:34:50 GMT
insight.min.js
snap.licdn.com/li.lms-analytics/ 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-T45JW6B&l=dataLayer
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00::210:ba08 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
5d5cf5a4a5b7c02915bc261dca0c755d29beda0c0c3a005c78c1682c9934bb3c

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date
Wed, 23 Mar 2022 08:53:12 GMT
Content-Encoding
gzip
Last-Modified
Fri, 18 Mar 2022 23:45:34 GMT
X-CDN
AKAM
Vary
Accept-Encoding
Content-Type
application/x-javascript;charset=utf-8
Cache-Control
max-age=19031
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
3104
js
www.googletagmanager.com/gtag/ 		90 KB
36 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=DC-9582686
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-T45JW6B&l=dataLayer
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
0b2215661876465567473cdfc2ad534891b6ce782284c645b983a07986b75581
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 23 Mar 2022 08:53:12 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
36808
x-xss-protection
0
last-modified
Wed, 23 Mar 2022 06:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Wed, 23 Mar 2022 08:53:12 GMT
collect
stats.g.doubleclick.net/j/ 		4 B
25 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-63997723-2&cid=1699936158.1648025592&jid=875250025&uid=43773785847027393794548580237456872318&gjid=444575245&_gid=1581084601.1648025592&_u=aEDAAEABAAAAAC~&z=1339765442
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:400c:c03::9d Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://threatpost.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
date
Wed, 23 Mar 2022 08:53:12 GMT
content-type
text/plain
access-control-allow-origin
https://threatpost.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
integrator.js
adservice.google.de/adsid/ 		107 B
792 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.de/adsid/integrator.js?domain=threatpost.com
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin
*
date
Wed, 23 Mar 2022 08:53:12 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ 		107 B
549 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=threatpost.com
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin
*
date
Wed, 23 Mar 2022 08:53:12 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
ads
securepubads.g.doubleclick.net/gampad/ 		209 KB
60 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3673923865843917&correlator=3425074335060062&eid=31065486%2C31065007%2C31063247&output=ldjh&gdfp_req=1&vrg=2022031601&ptt=17&impl=fifs&gdpr=0&us_privacy=1---&tfua=0&tfcd=0&iu_parts=22404337467%3A21707124336%2Cthreatpost-970x250-ATF%2Cthreatpost-300x250-ATF%2Cthreatpost-300x600-ATF%2Cthreatpost-2x2-Skin%2Cthreatpost-AdX-Interstitial&enc_prev_ius=%2F0%2F1%2C%2F0%2F2%2C%2F0%2F3%2C%2F0%2F4%2C%2F0%2F5&prev_iu_szs=728x90%7C970x250%7C970x90%2C300x250%7C336x280%2C300x250%7C300x600%2C2x2%2C1x1&ifi=1&adks=4166723991%2C1414505084%2C1356251026%2C3771495681%2C2643643476&sfv=1-0-38&ecs=20220323&ists=1&fas=0%2C0%2C0%2C0%2C8&fsapi=false&prev_scp=amznbid%3D2%26amznp%3D2%26hb_adid_triplelift%3D6543fc701a14e43%26hb_bidder_triplelift%3Dtriplelift%26hb_adid_appnexus%3D66e685cfd6cb095%26hb_bidder_appnexus%3Dappnexus%26dyn_bids%3D0.02%26hb_adid%3D6543fc701a14e43%26hb_bidder%3Dtriplelift%7Camznbid%3D2%26amznp%3D2%26hb_adid_appnexus%3D67959eb061ceba5%26hb_bidder_appnexus%3Dappnexus%26dyn_bids%3D0.01%26hb_adid%3D67959eb061ceba5%26hb_bidder%3Dappnexus%7Camznbid%3D2%26amznp%3D2%26hb_adid_appnexus%3D68425b4e628010f%26hb_bidder_appnexus%3Dappnexus%26hb_adid_ix%3D644e1c3d857f4eb%26hb_bidder_ix%3Dix%26dyn_bids%3D0.02%26hb_adid%3D68425b4e628010f%26hb_bidder%3Dappnexus%7Camznbid%3D2%26amznp%3D2%7C&eri=1&cust_params=urlhost%3Dhttps%253A%252F%252Fthreatpost.com%252F%26urlpath%3D%252Fmalware-hunter-crawls-internet-looking-for-rat-c2s%252F125360%252F%26urlquery%3Dgoogfc%26contentid%3D125360%26category%3Dmalware-2%26contenttags%3Ddaniel-hatheway%252Cghostrat%252Cjohn-matherly%252Cmalware%252Cmalware-crawler%252Cmalware-detection%252Cmalware-hunter%252Crats%252Crecorded-future%252Cremote-access-trojans%252Cshodan&sc=1&cookie_enabled=1&abxe=1&dt=1648025593068&lmt=1648025593&dlt=1648025589924&idt=1979&biw=1600&bih=1200&adxs=436%2C1082%2C1082%2C0%2C-9&adys=8%2C166%2C1187%2C8%2C-9&oid=2&ucis=1%7C2%7C3%7C4%7C5&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&url=https%3A%2F%2Fthreatpost.com%2Fmalware-hunter-crawls-internet-looking-for-rat-c2s%2F125360%2F&frm=20&vis=1&scr_x=0&scr_y=0&psz=728x0%7C300x0%7C300x0%7C1600x0%7C0x-1&msz=728x0%7C300x0%7C300x0%7C1600x0%7C0x-1&fws=0%2C0%2C0%2C0%2C2&ohw=0%2C0%2C0%2C0%2C0&ga_vid=1699936158.1648025592&ga_sid=1648025593&ga_hid=88985980&ga_fc=true&btvi=0%7C0%7C0%7C0%7C-1&nvt=1
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022031601.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
216.58.201.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
prg03s01-in-f66.1e100.net
Software
cafe /
Resource Hash
c366739857e0e96300b414d273c43e63595c5c1a655452348ff9b6079480893d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 23 Mar 2022 08:53:13 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
61013
x-xss-protection
0
google-lineitem-id
-1,-1,-1,-2,-1
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
-1,-1,-1,-2,-1
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://threatpost.com
access-control-expose-headers
x-google-amp-ad-validated-version
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
sodar
pagead2.googlesyndication.com/getconfig/ 		14 KB
10 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022031601&st=env
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022031601.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
06de0169b6efd73f4d3d807fbd3deadd9cd4ae75b8f8e83852d7b1b420c20eef
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin
*
date
Wed, 23 Mar 2022 08:53:12 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
10542
x-xss-protection
0
container.html
1105ae95aa1529a70b513af5de3aa4db.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 0814 		6 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://1105ae95aa1529a70b513af5de3aa4db.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022031601.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
cross-origin-resource-policy
cross-origin
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin
*
content-length
3108
date
Wed, 23 Mar 2022 08:53:12 GMT
expires
Thu, 23 Mar 2023 08:53:12 GMT
cache-control
public, immutable, max-age=31536000
last-modified
Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
pubads_impl_page_level_ads_2022031601.js
securepubads.g.doubleclick.net/gpt/ 		35 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gpt/pubads_impl_page_level_ads_2022031601.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022031601.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
216.58.201.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
prg03s01-in-f66.1e100.net
Software
sffe /
Resource Hash
36d48b0e122a1698e9501ed19b684dbc79d0e754d3ce390183d9f21433fb82eb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Thu, 17 Mar 2022 05:44:50 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
529702
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13275
x-xss-protection
0
last-modified
Wed, 16 Mar 2022 08:34:12 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type
text/javascript
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
expires
Fri, 17 Mar 2023 05:44:50 GMT
g
capi-tier-1-us-east-2.connatix.com/rtb/ Frame 897B 		0
315 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://capi-tier-1-us-east-2.connatix.com/rtb/g?v=155403
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.223.60.0 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-223-60-0.us-east-2.compute.amazonaws.com
Software
Kestrel /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type
multipart/form-data

Response headers

date
Wed, 23 Mar 2022 08:53:12 GMT
content-encoding
gzip
server
Kestrel
vary
Accept-Encoding
content-type
application/x-protobuf
access-control-allow-origin
https://threatpost.com
access-control-allow-credentials
true
Connection
keep-alive
Content-Length
20
ga-audiences
www.google.com/ads/ 		42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-63997723-2&cid=1699936158.1648025592&jid=875250025&_u=aEDAAEABAAAAAC~&z=1718998887
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 23 Mar 2022 08:53:12 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.de/ads/ 		42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-63997723-2&cid=1699936158.1648025592&jid=875250025&_u=aEDAAEABAAAAAC~&z=1718998887
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:801::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 23 Mar 2022 08:53:12 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
sodar2.js
tpc.googlesyndication.com/sodar/ 		17 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 23 Mar 2022 08:53:12 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6386
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
etag
"1637097310169751"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Wed, 23 Mar 2022 08:53:12 GMT
collect
px4.ads.linkedin.com/
Redirect Chain
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=39138&time=1648025593144&url=https%3A%2F%2Fthreatpost.com%2Fmalware-hunter-crawls-internet-looking-for-rat-c2s%2F125360%2F
  • https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D39138%26time%3D1648025593144%26url%3Dhttps%253A%252F%252Fthreatpost.com%252Fmalwa...
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=39138&time=1648025593144&url=https%3A%2F%2Fthreatpost.com%2Fmalware-hunter-crawls-internet-looking-for-rat-c2s%2F125360%2F&liSync=true
  • https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=39138&time=1648025593144&url=https%3A%2F%2Fthreatpost.com%2Fmalware-hunter-crawls-internet-looking-for-rat-c2s%2F125360%2F&liSync=true&e_ipv6=AQL...
0
266 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=39138&time=1648025593144&url=https%3A%2F%2Fthreatpost.com%2Fmalware-hunter-crawls-internet-looking-for-rat-c2s%2F125360%2F&liSync=true&e_ipv6=AQLZljUj00Q-MQAAAX-1-uVHhbixLwVYACL1pYvNt2o0ddxIZHbTf0AbNLOaYUZI0WM0boX3V7rKLRdkyB__5mcRZhuX
Protocol
H2
Server
13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 23 Mar 2022 08:53:12 GMT
x-li-pop
afd-prod-lva1-x
x-msedge-ref
Ref A: 67E5C543BE744666BD907D63F42C65CC Ref B: FRAEDGE0807 Ref C: 2022-03-23T08:53:13Z
linkedin-action
1
x-cache
CONFIG_NOCACHE
content-type
application/javascript
x-li-proto
http/2
content-length
0
x-li-uuid
AAXa3twYGQxp6SAAubFS5w==
x-li-fabric
prod-lva1

Redirect headers

date
Wed, 23 Mar 2022 08:53:12 GMT
x-li-pop
afd-prod-lva1-x
x-msedge-ref
Ref A: A1C57A63140140C7A521761414BB61B5 Ref B: VIEEDGE3308 Ref C: 2022-03-23T08:53:13Z
linkedin-action
1
x-cache
CONFIG_NOCACHE
x-li-fabric
prod-lva1
location
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=39138&time=1648025593144&url=https%3A%2F%2Fthreatpost.com%2Fmalware-hunter-crawls-internet-looking-for-rat-c2s%2F125360%2F&liSync=true&e_ipv6=AQLZljUj00Q-MQAAAX-1-uVHhbixLwVYACL1pYvNt2o0ddxIZHbTf0AbNLOaYUZI0WM0boX3V7rKLRdkyB__5mcRZhuX
x-li-proto
http/2
content-length
0
x-li-uuid
AAXa3twPRALvZvJDteD5fw==
js
www.googletagmanager.com/gtag/ 		171 KB
63 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-YP1JLG57CH&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=DC-9582686
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
3df6841ce94cb68930c33babed8cffa02381f76ad02624ca61f0cd00ec52a81e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 23 Mar 2022 08:53:12 GMT
content-encoding
br
server
Google Tag Manager
access-control-allow-headers
Cache-Control
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; includeSubDomains
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
64528
x-xss-protection
0
expires
Wed, 23 Mar 2022 08:53:12 GMT
0.mp4
vid.connatix.com/pid-c2ecd04f-0dca-4ffa-8761-d93b34717380/60764267-557e-410f-85cb-f102d92ee134/ec81e931-eac8-4b1a-b28c-19f27db7b253/413f1877-f5e7-43ec-9be1-f42536ca8431_/ Frame 897B 		614 KB
614 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://vid.connatix.com/pid-c2ecd04f-0dca-4ffa-8761-d93b34717380/60764267-557e-410f-85cb-f102d92ee134/ec81e931-eac8-4b1a-b28c-19f27db7b253/413f1877-f5e7-43ec-9be1-f42536ca8431_/0.mp4
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/155403/hls.5b3b785f487abbe00eee.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.66.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
6500d7a0dc9943c702e2cd2f97cf3e07117407fad545bc7a7e2b97088d4f8692

Request headers

Referer
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Range
bytes=686152-1314701

Response headers

date
Wed, 23 Mar 2022 08:53:12 GMT
last-modified
Thu, 25 Feb 2021 19:24:18 GMT
age
74970
etag
"f62421b665fa4bcb590a8744b82bf19b"
access-control-max-age
86400
content-type
video/mp4
Content-Range
bytes 686152-1314701/5239582
cache-control
public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges
bytes
access-control-allow-origin
*
Content-Length
628550
runner.html
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 2B13 		13 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
cross-origin-resource-policy
cross-origin
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length
5046
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
date
Wed, 23 Mar 2022 08:39:59 GMT
expires
Thu, 23 Mar 2023 08:39:59 GMT
cache-control
public, max-age=31536000
last-modified
Mon, 21 Jun 2021 20:47:05 GMT
content-type
text/html
age
793
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
aframe
www.google.com/recaptcha/api2/ Frame 36EB 		783 B
532 B 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/aframe
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
c61539bd8825c858c738117d09f38aabcb3d229f55d6c2f0d9590f5147a30b5e
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-sIYsdpHadqbB9mus//UvHA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/

Response headers

cross-origin-resource-policy
cross-origin
cross-origin-embedder-policy
require-corp
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires
Wed, 23 Mar 2022 08:53:12 GMT
date
Wed, 23 Mar 2022 08:53:12 GMT
cache-control
private, max-age=300
content-type
text/html; charset=utf-8
content-security-policy
script-src 'report-sample' 'nonce-sIYsdpHadqbB9mus//UvHA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding
gzip
x-content-type-options
nosniff
x-xss-protection
1; mode=block
content-length
510
server
GSE
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
activityi;dc_pre=CKr8seDt2_YCFUSwUQoddgEPEQ;src=9582686;type=globalc;cat=globa0;ord=6281985282534;gtm=2od3e0;auiddc=1351215056.1648025593;u1=B2C;u2=no_locale;u4=threatpost.com;u5=%2Fmalware-hunter-...
9582686.fls.doubleclick.net/ Frame 8D39
Redirect Chain
  • https://9582686.fls.doubleclick.net/activityi;src=9582686;type=globalc;cat=globa0;ord=6281985282534;gtm=2od3e0;auiddc=1351215056.1648025593;u1=B2C;u2=no_locale;u4=threatpost.com;u5=%2Fmalware-hunte...
  • https://9582686.fls.doubleclick.net/activityi;dc_pre=CKr8seDt2_YCFUSwUQoddgEPEQ;src=9582686;type=globalc;cat=globa0;ord=6281985282534;gtm=2od3e0;auiddc=1351215056.1648025593;u1=B2C;u2=no_locale;u4=...
780 B
532 B 		Document
General
Check archive.org
Download Go to
Full URL
https://9582686.fls.doubleclick.net/activityi;dc_pre=CKr8seDt2_YCFUSwUQoddgEPEQ;src=9582686;type=globalc;cat=globa0;ord=6281985282534;gtm=2od3e0;auiddc=1351215056.1648025593;u1=B2C;u2=no_locale;u4=threatpost.com;u5=%2Fmalware-hunter-crawls-internet-looking-for-rat-c2s%2F125360%2F;u6=;u7=43773785847027393794548580237456872318-1699936158.1648025592;u9=_malware-hunter-crawls-internet-looking-for-rat-c2s_125360_;~oref=https%3A%2F%2Fthreatpost.com%2Fmalware-hunter-crawls-internet-looking-for-rat-c2s%2F125360%2F?
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=DC-9582686
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.198 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f6.1e100.net
Software
cafe /
Resource Hash
a33791a01b7980d9b9a88a3e5c7bac125fff41fe237c092761fbb39a28764e29
Security Headers
Name Value
Strict-Transport-Security max-age=21600
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
about:blank

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
date
Wed, 23 Mar 2022 08:53:12 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
cache-control
no-cache, must-revalidate
strict-transport-security
max-age=21600
content-type
text/html; charset=UTF-8
pragma
no-cache
x-content-type-options
nosniff
content-encoding
gzip
server
cafe
content-length
507
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

Redirect headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
date
Wed, 23 Mar 2022 08:53:12 GMT
pragma
no-cache
expires
Fri, 01 Jan 1990 00:00:00 GMT
cache-control
no-cache, must-revalidate
follow-only-when-prerender-shown
1
strict-transport-security
max-age=21600
location
https://9582686.fls.doubleclick.net/activityi;dc_pre=CKr8seDt2_YCFUSwUQoddgEPEQ;src=9582686;type=globalc;cat=globa0;ord=6281985282534;gtm=2od3e0;auiddc=1351215056.1648025593;u1=B2C;u2=no_locale;u4=threatpost.com;u5=%2Fmalware-hunter-crawls-internet-looking-for-rat-c2s%2F125360%2F;u6=;u7=43773785847027393794548580237456872318-1699936158.1648025592;u9=_malware-hunter-crawls-internet-looking-for-rat-c2s_125360_;~oref=https%3A%2F%2Fthreatpost.com%2Fmalware-hunter-crawls-internet-looking-for-rat-c2s%2F125360%2F?
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
server
cafe
content-length
0
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
collect
www.google-analytics.com/g/ 		0
17 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/g/collect?v=2&tid=G-YP1JLG57CH&gtm=2oe3e0&_p=88985980&sr=1600x1200&ul=en-us&cid=1699936158.1648025592&_s=1&dl=https%3A%2F%2Fthreatpost.com%2Fmalware-hunter-crawls-internet-looking-for-rat-c2s%2F125360%2F&dt=Malware%20Hunter%20Crawls%20Internet%20Looking%20for%20RAT%20C2s%20%7C%20Threatpost&sid=1648025593&sct=1&seg=0&en=page_view&_fv=1&_ss=1&ep.pageType=other&ep.businessType=b2c&ep.siteType=Default&ep.siteClass=Websites&ep.siteLocale=%5BNULL%5D&ep.pageName=websites%20%3E%20malware-hunter-crawls-internet-looking-for-rat-c2s%2F125360&ep.campaign=&ep.acCampaignId=&ep.omnitureVisitorId=43773785847027393794548580237456872318
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-YP1JLG57CH&l=dataLayer&cx=c
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 23 Mar 2022 08:53:12 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://threatpost.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
mq
capi-tier-1-us-east-2.connatix.com/tr/ Frame 897B 		0
315 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://capi-tier-1-us-east-2.connatix.com/tr/mq?v=155403
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.223.60.0 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-223-60-0.us-east-2.compute.amazonaws.com
Software
Kestrel /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type
multipart/form-data

Response headers

date
Wed, 23 Mar 2022 08:53:12 GMT
content-encoding
gzip
server
Kestrel
vary
Accept-Encoding
content-type
application/x-protobuf
access-control-allow-origin
https://threatpost.com
access-control-allow-credentials
true
Connection
keep-alive
Content-Length
20
sodar
pagead2.googlesyndication.com/pagead/ Frame 36EB 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022031601&jk=3673923865843917&rc=
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers
J_qxQZjuUB_uQp7BvnBI0K8a5e4rJKdHhykRiRTCxyY.js
pagead2.googlesyndication.com/bg/ Frame 2B13 		36 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/J_qxQZjuUB_uQp7BvnBI0K8a5e4rJKdHhykRiRTCxyY.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
27fab14198ee501fee429ec1be7048d0af1ae5ee2b24a7478729118914c2c726
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 23 Mar 2022 08:38:13 GMT
content-encoding
br
x-content-type-options
nosniff
age
899
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13888
x-xss-protection
0
last-modified
Mon, 14 Mar 2022 11:18:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Thu, 23 Mar 2023 08:38:13 GMT
s42641623255522
kaspersky.d3.sc.omtrdc.net/b/ss/kaspersky-single-suite/1/JS-2.22.3/ 		43 B
244 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://kaspersky.d3.sc.omtrdc.net/b/ss/kaspersky-single-suite/1/JS-2.22.3/s42641623255522?AQB=1&ndh=1&pf=1&t=23%2F2%2F2022%208%3A53%3A13%203%200&mid=43773785847027393794548580237456872318&aamlh=6&ce=UTF-8&ns=kaspersky&cdp=2&pageName=websites%20%3E%20malware-hunter-crawls-internet-looking-for-rat-c2s%2F125360&g=https%3A%2F%2Fthreatpost.com%2Fmalware-hunter-crawls-internet-looking-for-rat-c2s%2F125360%2F&cc=USD&ch=websites&server=threatpost.com&aamb=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&c2=other&c3=b2c&v3=websites%20%3E%20malware-hunter-crawls-internet-looking-for-rat-c2s%2F125360&v9=https%3A%2F%2Fthreatpost.com%2Fmalware-hunter-crawls-internet-looking-for-rat-c2s%2F125360%2F&c20=url&c29=v1%3As_code_single_suite.js%3AtrackPageView%20%3E%20sng.t%3Ap&c30=v1%3A20220317%3A287%3ANextGen%3A%5BNULL%5D&c31=https%3A%2F%2Fthreatpost.com%2Fmalware-hunter-crawls-internet-looking-for-rat-c2s%2F125360%2F&v44=D%3Dv3&c47=Default&v47=D%3Dc47&c51=Websites&c57=%5BNULL%5D&v57=D%3Dc57&c58=Malware%20Hunter%20Crawls%20Internet%20Looking%20for%20RAT%20C2s%20%7C%20Threatpost&v71=v1%3APage%20View%3A%5BNULL%5D&v113=43773785847027393794548580237456872318&v116=1699936158.1648025592&v125=0.6511754912105747_1648025591705&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&mcorgid=983502BE532960BE0A490D4C%40AdobeOrg&AQE=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
15.236.176.210 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-15-236-176-210.eu-west-3.compute.amazonaws.com
Software
jag /
Resource Hash
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 23 Mar 2022 08:53:13 GMT
x-content-type-options
nosniff
x-c
main-1629.I879dac.M0-556
p3p
CP="This is not a P3P policy"
content-length
43
x-xss-protection
1; mode=block
pragma
no-cache
last-modified
Thu, 24 Mar 2022 08:53:13 GMT
server
jag
xserver
anedge-7f6b754cd4-6vgt2
etag
3539108013566361600-4619722418218467681
vary
*
content-type
image/gif;charset=utf-8
access-control-allow-origin
*
cache-control
no-cache, no-store, max-age=0, no-transform, private
expires
Tue, 22 Mar 2022 08:53:13 GMT
dc_pre=CKr8seDt2_YCFUSwUQoddgEPEQ;src=9582686;type=globalc;cat=globa0;ord=6281985282534;gtm=2od3e0;auiddc=1351215056.1648025593;u1=B2C;u2=no_locale;u4=threatpost.com;u5=%2Fmalware-hunter-crawls-int...
adservice.google.com/ddm/fls/i/ Frame 336E 		779 B
530 B 		Document
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/ddm/fls/i/dc_pre=CKr8seDt2_YCFUSwUQoddgEPEQ;src=9582686;type=globalc;cat=globa0;ord=6281985282534;gtm=2od3e0;auiddc=1351215056.1648025593;u1=B2C;u2=no_locale;u4=threatpost.com;u5=%2Fmalware-hunter-crawls-internet-looking-for-rat-c2s%2F125360%2F;u6=;u7=43773785847027393794548580237456872318-1699936158.1648025592;u9=_malware-hunter-crawls-internet-looking-for-rat-c2s_125360_;~oref=https%3A%2F%2Fthreatpost.com%2Fmalware-hunter-crawls-internet-looking-for-rat-c2s%2F125360%2F
Requested by
Host: 9582686.fls.doubleclick.net
URL: https://9582686.fls.doubleclick.net/activityi;dc_pre=CKr8seDt2_YCFUSwUQoddgEPEQ;src=9582686;type=globalc;cat=globa0;ord=6281985282534;gtm=2od3e0;auiddc=1351215056.1648025593;u1=B2C;u2=no_locale;u4=threatpost.com;u5=%2Fmalware-hunter-crawls-internet-looking-for-rat-c2s%2F125360%2F;u6=;u7=43773785847027393794548580237456872318-1699936158.1648025592;u9=_malware-hunter-crawls-internet-looking-for-rat-c2s_125360_;~oref=https%3A%2F%2Fthreatpost.com%2Fmalware-hunter-crawls-internet-looking-for-rat-c2s%2F125360%2F?
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
5619110a07afdd4cfd402a61b90d39bcacf0e30828f102e0f47b2798963df26b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://9582686.fls.doubleclick.net/

Response headers

p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
date
Wed, 23 Mar 2022 08:53:13 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
cache-control
no-cache, must-revalidate
content-type
text/html; charset=UTF-8
pragma
no-cache
x-content-type-options
nosniff
content-encoding
gzip
server
cafe
content-length
507
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
generate_204
tpc.googlesyndication.com/ Frame 2B13 		0
9 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/generate_204?lgCNMw
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 23 Mar 2022 08:53:13 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
dc_pre=CKr8seDt2_YCFUSwUQoddgEPEQ;src=9582686;type=globalc;cat=globa0;ord=6281985282534;gtm=2od3e0;auiddc=1351215056.1648025593;u1=B2C;u2=no_locale;u4=threatpost.com;u5=%2Fmalware-hunter-crawls-int...
adservice.google.de/ddm/fls/i/ Frame E318 		194 B
199 B 		Document
General
Check archive.org
Download Go to
Full URL
https://adservice.google.de/ddm/fls/i/dc_pre=CKr8seDt2_YCFUSwUQoddgEPEQ;src=9582686;type=globalc;cat=globa0;ord=6281985282534;gtm=2od3e0;auiddc=1351215056.1648025593;u1=B2C;u2=no_locale;u4=threatpost.com;u5=%2Fmalware-hunter-crawls-internet-looking-for-rat-c2s%2F125360%2F;u6=;u7=43773785847027393794548580237456872318-1699936158.1648025592;u9=_malware-hunter-crawls-internet-looking-for-rat-c2s_125360_;~oref=https%3A%2F%2Fthreatpost.com%2Fmalware-hunter-crawls-internet-looking-for-rat-c2s%2F125360%2F
Requested by
Host: adservice.google.com
URL: https://adservice.google.com/ddm/fls/i/dc_pre=CKr8seDt2_YCFUSwUQoddgEPEQ;src=9582686;type=globalc;cat=globa0;ord=6281985282534;gtm=2od3e0;auiddc=1351215056.1648025593;u1=B2C;u2=no_locale;u4=threatpost.com;u5=%2Fmalware-hunter-crawls-internet-looking-for-rat-c2s%2F125360%2F;u6=;u7=43773785847027393794548580237456872318-1699936158.1648025592;u9=_malware-hunter-crawls-internet-looking-for-rat-c2s_125360_;~oref=https%3A%2F%2Fthreatpost.com%2Fmalware-hunter-crawls-internet-looking-for-rat-c2s%2F125360%2F
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
05978957c6c8b028f2785dc77271c286bfac76e30b7bcd7e835c2927fbe897cf
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://adservice.google.com/

Response headers

p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
date
Wed, 23 Mar 2022 08:53:13 GMT
expires
Wed, 23 Mar 2022 08:53:13 GMT
cache-control
private, max-age=0
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
gzip
server
cafe
content-length
177
x-xss-protection
0
alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
bl-01880f1-a9073723.js
tagan.adlightning.com/math-aids-threatpost/ Frame 49AC 		43 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tagan.adlightning.com/math-aids-threatpost/bl-01880f1-a9073723.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.66.117 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-65-9-66-117.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
a440f79bde57295a7e4aca47491ccc4e78276e5fa6e45dcf6950b4505b73910d

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 23 Mar 2022 04:46:04 GMT
content-encoding
gzip
age
14830
x-cache
Hit from cloudfront
content-length
18321
x-amz-meta-git_commit
01880f1
last-modified
Wed, 23 Mar 2022 04:17:07 GMT
server
AmazonS3
etag
"67b38948668385d16e6c6a475993bd69"
x-amz-version-id
ipASxP7_QoCuXx_1kgV0xXHQdY1VBp66
via
1.1 a383f82b5d4e98bbd66535c2c4b20c9e.cloudfront.net (CloudFront)
cache-control
max-age=31536000
x-amz-cf-pop
FRA56-C1
accept-ranges
bytes
content-type
application/javascript
x-amz-cf-id
iFTu8oyCnwQuqDkQeBlLTnKniYYiuAvpzP1pQLL5Kjs1Tpi3p9r_tA==
b-7b120a5-9b871d4e.js
tagan.adlightning.com/math-aids-threatpost/ Frame 49AC 		73 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.66.117 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-65-9-66-117.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
4658e1122a2190db712f6731d3e8c14b027f0a42bd7c1333b11d272f8e9ea3fd

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Fri, 01 Oct 2021 20:58:51 GMT
content-encoding
gzip
age
14903663
x-cache
Hit from cloudfront
content-length
28179
x-amz-meta-git_commit
7b120a5
last-modified
Mon, 16 Aug 2021 17:49:31 GMT
server
AmazonS3
etag
"c42a7ac1ac405f3f0cad04305cad5553"
x-amz-version-id
HCJNSpgvHPkSF2.YDap.Qx6PnxOllH79
via
1.1 a383f82b5d4e98bbd66535c2c4b20c9e.cloudfront.net (CloudFront)
cache-control
max-age=31536000
x-amz-cf-pop
FRA56-C1
accept-ranges
bytes
content-type
application/javascript
x-amz-cf-id
TRMk03Y3Ctph5vZ170DcpB8JiiYkh4XGa-zQYTWXEaS8Qi8_Gl6dig==
bl-01880f1-a9073723.js
tagan.adlightning.com/math-aids-threatpost/ Frame 2038 		43 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tagan.adlightning.com/math-aids-threatpost/bl-01880f1-a9073723.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.66.117 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-65-9-66-117.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
a440f79bde57295a7e4aca47491ccc4e78276e5fa6e45dcf6950b4505b73910d

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 23 Mar 2022 04:46:04 GMT
content-encoding
gzip
age
14830
x-cache
Hit from cloudfront
content-length
18321
x-amz-meta-git_commit
01880f1
last-modified
Wed, 23 Mar 2022 04:17:07 GMT
server
AmazonS3
etag
"67b38948668385d16e6c6a475993bd69"
x-amz-version-id
ipASxP7_QoCuXx_1kgV0xXHQdY1VBp66
via
1.1 a383f82b5d4e98bbd66535c2c4b20c9e.cloudfront.net (CloudFront)
cache-control
max-age=31536000
x-amz-cf-pop
FRA56-C1
accept-ranges
bytes
content-type
application/javascript
x-amz-cf-id
K-6Kn1ZWq52WfEekZiX0GICokM1J3THTQplxlMereMCGIxZlylD1kQ==
b-7b120a5-9b871d4e.js
tagan.adlightning.com/math-aids-threatpost/ Frame 2038 		73 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.66.117 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-65-9-66-117.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
4658e1122a2190db712f6731d3e8c14b027f0a42bd7c1333b11d272f8e9ea3fd

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Fri, 01 Oct 2021 20:58:51 GMT
content-encoding
gzip
age
14903663
x-cache
Hit from cloudfront
content-length
28179
x-amz-meta-git_commit
7b120a5
last-modified
Mon, 16 Aug 2021 17:49:31 GMT
server
AmazonS3
etag
"c42a7ac1ac405f3f0cad04305cad5553"
x-amz-version-id
HCJNSpgvHPkSF2.YDap.Qx6PnxOllH79
via
1.1 a383f82b5d4e98bbd66535c2c4b20c9e.cloudfront.net (CloudFront)
cache-control
max-age=31536000
x-amz-cf-pop
FRA56-C1
accept-ranges
bytes
content-type
application/javascript
x-amz-cf-id
z4q5G_bGvn1EskccCqMPT-ixA_4wQ7OlHqHBcR3PdUDKxo03MvMbcg==
container.html
1105ae95aa1529a70b513af5de3aa4db.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 761F 		6 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://1105ae95aa1529a70b513af5de3aa4db.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
cross-origin-resource-policy
cross-origin
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin
*
content-length
3108
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
date
Wed, 23 Mar 2022 08:53:12 GMT
expires
Thu, 23 Mar 2023 08:53:12 GMT
cache-control
public, immutable, max-age=31536000
last-modified
Tue, 02 Mar 2021 20:17:03 GMT
content-type
text/html
age
1
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
container.html
1105ae95aa1529a70b513af5de3aa4db.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame A68A 		6 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://1105ae95aa1529a70b513af5de3aa4db.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
cross-origin-resource-policy
cross-origin
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin
*
content-length
3108
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
date
Wed, 23 Mar 2022 08:53:12 GMT
expires
Thu, 23 Mar 2023 08:53:12 GMT
cache-control
public, immutable, max-age=31536000
last-modified
Tue, 02 Mar 2021 20:17:03 GMT
content-type
text/html
age
1
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
bl-01880f1-a9073723.js
tagan.adlightning.com/math-aids-threatpost/ Frame 761F 		43 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tagan.adlightning.com/math-aids-threatpost/bl-01880f1-a9073723.js
Requested by
Host: 1105ae95aa1529a70b513af5de3aa4db.safeframe.googlesyndication.com
URL: https://1105ae95aa1529a70b513af5de3aa4db.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.66.117 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-65-9-66-117.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
a440f79bde57295a7e4aca47491ccc4e78276e5fa6e45dcf6950b4505b73910d

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://1105ae95aa1529a70b513af5de3aa4db.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 23 Mar 2022 04:46:04 GMT
content-encoding
gzip
age
14830
x-cache
Hit from cloudfront
content-length
18321
x-amz-meta-git_commit
01880f1
last-modified
Wed, 23 Mar 2022 04:17:07 GMT
server
AmazonS3
etag
"67b38948668385d16e6c6a475993bd69"
x-amz-version-id
ipASxP7_QoCuXx_1kgV0xXHQdY1VBp66
via
1.1 a383f82b5d4e98bbd66535c2c4b20c9e.cloudfront.net (CloudFront)
cache-control
max-age=31536000
x-amz-cf-pop
FRA56-C1
accept-ranges
bytes
content-type
application/javascript
x-amz-cf-id
dNo__hvqeZS07dubAuTfuqnOHMbv4J1MAggCeE1UROKbRG0kV4YWOA==
b-7b120a5-9b871d4e.js
tagan.adlightning.com/math-aids-threatpost/ Frame 761F 		73 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js
Requested by
Host: 1105ae95aa1529a70b513af5de3aa4db.safeframe.googlesyndication.com
URL: https://1105ae95aa1529a70b513af5de3aa4db.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.66.117 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-65-9-66-117.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
4658e1122a2190db712f6731d3e8c14b027f0a42bd7c1333b11d272f8e9ea3fd

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://1105ae95aa1529a70b513af5de3aa4db.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Fri, 01 Oct 2021 20:58:51 GMT
content-encoding
gzip
age
14903663
x-cache
Hit from cloudfront
content-length
28179
x-amz-meta-git_commit
7b120a5
last-modified
Mon, 16 Aug 2021 17:49:31 GMT
server
AmazonS3
etag
"c42a7ac1ac405f3f0cad04305cad5553"
x-amz-version-id
HCJNSpgvHPkSF2.YDap.Qx6PnxOllH79
via
1.1 a383f82b5d4e98bbd66535c2c4b20c9e.cloudfront.net (CloudFront)
cache-control
max-age=31536000
x-amz-cf-pop
FRA56-C1
accept-ranges
bytes
content-type
application/javascript
x-amz-cf-id
nEzizfuOdlChUmWEAlXncNMA0ka9UOK-uPvcRDLJ4AqcDEo_Yqp1Mw==
gen_204
pagead2.googlesyndication.com/pagead/ Frame 761F 		42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-BHKXge9kphfrolKVV3zn9jVLLAsZcDTNOo6kjfKpwyNXNOQllMuLHSud9XoORsbQhXwyKxjnXoUbSNFyGzjym3kjV0ioOK5vh-uhUymg07v6R_Teo
Requested by
Host: 1105ae95aa1529a70b513af5de3aa4db.safeframe.googlesyndication.com
URL: https://1105ae95aa1529a70b513af5de3aa4db.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://1105ae95aa1529a70b513af5de3aa4db.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 23 Mar 2022 08:53:14 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
i
mmtro.com/ Frame 761F 		48 B
438 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mmtro.com/i?tagid=6578419-618e518edf188755801a3f7f8b641bb7&idc=124142&rtgdsp=dv360&rtgoid=26781168&rtgpidc=&rtgaid=ABAjH0iSz6svL5MAGQAtWSj4YKrT&rtgseid=&rtgcpid=16256653614&rtgcid=407154832&rtgexid=1&rtgpid=1&rtgsid=48482677309&rnd=1648025592724703&gdpr_consent=&u=https://threatpost.com/malware-hunter-crawls-internet-looking-for-rat-c2s/125360/
Requested by
Host: 1105ae95aa1529a70b513af5de3aa4db.safeframe.googlesyndication.com
URL: https://1105ae95aa1529a70b513af5de3aa4db.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
195.66.82.41 Paris, France, ASN197205 (MERCIS-AS, FR),
Reverse DNS
mmtro.com
Software
fdb141453c85e6bc89a824a70a7bfd71a273b947 /
Resource Hash
2c366efc13702d5bf379b6d5d072ff66fe1d602a6c3185ddd6d6009390fea0f5

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://1105ae95aa1529a70b513af5de3aa4db.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 23 Mar 2022 08:53:09 GMT
server
fdb141453c85e6bc89a824a70a7bfd71a273b947
p3p
policyref="https://mmtro.com/w3c/p3p_mmtro.xml", CP="ALL DSP LAW CUR TAIi PSAi PSDi IVAi IVDi OUR BUS UNI"
x-rid
623adff9203e81ee2ebb645e
cache-control
no-store, no-cache, private
content-type
image/gif
content-length
48
expires
Wed, 23 Feb 2000 00:00:01 GMT
tfav_adl_44.js
j.adlooxtracking.com/ads/js/ Frame 761F 		64 KB
64 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://j.adlooxtracking.com/ads/js/tfav_adl_44.js
Requested by
Host: 1105ae95aa1529a70b513af5de3aa4db.safeframe.googlesyndication.com
URL: https://1105ae95aa1529a70b513af5de3aa4db.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
37.187.27.147 , France, ASN16276 (OVH, FR),
Reverse DNS
js12.adlooxtracking.com
Software
nginx/1.15.8 /
Resource Hash
78ba6bd2efa79d34a907d6b84276e1493803b29b72e9985afe618deea1fb518b

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://1105ae95aa1529a70b513af5de3aa4db.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date
Wed, 23 Mar 2022 08:53:13 GMT
Last-Modified
Tue, 14 Dec 2021 10:16:41 GMT
Server
nginx/1.15.8
ETag
"61b86f09-ffc6"
Content-Type
application/javascript
Cache-Control
no-cache, max-age=60
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
65478
window_focus_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220317/r20110914/client/ Frame 761F 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220317/r20110914/client/window_focus_fy2019.js
Requested by
Host: 1105ae95aa1529a70b513af5de3aa4db.safeframe.googlesyndication.com
URL: https://1105ae95aa1529a70b513af5de3aa4db.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
68026f99511fbc5c2275b7068b5fac19797d638977ffb9db12c5c1523614c18f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://1105ae95aa1529a70b513af5de3aa4db.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 23 Mar 2022 08:04:35 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
2919
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1233
x-xss-protection
0
server
cafe
etag
16517525077337815633
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 06 Apr 2022 08:04:35 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame 761F 		118 KB
36 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: 1105ae95aa1529a70b513af5de3aa4db.safeframe.googlesyndication.com
URL: https://1105ae95aa1529a70b513af5de3aa4db.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f74c04529f8d5f9c248eda87caec654de5e5c61dd40e9ac4696b026d2841b131
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://1105ae95aa1529a70b513af5de3aa4db.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 23 Mar 2022 08:53:13 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
36708
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1647862282720048"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Wed, 23 Mar 2022 08:53:13 GMT
qs_click_protection_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220317/r20110914/client/ Frame 761F 		15 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220317/r20110914/client/qs_click_protection_fy2019.js
Requested by
Host: 1105ae95aa1529a70b513af5de3aa4db.safeframe.googlesyndication.com
URL: https://1105ae95aa1529a70b513af5de3aa4db.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ecc2e585ea072abb205881f3aad6f36e92d556537e7100a8a128ddbc75edb436
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://1105ae95aa1529a70b513af5de3aa4db.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 23 Mar 2022 08:04:45 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
2908
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6407
x-xss-protection
0
server
cafe
etag
6055885685211612390
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 06 Apr 2022 08:04:45 GMT
l
www.google.com/ads/measurement/ Frame 761F 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/measurement/l?ebcid=ALh7CaQDJXHjXYQnF0xldHOZxjr2CthxLpcJEtYm1GFx230tY-FwRsVKlCqekVulyAzm78Wkj-t1jVvbBdLBVjMZFBChfM4B_Q
Requested by
Host: 1105ae95aa1529a70b513af5de3aa4db.safeframe.googlesyndication.com
URL: https://1105ae95aa1529a70b513af5de3aa4db.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://1105ae95aa1529a70b513af5de3aa4db.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers
bl-01880f1-a9073723.js
tagan.adlightning.com/math-aids-threatpost/ Frame A68A 		43 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tagan.adlightning.com/math-aids-threatpost/bl-01880f1-a9073723.js
Requested by
Host: 1105ae95aa1529a70b513af5de3aa4db.safeframe.googlesyndication.com
URL: https://1105ae95aa1529a70b513af5de3aa4db.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.66.117 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-65-9-66-117.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
a440f79bde57295a7e4aca47491ccc4e78276e5fa6e45dcf6950b4505b73910d

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://1105ae95aa1529a70b513af5de3aa4db.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 23 Mar 2022 04:46:04 GMT
content-encoding
gzip
age
14830
x-cache
Hit from cloudfront
content-length
18321
x-amz-meta-git_commit
01880f1
last-modified
Wed, 23 Mar 2022 04:17:07 GMT
server
AmazonS3
etag
"67b38948668385d16e6c6a475993bd69"
x-amz-version-id
ipASxP7_QoCuXx_1kgV0xXHQdY1VBp66
via
1.1 a383f82b5d4e98bbd66535c2c4b20c9e.cloudfront.net (CloudFront)
cache-control
max-age=31536000
x-amz-cf-pop
FRA56-C1
accept-ranges
bytes
content-type
application/javascript
x-amz-cf-id
kkgfvynXYNEKw5d5DYdluLS1jW1se3k1glY92Lc4vnYVu2ExEcyviw==
b-7b120a5-9b871d4e.js
tagan.adlightning.com/math-aids-threatpost/ Frame A68A 		73 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js
Requested by
Host: 1105ae95aa1529a70b513af5de3aa4db.safeframe.googlesyndication.com
URL: https://1105ae95aa1529a70b513af5de3aa4db.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.66.117 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-65-9-66-117.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
4658e1122a2190db712f6731d3e8c14b027f0a42bd7c1333b11d272f8e9ea3fd

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://1105ae95aa1529a70b513af5de3aa4db.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Fri, 01 Oct 2021 20:58:51 GMT
content-encoding
gzip
age
14903663
x-cache
Hit from cloudfront
content-length
28179
x-amz-meta-git_commit
7b120a5
last-modified
Mon, 16 Aug 2021 17:49:31 GMT
server
AmazonS3
etag
"c42a7ac1ac405f3f0cad04305cad5553"
x-amz-version-id
HCJNSpgvHPkSF2.YDap.Qx6PnxOllH79
via
1.1 a383f82b5d4e98bbd66535c2c4b20c9e.cloudfront.net (CloudFront)
cache-control
max-age=31536000
x-amz-cf-pop
FRA56-C1
accept-ranges
bytes
content-type
application/javascript
x-amz-cf-id
08fCZrJM-Jsd-C22WUzZwe3LpeYTCEkckxKCySoIXmRQ9CPe9yrgtg==
css2
fonts.googleapis.com/ Frame A68A 		4 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap
Requested by
Host: 1105ae95aa1529a70b513af5de3aa4db.safeframe.googlesyndication.com
URL: https://1105ae95aa1529a70b513af5de3aa4db.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:803::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
ab7475d461d9f613ef90faa375ec3387987dd7536af23c13cacd6be9c0c0e370
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://1105ae95aa1529a70b513af5de3aa4db.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Wed, 23 Mar 2022 07:08:24 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Wed, 23 Mar 2022 08:53:13 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 23 Mar 2022 08:53:13 GMT
interstitial_ad_frame_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220317/r20110914/elements/html/ Frame A68A 		19 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220317/r20110914/elements/html/interstitial_ad_frame_fy2019.js
Requested by
Host: 1105ae95aa1529a70b513af5de3aa4db.safeframe.googlesyndication.com
URL: https://1105ae95aa1529a70b513af5de3aa4db.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
1dfe85a37ae1c79d3e9c52ef1ab91df405010640520a5ee23947929a91345b55
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://1105ae95aa1529a70b513af5de3aa4db.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 23 Mar 2022 08:39:26 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
827
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
8384
x-xss-protection
0
server
cafe
etag
9346545009329832778
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 06 Apr 2022 08:39:26 GMT
gen_204
pagead2.googlesyndication.com/pagead/ 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=225&t=2&li=gpt_2022031601&jk=3673923865843917&bg=!mJulm9_NAAba2mK92to7ACkAdvg8WgD3DCxNKz7M7ZXu4qBmxm2cjqLxvoc9U4USzDvWse_zUsIyXwIAAACBUgAAAAJoAQcKADBln-2SCw49z-3YYQ3QesR7ndTt9mM0Lpbc3OEwHyH3i6SM068YXzYrEEAMJSZyaFOZAsk9995o06zicu2m6Yjdq6Cmu85kJ8dZcDef5yGslb-7q23PC6vib2OUfi8duDrs60jZF2lFvsEFtemG06XWxjFwZZGA8DHtyNq3a06NdvQmqKh9VOTtz-I--rA1Nu26h2EfdcsWbCqFpW7lFY4x7OQRV0BqhCHg8KJt44_hrSQUBLTfxXPXrHqJfE5NFV-CvCquGd8XUotzgGiTPK7qkcwAA_WMYwyrJCMPNGCcldNeGLDLaVCI60TzGSof2uktzQHFQ2R3uJgZWuzuQzfNmBtL4aularBCkw7XcFFsizWGjzSzskuP6YadCGpUzp_0lgC-WfFKkDLqSLLe__RSaG0gHrvS7gSZ8pRI0khUhpDBEDQknxGDbyeLT9etRHvLleH3LoHSQrq5_I7k-IFxoDbJa6JABTtQc2SGAvM2Z1scjkGBNngLKdlDIKSWQrwFmd2wNsfeozHn539JIg3v68Dhefk8Y8L1MUJH0dpKuw7mPrO50q7bddcBAEW1Ag6A0y9XQQvbYN0ImOsL-4H-kx-1pFPj9WH0q7dt3fUhzA5JOt4ayeDvoGVSk2kVOU0OlOi6pKw8ZckNiSxcmyF0Fdrl-4X3BJafkYvX3rTr5QOgWIEhqZSda8pf5AxBWbAJASr3lU7UjZsX9sKNgA3g-_n3lhzO7JsLHjTmhmvsmLVJdyNBD9_9StwhnAlqNkvzGwuqhBFsgDfTToqe_f0PfF4B22DQ08c2S113paVJIpKGnSkt6gpeBv7r-XrSCysJkJvu1oRCoOmKZnLb-nCNZ1RgS55JIUyjAx39c3Ou7m6QLIFe1CDRtYhEOl8zYeB9bfjuRzaE6l5Dxe7o_CRi8pkT6opl54WkWTw5xS9enh9kRIB2S9hut0GKa_Nc78Obsob3QEkvgPhrPVpodlrBQItCylAbWvoWW6Y85SHwzFcDOXj53EXLvkKIQQ
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 23 Mar 2022 08:53:13 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
amp4ads-v0.mjs
cdn.ampproject.org/rtv/012203150226000/ Frame 2038 		222 KB
62 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012203150226000/amp4ads-v0.mjs
Requested by
Host: threatpost.com
URL: https://threatpost.com/malware-hunter-crawls-internet-looking-for-rat-c2s/125360/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
b94ed570e00f5bba0eaed65da67bf6f2fc5e107446a682eb045f20dbd12ab0e8
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
142967
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
62084
x-xss-protection
0
server
sffe
date
Mon, 21 Mar 2022 17:10:26 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"fa1474a6dd6481f4"
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
expires
Tue, 21 Mar 2023 17:10:26 GMT
amp-ad-exit-0.1.mjs
cdn.ampproject.org/rtv/012203150226000/v0/ Frame 2038 		16 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012203150226000/v0/amp-ad-exit-0.1.mjs
Requested by
Host: threatpost.com
URL: https://threatpost.com/malware-hunter-crawls-internet-looking-for-rat-c2s/125360/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
aec5ee5147fdc283bcb601dc6231c234d9bec077d32756aef2a75eeedf78038f
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
142967
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5728
x-xss-protection
0
server
sffe
date
Mon, 21 Mar 2022 17:10:26 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"d91e62368f79b48d"
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
expires
Tue, 21 Mar 2023 17:10:26 GMT
amp-analytics-0.1.mjs
cdn.ampproject.org/rtv/012203150226000/v0/ Frame 2038 		96 KB
29 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012203150226000/v0/amp-analytics-0.1.mjs
Requested by
Host: threatpost.com
URL: https://threatpost.com/malware-hunter-crawls-internet-looking-for-rat-c2s/125360/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
213738a8de7a1e55874dcbc92825c84599256579b64f60f19c2514e61844e6bb
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
142967
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
29618
x-xss-protection
0
server
sffe
date
Mon, 21 Mar 2022 17:10:26 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"9a9baa9802fa29d2"
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
expires
Tue, 21 Mar 2023 17:10:26 GMT
amp-fit-text-0.1.mjs
cdn.ampproject.org/rtv/012203150226000/v0/ Frame 2038 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012203150226000/v0/amp-fit-text-0.1.mjs
Requested by
Host: threatpost.com
URL: https://threatpost.com/malware-hunter-crawls-internet-looking-for-rat-c2s/125360/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
2eb2a641ec9143273f4f5ba4f1526364fd4b1a040b628b4be54b77dbe362690f
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
142967
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1900
x-xss-protection
0
server
sffe
date
Mon, 21 Mar 2022 17:10:26 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"3393210d007db9ca"
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
expires
Tue, 21 Mar 2023 17:10:26 GMT
amp-form-0.1.mjs
cdn.ampproject.org/rtv/012203150226000/v0/ Frame 2038 		42 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012203150226000/v0/amp-form-0.1.mjs
Requested by
Host: threatpost.com
URL: https://threatpost.com/malware-hunter-crawls-internet-looking-for-rat-c2s/125360/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
0b43999f77e447254a78e068f55a6cc9075071b252277337b901e095e607e474
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
142967
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13669
x-xss-protection
0
server
sffe
date
Mon, 21 Mar 2022 17:10:26 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"565eca32a909292d"
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
expires
Tue, 21 Mar 2023 17:10:26 GMT
css
fonts.googleapis.com/ Frame 2038 		6 KB
670 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700
Requested by
Host: threatpost.com
URL: https://threatpost.com/malware-hunter-crawls-internet-looking-for-rat-c2s/125360/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:803::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
2cef3a9d0606aecfe2476867e61f76535b9bb5b8e9d31957cc9504cdd1e69396
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Wed, 23 Mar 2022 08:48:43 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Wed, 23 Mar 2022 08:53:13 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 23 Mar 2022 08:53:13 GMT
en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 2038 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/pagead/images/adchoices/en.png
Requested by
Host: threatpost.com
URL: https://threatpost.com/malware-hunter-crawls-internet-looking-for-rat-c2s/125360/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 09:41:38 GMT
x-content-type-options
nosniff
server
cafe
age
83495
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
etag
14819457070020093239
vary
Accept-Encoding
content-type
image/png
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2502
x-xss-protection
0
expires
Wed, 23 Mar 2022 09:41:38 GMT
icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 2038 		295 B
319 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png
Requested by
Host: threatpost.com
URL: https://threatpost.com/malware-hunter-crawls-internet-looking-for-rat-c2s/125360/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 09:53:05 GMT
x-content-type-options
nosniff
server
cafe
age
82808
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
etag
426692510519060060
vary
Accept-Encoding
content-type
image/png
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
295
x-xss-protection
0
expires
Wed, 23 Mar 2022 09:53:05 GMT
l
www.google.com/ads/measurement/ Frame 2038 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/measurement/l?ebcid=ALh7CaQkQ23P8-lvi3qPIDAMKNq6z1KYKT32gICDWAFEdQxdPqKNzZDiLc64kCRR0yWaw1qDolEkZqX2KEva8HIDvJbYvcafLg
Requested by
Host: threatpost.com
URL: https://threatpost.com/malware-hunter-crawls-internet-looking-for-rat-c2s/125360/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers
adview
securepubads.g.doubleclick.net/pagead/ Frame 2038 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://securepubads.g.doubleclick.net/pagead/adview?ai=CzhlC-N86Yt6dLNmzgAedgpzAD_mus5Zp7K6bkbcOz-e6_6kbEAEg-ZvxhAFg-4GAgJQKoAGr1bS7AsgBCeACAKgDAcgDCqoEqAJP0IFAQfLWYDWJfI3lKbWtoEevuvRl_WgoBv1ie9RNLqaT78D1objZW29gOliyIUScO_62_xYpl7476Gv6ZuPrDqr14gB-2VuKK0-l-hFYZmW08bsLGV2f-C-SQKGLm7BpafrdaCV6yjxDA2P-7lZHaXlymcjzHr0CjYgz0o4nMnQXuKwWzAFGPI8ESZzLHNPi--LmLgp53FPwEvo6iugJsoA_z8Iwt1W9tX40VWkb6B3smpRjYY0gBm3_WeUWaoK7JfL95-hu1GSxsgB9kGXVlFpAyZiIKkqPvVAtRv64804V7aMk-fuiO_iurjLYLs7wXuNYUkijFMHLCV9kY3JgIh57qi364Rj1HQpb6rqFNuNUmjrqPtwnyLycoRafy8H9N7_dskTMO8AEmcTyl5ID4AQBkgUECAQYAZIFBAgFGASgBi6AB_6i-t4BqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhvYBwDyBwQQwIIP0ggHCIhhEAEYHYAKA8gLAdgTDNAVAZgWAYAXAbIXHgocCAASFHB1Yi00MTEzNjgxODgyMzExNDU1GITbew&sigh=p7v0DSuKjlk&uach_m=[UACH]&template_id=484
Requested by
Host: threatpost.com
URL: https://threatpost.com/malware-hunter-crawls-internet-looking-for-rat-c2s/125360/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
216.58.201.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
prg03s01-in-f66.1e100.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers
amp4ads-v0.mjs
cdn.ampproject.org/rtv/012203150226000/ Frame 49AC 		222 KB
61 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012203150226000/amp4ads-v0.mjs
Requested by
Host: threatpost.com
URL: https://threatpost.com/malware-hunter-crawls-internet-looking-for-rat-c2s/125360/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
b94ed570e00f5bba0eaed65da67bf6f2fc5e107446a682eb045f20dbd12ab0e8
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
142967
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
62084
x-xss-protection
0
server
sffe
date
Mon, 21 Mar 2022 17:10:26 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"fa1474a6dd6481f4"
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
expires
Tue, 21 Mar 2023 17:10:26 GMT
amp-ad-exit-0.1.mjs
cdn.ampproject.org/rtv/012203150226000/v0/ Frame 49AC 		16 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012203150226000/v0/amp-ad-exit-0.1.mjs
Requested by
Host: threatpost.com
URL: https://threatpost.com/malware-hunter-crawls-internet-looking-for-rat-c2s/125360/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
aec5ee5147fdc283bcb601dc6231c234d9bec077d32756aef2a75eeedf78038f
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
142967
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5728
x-xss-protection
0
server
sffe
date
Mon, 21 Mar 2022 17:10:26 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"d91e62368f79b48d"
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
expires
Tue, 21 Mar 2023 17:10:26 GMT
amp-analytics-0.1.mjs
cdn.ampproject.org/rtv/012203150226000/v0/ Frame 49AC 		96 KB
29 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012203150226000/v0/amp-analytics-0.1.mjs
Requested by
Host: threatpost.com
URL: https://threatpost.com/malware-hunter-crawls-internet-looking-for-rat-c2s/125360/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
213738a8de7a1e55874dcbc92825c84599256579b64f60f19c2514e61844e6bb
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
142967
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
29618
x-xss-protection
0
server
sffe
date
Mon, 21 Mar 2022 17:10:26 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"9a9baa9802fa29d2"
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
expires
Tue, 21 Mar 2023 17:10:26 GMT
amp-fit-text-0.1.mjs
cdn.ampproject.org/rtv/012203150226000/v0/ Frame 49AC 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012203150226000/v0/amp-fit-text-0.1.mjs
Requested by
Host: threatpost.com
URL: https://threatpost.com/malware-hunter-crawls-internet-looking-for-rat-c2s/125360/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
2eb2a641ec9143273f4f5ba4f1526364fd4b1a040b628b4be54b77dbe362690f
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
142967
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1900
x-xss-protection
0
server
sffe
date
Mon, 21 Mar 2022 17:10:26 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"3393210d007db9ca"
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
expires
Tue, 21 Mar 2023 17:10:26 GMT
amp-form-0.1.mjs
cdn.ampproject.org/rtv/012203150226000/v0/ Frame 49AC 		42 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012203150226000/v0/amp-form-0.1.mjs
Requested by
Host: threatpost.com
URL: https://threatpost.com/malware-hunter-crawls-internet-looking-for-rat-c2s/125360/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
0b43999f77e447254a78e068f55a6cc9075071b252277337b901e095e607e474
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
142967
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13669
x-xss-protection
0
server
sffe
date
Mon, 21 Mar 2022 17:10:26 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"565eca32a909292d"
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
expires
Tue, 21 Mar 2023 17:10:26 GMT
css
fonts.googleapis.com/ Frame 49AC 		6 KB
669 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Roboto:300|Roboto:400,500&lang=en
Requested by
Host: threatpost.com
URL: https://threatpost.com/malware-hunter-crawls-internet-looking-for-rat-c2s/125360/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:803::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
2ddefcdc9f260c5ffeb93fed110fe9d929028226f9a2d8a4934ea52b546e9640
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Wed, 23 Mar 2022 07:51:20 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Wed, 23 Mar 2022 08:53:13 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 23 Mar 2022 08:53:13 GMT
css
fonts.googleapis.com/ Frame 49AC 		4 KB
618 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Roboto:400,500&text=
Requested by
Host: threatpost.com
URL: https://threatpost.com/malware-hunter-crawls-internet-looking-for-rat-c2s/125360/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:803::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
2e8fa2037c41372ddc72ea1e08a477ba37998b54b5416b8cff0554fa5b865e27
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Wed, 23 Mar 2022 08:50:06 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Wed, 23 Mar 2022 08:53:13 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 23 Mar 2022 08:53:13 GMT
17804177247281557044
s0.2mdn.net/simgad/ Frame 49AC 		913 KB
913 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/simgad/17804177247281557044
Requested by
Host: threatpost.com
URL: https://threatpost.com/malware-hunter-crawls-internet-looking-for-rat-c2s/125360/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
86fdc32a64560114e795e92ee856d31e4883ded41406d680e152c27980092cf2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Thu, 17 Mar 2022 07:08:52 GMT
x-content-type-options
nosniff
age
524661
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
935205
x-xss-protection
0
last-modified
Wed, 02 Mar 2022 04:16:58 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Fri, 17 Mar 2023 07:08:52 GMT
1907127112164312716
s0.2mdn.net/simgad/ Frame 49AC 		27 KB
27 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/simgad/1907127112164312716
Requested by
Host: threatpost.com
URL: https://threatpost.com/malware-hunter-crawls-internet-looking-for-rat-c2s/125360/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
2da64b94dc40ee29ad81c7f1a48b37562a45151f71b227fd9234f2352f3b347f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Thu, 17 Mar 2022 07:06:17 GMT
x-content-type-options
nosniff
age
524816
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
27868
x-xss-protection
0
last-modified
Wed, 02 Mar 2022 04:17:23 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Fri, 17 Mar 2023 07:06:17 GMT
ad
googleads.g.doubleclick.net/dbm/ Frame 49AC 		42 B
533 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BdeDr5sMsZjg_AXPFIDITbdd2KOsDKWihSqbY_qHq0jAvtjV1kqJXbxpxIxkA42IrnNhGMlf15sUH49k46oxPGgR6yX78IeUlk2bkr-d674jIRH9IjjbfPMGfPxQ_F_3pTTIXj7UGPaY_N7lQ-oJr29DPLgg&dbm_d=AKAmf-BvreEl5D6Zw9tErg66QlJRnMZ_6CI9dV5ScaWxJuj5Kk2Bf4XTTxE6HWH3yzSp3PT3ss2z1l8GkyDC78uIHR8yOdh0J-xCBOUe0k7_3qQSLeehyG4rH4GW-NJyfbGbj3SDPgs9RvOSiyAtnq-47fGUh-yb6T9ztmufHpV_TjjM2kITyRtCm3mTHuXPrGeINnIZufQ3BqSf9R0rHZ9B7zTrJ2IulH8K3t_G5_Xf58RMoDp-BA_r932L-faao2j70bS08CaC3HD8Z1sSHT1bs6mHd89UkCh4S1nqM2o1rRMlnJrz2bQSS_754FfGFx8RtgMDVYVa-lJNGnTpHOcP4BMHgStDANDD2VQ-DerTvOQWvRTspw1u0gWjhSNfDgtMS5ReyQjIa78mPopDBW00LO_5swu9SNuhWSEDr0V4LRRkDNf8N4QEYvJDpO0sR5MO_tdqrCJu29ym6F4Hzkn9hSIEjqfmzlPTEdOK-C_HedEvzfDMjBVRrOl9UsMMkj0EjQolQMtWJZ26BDfTv3cYvAr-KyZ_9xGgeM1EH-rU6yuoVkmX7lPLVdqCJ-Na6Eaah79Gjb5gMiZEaEX6UI4Li5m77M9T8rc1-l5Zd31RGXmwL7ho2c0Aa9CHdx07TQqxN0WtNPv6QHxDGdbhMzaPHR5YsWucN8AOTtGO3F6jm9IgYXRktkjabu7jOUF95QZU6l4dqyMMquUrTses7WjTyOU5qPbZ9dJDR4eIdEQFx6a33Fu8ynzD5c1zhnKWt6gdVS02kaYCX8PBj9W6xBlFhCsshEZv2efUh6BePBMDhutVFtfCalR9ko3PsaJZw7EMGe3SK87Q2QRVaDLAB25ueVdbvXMYOIKfiYCCdFXAaJW9bgSAvTky4KYGjx8m4oXHigY2e3pXakl5dSiYO6L6dZNl5_4Qc6E35_4T1S_VxaUI_qm6V8enKgsRVfaJyrRef4yCDyovc8Qu3DoOJo40idH5VTFkn5mq0y8dAQPe4JiAWqa7qFfTu1CceSm7xwxcPn1y9Dqg9xx3kNuMwqX_PmnjyVV0b4Y4RwQca9GgIM4xmW0Tq5LtMdwz1Ly0DTVzfRFPpOJsYtJY0Kj8lN8KFyDDoxe_yy8stYuHMKkLZUUHIQKDBBxrbgPeGLLLdfW72IK3nFY2zOoEbKyOttFh3YHIUHi5Wm016GzoEGWk7Bsm9tMhwfiyDTb8V_hkFwRIM94aujxqRyCvIOJewHTbDKz1oXS0ClccPEiwKAUqdlkQ5urX90LmCD4ie7wc34c3ADCFKr-6lt1Mcsq1uf4zo6uBX0EzitwBHHqr0C9MsklXKSA4kmX4fvi-Xb-LGt0UD6gMdiL8Px8sWHkT-JGqOU4TPL5Rng-PFexAcWauwXUXqpRVekUg2QChebLX-UqtMopNXPLRPR_cK5xkdgp3WHoLoEge3ccUyj8oGGCV2IiTfSscG-dZ_sQsgkMOuyFUQ3JeZxYxRbbTOOuL0XGVYkvWPV1i2Q6J-vqBMRBqp3_eQ78FbMSwG2EyTjed7AmtuM1yFhKPnu9GSGJKDo9DmTgE7rl3IZEyAsRDaxEZL8KcCmry4A4-H5YV518w9IL4iVTcny2ge7Tew3lcEF-oOCLMV_BmDcdjAV5Swud03jkvZnqp39-NuyPQ7zp39xCyiqtYjmV-jUzU1tHAUvR_bz8FH_S0OkRLCEeu1unL0suWK7EQGaMs7Qvw1d15tCOsnSIh8l0ET8lyN9kZVuFvxBbb-f7F8m-Bc3Xow4OsXnAvv8tIu84ntYdCbekH00_gq2q13ls9Dsx_NKNqXN6DRJEZuqSjGLDonqrRIqBjDze2Qk8vdAmWxcCUHLo2JOLIvYnV1IiYOh4-wnT-h173cxVFR4J_Gd_jcjqd54pGdf7ul781O4zX3lceeDC8qWeZIky386K0_2gB3FQ7s44vSYcs0TphasqoObWk470hNcU-Xu8kljz34wF7dCW69IbDO-ATvNH7vg3W9zvUeYmjH9XHcS8ttheDnBTQatjwkTMxZf6YVeYEen3jZK_cVFqTjA-zvnaGuP_Dd0_ARLMkashPhAbbX32hccnp2wpQESP42jvdydiME_kaNW6bqv3heg842HJHwN4N9kSzbPIMiRrI6CcwLxGzxDF9rNF48pKlCpPbPAkppveCjw_BlQEE7ybin3UIm9XT7pvyASjSH2n8PZWmBy6hqBYLYQKZ5NuLr25AgIANxXjH6-lvsJcodpKuVYxTmWNhge5sDSihDkQW06_zabCR08vn-spjJM8IsOn6uorQwdxVoiBriZvCGbyZWSOKQ8n2D_TFvCnOWK9ke9_05auTXyKcsxt13gISal2to23d0O2ksbUpIvVvzLR8XMm5tOD5d86zCBNUVv5mQsKt27HOq2ksleFZCjx_1vuesdR-SLkiMkIyRDdvR0ySbrBDwq-WiDgrO0etQwgSYPCFFFYekP25t6dV7wVvNM8qVRAPTAB6nBsTAn5Q7a0QNkxHi0R_fXkXBHwyZmQLQlEH6O5pDUkS3bQR6MPDJ1Xoh4xq4LYF0I5ibOCh1xzzAfiLRbcSenON_miI6aXBzH0XJTxTlaDMihqkkW8JJ2lMZ3joYgb4YeflOWun0L8xXGjMUxvA4eg7JRXf80LnU_0lj_gUUYX8x64ILgIHVLq2S634yLXHxXk9JkJ3uw1cdD7TsOJiRzSvUYM5_-MSPcw0oLkA-AV0q0_bHRrBGSFzORgf3cV6rX4lAi5nmDTe01xRgePunIprmMkz4jJLA4oD0gWT3QQmxcVJT3bX82UfdtDYDZhxAr72-ZY9EAV2R_8s0vF63OBSxScGpcs8lJs6ZOP2NGbX6i86Vk6MVYCAfUhA8Mouk0YIqIC69IYeUsea-5mxaP7UpHhZwwwWfNfLbVJAUyQra7Zynt7aZ2EHiMVtIW2dHQcVWGNaaOg1g4CvgTaPL1nvpszS8GgGFyDLnArkjmgI-FwZKlJXJUeWNJ2PHG7RDl8yUeFwJHrFSEsuaYBZFQPjYT7KqqAlsgkSIiY3VD8nuTayJ2K4UWCEjLdswf4xXdHLqG83XhwH5efFOP0Pcx4nKBBEdEviePGkXhUdX2CprYnAmyjZ9uCYCfLMuYyO11S3QhxEkmbj-wzaWqhhHYgrggOFg5ABVnc41y9z_7ZqQjgt8VsB2KfTyOE&cid=CAASJ-Ro0mhWEB6pSw80lVD2TCj5eVK9S6RTNB0b7oNE7d8GHNi0BkdrsA
Requested by
Host: threatpost.com
URL: https://threatpost.com/malware-hunter-crawls-internet-looking-for-rat-c2s/125360/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 23 Mar 2022 08:53:13 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
adview
securepubads.g.doubleclick.net/pagead/ Frame 49AC 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://securepubads.g.doubleclick.net/pagead/adview?ai=CKKy0-N86Yt2dLNmzgAedgpzAD4WDzK5ox4O_psgP6Kq2lYsDEAEg-ZvxhAFg-4GAgJQKoAG-34C5AsgBBqgDAaoE5wFP0CByT8p9xSbgzSQvxIMpAQOfPTtIUlu8x5yl1BVjp6q2YFaptfOeOHe__HMptAtQRVc-drOckfXIegmunRIqQM-AG-Y9At9jWQcvW7fkxXbyrxIqKZMNhCYBS_agTRSncTzymClY707g-Maxbot2qtQ-R7D81HD7gf6BAT5WCQYFwLYB2upNyneepYkLxULCB_L0tacMkO_y8m5cHKHfvvl-nARizFn3E46B6dpfWOW77JIQ6Goy-xky73lIgcqRneeKzlXGOh01ZMQmV1AwUd7QNkyfHu4Gdg8ehWGkfuJOLius4jfABOu8y6XzA-AEA4gFjNCbpjySBQQIAxgDkgUGCBsQAhgBkgUNCCIQAxgBSJapqwFQAZIFBggdEAQYAZIFBggdEAEYAZIFBggeEAEYAZAGAaAGN4AHqqD_xgGoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G9gHAfIHChDOuTIYlO3IwwHSCAcIiGEQARgdgAoDyAsBsBOdjcIOyBOk15LfA9ATANgTCtgUAdAVAYAXAbIXHgocCAASFHB1Yi00MTEzNjgxODgyMzExNDU1GITbew&sigh=zWLzhxUByLg&uach_m=[UACH]&cid=CAQSPgCNIrLMR1geSgX5iwW-mb3fFjxkZ34_AHU-ahqhwoqIGOqqPY1jUanBXvkra5Z42DThfD6YjeVCeQR8InM4&template_id=509&vt=10
Requested by
Host: threatpost.com
URL: https://threatpost.com/malware-hunter-crawls-internet-looking-for-rat-c2s/125360/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
216.58.201.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
prg03s01-in-f66.1e100.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers
en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 49AC 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/pagead/images/adchoices/en.png
Requested by
Host: threatpost.com
URL: https://threatpost.com/malware-hunter-crawls-internet-looking-for-rat-c2s/125360/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 09:41:38 GMT
x-content-type-options
nosniff
server
cafe
age
83495
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
etag
14819457070020093239
vary
Accept-Encoding
content-type
image/png
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2502
x-xss-protection
0
expires
Wed, 23 Mar 2022 09:41:38 GMT
icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 49AC 		295 B
319 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png
Requested by
Host: threatpost.com
URL: https://threatpost.com/malware-hunter-crawls-internet-looking-for-rat-c2s/125360/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 09:53:05 GMT
x-content-type-options
nosniff
server
cafe
age
82808
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
etag
426692510519060060
vary
Accept-Encoding
content-type
image/png
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
295
x-xss-protection
0
expires
Wed, 23 Mar 2022 09:53:05 GMT
l
www.google.com/ads/measurement/ Frame 49AC 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/measurement/l?ebcid=ALh7CaRrx0xxWdzSOsK3VCdn67z30r6mJBX4nI-pQ5zg-DVuMAWmzNZIbKAgqk7Hb2Tn7hjbMTo0-9Pjc7J3ReZHAhxyRN8xWQ
Requested by
Host: threatpost.com
URL: https://threatpost.com/malware-hunter-crawls-internet-looking-for-rat-c2s/125360/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers
2076313506083323656
tpc.googlesyndication.com/simgad/10629832105753355399/ Frame 2038 		51 KB
51 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/simgad/10629832105753355399/2076313506083323656
Requested by
Host: threatpost.com
URL: https://threatpost.com/malware-hunter-crawls-internet-looking-for-rat-c2s/125360/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
29470aaf49d0c2871ba3acd7d2d8d0d3d5780b247648c7b01c690f03584c71a4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 05:12:22 GMT
x-content-type-options
nosniff
age
99652
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
52071
x-xss-protection
0
last-modified
Tue, 14 Sep 2021 15:56:57 GMT
server
sffe
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Wed, 22 Mar 2023 05:12:22 GMT
truncated
/ Frame 2038 		219 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
258ffeacbc4bcbdfc6667236a43d770a6236f18ff39700f37a4c64e92850d72a

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ Frame 2038 		221 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
336f1ee20897b74eae39c8469104c74e7e73fe9fff2c0ab488675ec759321de1

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type
image/png
KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v29/ Frame 2038 		15 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://threatpost.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 16 Mar 2022 17:56:19 GMT
x-content-type-options
nosniff
age
572215
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15828
x-xss-protection
0
last-modified
Wed, 22 Sep 2021 16:13:28 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Thu, 16 Mar 2023 17:56:19 GMT
KFOlCnqEu92Fr1MmSU5fBBc4.woff2
fonts.gstatic.com/s/roboto/v29/ Frame 2038 		15 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmSU5fBBc4.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
33530b007071281a97e79baab13ddf7cc4b9de942ebd3e212224857335f7cb97
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://threatpost.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 16 Mar 2022 17:58:32 GMT
x-content-type-options
nosniff
age
572082
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15732
x-xss-protection
0
last-modified
Wed, 22 Sep 2021 16:13:20 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Thu, 16 Mar 2023 17:58:32 GMT
truncated
/ Frame 49AC 		213 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
822c5bdec60b760e2b487ae04cde059cc9f20dd7c68284efbf8a1e752311272a

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type
image/png
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v29/ Frame 49AC 		15 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v29/KFOmCnqEu92Fr1Mu4mxK.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:300|Roboto:400,500&lang=en
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://threatpost.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Fri, 18 Mar 2022 09:48:03 GMT
x-content-type-options
nosniff
age
428711
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15688
x-xss-protection
0
last-modified
Wed, 22 Sep 2021 16:13:19 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Sat, 18 Mar 2023 09:48:03 GMT
KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v29/ Frame 49AC 		16 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:300|Roboto:400,500&lang=en
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
bb46ed079c3dd3c39af5051b4ada48f29f49151dad4fa218117bad2fdb5e616f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://threatpost.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 14:02:01 GMT
x-content-type-options
nosniff
age
67873
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15920
x-xss-protection
0
last-modified
Wed, 22 Sep 2021 16:13:21 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Wed, 22 Mar 2023 14:02:01 GMT
pixel
googleads.g.doubleclick.net/xbbe/ Frame 2959 		645 B
306 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/xbbe/pixel?d=CJnYKBCaoPjrARiQ4ZLCATAB&v=APEucNXgQqHUwCGVjRqhbDIWA6J9YwnCUU55T2L7dcothzBNnoySLpiDgleCXLCRLqHxDN5rwxlyQrclsXwkUkTr27v9Be839TO8LMfFj77LesMN6IfTZkM
Requested by
Host: 1105ae95aa1529a70b513af5de3aa4db.safeframe.googlesyndication.com
URL: https://1105ae95aa1529a70b513af5de3aa4db.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a08acd55bb001aa85ced7f4f93a4a1446ca18a17689e872b59a9da81ebe0cd45
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://1105ae95aa1529a70b513af5de3aa4db.safeframe.googlesyndication.com/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
gzip
date
Wed, 23 Mar 2022 08:53:14 GMT
server
cafe
cache-control
private
content-length
285
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
abg_lite_fy2019.js
pagead2.googlesyndication.com/pagead/js/r20220317/r20110914/ Frame 761F 		19 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20220317/r20110914/abg_lite_fy2019.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
d072a09604e6a1fea8ef42203503771aa36b63a3c91fd1059966e26e6f5812b3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://1105ae95aa1529a70b513af5de3aa4db.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 23 Mar 2022 08:50:33 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
161
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7871
x-xss-protection
0
server
cafe
etag
7397949449432438406
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 06 Apr 2022 08:50:33 GMT
omrhp_fy2019.js
pagead2.googlesyndication.com/pagead/js/r20220317/r20110914/elements/html/ Frame 761F 		6 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20220317/r20110914/elements/html/omrhp_fy2019.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
2d0744b54be7eab148245653f8fad2e4a0e8875b886bcacbb2c70741872eda55
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://1105ae95aa1529a70b513af5de3aa4db.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 23 Mar 2022 08:40:54 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
740
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2626
x-xss-protection
0
server
cafe
etag
8548655983161038638
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 06 Apr 2022 08:40:54 GMT
view
googleads4.g.doubleclick.net/pcs/ Frame 761F 		0
571 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsth-kZd4ju3dy4jM8oboBxuokdEqg-lQ26wClQd2Jph9wcbxoo8M0fzqhtJi_p2FCJ6ZQcNo24-V30AiAvxAcsNQ5bAKAAzCQ7mr-9vF3KRErsdEHEq7aYL37TSIyGEhCeqegANBZb30CjF9svFR8fxecDSavMIH-jQex0i-LAk4paSN5DwtveuATLh-guuBsOa2V2BT9x0rCeihIS4TGktkXZSy-PglzRWth_uinb6iPwA_68MkFQcS2zUaBxeU_EqC7pZp_k1BC1OSlLlE8WL7kHjaldVZV2cV2XL2ItC0tgnPf1ZFMdAbqjo-nWMPc7ZB60YiI_jNsoxJJCbncqubGAdbvzV-0lTwNU10zrhjsejygM8OCeu_-H6XNai5j0q013MC4oX6HTdgtRHvzWDuTG5lL1lM-XOF9xf1kvLvf4p280DFp-o5LITjkUfURK7esmLMymkBWqxOafFgghY9eEo4zY6-9eMf04b-wmURZ-i7SKmE_cVbtcS0lKjrUy4fhfqDqcvzPxVkDZq2i2jAjIfP_i6KSMic5Z9GZlvZ8eDt2VPecwYhAZda6sPK9eslaJat8hbrZZQ0di_qoklA0GSvidZPga24bjX3Pg7u6vI7ntemCsyYweuhILFR9C5taC5pdfwqVhmyUqTz_8HNZlmfksk3yFvWb9PIO8cHxNY3eJQJq_mlnIxqWnNAIRaLFHbCWOmQNkkvf7IZHoSdYJ43xY8T-hWa_k0GzEp2mppEjRI4y4BWo06cLI1zkdSTvv-mDjbcGEVoo2rP15ZrrwnG698TUBmjyWhUG5tXHvmtEQEWg13M0yPoGsR70zRGtLtxqnBtOpaRwUlTD605CR4jpPRDLuv-PNHJsDTpGwEppSQQOj-f1rOZnii8oEmylJff4afIBn76vZkyYYiPMx4o0Z8Nil3rzeax69-dIoPl77yQqI9dy87eKKInvlhj_USuh1mXqS8491o7deaI6oJPzO7ncktYlVKlJlyI0un-eCkyx8S_JfXoHNuiI66YAeB-Tp9I8VP0FcuraOkpWsrUrdr47yK1Q8qGlwglC463Ru1coEPAp4VHrfBDjs79dCBonWO8t3h59d0btBoRknQ-hrhsi4iMQb_oWF5u4LOIwNZ9MgGMHxaChv7bdkvODNQSyJyMA&sai=AMfl-YTUJ4RdMg_LA9nM9XftnoMOeouOTDafPOopwqNiMwo-AQcbmgxFrnc3AR_YEx1ygZ1fh0OXMsEVRIhd0fTIc8pAPMlwhUBlsHAIQlkh-CUmO2tFp_gGEzb8XaG-pVbEnEFbtId9GiD1Zy6RRAqsMg3qJNVgXbEe2sOqZMG5YA99U-P7fezb31amaU9AUSYZ4BcOfJ4KkxHmZgq8hcyQ0vIS4KULzPeHm5lnqNSQiIL48c4VeCO-_735Akgf3wPkMcNAwdYxVz4vg-s1unHMiSaMoOOA_LLRdG__YL0MmWt8ZjNyrZmChlTY4tQf3I-jfotgnp66qwO_FC5G_r4ZdBLVI5BxCnAZbEKiuFr-jpdcEEfkhBSuy6HftLOXOurGhE2hot8hByqouV4&sig=Cg0ArKJSzDSRJz-lE-wKEAE&uach_m=[UACH]&pr=missingexchangepricemacro&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1&cbvp=1&cstd=0&cisv=r20220317.22898&adurl=
Requested by
Host: 1105ae95aa1529a70b513af5de3aa4db.safeframe.googlesyndication.com
URL: https://1105ae95aa1529a70b513af5de3aa4db.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s04-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://1105ae95aa1529a70b513af5de3aa4db.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin
*
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
date
Wed, 23 Mar 2022 08:53:14 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
UFYwWwmt.js
tpc.googlesyndication.com/sodar/ Frame 761F 		41 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://1105ae95aa1529a70b513af5de3aa4db.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 08:46:19 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
86815
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15207
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 22 Mar 2023 08:46:19 GMT
3644052171575496690
s0.2mdn.net/simgad/ Frame 761F 		138 KB
138 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/simgad/3644052171575496690
Requested by
Host: 1105ae95aa1529a70b513af5de3aa4db.safeframe.googlesyndication.com
URL: https://1105ae95aa1529a70b513af5de3aa4db.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a9b7eb39b0116aea2f9b24e88501676c174481b0e4775caa9a13a81609d719cd
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://1105ae95aa1529a70b513af5de3aa4db.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 16 Mar 2022 13:40:07 GMT
x-content-type-options
nosniff
age
587587
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
141314
x-xss-protection
0
last-modified
Tue, 15 Feb 2022 10:34:47 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Thu, 16 Mar 2023 13:40:07 GMT
sv
capi-tier-1-us-east-2.connatix.com/tr/ Frame 897B 		0
315 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://capi-tier-1-us-east-2.connatix.com/tr/sv?v=155403
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.223.60.0 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-223-60-0.us-east-2.compute.amazonaws.com
Software
Kestrel /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type
multipart/form-data

Response headers

date
Wed, 23 Mar 2022 08:53:14 GMT
content-encoding
gzip
server
Kestrel
vary
Accept-Encoding
content-type
application/x-protobuf
access-control-allow-origin
https://threatpost.com
access-control-allow-credentials
true
Connection
keep-alive
Content-Length
20
pixel
googleads.g.doubleclick.net/xbbe/ Frame DA8A 		668 B
325 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/xbbe/pixel?d=CPDkLxCoi2UY--HEmAEwAQ&v=APEucNXKHB7-pggQf1BkwWy3FUfHxlxrkmxE3fTbRBOeuIWKhlz7OWDtds_aDYqFxJoy1PA0Bz5Ez4A14Yx9vjjjwfmKr1HHGw4lF2Au54_nI3IVcmTc31E
Requested by
Host: 1105ae95aa1529a70b513af5de3aa4db.safeframe.googlesyndication.com
URL: https://1105ae95aa1529a70b513af5de3aa4db.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
8015a89c7e50b71a6597cfc7bc2be462212ae1f57c37e40878a79e7550768ccd
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://1105ae95aa1529a70b513af5de3aa4db.safeframe.googlesyndication.com/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
gzip
date
Wed, 23 Mar 2022 08:53:14 GMT
server
cafe
cache-control
private
content-length
304
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
ad
googleads.g.doubleclick.net/dbm/ Frame 1738 		80 KB
33 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AjeQJNaRiR8LZBWZ1BNlWzxwEzsrjIi19CGdKdRdCctONUPOWOKCPofIWWc9-pJFAgBe8NQTQNOGrVdKhzienDU2DTyw&cry=1&dbm_d=AKAmf-CIacHD8MLGf2GhUFyD97t2y07CJ_PsdbueW2AbOLgAdoZgIWRH_nq2I5EuMLuafnJ1lfv6mZVjKzVlNfKtzGRSnW8PQ6aC5yd6_7jTY9QyCNbLpTvXC5Nw5nTwHmALdz8hDZa4KN0ajS27hVgp230k_eNNSLW3xwD9AjEe_hPiNZ9A-JnAPm64nof904aUrg7NSwdjZH3yBkXBLQDdzZRtmGlRuyFdxt-4YVUNjA7AvTd4BRURK8zUE-IMg7rPDXCe3P6cEJA3H8siYmYmChezh-8tq2XDjVxxXZDDqR8KDMEkqIuiE956zC24nvZM_wI0iTEdEPxVQj99OSXjfl_5aZmkZQ5NGY11CE9TPM7zr-96LdFbHPgJkI6gxEXgFAp5QW4PNOWFU9jSEvwv-_yl6oT_z3saVR8DBYYZxVPkX0PeUgkwZ4GDz3ZTlJ9CZyMhRdMjtmFq2a3J_A7p5C6F2fn-TnaaIJKAcnlR3-Imx3xY-rjqA6BpN1dwP7FpGTiWlJmKO5VAgE37d_QMkJbAUTBWuO80zBhubSHcIrj8L8ZBXAIGUeomPOL11KNMErW8kAQ3vWuu_mmiWxedQ-E3-ng5hEmCkcEX5LwPWaRQ9PGuc4IeZTzgvRYTTkDzgaaCZ_bHyhmkovwVT1FdDcuc9XKXT8oDglNPViuL7pL8se5TT2IpmsLKMI-YDs1VVXktKp32FW2wjCbVtmx_v1FTfQ7PeRfp8WxhxHIZHTVov_L3AJSURC2NOcvJ2qqxUlt_ovUEW5cTTQ0isXuYOsvCvkekJj-rIIB78HKVdAECITgBZP1KvwD7CYJeiLPTTYkof-d9-U3b9vXBwXsS1_jyXvajJVleiFwgIEusg4V8XkbSSiZ33GyiqMnIdggNwOKkJImmm0FmRuw6HEljr_BS3xmkhQM0BT5jtkXJkOClR-zQmqCBaHlIxobSedatg7MOMmz304Mu4LTQR3x97Kf6xGLL9yn-LbNZd0aNG4KZQJjjS3GOXFn2ZDdtXC0G7YjCJtNJ9fstaPxcOP8d5LdO6di36GHGsuk-NrWWv1OmtVP-QidNY0TWEec2Gs7W2pkOhMcvN2szAqx12iHBovCegyYQ33A2pbZfdOT9hcsBr9rWVmjC34JwcLEj9uJLbbO-50dx3S3FZdNlx0gfFcnAfgC-zFkxUX-ZQ1HXTsWz9HKJoAp5yHK9ZCFZ2-P9pevCqDMRPprMzA9SUN9K_CgEy4SfydiPU_KBUXFmGqWDPLdbuWNZbaiRQA4-dFq0E_7ilxNvQASTV5HsjA02RWHjYhVUAUALeBtRADRTeXtt-gCgALg2XCIRQaVXDzIWhaEvoJgGMXdDWonOK1vAIg0fvHZZ-YImfzMF4_tVaa6u7burEFWLytskiUjm0mX1BYj-eLEhrpV8xng3Y_AX1GzZDROE-hvx7tKuf356Q80SvgW7cX-kELq6I4n-qVCkARhRTEAZgP77NCckpzXa3WJVOU9J3-uLTMGTrf5Ai0F8vkLiwSTi-ao37-Vp7qYKy-SpZd3mLcnGOP7FTcEHBxG8wVIKUn8LI7RyFC6wIbfTeLsqj8lODJQcck_9t5K6MBCEt6ryhWR87HVXgcBTnvIdGfpPaAJsl8O7SvqzEdYdIBNNZpilJ5bYk1glRrJ1vrq3swTAQhtmtxNRfTrYaWG6-XNkCr1vhte4hnzYWa0tib4wGDZ_w647kd5MZBeHoMziddm_yw6m95asg1SbJBcVxBGcU6Uas5AMeXtTxPIGPVpNZqQjKjb8iIrUyJ1C-iq9JdzpHHMCnoh5oWvqDhKwIGJlC36xWp896pNkzwaPbBbka7SS0foLCWMPvIIQWNHqbCTSZWKP-i2LUwWdkF8dxe9fwvidvpb29-iWoTBCZctXzpWghAySXmtl9KWFg0zX_kc3AM9ivKoa5luYEYuXjSbv0TV3OzAyfWOMGTC0QHQU51CAx303Sugyaz0sevZmxZL3DbGODNolqAfWXS35YgxOBg6Rus8-nnhP-ucEulnCvHEAMERdH86gDTH9aV5dPVOeya_aU79KFf2eUjgJbsHnH2SLFUYkQ1RcSlBRJhdgSqmQW4jTliYykHyQB2og0DfwYlDol_PyOb72tdx5fja4HksoO1tJM5uv0yd-cr1aoSAmjYs0X7T_dCft9nsC5_G5Jv4D30fOTt3gQAJ-IaXkqpYVFfCdHaV8_XHkpSVtQTMSd14FeXrDtYgWUkRw6Sw1MbGgR-sZtjirwb35sse0qsL4GD2Icg8fiXWm1epmEtQCIpH3gTuRRlkMe4ZUHUMaNGrN5d8xh7ZwZdV2SSEpXXmOP697m4NDgorQu0Xf5-k_sRzvKD7CE7iMMAtkKkjBA6WA3ZnH5hSRAc5UHfazOMwBiI6kS4dryvPAHGMMhh3cjrz5yRUPsHul6grSfJj2QI335yNVIZ-rq7WdmGYaj_jV4bS6MBr-YH1lQTjLRgxW8GPmBSEIcZM3t4svvoMspaAMx4YWUxqS7szVmbp80uSQ_98VmUNegZ4DwYBKZy6ZkA6cWaVwhL2RBICR8nQJW_q9hJbHt13qErUDq6eIALJ4HymlfaU385W17jL_iXCzqcjIoDhbbvDWI7-rutb6tXflc79X_Wqc3W2rmbcW0TUe5djs2gW5WVp438Z2Ea7ubca-Nzhw7n4RhpzALs6zMrbhIhZ586mjnORS92oCpWZblSOlbeWzN5ZpFt51Hlkc7_oWw8kHbSneUm09rrwnsIrjs5k59TVKpA2UfunXljXf4Go4XSKvy8AZxMZuU_7jbHrjauHTTkRjtv2d5qiNy4J9qdAXwDvgGKr5MHh-ZQs3JGW8ARh2PwdcCtasOmIBrvNRK4ftbNER3ThrQECwjiwQtifWKcz3ccCaj8G5VPgKGlBEQNdJLkkqR6hKnSoOpfBSkCInrYzoEwTHm8kJgRRMmR8N9ziePe7EF0CbrRQMQAQId0ZLlG6Zzut055TLMskUsZA3IY4H5UGzPaBlrHYLKI-5w76vwVZRBhKMgGN1Js8M8ywOPFzG2wwFusPxOZgrORS7WSeg7Cr5h0MzhA3imFE_Z29iLzmfI-eHqg&cid=CAASJ-Ro1YdurFjZbeg31nYEQ1KP5gxSBLRE4-169CLChc5yK-EHBHkswA&rfl=2%2Chttps%253A%252F%252Fthreatpost.com%252F%240
Requested by
Host: threatpost.com
URL: https://threatpost.com/malware-hunter-crawls-internet-looking-for-rat-c2s/125360/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
732ecd65c3d8793bf3f37051792069dbf3ebd29bc1faa6522182e8ad726ee2ad
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://1105ae95aa1529a70b513af5de3aa4db.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 23 Mar 2022 08:53:14 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
33934
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
window_focus_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220317/r20110914/client/ Frame 1738 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220317/r20110914/client/window_focus_fy2019.js
Requested by
Host: 1105ae95aa1529a70b513af5de3aa4db.safeframe.googlesyndication.com
URL: https://1105ae95aa1529a70b513af5de3aa4db.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
68026f99511fbc5c2275b7068b5fac19797d638977ffb9db12c5c1523614c18f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://1105ae95aa1529a70b513af5de3aa4db.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 23 Mar 2022 08:04:35 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
2919
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1233
x-xss-protection
0
server
cafe
etag
16517525077337815633
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 06 Apr 2022 08:04:35 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame 1738 		118 KB
36 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: 1105ae95aa1529a70b513af5de3aa4db.safeframe.googlesyndication.com
URL: https://1105ae95aa1529a70b513af5de3aa4db.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f74c04529f8d5f9c248eda87caec654de5e5c61dd40e9ac4696b026d2841b131
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://1105ae95aa1529a70b513af5de3aa4db.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 23 Mar 2022 08:53:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
36708
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1647862282720048"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Wed, 23 Mar 2022 08:53:14 GMT
qs_click_protection_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220317/r20110914/client/ Frame 1738 		15 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220317/r20110914/client/qs_click_protection_fy2019.js
Requested by
Host: 1105ae95aa1529a70b513af5de3aa4db.safeframe.googlesyndication.com
URL: https://1105ae95aa1529a70b513af5de3aa4db.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ecc2e585ea072abb205881f3aad6f36e92d556537e7100a8a128ddbc75edb436
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://1105ae95aa1529a70b513af5de3aa4db.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 23 Mar 2022 08:04:45 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
2909
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6407
x-xss-protection
0
server
cafe
etag
6055885685211612390
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 06 Apr 2022 08:04:45 GMT
l
www.google.com/ads/measurement/ Frame 1738 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/measurement/l?ebcid=ALh7CaTQxk_BM9U6ZUANABYvdtB9I4-gdQtcFQ9Gcu_AK_gYakeftg07AOScw-t4Cl_AS1_AxPD_UUJCuU_cchxPc1NHzME0Aw
Requested by
Host: 1105ae95aa1529a70b513af5de3aa4db.safeframe.googlesyndication.com
URL: https://1105ae95aa1529a70b513af5de3aa4db.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://1105ae95aa1529a70b513af5de3aa4db.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers
gen_204
pagead2.googlesyndication.com/pagead/ Frame 1738 		42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-C9jEpvkj-JKey14s3X7uNo6swAso9m0F4HT0yMhXPVZhhgwIBsVz0PXd6YKdnkVIuL0P6qkUuvRv2NQX2ns5YFlR1xf8AUXX9JWkDHxQfpu-z61_U
Requested by
Host: 1105ae95aa1529a70b513af5de3aa4db.safeframe.googlesyndication.com
URL: https://1105ae95aa1529a70b513af5de3aa4db.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://1105ae95aa1529a70b513af5de3aa4db.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 23 Mar 2022 08:53:14 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
si
googleads.g.doubleclick.net/pagead/drt/ Frame 49AC
Redirect Chain
  • https://www.google.com/pagead/drt/ui
  • https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Requested by
Host: threatpost.com
URL: https://threatpost.com/malware-hunter-crawls-internet-looking-for-rat-c2s/125360/
Protocol
H3
Server
2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Redirect headers

date
Wed, 23 Mar 2022 08:53:14 GMT
x-content-type-options
nosniff
server
cafe
content-type
text/html; charset=UTF-8
location
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
cache-control
private
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
rum
dsum-sec.casalemedia.com/ Frame 2959
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm&gdpr=0
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECfj2luyT3_BkfgwCS2JUpA&google_cver=1&gdpr=0
43 B
1014 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECfj2luyT3_BkfgwCS2JUpA&google_cver=1&gdpr=0
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJnYKBCaoPjrARiQ4ZLCATAB&v=APEucNXgQqHUwCGVjRqhbDIWA6J9YwnCUU55T2L7dcothzBNnoySLpiDgleCXLCRLqHxDN5rwxlyQrclsXwkUkTr27v9Be839TO8LMfFj77LesMN6IfTZkM
Protocol
HTTP/1.1
Server
2.20.85.164 Milan, Italy, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-20-85-164.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 23 Mar 2022 08:53:15 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Wed, 23 Mar 2022 08:53:15 GMT

Redirect headers

pragma
no-cache
date
Wed, 23 Mar 2022 08:53:14 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECfj2luyT3_BkfgwCS2JUpA&google_cver=1&gdpr=0
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
324
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
rum
dsum-sec.casalemedia.com/ Frame 2959
Redirect Chain
  • https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&gdpr=0&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
  • https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgdpr%3D0%26google_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&gdpr=0&ixi=0&C=1
  • https://cm.g.doubleclick.net/pixel?gdpr=0&google_nid=casale_media2_dsp_secure&google_cm&google_hm=Yjrf.noNB57K5wdhKQJBxAAA
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECfj2luyT3_BkfgwCS2JUpA&google_cver=1&gdpr=0&google_hm=2
43 B
894 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECfj2luyT3_BkfgwCS2JUpA&google_cver=1&gdpr=0&google_hm=2
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJnYKBCaoPjrARiQ4ZLCATAB&v=APEucNXgQqHUwCGVjRqhbDIWA6J9YwnCUU55T2L7dcothzBNnoySLpiDgleCXLCRLqHxDN5rwxlyQrclsXwkUkTr27v9Be839TO8LMfFj77LesMN6IfTZkM
Protocol
HTTP/1.1
Server
2.20.85.164 Milan, Italy, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-20-85-164.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 23 Mar 2022 08:53:15 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Wed, 23 Mar 2022 08:53:15 GMT

Redirect headers

pragma
no-cache
date
Wed, 23 Mar 2022 08:53:15 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECfj2luyT3_BkfgwCS2JUpA&google_cver=1&gdpr=0&google_hm=2
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
340
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
setuid
ib.adnxs.com/ Frame 2959
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm&gdpr=0
  • https://ib.adnxs.com/setuid?entity=101&gdpr=0&code=CAESEFK2SGB4onJEqLMg5_ZevSc&google_cver=1
43 B
1016 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ib.adnxs.com/setuid?entity=101&gdpr=0&code=CAESEFK2SGB4onJEqLMg5_ZevSc&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJnYKBCaoPjrARiQ4ZLCATAB&v=APEucNXgQqHUwCGVjRqhbDIWA6J9YwnCUU55T2L7dcothzBNnoySLpiDgleCXLCRLqHxDN5rwxlyQrclsXwkUkTr27v9Be839TO8LMfFj77LesMN6IfTZkM
Protocol
HTTP/1.1
Server
185.33.221.52 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
725.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 23 Mar 2022 08:53:15 GMT
X-Proxy-Origin
217.64.151.30; 217.64.151.30; 725.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid
5bdbe612-2cb2-44e4-9292-3303516a35bb
Server
nginx/1.21.3
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma
no-cache
date
Wed, 23 Mar 2022 08:53:15 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://ib.adnxs.com/setuid?entity=101&gdpr=0&code=CAESEFK2SGB4onJEqLMg5_ZevSc&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
301
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame 2959
Redirect Chain
  • https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Nzg4NTgxMTgyODg0NDgyMjA1OA%3D%3D
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Nzg4NTgxMTgyODg0NDgyMjA1OA%3D%3D
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJnYKBCaoPjrARiQ4ZLCATAB&v=APEucNXgQqHUwCGVjRqhbDIWA6J9YwnCUU55T2L7dcothzBNnoySLpiDgleCXLCRLqHxDN5rwxlyQrclsXwkUkTr27v9Be839TO8LMfFj77LesMN6IfTZkM
Protocol
H3
Server
142.250.185.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 23 Mar 2022 08:53:15 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Wed, 23 Mar 2022 08:53:15 GMT
X-Proxy-Origin
217.64.151.30; 217.64.151.30; 725.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid
45b7e257-8dae-4eea-8d5b-58cd47162cba
Server
nginx/1.21.3
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Nzg4NTgxMTgyODg0NDgyMjA1OA%3D%3D
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
view
googleads4.g.doubleclick.net/pcs/ Frame 761F 		0
23 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsth-kZd4ju3dy4jM8oboBxuokdEqg-lQ26wClQd2Jph9wcbxoo8M0fzqhtJi_p2FCJ6ZQcNo24-V30AiAvxAcsNQ5bAKAAzCQ7mr-9vF3KRErsdEHEq7aYL37TSIyGEhCeqegANBZb30CjF9svFR8fxecDSavMIH-jQex0i-LAk4paSN5DwtveuATLh-guuBsOa2V2BT9x0rCeihIS4TGktkXZSy-PglzRWth_uinb6iPwA_68MkFQcS2zUaBxeU_EqC7pZp_k1BC1OSlLlE8WL7kHjaldVZV2cV2XL2ItC0tgnPf1ZFMdAbqjo-nWMPc7ZB60YiI_jNsoxJJCbncqubGAdbvzV-0lTwNU10zrhjsejygM8OCeu_-H6XNai5j0q013MC4oX6HTdgtRHvzWDuTG5lL1lM-XOF9xf1kvLvf4p280DFp-o5LITjkUfURK7esmLMymkBWqxOafFgghY9eEo4zY6-9eMf04b-wmURZ-i7SKmE_cVbtcS0lKjrUy4fhfqDqcvzPxVkDZq2i2jAjIfP_i6KSMic5Z9GZlvZ8eDt2VPecwYhAZda6sPK9eslaJat8hbrZZQ0di_qoklA0GSvidZPga24bjX3Pg7u6vI7ntemCsyYweuhILFR9C5taC5pdfwqVhmyUqTz_8HNZlmfksk3yFvWb9PIO8cHxNY3eJQJq_mlnIxqWnNAIRaLFHbCWOmQNkkvf7IZHoSdYJ43xY8T-hWa_k0GzEp2mppEjRI4y4BWo06cLI1zkdSTvv-mDjbcGEVoo2rP15ZrrwnG698TUBmjyWhUG5tXHvmtEQEWg13M0yPoGsR70zRGtLtxqnBtOpaRwUlTD605CR4jpPRDLuv-PNHJsDTpGwEppSQQOj-f1rOZnii8oEmylJff4afIBn76vZkyYYiPMx4o0Z8Nil3rzeax69-dIoPl77yQqI9dy87eKKInvlhj_USuh1mXqS8491o7deaI6oJPzO7ncktYlVKlJlyI0un-eCkyx8S_JfXoHNuiI66YAeB-Tp9I8VP0FcuraOkpWsrUrdr47yK1Q8qGlwglC463Ru1coEPAp4VHrfBDjs79dCBonWO8t3h59d0btBoRknQ-hrhsi4iMQb_oWF5u4LOIwNZ9MgGMHxaChv7bdkvODNQSyJyMA&sai=AMfl-YTUJ4RdMg_LA9nM9XftnoMOeouOTDafPOopwqNiMwo-AQcbmgxFrnc3AR_YEx1ygZ1fh0OXMsEVRIhd0fTIc8pAPMlwhUBlsHAIQlkh-CUmO2tFp_gGEzb8XaG-pVbEnEFbtId9GiD1Zy6RRAqsMg3qJNVgXbEe2sOqZMG5YA99U-P7fezb31amaU9AUSYZ4BcOfJ4KkxHmZgq8hcyQ0vIS4KULzPeHm5lnqNSQiIL48c4VeCO-_735Akgf3wPkMcNAwdYxVz4vg-s1unHMiSaMoOOA_LLRdG__YL0MmWt8ZjNyrZmChlTY4tQf3I-jfotgnp66qwO_FC5G_r4ZdBLVI5BxCnAZbEKiuFr-jpdcEEfkhBSuy6HftLOXOurGhE2hot8hByqouV4&sig=Cg0ArKJSzDSRJz-lE-wKEAE&uach_m=[UACH]&pr=missingexchangepricemacro&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=496&vt=11&dtpt=495&dett=2&cstd=0&cisv=r20220317.22898&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&adurl=
Requested by
Host: 1105ae95aa1529a70b513af5de3aa4db.safeframe.googlesyndication.com
URL: https://1105ae95aa1529a70b513af5de3aa4db.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s04-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://1105ae95aa1529a70b513af5de3aa4db.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin
*
date
Wed, 23 Mar 2022 08:53:14 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
sd
us-u.openx.net/w/1.0/ Frame DA8A
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm&gdpr=0
  • https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESELVWe0ik0I-fTvPbfIaPOE0&google_cver=1&gdpr=0
43 B
61 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESELVWe0ik0I-fTvPbfIaPOE0&google_cver=1&gdpr=0
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPDkLxCoi2UY--HEmAEwAQ&v=APEucNXKHB7-pggQf1BkwWy3FUfHxlxrkmxE3fTbRBOeuIWKhlz7OWDtds_aDYqFxJoy1PA0Bz5Ez4A14Yx9vjjjwfmKr1HHGw4lF2Au54_nI3IVcmTc31E
Protocol
H3
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/17.2.1 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 23 Mar 2022 08:53:15 GMT
via
1.1 google
server
OXGW/17.2.1
vary
Accept
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma
no-cache
date
Wed, 23 Mar 2022 08:53:15 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESELVWe0ik0I-fTvPbfIaPOE0&google_cver=1&gdpr=0
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
306
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame DA8A
Redirect Chain
  • https://us-u.openx.net/w/1.0/cm?id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&gdpr=0&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D
  • https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=Zjg1YTk0YzgtNmJmOS0yYTg0LWQxM2EtNjRlMTE4NmQ2ODE5
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=Zjg1YTk0YzgtNmJmOS0yYTg0LWQxM2EtNjRlMTE4NmQ2ODE5
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPDkLxCoi2UY--HEmAEwAQ&v=APEucNXKHB7-pggQf1BkwWy3FUfHxlxrkmxE3fTbRBOeuIWKhlz7OWDtds_aDYqFxJoy1PA0Bz5Ez4A14Yx9vjjjwfmKr1HHGw4lF2Au54_nI3IVcmTc31E
Protocol
H3
Server
142.250.185.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 23 Mar 2022 08:53:15 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date
Wed, 23 Mar 2022 08:53:15 GMT
content-encoding
gzip
server
OXGW/17.2.1
vary
Accept, Accept-Encoding
p3p
CP="CUR ADM OUR NOR STA NID"
location
https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=Zjg1YTk0YzgtNmJmOS0yYTg0LWQxM2EtNjRlMTE4NmQ2ODE5
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
via
1.1 google
um
sync.teads.tv/ Frame DA8A
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm&gdpr=0
  • https://sync.teads.tv/um?eid=3&uid=CAESECxXC90gJkN27bQP5cusJC4&google_cver=1&gdpr=0
23 B
172 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.teads.tv/um?eid=3&uid=CAESECxXC90gJkN27bQP5cusJC4&google_cver=1&gdpr=0
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPDkLxCoi2UY--HEmAEwAQ&v=APEucNXKHB7-pggQf1BkwWy3FUfHxlxrkmxE3fTbRBOeuIWKhlz7OWDtds_aDYqFxJoy1PA0Bz5Ez4A14Yx9vjjjwfmKr1HHGw4lF2Au54_nI3IVcmTc31E
Protocol
H2
Server
104.111.242.245 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-242-245.deploy.static.akamaitechnologies.com
Software
akka-http/10.2.7 /
Resource Hash
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 23 Mar 2022 08:53:15 GMT
cache-control
max-age=0, no-cache, no-store
expires
Wed, 23 Mar 2022 08:53:15 GMT
server
akka-http/10.2.7
content-length
23
content-type
image/gif

Redirect headers

pragma
no-cache
date
Wed, 23 Mar 2022 08:53:15 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://sync.teads.tv/um?eid=3&uid=CAESECxXC90gJkN27bQP5cusJC4&google_cver=1&gdpr=0
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
292
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
um
sync.teads.tv/ Frame DA8A 		23 B
172 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.teads.tv/um?eid=3&uid=&gdpr=0&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_dbm%26google_hm%3D%5BVID_B64%5D
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPDkLxCoi2UY--HEmAEwAQ&v=APEucNXKHB7-pggQf1BkwWy3FUfHxlxrkmxE3fTbRBOeuIWKhlz7OWDtds_aDYqFxJoy1PA0Bz5Ez4A14Yx9vjjjwfmKr1HHGw4lF2Au54_nI3IVcmTc31E
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.111.242.245 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-242-245.deploy.static.akamaitechnologies.com
Software
akka-http/10.2.7 /
Resource Hash
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 23 Mar 2022 08:53:15 GMT
cache-control
max-age=0, no-cache, no-store
expires
Wed, 23 Mar 2022 08:53:15 GMT
server
akka-http/10.2.7
content-length
23
content-type
image/gif
express_html_inpage_rendering_lib_200_275.js
s0.2mdn.net/879366/ Frame 1738 		106 KB
37 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_275.js
Requested by
Host: threatpost.com
URL: https://threatpost.com/malware-hunter-crawls-internet-looking-for-rat-c2s/125360/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a23e44d9d02a2a9641a9bd3b47693656054c00b71890aed2fa7fc90151750f73
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://1105ae95aa1529a70b513af5de3aa4db.safeframe.googlesyndication.com/
Origin
https://1105ae95aa1529a70b513af5de3aa4db.safeframe.googlesyndication.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 23 Mar 2022 08:46:21 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
414
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
37892
x-xss-protection
0
last-modified
Mon, 27 Sep 2021 18:44:52 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Thu, 24 Mar 2022 08:46:21 GMT
omrhp.js
pagead2.googlesyndication.com/pagead/js/r20220317/r20110914/elements/html/ Frame 1738 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20220317/r20110914/elements/html/omrhp.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AjeQJNaRiR8LZBWZ1BNlWzxwEzsrjIi19CGdKdRdCctONUPOWOKCPofIWWc9-pJFAgBe8NQTQNOGrVdKhzienDU2DTyw&cry=1&dbm_d=AKAmf-CIacHD8MLGf2GhUFyD97t2y07CJ_PsdbueW2AbOLgAdoZgIWRH_nq2I5EuMLuafnJ1lfv6mZVjKzVlNfKtzGRSnW8PQ6aC5yd6_7jTY9QyCNbLpTvXC5Nw5nTwHmALdz8hDZa4KN0ajS27hVgp230k_eNNSLW3xwD9AjEe_hPiNZ9A-JnAPm64nof904aUrg7NSwdjZH3yBkXBLQDdzZRtmGlRuyFdxt-4YVUNjA7AvTd4BRURK8zUE-IMg7rPDXCe3P6cEJA3H8siYmYmChezh-8tq2XDjVxxXZDDqR8KDMEkqIuiE956zC24nvZM_wI0iTEdEPxVQj99OSXjfl_5aZmkZQ5NGY11CE9TPM7zr-96LdFbHPgJkI6gxEXgFAp5QW4PNOWFU9jSEvwv-_yl6oT_z3saVR8DBYYZxVPkX0PeUgkwZ4GDz3ZTlJ9CZyMhRdMjtmFq2a3J_A7p5C6F2fn-TnaaIJKAcnlR3-Imx3xY-rjqA6BpN1dwP7FpGTiWlJmKO5VAgE37d_QMkJbAUTBWuO80zBhubSHcIrj8L8ZBXAIGUeomPOL11KNMErW8kAQ3vWuu_mmiWxedQ-E3-ng5hEmCkcEX5LwPWaRQ9PGuc4IeZTzgvRYTTkDzgaaCZ_bHyhmkovwVT1FdDcuc9XKXT8oDglNPViuL7pL8se5TT2IpmsLKMI-YDs1VVXktKp32FW2wjCbVtmx_v1FTfQ7PeRfp8WxhxHIZHTVov_L3AJSURC2NOcvJ2qqxUlt_ovUEW5cTTQ0isXuYOsvCvkekJj-rIIB78HKVdAECITgBZP1KvwD7CYJeiLPTTYkof-d9-U3b9vXBwXsS1_jyXvajJVleiFwgIEusg4V8XkbSSiZ33GyiqMnIdggNwOKkJImmm0FmRuw6HEljr_BS3xmkhQM0BT5jtkXJkOClR-zQmqCBaHlIxobSedatg7MOMmz304Mu4LTQR3x97Kf6xGLL9yn-LbNZd0aNG4KZQJjjS3GOXFn2ZDdtXC0G7YjCJtNJ9fstaPxcOP8d5LdO6di36GHGsuk-NrWWv1OmtVP-QidNY0TWEec2Gs7W2pkOhMcvN2szAqx12iHBovCegyYQ33A2pbZfdOT9hcsBr9rWVmjC34JwcLEj9uJLbbO-50dx3S3FZdNlx0gfFcnAfgC-zFkxUX-ZQ1HXTsWz9HKJoAp5yHK9ZCFZ2-P9pevCqDMRPprMzA9SUN9K_CgEy4SfydiPU_KBUXFmGqWDPLdbuWNZbaiRQA4-dFq0E_7ilxNvQASTV5HsjA02RWHjYhVUAUALeBtRADRTeXtt-gCgALg2XCIRQaVXDzIWhaEvoJgGMXdDWonOK1vAIg0fvHZZ-YImfzMF4_tVaa6u7burEFWLytskiUjm0mX1BYj-eLEhrpV8xng3Y_AX1GzZDROE-hvx7tKuf356Q80SvgW7cX-kELq6I4n-qVCkARhRTEAZgP77NCckpzXa3WJVOU9J3-uLTMGTrf5Ai0F8vkLiwSTi-ao37-Vp7qYKy-SpZd3mLcnGOP7FTcEHBxG8wVIKUn8LI7RyFC6wIbfTeLsqj8lODJQcck_9t5K6MBCEt6ryhWR87HVXgcBTnvIdGfpPaAJsl8O7SvqzEdYdIBNNZpilJ5bYk1glRrJ1vrq3swTAQhtmtxNRfTrYaWG6-XNkCr1vhte4hnzYWa0tib4wGDZ_w647kd5MZBeHoMziddm_yw6m95asg1SbJBcVxBGcU6Uas5AMeXtTxPIGPVpNZqQjKjb8iIrUyJ1C-iq9JdzpHHMCnoh5oWvqDhKwIGJlC36xWp896pNkzwaPbBbka7SS0foLCWMPvIIQWNHqbCTSZWKP-i2LUwWdkF8dxe9fwvidvpb29-iWoTBCZctXzpWghAySXmtl9KWFg0zX_kc3AM9ivKoa5luYEYuXjSbv0TV3OzAyfWOMGTC0QHQU51CAx303Sugyaz0sevZmxZL3DbGODNolqAfWXS35YgxOBg6Rus8-nnhP-ucEulnCvHEAMERdH86gDTH9aV5dPVOeya_aU79KFf2eUjgJbsHnH2SLFUYkQ1RcSlBRJhdgSqmQW4jTliYykHyQB2og0DfwYlDol_PyOb72tdx5fja4HksoO1tJM5uv0yd-cr1aoSAmjYs0X7T_dCft9nsC5_G5Jv4D30fOTt3gQAJ-IaXkqpYVFfCdHaV8_XHkpSVtQTMSd14FeXrDtYgWUkRw6Sw1MbGgR-sZtjirwb35sse0qsL4GD2Icg8fiXWm1epmEtQCIpH3gTuRRlkMe4ZUHUMaNGrN5d8xh7ZwZdV2SSEpXXmOP697m4NDgorQu0Xf5-k_sRzvKD7CE7iMMAtkKkjBA6WA3ZnH5hSRAc5UHfazOMwBiI6kS4dryvPAHGMMhh3cjrz5yRUPsHul6grSfJj2QI335yNVIZ-rq7WdmGYaj_jV4bS6MBr-YH1lQTjLRgxW8GPmBSEIcZM3t4svvoMspaAMx4YWUxqS7szVmbp80uSQ_98VmUNegZ4DwYBKZy6ZkA6cWaVwhL2RBICR8nQJW_q9hJbHt13qErUDq6eIALJ4HymlfaU385W17jL_iXCzqcjIoDhbbvDWI7-rutb6tXflc79X_Wqc3W2rmbcW0TUe5djs2gW5WVp438Z2Ea7ubca-Nzhw7n4RhpzALs6zMrbhIhZ586mjnORS92oCpWZblSOlbeWzN5ZpFt51Hlkc7_oWw8kHbSneUm09rrwnsIrjs5k59TVKpA2UfunXljXf4Go4XSKvy8AZxMZuU_7jbHrjauHTTkRjtv2d5qiNy4J9qdAXwDvgGKr5MHh-ZQs3JGW8ARh2PwdcCtasOmIBrvNRK4ftbNER3ThrQECwjiwQtifWKcz3ccCaj8G5VPgKGlBEQNdJLkkqR6hKnSoOpfBSkCInrYzoEwTHm8kJgRRMmR8N9ziePe7EF0CbrRQMQAQId0ZLlG6Zzut055TLMskUsZA3IY4H5UGzPaBlrHYLKI-5w76vwVZRBhKMgGN1Js8M8ywOPFzG2wwFusPxOZgrORS7WSeg7Cr5h0MzhA3imFE_Z29iLzmfI-eHqg&cid=CAASJ-Ro1YdurFjZbeg31nYEQ1KP5gxSBLRE4-169CLChc5yK-EHBHkswA&rfl=2%2Chttps%253A%252F%252Fthreatpost.com%252F%240
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
28f18d39406a4b70dfa6cd479fe03f7ed918ca5c05cee26b87d9e1626cea1ed9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://1105ae95aa1529a70b513af5de3aa4db.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 23 Mar 2022 08:49:26 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
229
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
3159
x-xss-protection
0
server
cafe
etag
1394524276809619753
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 06 Apr 2022 08:49:26 GMT
abg_lite.js
pagead2.googlesyndication.com/pagead/js/r20220317/r20110914/ Frame 1738 		25 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20220317/r20110914/abg_lite.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AjeQJNaRiR8LZBWZ1BNlWzxwEzsrjIi19CGdKdRdCctONUPOWOKCPofIWWc9-pJFAgBe8NQTQNOGrVdKhzienDU2DTyw&cry=1&dbm_d=AKAmf-CIacHD8MLGf2GhUFyD97t2y07CJ_PsdbueW2AbOLgAdoZgIWRH_nq2I5EuMLuafnJ1lfv6mZVjKzVlNfKtzGRSnW8PQ6aC5yd6_7jTY9QyCNbLpTvXC5Nw5nTwHmALdz8hDZa4KN0ajS27hVgp230k_eNNSLW3xwD9AjEe_hPiNZ9A-JnAPm64nof904aUrg7NSwdjZH3yBkXBLQDdzZRtmGlRuyFdxt-4YVUNjA7AvTd4BRURK8zUE-IMg7rPDXCe3P6cEJA3H8siYmYmChezh-8tq2XDjVxxXZDDqR8KDMEkqIuiE956zC24nvZM_wI0iTEdEPxVQj99OSXjfl_5aZmkZQ5NGY11CE9TPM7zr-96LdFbHPgJkI6gxEXgFAp5QW4PNOWFU9jSEvwv-_yl6oT_z3saVR8DBYYZxVPkX0PeUgkwZ4GDz3ZTlJ9CZyMhRdMjtmFq2a3J_A7p5C6F2fn-TnaaIJKAcnlR3-Imx3xY-rjqA6BpN1dwP7FpGTiWlJmKO5VAgE37d_QMkJbAUTBWuO80zBhubSHcIrj8L8ZBXAIGUeomPOL11KNMErW8kAQ3vWuu_mmiWxedQ-E3-ng5hEmCkcEX5LwPWaRQ9PGuc4IeZTzgvRYTTkDzgaaCZ_bHyhmkovwVT1FdDcuc9XKXT8oDglNPViuL7pL8se5TT2IpmsLKMI-YDs1VVXktKp32FW2wjCbVtmx_v1FTfQ7PeRfp8WxhxHIZHTVov_L3AJSURC2NOcvJ2qqxUlt_ovUEW5cTTQ0isXuYOsvCvkekJj-rIIB78HKVdAECITgBZP1KvwD7CYJeiLPTTYkof-d9-U3b9vXBwXsS1_jyXvajJVleiFwgIEusg4V8XkbSSiZ33GyiqMnIdggNwOKkJImmm0FmRuw6HEljr_BS3xmkhQM0BT5jtkXJkOClR-zQmqCBaHlIxobSedatg7MOMmz304Mu4LTQR3x97Kf6xGLL9yn-LbNZd0aNG4KZQJjjS3GOXFn2ZDdtXC0G7YjCJtNJ9fstaPxcOP8d5LdO6di36GHGsuk-NrWWv1OmtVP-QidNY0TWEec2Gs7W2pkOhMcvN2szAqx12iHBovCegyYQ33A2pbZfdOT9hcsBr9rWVmjC34JwcLEj9uJLbbO-50dx3S3FZdNlx0gfFcnAfgC-zFkxUX-ZQ1HXTsWz9HKJoAp5yHK9ZCFZ2-P9pevCqDMRPprMzA9SUN9K_CgEy4SfydiPU_KBUXFmGqWDPLdbuWNZbaiRQA4-dFq0E_7ilxNvQASTV5HsjA02RWHjYhVUAUALeBtRADRTeXtt-gCgALg2XCIRQaVXDzIWhaEvoJgGMXdDWonOK1vAIg0fvHZZ-YImfzMF4_tVaa6u7burEFWLytskiUjm0mX1BYj-eLEhrpV8xng3Y_AX1GzZDROE-hvx7tKuf356Q80SvgW7cX-kELq6I4n-qVCkARhRTEAZgP77NCckpzXa3WJVOU9J3-uLTMGTrf5Ai0F8vkLiwSTi-ao37-Vp7qYKy-SpZd3mLcnGOP7FTcEHBxG8wVIKUn8LI7RyFC6wIbfTeLsqj8lODJQcck_9t5K6MBCEt6ryhWR87HVXgcBTnvIdGfpPaAJsl8O7SvqzEdYdIBNNZpilJ5bYk1glRrJ1vrq3swTAQhtmtxNRfTrYaWG6-XNkCr1vhte4hnzYWa0tib4wGDZ_w647kd5MZBeHoMziddm_yw6m95asg1SbJBcVxBGcU6Uas5AMeXtTxPIGPVpNZqQjKjb8iIrUyJ1C-iq9JdzpHHMCnoh5oWvqDhKwIGJlC36xWp896pNkzwaPbBbka7SS0foLCWMPvIIQWNHqbCTSZWKP-i2LUwWdkF8dxe9fwvidvpb29-iWoTBCZctXzpWghAySXmtl9KWFg0zX_kc3AM9ivKoa5luYEYuXjSbv0TV3OzAyfWOMGTC0QHQU51CAx303Sugyaz0sevZmxZL3DbGODNolqAfWXS35YgxOBg6Rus8-nnhP-ucEulnCvHEAMERdH86gDTH9aV5dPVOeya_aU79KFf2eUjgJbsHnH2SLFUYkQ1RcSlBRJhdgSqmQW4jTliYykHyQB2og0DfwYlDol_PyOb72tdx5fja4HksoO1tJM5uv0yd-cr1aoSAmjYs0X7T_dCft9nsC5_G5Jv4D30fOTt3gQAJ-IaXkqpYVFfCdHaV8_XHkpSVtQTMSd14FeXrDtYgWUkRw6Sw1MbGgR-sZtjirwb35sse0qsL4GD2Icg8fiXWm1epmEtQCIpH3gTuRRlkMe4ZUHUMaNGrN5d8xh7ZwZdV2SSEpXXmOP697m4NDgorQu0Xf5-k_sRzvKD7CE7iMMAtkKkjBA6WA3ZnH5hSRAc5UHfazOMwBiI6kS4dryvPAHGMMhh3cjrz5yRUPsHul6grSfJj2QI335yNVIZ-rq7WdmGYaj_jV4bS6MBr-YH1lQTjLRgxW8GPmBSEIcZM3t4svvoMspaAMx4YWUxqS7szVmbp80uSQ_98VmUNegZ4DwYBKZy6ZkA6cWaVwhL2RBICR8nQJW_q9hJbHt13qErUDq6eIALJ4HymlfaU385W17jL_iXCzqcjIoDhbbvDWI7-rutb6tXflc79X_Wqc3W2rmbcW0TUe5djs2gW5WVp438Z2Ea7ubca-Nzhw7n4RhpzALs6zMrbhIhZ586mjnORS92oCpWZblSOlbeWzN5ZpFt51Hlkc7_oWw8kHbSneUm09rrwnsIrjs5k59TVKpA2UfunXljXf4Go4XSKvy8AZxMZuU_7jbHrjauHTTkRjtv2d5qiNy4J9qdAXwDvgGKr5MHh-ZQs3JGW8ARh2PwdcCtasOmIBrvNRK4ftbNER3ThrQECwjiwQtifWKcz3ccCaj8G5VPgKGlBEQNdJLkkqR6hKnSoOpfBSkCInrYzoEwTHm8kJgRRMmR8N9ziePe7EF0CbrRQMQAQId0ZLlG6Zzut055TLMskUsZA3IY4H5UGzPaBlrHYLKI-5w76vwVZRBhKMgGN1Js8M8ywOPFzG2wwFusPxOZgrORS7WSeg7Cr5h0MzhA3imFE_Z29iLzmfI-eHqg&cid=CAASJ-Ro1YdurFjZbeg31nYEQ1KP5gxSBLRE4-169CLChc5yK-EHBHkswA&rfl=2%2Chttps%253A%252F%252Fthreatpost.com%252F%240
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
4a18b0faf6a447454e134730303202f8416b72f1d4f744b1d3b4646636240eb7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://1105ae95aa1529a70b513af5de3aa4db.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 23 Mar 2022 08:49:19 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
236
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
9657
x-xss-protection
0
server
cafe
etag
16576748017229546422
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 06 Apr 2022 08:49:19 GMT
Enqz_20U.html
tpc.googlesyndication.com/sodar/ Frame 2507 		22 KB
8 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://1105ae95aa1529a70b513af5de3aa4db.safeframe.googlesyndication.com/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
cross-origin-resource-policy
cross-origin
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
timing-allow-origin
*
content-length
8395
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
date
Tue, 22 Mar 2022 08:46:21 GMT
expires
Wed, 22 Mar 2023 08:46:21 GMT
cache-control
public, max-age=31536000
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
content-type
text/html
age
86814
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
truncated
/ Frame 761F 		217 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
78ccdfc7ae4727d5852f06d0e2c21439af3b35259531b51f6bd649556b44ce7c

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type
image/png
index.html
s0.2mdn.net/sadbundle/17744649143931551434/ Frame 74C0 		118 KB
22 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/sadbundle/17744649143931551434/index.html
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_275.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
6e3b5e7774c307c8a6b26e5597f84c8a2f7e8554a703de15af4868e1e526002f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://1105ae95aa1529a70b513af5de3aa4db.safeframe.googlesyndication.com/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
access-control-allow-origin
*
cross-origin-resource-policy
cross-origin
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
timing-allow-origin
*
x-content-type-options
nosniff
x-dns-prefetch-control
off
content-encoding
gzip
server
sffe
x-xss-protection
0
date
Thu, 17 Mar 2022 16:59:31 GMT
expires
Fri, 17 Mar 2023 16:59:31 GMT
cache-control
public, max-age=31536000
last-modified
Thu, 17 Mar 2022 16:56:17 GMT
content-type
text/html
content-length
22975
age
489224
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
UFYwWwmt.js
tpc.googlesyndication.com/sodar/ Frame 1738 		41 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Requested by
Host: 1105ae95aa1529a70b513af5de3aa4db.safeframe.googlesyndication.com
URL: https://1105ae95aa1529a70b513af5de3aa4db.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://1105ae95aa1529a70b513af5de3aa4db.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 08:46:19 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
86816
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15207
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 22 Mar 2023 08:46:19 GMT
ic5.php
data00.adlooxtracking.com/ads/ Frame 761F 		1 B
486 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://data00.adlooxtracking.com/ads/ic5.php?d1=%7B%22tag_hash%22%3A%22platform%3D2%26scriptname%3Dadl_44%26tagid%3D162%26typejs%3Dtvaf%26fwtype%3D1%26creatype%3D2%26targetelt%3D%26custom1area%3D50%26custom1sec%3D1%26custom2area%3D0%26custom2sec%3D0%22%7D&adloox_io=1&client=1000mercis&campagne=44&banniere=0&visite_id=69193843338&seq=0&timezone=0&js=tfav_adl_44.js&date_regen=2021-12-14%2010%3A16%3A37&plat=2&tagid=162&fw=1&version=1&type_crea=2&sl=%22sm%22%3A%22browser%22&id1=1&id2=16256653614&id3=407154832&id4=26781168&id5=https%3A%2F%2Fthreatpost.com%2Fmalware-hunter-crawls-internet-looking-for-rat-c2s%2F125360%2F&id6=https%3A%2F%2Fthreatpost.com%2Fmalware-hunter-crawls-internet-looking-for-rat-c2s%2F125360%2F&id11=display&id20=614b730&p_d=0.222&d5=1500&usp=&d3=1600x1200&d6=found-wabbit&d7=0&appname=Netscape&fai=frame%20without%20title&iframe=1&fake=010000&resolution=1600x1200&nav_lang=en-US&debug=6%3A%20top%20%21%3D%20window%20-%3E%20GLOBAL.document.referrer%20https%3A%2F%2F1105ae95aa1529a70b513af5de3aa4db.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html&url_referrer=https%3A%2F%2Fthreatpost.com%2F&ao=https%3A%2F%2Fthreatpost.com&nb_cpu=4&data=522662463ftttttttffffffttttftffffffffttttf&activetab=1
Requested by
Host: j.adlooxtracking.com
URL: https://j.adlooxtracking.com/ads/js/tfav_adl_44.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.241.31.249 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
249.31.241.35.bc.googleusercontent.com
Software
nginx/1.19.8 / PHP/7.4.28
Resource Hash
01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://1105ae95aa1529a70b513af5de3aa4db.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 23 Mar 2022 08:53:15 GMT
content-encoding
gzip
access-control-allow-origin
https://1105ae95aa1529a70b513af5de3aa4db.safeframe.googlesyndication.com
x-powered-by
PHP/7.4.28
route
ads-prod-7898dcb597-sdksq
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
pragma
no-cache
server
nginx/1.19.8
vary
Accept-Encoding
accept-ch-lifetime
86400
content-type
text/plain; charset=utf-8
via
1.1 google
cache-control
no-cache, no-store, must-revalidate
accept-ch
UA-Arch, UA-Model, UA-Platform, UA-Platform-Version, UA-Mobile, UA, Viewport-Width, DPR, Device-Memory, RTT, Downlink, ECT, Platform, Arch, Model, Mobile
timing-allow-origin
*
expires
0
css
fonts.googleapis.com/ Frame 74C0 		6 KB
665 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Roboto:500,700,regular
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17744649143931551434/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:803::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
cf624cca88c1828e4dc1a61151d2ce6e826191ba2223f4cf4cdacc1d8a52981b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Wed, 23 Mar 2022 07:56:07 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Wed, 23 Mar 2022 08:53:15 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 23 Mar 2022 08:53:15 GMT
DcmEnabler_01_248.js
s0.2mdn.net/879366/ Frame 74C0 		31 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/879366/DcmEnabler_01_248.js
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17744649143931551434/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a37afa4795c0cede82ad0f73f60eafee5e13f6fb3d42a739354d9280966fe434
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/17744649143931551434/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 17:33:08 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
55207
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
11026
x-xss-protection
0
last-modified
Wed, 02 Mar 2022 23:45:02 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Wed, 23 Mar 2022 17:33:08 GMT
J_qxQZjuUB_uQp7BvnBI0K8a5e4rJKdHhykRiRTCxyY.js
pagead2.googlesyndication.com/bg/ Frame 2507 		36 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/J_qxQZjuUB_uQp7BvnBI0K8a5e4rJKdHhykRiRTCxyY.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
27fab14198ee501fee429ec1be7048d0af1ae5ee2b24a7478729118914c2c726
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 23 Mar 2022 08:38:13 GMT
content-encoding
br
x-content-type-options
nosniff
age
902
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13888
x-xss-protection
0
last-modified
Mon, 14 Mar 2022 11:18:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Thu, 23 Mar 2023 08:38:13 GMT
Enqz_20U.html
tpc.googlesyndication.com/sodar/ Frame 0452 		22 KB
8 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://1105ae95aa1529a70b513af5de3aa4db.safeframe.googlesyndication.com/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
cross-origin-resource-policy
cross-origin
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
timing-allow-origin
*
content-length
8395
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
date
Tue, 22 Mar 2022 08:46:21 GMT
expires
Wed, 22 Mar 2023 08:46:21 GMT
cache-control
public, max-age=31536000
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
content-type
text/html
age
86814
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
J_qxQZjuUB_uQp7BvnBI0K8a5e4rJKdHhykRiRTCxyY.js
pagead2.googlesyndication.com/bg/ Frame 0452 		36 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/J_qxQZjuUB_uQp7BvnBI0K8a5e4rJKdHhykRiRTCxyY.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
27fab14198ee501fee429ec1be7048d0af1ae5ee2b24a7478729118914c2c726
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 23 Mar 2022 08:38:13 GMT
content-encoding
br
x-content-type-options
nosniff
age
902
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13888
x-xss-protection
0
last-modified
Mon, 14 Mar 2022 11:18:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Thu, 23 Mar 2023 08:38:13 GMT
Logiciel-Europeen-DE.png
s0.2mdn.net/sadbundle/17744649143931551434/ Frame 74C0 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/sadbundle/17744649143931551434/Logiciel-Europeen-DE.png
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
821d9142322d8a997086caa9741b768839d0d7c53f92e15929d611b94aa6f4ad
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/17744649143931551434/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Thu, 17 Mar 2022 16:59:32 GMT
x-content-type-options
nosniff
age
489223
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5403
x-xss-protection
0
last-modified
Thu, 17 Mar 2022 16:56:17 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Fri, 17 Mar 2023 16:59:32 GMT
Bitdefender-Logo-BW-web_b4fb7724-9c4d-47a3-be31-8feb53301b28_copy-01.svg
s0.2mdn.net/sadbundle/17744649143931551434/ Frame 74C0 		4 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/sadbundle/17744649143931551434/Bitdefender-Logo-BW-web_b4fb7724-9c4d-47a3-be31-8feb53301b28_copy-01.svg
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e951b97967974edc90373c03310475fdccaa7dc588c26a1cef531468ee65ba8c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/17744649143931551434/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Thu, 17 Mar 2022 16:59:32 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
489223
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1872
x-xss-protection
0
last-modified
Thu, 17 Mar 2022 16:56:17 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Fri, 17 Mar 2023 16:59:32 GMT
TS-Online-EN.png
s0.2mdn.net/sadbundle/17744649143931551434/ Frame 74C0 		628 KB
629 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/sadbundle/17744649143931551434/TS-Online-EN.png
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
1459a4c2d036e9bf1a897002f1e18a3b502c9661bacd06e616bd08d422058dd9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/17744649143931551434/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Thu, 17 Mar 2022 16:59:32 GMT
x-content-type-options
nosniff
age
489223
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
643563
x-xss-protection
0
last-modified
Thu, 17 Mar 2022 16:56:17 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Fri, 17 Mar 2023 16:59:32 GMT
bd_Ukraine_336x280_filter.jpg
s0.2mdn.net/sadbundle/17744649143931551434/ Frame 74C0 		12 KB
12 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/sadbundle/17744649143931551434/bd_Ukraine_336x280_filter.jpg
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
98abe3e9a44213d55d9e1e7efd70a300e2962d60d0f7b275680a69649a12173e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/17744649143931551434/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Thu, 17 Mar 2022 16:59:32 GMT
x-content-type-options
nosniff
age
489223
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
12267
x-xss-protection
0
last-modified
Thu, 17 Mar 2022 16:56:17 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Fri, 17 Mar 2023 16:59:32 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 2507 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=Bgfrb-N86Yt-dLNmzgAedgpzADwAAAAA4AeAEAg&bg=!19Sl1JDNAAba2mK92to7ACkAdvg8WmsjmoaTdkZzxd3EvIGB_FqoIRonqsNbxOgH2rWgr1tI8FxPngIAAAC3UgAAAAloAQeZAyrKFMgIt6fj5gLOiIc2G1l-tMGrvYpMHaJ_sftt6Re6C3l9ol_0jfHMCTYTvUWPoy7vV9r7PEMFVk3TY5Yh29M4ofN0PiRpXbha_UQwzvzuHjPRR6qQnw-3e-1rXSIfsBFErPFBz3T4MY06iZQKxVVNs0Li69CZ0RUEWALUmS0JhdX47s7sEjI0IwF3XYjiwnSEIEHROI5Yuq4eC1UrXmU2ErN3dxGuy5kZWz52c_OT2elKjItycVgjYY1kwTULYOFNuGeY04zm4L5kcSJx8A59FTXlq80LmKlXVu4VBdhbzz2e1kyN6SqBnOHwb2doELdlq7932UN5hFOfskKB3_pxeXT8oN1LY8NjrGlITvN1ngXvf-eh1AMuCBxhJiajeGRdplCdiTzk3cWBtYk7zD5vB57T1HlYYAy0ZysAZZmxGI6LxlNMAH4lRfj4OlA4wJTLkbXQd8hhlKjq-O_IeiVUut9Mzyfn_wr3RMt3SeWCT45k7UuhhbrlKrJe80-s_YKKLZy_m4j36T4EdobXpEudQ_bJ0eIAhPG5QTKF9g_jUDR_K3RxWaTy1Mcwc5hiCvd4jqWjZCUH69XW_WbWFT4MoY1iGYAxI-olAXRgKfki0BWNbp_IOqX__s8bxJvFLGzAW2EJrLDzoSqTKpQxbVssISaKdsf4v1oL-pTdnoF6w1kni7nkavCUkTx35OjonRrGl73aiWnxUaaLKAPRr7H3m7-kSNuXwNhN153DSCJZkzy7Xdl4Vj1uvX-xfD4YWpsUIc0xKfSlJSWLHq6VW5Fr9ZLkNtRgk4wfUfUidYAoU8Iu8nlDxsHZXC8G3cTCL9_EmPtg0kB0RNkqyGofXOmVAPkwy-KsfJVM_l23fMVwnIQZRRUHL8KZ72gOonO7umkWY4pLjIoickNyjY7jyb6oKEtcw2TOzOTPb7zWD_Do04ddZ0tci2YmcFD5ixnJD3aOM_zPMawtAWBZQHTnQdm5_tanvN1Bd6XlOJeBik4f0UlKoFEvnd_XhXEPlOj6zoOfjm5jzByz1tYDpYvH-82ek8Do78zqfodZa4HzmW4dN7XduyUrMUYODOo
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 23 Mar 2022 08:53:15 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
json
gum.criteo.com/sid/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fthreatpost.com%2F&domain=threatpost.com&cw=1&lsw=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:1::13 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Accept
*/*
Access-Control-Request-Method
GET
Access-Control-Request-Headers
content-type
Origin
https://threatpost.com
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
content-type
application/json; charset=utf-8
expires
0
access-control-allow-origin
https://threatpost.com
access-control-allow-headers
content-type
access-control-allow-credentials
true
access-control-allow-methods
GET
server-processing-duration-in-ticks
1435
date
Wed, 23 Mar 2022 08:53:14 GMT
strict-transport-security
max-age=31536000; preload;
content-encoding
gzip
vary
Accept-Encoding
sid
mug.criteo.com/ Frame C654
Redirect Chain
  • https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fthreatpost.com%2F&domain=threatpost.com&cw=1&lsw=1
  • https://mug.criteo.com/sid?cpp=AhWX0Xw2R21WalRGM0lxT3JCVmpPM2pGelpoQWFLNGRsdmt5UzhwY0dDaFpCbzFjZGxHTzV5UFBDODI1Szdna20xQ0RUNDNZNTdnWklXbGUvcERJQWt3d3dBZWdRNkYvUFBVdnh0QWRScTR3VFc1WEVURjZnTlZMTDhJWF...
347 B
618 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://mug.criteo.com/sid?cpp=AhWX0Xw2R21WalRGM0lxT3JCVmpPM2pGelpoQWFLNGRsdmt5UzhwY0dDaFpCbzFjZGxHTzV5UFBDODI1Szdna20xQ0RUNDNZNTdnWklXbGUvcERJQWt3d3dBZWdRNkYvUFBVdnh0QWRScTR3VFc1WEVURjZnTlZMTDhJWFgzMldXUlBXa3J4MFlpOWdCVG4rRGE4V2xVZmN4TGJsKzd6VmwxdFlET1EwRkxjOWtOUC9iZ3BTdUdSaW5xQXdpc1Zlb2JqUVdPTkxhUVZYQ2FOQXcyelJsaE5OcmNOTFM4b3h0ME9hVlU5cWdydTF1QUxnPXw&cppv=2
Protocol
H2
Server
178.250.2.146 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
/
Resource Hash
95cb66d2491b693be207cbde51eca93eaf58724f450ca3b5d0f7175eb695ff0a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 23 Mar 2022 08:53:15 GMT
content-encoding
gzip
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/json; charset=utf-8
access-control-allow-origin
null
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
server-processing-duration-in-ticks
2740
strict-transport-security
max-age=31536000; preload;
expires
0

Redirect headers

pragma
no-cache
date
Wed, 23 Mar 2022 08:53:14 GMT
location
https://mug.criteo.com/sid?cpp=AhWX0Xw2R21WalRGM0lxT3JCVmpPM2pGelpoQWFLNGRsdmt5UzhwY0dDaFpCbzFjZGxHTzV5UFBDODI1Szdna20xQ0RUNDNZNTdnWklXbGUvcERJQWt3d3dBZWdRNkYvUFBVdnh0QWRScTR3VFc1WEVURjZnTlZMTDhJWFgzMldXUlBXa3J4MFlpOWdCVG4rRGE4V2xVZmN4TGJsKzd6VmwxdFlET1EwRkxjOWtOUC9iZ3BTdUdSaW5xQXdpc1Zlb2JqUVdPTkxhUVZYQ2FOQXcyelJsaE5OcmNOTFM4b3h0ME9hVlU5cWdydTF1QUxnPXw&cppv=2
strict-transport-security
max-age=31536000; preload;
access-control-allow-methods
GET
content-type
text/html; charset=utf-8
access-control-allow-origin
https://threatpost.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
server-processing-duration-in-ticks
1697
content-length
482
expires
0
ixmatch.html
js-sec.indexww.com/um/ Frame DCD2 		3 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://js-sec.indexww.com/um/ixmatch.html
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.7.0-1.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.20.85.164 Milan, Italy, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-20-85-164.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
7c3b96f238042f73d0bedf5877fa02eb834e89649bbd122e2f10cc35238173cf

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/

Response headers

Server
Apache
Last-Modified
Fri, 18 Feb 2022 16:05:37 GMT
ETag
"e20015-b6b-5d84d0db0c30a"
Accept-Ranges
bytes
P3P
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type
text/html; charset=UTF-8
Vary
Accept-Encoding
Content-Encoding
gzip
Content-Length
1388
Date
Wed, 23 Mar 2022 08:53:15 GMT
Connection
keep-alive
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame 83B0 		15 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156858&gdpr=0&gdpr_consent=
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.7.0-1.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.218.208.200 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-218-208-200.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/

Response headers

last-modified
Tue, 01 Feb 2022 06:38:00 GMT
etag
"1300708-3de4-5d6ef246ef4cf"
server
Apache/2.2.15 (CentOS)
accept-ranges
bytes
content-encoding
gzip
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length
5549
content-type
text/html; charset=UTF-8
cache-control
max-age=106249
expires
Thu, 24 Mar 2022 14:24:04 GMT
date
Wed, 23 Mar 2022 08:53:15 GMT
vary
Accept-Encoding
async_usersync.html
acdn.adnxs.com/dmp/ Frame D25E 		52 KB
17 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://acdn.adnxs.com/dmp/async_usersync.html
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.7.0-1.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.218.208.187 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-218-208-187.deploy.static.akamaitechnologies.com
Software
nginx/1.13.10 /
Resource Hash
3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/

Response headers

Last-Modified
Wed, 02 Dec 2020 20:56:47 GMT
ETag
"5fc7ff8f-cf34"
Server
nginx/1.13.10
Access-Control-Allow-Origin
*
Content-Type
text/html
Content-Encoding
gzip
Content-Length
17053
Cache-Control
max-age=86402
Expires
Thu, 24 Mar 2022 08:53:17 GMT
Date
Wed, 23 Mar 2022 08:53:15 GMT
Connection
keep-alive
Vary
Accept-Encoding
async_usersync.html
acdn.adnxs.com/dmp/ Frame CED6 		52 KB
17 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://acdn.adnxs.com/dmp/async_usersync.html
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.7.0-1.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.218.208.187 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-218-208-187.deploy.static.akamaitechnologies.com
Software
nginx/1.13.10 /
Resource Hash
3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/

Response headers

Last-Modified
Wed, 02 Dec 2020 20:56:47 GMT
ETag
"5fc7ff8f-cf34"
Server
nginx/1.13.10
Access-Control-Allow-Origin
*
Content-Type
text/html
Content-Encoding
gzip
Content-Length
17053
Cache-Control
max-age=86402
Expires
Thu, 24 Mar 2022 08:53:17 GMT
Date
Wed, 23 Mar 2022 08:53:15 GMT
Connection
keep-alive
Vary
Accept-Encoding
pd
u.openx.net/w/1.0/ Frame ECED 		668 B
720 B 		Document
General
Check archive.org
Download Go to
Full URL
https://u.openx.net/w/1.0/pd?gdpr=0&gdpr_consent=
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.7.0-1.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/17.2.1 /
Resource Hash
b82939ffc1abe715c87c6b2dfe5f8f9864120c85984e1b953cd1863d140379f4

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/

Response headers

vary
Accept, Accept-Encoding
server
OXGW/17.2.1
p3p
CP="CUR ADM OUR NOR STA NID"
date
Wed, 23 Mar 2022 08:53:15 GMT
content-type
text/html
content-length
419
content-encoding
gzip
via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
pd
u.openx.net/w/1.0/ Frame C136 		668 B
732 B 		Document
General
Check archive.org
Download Go to
Full URL
https://u.openx.net/w/1.0/pd?gdpr=0&gdpr_consent=
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.7.0-1.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/17.2.1 /
Resource Hash
b82939ffc1abe715c87c6b2dfe5f8f9864120c85984e1b953cd1863d140379f4

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/

Response headers

vary
Accept, Accept-Encoding
server
OXGW/17.2.1
p3p
CP="CUR ADM OUR NOR STA NID"
date
Wed, 23 Mar 2022 08:53:15 GMT
content-type
text/html
content-length
419
content-encoding
gzip
via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
ixmatch.html
js-sec.indexww.com/um/ Frame FE2D 		3 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://js-sec.indexww.com/um/ixmatch.html
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.7.0-1.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.20.85.164 Milan, Italy, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-20-85-164.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
7c3b96f238042f73d0bedf5877fa02eb834e89649bbd122e2f10cc35238173cf

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/

Response headers

Server
Apache
Last-Modified
Fri, 18 Feb 2022 16:05:37 GMT
ETag
"e20015-b6b-5d84d0db0c30a"
Accept-Ranges
bytes
P3P
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type
text/html; charset=UTF-8
Vary
Accept-Encoding
Content-Encoding
gzip
Content-Length
1388
Date
Wed, 23 Mar 2022 08:53:15 GMT
Connection
keep-alive
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame 6F7F 		15 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156858&gdpr=0&gdpr_consent=
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.7.0-1.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.218.208.200 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-218-208-200.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/

Response headers

last-modified
Tue, 01 Feb 2022 06:38:00 GMT
etag
"1300708-3de4-5d6ef246ef4cf"
server
Apache/2.2.15 (CentOS)
accept-ranges
bytes
content-encoding
gzip
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length
5549
content-type
text/html; charset=UTF-8
cache-control
max-age=106249
expires
Thu, 24 Mar 2022 14:24:04 GMT
date
Wed, 23 Mar 2022 08:53:15 GMT
vary
Accept-Encoding
sync
ups.analytics.yahoo.com/ups/55986/ Frame C654
Redirect Chain
  • https://sync-tm.everesttech.net/upi/pid/m7y5t93k?gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fpixel.advertising.com%2Fups%2F55986%2Fsync%3Fuid%3D%24%7BUSER_ID%7D%26_origin%3D0&gdpr=0&gdpr_consent=
  • https://pixel.advertising.com/ups/55986/sync?uid=Yjrf9wAAAGHUlwP7&_origin=0&gdpr=0&gdpr_consent=
  • https://ups.analytics.yahoo.com/ups/55986/sync?uid=Yjrf9wAAAGHUlwP7&_origin=0&gdpr=0&gdpr_consent=&apid=UPad9279c9-aa86-11ec-a09e-020390defe0c
  • https://ups.analytics.yahoo.com/ups/55986/sync?uid=Yjrf9wAAAGHUlwP7&_origin=0&gdpr=0&gdpr_consent=&apid=UPad9279c9-aa86-11ec-a09e-020390defe0c&verify=true
0
122 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ups.analytics.yahoo.com/ups/55986/sync?uid=Yjrf9wAAAGHUlwP7&_origin=0&gdpr=0&gdpr_consent=&apid=UPad9279c9-aa86-11ec-a09e-020390defe0c&verify=true
Protocol
H2
Server
3.126.56.137 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-126-56-137.eu-central-1.compute.amazonaws.com
Software
ATS/9.1.0.33 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 23 Mar 2022 08:53:15 GMT
server
ATS/9.1.0.33
age
0
strict-transport-security
max-age=31536000
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

Redirect headers

location
https://ups.analytics.yahoo.com/ups/55986/sync?uid=Yjrf9wAAAGHUlwP7&_origin=0&gdpr=0&gdpr_consent=&apid=UPad9279c9-aa86-11ec-a09e-020390defe0c&verify=true
date
Wed, 23 Mar 2022 08:53:15 GMT
server
ATS/9.1.0.33
age
0
content-length
0
strict-transport-security
max-age=31536000
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
sync
ups.analytics.yahoo.com/ups/55953/ Frame C654
Redirect Chain
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=adaptv&ttd_tpi=1
  • https://match.adsrvr.org/track/cmb/generic?ttd_pid=adaptv&ttd_tpi=1
  • https://ups.analytics.yahoo.com/ups/55953/sync?uid=962dd896-ae01-413a-80d7-db66f5020af3&_origin=1&gdpr=1&gdpr_consent=
0
15 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ups.analytics.yahoo.com/ups/55953/sync?uid=962dd896-ae01-413a-80d7-db66f5020af3&_origin=1&gdpr=1&gdpr_consent=
Protocol
H2
Server
3.126.56.137 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-126-56-137.eu-central-1.compute.amazonaws.com
Software
ATS/9.1.0.33 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 23 Mar 2022 08:53:15 GMT
server
ATS/9.1.0.33
age
0
strict-transport-security
max-age=31536000
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

Redirect headers

pragma
no-cache
date
Wed, 23 Mar 2022 08:53:15 GMT
x-aspnet-version
4.0.30319
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location
https://ups.analytics.yahoo.com/ups/55953/sync?uid=962dd896-ae01-413a-80d7-db66f5020af3&_origin=1&gdpr=1&gdpr_consent=
cache-control
private,no-cache, must-revalidate
content-type
text/html
content-length
267
sync
ups.analytics.yahoo.com/ups/57304/ Frame C654
Redirect Chain
  • https://pixel.advertising.com/ups/57304/sync?gdpr=&gdpr_consent=&_origin=0&redir=true
  • https://pixel.advertising.com/ups/57304/sync?gdpr=&gdpr_consent=&_origin=0&redir=true&verify=true
  • https://ups.analytics.yahoo.com/ups/57304/sync?gdpr=&gdpr_consent=&_origin=0&redir=true&apid=UPad9279c9-aa86-11ec-a09e-020390defe0c
  • https://ups.analytics.yahoo.com/ups/57304/sync?gdpr=&gdpr_consent=&_origin=0&redir=true&apid=UPad9279c9-aa86-11ec-a09e-020390defe0c&verify=true
  • https://cm.g.doubleclick.net/pixel?google_nid=adaptv_dbm&google_cm&google_hm=VVBhZDkyNzljOS1hYTg2LTExZWMtYTA5ZS0wMjAzOTBkZWZlMGM%3D
  • https://pixel.advertising.com/ups/57304/sync?uid=CAESEO3lDx1sjjueI0kH9C49o6E&google_cver=1
  • https://ups.analytics.yahoo.com/ups/57304/sync?uid=CAESEO3lDx1sjjueI0kH9C49o6E&google_cver=1&apid=UPad9279c9-aa86-11ec-a09e-020390defe0c
0
18 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ups.analytics.yahoo.com/ups/57304/sync?uid=CAESEO3lDx1sjjueI0kH9C49o6E&google_cver=1&apid=UPad9279c9-aa86-11ec-a09e-020390defe0c
Protocol
H2
Server
3.126.56.137 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-126-56-137.eu-central-1.compute.amazonaws.com
Software
ATS/9.1.0.33 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 23 Mar 2022 08:53:15 GMT
server
ATS/9.1.0.33
age
0
strict-transport-security
max-age=31536000
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

Redirect headers

location
https://ups.analytics.yahoo.com/ups/57304/sync?uid=CAESEO3lDx1sjjueI0kH9C49o6E&google_cver=1&apid=UPad9279c9-aa86-11ec-a09e-020390defe0c
date
Wed, 23 Mar 2022 08:53:15 GMT
content-length
0
strict-transport-security
max-age=31536000
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
gen_204
pagead2.googlesyndication.com/pagead/ Frame 0452 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=B9B1A-t86Yu7ZMqStlQfUoJGoDAAAAAA4AeAEAg&bg=!KyilKGzNAAba2mK92to7ACkAdvg8WsnaWtQ8dWyNaduJgapXK_j12UxQDhkG4z48h2_dj5VD45i2zgIAAACaUgAAAAhoAQeZA2YjawujXEY4dj-zIXPmsZz0qT4opCY654zEQnrH9AM0CrScjHSTwtj5jEkWkMiVMK0S9UvVTxZEHiQAQWPgBS3iwK0DeXpuHbXadl2l2ZGzQZcCzjPSdf0-gSVIOmJXYWcp-8gnUt8Dol6iUZt3V0s8jJmxuNor-yWUG8WEghRt2CuAv6NLH092ZzB4vHcFBEWgiBLT6ZuOJfRZm7Wu33-CYrQYV5qXOW1jJ1yNe5I1-h7pDKBCgKlltApWbmHqdcBpdzoceHOp-T8_Yf8L1iEE-UJc8FRLfunasscw24k_LV9mT9189gFc5szwl-fV2KXMY-cc7R7MI5WhXt-Smwwlq2I6IWUGU5qvJ1cbpLCC4RYQ5RL7w60YvI9Cc5G80SYxDmCpKiVfsHm9n4dZeBv7mcCvOsY9Hmmb0dqeAHJaQVIGY24sZUO8-uPn_SfFYlE28IwEXHAc3hsE3FCmlg9hz2fOwY3PuwiRIVY_EuZhqmo6vGEgDG8kegQU7Hvu5OPzBcDkzF4jqnksP2dx5B28V-ucXziuQI1mePvkyvujnAikypEVtblbOnQXlpYczEdBDUcFWt65xAxSZjKQdP9eUAGv9JMGzLnKriJucZ9eMYs0ez0rd5ihD324Nlpb0LhSO0boZlQUrbeqCNRGoutUQQg-x3n-59ihwxFN-Chlvy1bo1sUatWpJQTgUm-5kxlPB_av2a40En_mOVZb58UGiOMur-xgnnZq9TfNMtXO7LGjHJ5VfAgN_B8RyEDY5MAXw9GwpJHb4Eq8qhtClZd-bBwGrf__NDPaf9mQQOPludHp0bKgQH2fRrpPwhnAhD_xOYwgr1M16T-PQKAPTY4l-WGWLoT6FeDCpmCd4WzLK8Q5R0F0ywVNOMoKzHH30ZAaMN2ENhl81Fec1Bly4xPbNp043qICnN4sZ7K6qcp0oOclrDoNw5VtA24v5yKTV7B1K8gJ75gelOJj9bySLX5yGKieu_WfkHjWofP-XDCVGt2f25vxiDB64iU9xzaVMrsw_rmBl9xhdtv_Lwq8oDwLFzjShQzsr2e1Bx-6GDm46YlQq4Dzf-5LexzPD7XtVx0jnlpUpNAV9bx3k-g_w8UI9T-o1oS6d-yQ0KkvYpI7c-zkGO4aQ5gZk-uBvmeKdLmzxF_E_40
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 23 Mar 2022 08:53:15 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
sd
eu-u.openx.net/w/1.0/ Frame C136
Redirect Chain
  • https://sync.mathtag.com/sync/img?mt_exid=5&redir=https%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D536872786%26val%3D%5BMM_UUID%5D
  • https://eu-u.openx.net/w/1.0/sd?id=536872786&val=22ff623a-dffb-4200-a1c0-54dbc297aa72
43 B
114 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://eu-u.openx.net/w/1.0/sd?id=536872786&val=22ff623a-dffb-4200-a1c0-54dbc297aa72
Requested by
Host: u.openx.net
URL: https://u.openx.net/w/1.0/pd?gdpr=0&gdpr_consent=
Protocol
H2
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/17.2.1 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 23 Mar 2022 08:53:15 GMT
via
1.1 google
server
OXGW/17.2.1
vary
Accept
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

Date
Wed, 23 Mar 2022 08:53:15 GMT
Server
MT3 4281 354de82 master zrh-pixel-x30 config:1.0.0
Access-Control-Allow-Origin
*
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location
https://eu-u.openx.net/w/1.0/sd?id=536872786&val=22ff623a-dffb-4200-a1c0-54dbc297aa72
Cache-Control
no-cache
Connection
keep-alive
Content-Type
image/gif
Keep-Alive
timeout=360
Content-Length
0
Expires
Wed, 23 Mar 2022 08:53:14 GMT
sd
us-u.openx.net/w/1.0/ Frame C136
Redirect Chain
  • https://pixel.quantserve.com/pixel/p-25CIknq_eSg16.gif?idmatch=0&gdpr=0
  • https://us-u.openx.net/w/1.0/sd?id=537072956&&val=J2_w8HU7pak8a_uhcmnu9CQ_pag8Pvb3JWzm-XEC
43 B
61 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://us-u.openx.net/w/1.0/sd?id=537072956&&val=J2_w8HU7pak8a_uhcmnu9CQ_pag8Pvb3JWzm-XEC
Requested by
Host: u.openx.net
URL: https://u.openx.net/w/1.0/pd?gdpr=0&gdpr_consent=
Protocol
H3
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/17.2.1 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 23 Mar 2022 08:53:15 GMT
via
1.1 google
server
OXGW/17.2.1
vary
Accept
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma
no-cache
date
Wed, 23 Mar 2022 08:53:15 GMT
strict-transport-security
max-age=86400
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
location
https://us-u.openx.net/w/1.0/sd?id=537072956&&val=J2_w8HU7pak8a_uhcmnu9CQ_pag8Pvb3JWzm-XEC
cache-control
private, no-cache, no-store, proxy-revalidate
content-length
0
expires
Fri, 04 Aug 1978 12:00:00 GMT
sd
eu-u.openx.net/w/1.0/ Frame C136
Redirect Chain
  • https://c1.adform.net/serving/cookie/match?party=22
  • https://c1.adform.net/serving/cookie/match?CC=1&party=22
  • https://eu-u.openx.net/w/1.0/sd?id=537113484&val=1869514360088373970
43 B
61 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://eu-u.openx.net/w/1.0/sd?id=537113484&val=1869514360088373970
Requested by
Host: u.openx.net
URL: https://u.openx.net/w/1.0/pd?gdpr=0&gdpr_consent=
Protocol
H3
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/17.2.1 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 23 Mar 2022 08:53:15 GMT
via
1.1 google
server
OXGW/17.2.1
vary
Accept
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma
no-cache
date
Wed, 23 Mar 2022 08:53:15 GMT
server
nginx
location
https://eu-u.openx.net/w/1.0/sd?id=537113484&val=1869514360088373970
access-control-max-age
86400
access-control-allow-methods
GET
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length
0
expires
-1
openx
match.adsrvr.org/track/cmf/ Frame C136 		70 B
264 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.adsrvr.org/track/cmf/openx?oxid=d4354702-a28e-7420-c4da-3e58d28fa679&gdpr=0
Requested by
Host: u.openx.net
URL: https://u.openx.net/w/1.0/pd?gdpr=0&gdpr_consent=
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.33.220.150 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a12b7a488abeaa9e4.awsglobalaccelerator.com
Software
/
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 23 Mar 2022 08:53:15 GMT
cache-control
private,no-cache, must-revalidate
x-aspnet-version
4.0.30319
content-type
image/gif
content-length
70
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
pixel
cm.g.doubleclick.net/ Frame C136 		170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=Zjg1YTk0YzgtNmJmOS0yYTg0LWQxM2EtNjRlMTE4NmQ2ODE5
Requested by
Host: u.openx.net
URL: https://u.openx.net/w/1.0/pd?gdpr=0&gdpr_consent=
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 23 Mar 2022 08:53:15 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
sd
us-u.openx.net/w/1.0/ Frame C136
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc
  • https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESELVWe0ik0I-fTvPbfIaPOE0&google_cver=1
43 B
61 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESELVWe0ik0I-fTvPbfIaPOE0&google_cver=1
Requested by
Host: u.openx.net
URL: https://u.openx.net/w/1.0/pd?gdpr=0&gdpr_consent=
Protocol
H3
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/17.2.1 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 23 Mar 2022 08:53:15 GMT
via
1.1 google
server
OXGW/17.2.1
vary
Accept
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma
no-cache
date
Wed, 23 Mar 2022 08:53:15 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESELVWe0ik0I-fTvPbfIaPOE0&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
295
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
sd
eu-u.openx.net/w/1.0/ Frame ECED
Redirect Chain
  • https://sync.mathtag.com/sync/img?mt_exid=5&redir=https%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D536872786%26val%3D%5BMM_UUID%5D
  • https://eu-u.openx.net/w/1.0/sd?id=536872786&val=ed87623a-dffb-4100-90e0-bb28ed7073f6
43 B
106 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://eu-u.openx.net/w/1.0/sd?id=536872786&val=ed87623a-dffb-4100-90e0-bb28ed7073f6
Requested by
Host: u.openx.net
URL: https://u.openx.net/w/1.0/pd?gdpr=0&gdpr_consent=
Protocol
H2
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/17.2.1 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 23 Mar 2022 08:53:15 GMT
via
1.1 google
server
OXGW/17.2.1
vary
Accept
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

Date
Wed, 23 Mar 2022 08:53:15 GMT
Server
MT3 4281 354de82 master zrh-pixel-x25 config:1.0.0
Access-Control-Allow-Origin
*
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location
https://eu-u.openx.net/w/1.0/sd?id=536872786&val=ed87623a-dffb-4100-90e0-bb28ed7073f6
Cache-Control
no-cache
Connection
keep-alive
Content-Type
image/gif
Keep-Alive
timeout=360
Content-Length
0
Expires
Wed, 23 Mar 2022 08:53:14 GMT
sd
us-u.openx.net/w/1.0/ Frame ECED
Redirect Chain
  • https://pixel.quantserve.com/pixel/p-25CIknq_eSg16.gif?idmatch=0&gdpr=0
  • https://us-u.openx.net/w/1.0/sd?id=537072956&&val=J2_w8HU7pak8a_uhcmnu9CQ_pag8Pvb3JWzm-XEC
43 B
61 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://us-u.openx.net/w/1.0/sd?id=537072956&&val=J2_w8HU7pak8a_uhcmnu9CQ_pag8Pvb3JWzm-XEC
Requested by
Host: u.openx.net
URL: https://u.openx.net/w/1.0/pd?gdpr=0&gdpr_consent=
Protocol
H3
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/17.2.1 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 23 Mar 2022 08:53:15 GMT
via
1.1 google
server
OXGW/17.2.1
vary
Accept
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

location
https://us-u.openx.net/w/1.0/sd?id=537072956&&val=J2_w8HU7pak8a_uhcmnu9CQ_pag8Pvb3JWzm-XEC
pragma
no-cache
date
Wed, 23 Mar 2022 08:53:15 GMT
cache-control
private, no-cache, no-store, proxy-revalidate
content-length
0
strict-transport-security
max-age=86400
expires
Fri, 04 Aug 1978 12:00:00 GMT
sd
eu-u.openx.net/w/1.0/ Frame ECED
Redirect Chain
  • https://c1.adform.net/serving/cookie/match?party=22
  • https://c1.adform.net/serving/cookie/match?CC=1&party=22
  • https://eu-u.openx.net/w/1.0/sd?id=537113484&val=1686885154496756674
43 B
61 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://eu-u.openx.net/w/1.0/sd?id=537113484&val=1686885154496756674
Requested by
Host: u.openx.net
URL: https://u.openx.net/w/1.0/pd?gdpr=0&gdpr_consent=
Protocol
H3
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/17.2.1 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 23 Mar 2022 08:53:15 GMT
via
1.1 google
server
OXGW/17.2.1
vary
Accept
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma
no-cache
date
Wed, 23 Mar 2022 08:53:15 GMT
server
nginx
location
https://eu-u.openx.net/w/1.0/sd?id=537113484&val=1686885154496756674
access-control-max-age
86400
access-control-allow-methods
GET
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length
0
expires
-1
openx
match.adsrvr.org/track/cmf/ Frame ECED 		70 B
265 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.adsrvr.org/track/cmf/openx?oxid=d4354702-a28e-7420-c4da-3e58d28fa679&gdpr=0
Requested by
Host: u.openx.net
URL: https://u.openx.net/w/1.0/pd?gdpr=0&gdpr_consent=
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.33.220.150 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a12b7a488abeaa9e4.awsglobalaccelerator.com
Software
/
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 23 Mar 2022 08:53:15 GMT
cache-control
private,no-cache, must-revalidate
x-aspnet-version
4.0.30319
content-type
image/gif
content-length
70
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
pixel
cm.g.doubleclick.net/ Frame ECED 		170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=Zjg1YTk0YzgtNmJmOS0yYTg0LWQxM2EtNjRlMTE4NmQ2ODE5
Requested by
Host: u.openx.net
URL: https://u.openx.net/w/1.0/pd?gdpr=0&gdpr_consent=
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 23 Mar 2022 08:53:15 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
sd
us-u.openx.net/w/1.0/ Frame ECED
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc
  • https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESELVWe0ik0I-fTvPbfIaPOE0&google_cver=1
43 B
61 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESELVWe0ik0I-fTvPbfIaPOE0&google_cver=1
Requested by
Host: u.openx.net
URL: https://u.openx.net/w/1.0/pd?gdpr=0&gdpr_consent=
Protocol
H3
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/17.2.1 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 23 Mar 2022 08:53:15 GMT
via
1.1 google
server
OXGW/17.2.1
vary
Accept
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma
no-cache
date
Wed, 23 Mar 2022 08:53:15 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESELVWe0ik0I-fTvPbfIaPOE0&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
295
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
async_usersync
ib.adnxs.com/ Frame D25E 		0
743 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/async_usersync?cbfn=queuePixels
Requested by
Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.221.52 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
725.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://acdn.adnxs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 23 Mar 2022 08:53:15 GMT
X-Proxy-Origin
217.64.151.30; 217.64.151.30; 725.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid
17aa5cbe-534d-47f7-8ad9-0768d8e91090
Server
nginx/1.21.3
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
sid
mug.criteo.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://mug.criteo.com/sid?cpp=AhWX0Xw2R21WalRGM0lxT3JCVmpPM2pGelpoQWFLNGRsdmt5UzhwY0dDaFpCbzFjZGxHTzV5UFBDODI1Szdna20xQ0RUNDNZNTdnWklXbGUvcERJQWt3d3dBZWdRNkYvUFBVdnh0QWRScTR3VFc1WEVURjZnTlZMTDhJWFgzMldXUlBXa3J4MFlpOWdCVG4rRGE4V2xVZmN4TGJsKzd6VmwxdFlET1EwRkxjOWtOUC9iZ3BTdUdSaW5xQXdpc1Zlb2JqUVdPTkxhUVZYQ2FOQXcyelJsaE5OcmNOTFM4b3h0ME9hVlU5cWdydTF1QUxnPXw&cppv=2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.2.146 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Accept
*/*
Access-Control-Request-Method
GET
Access-Control-Request-Headers
content-type
Origin
null
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
content-type
application/json; charset=utf-8
expires
0
access-control-allow-origin
null
access-control-allow-headers
content-type
access-control-allow-credentials
true
access-control-allow-methods
GET
server-processing-duration-in-ticks
1051
date
Wed, 23 Mar 2022 08:53:15 GMT
strict-transport-security
max-age=31536000; preload;
content-encoding
gzip
vary
Accept-Encoding
async_usersync
ib.adnxs.com/ Frame CED6 		0
743 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/async_usersync?cbfn=queuePixels
Requested by
Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.221.52 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
725.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://acdn.adnxs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 23 Mar 2022 08:53:15 GMT
X-Proxy-Origin
217.64.151.30; 217.64.151.30; 725.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid
9a78d41d-4d50-4435-9147-7d1f94a3c126
Server
nginx/1.21.3
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
activeview
pagead2.googlesyndication.com/pcs/ Frame 2038 		42 B
64 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstJ_t72yu85YvvAUXck3_IiBOZxAxB0FmEIZuTY_OrVHm47nAcmGR02NuKCnB7i1FahhzQIEKsBeyVSf6dw6CxE8ZCpBAGE3PRYoZHfdjZO-GYyPIQ&sai=AMfl-YRhxSOrSpL8gRno1vGN5fyo0oCfcJQilWFXEtlyp4-Yifh7vttt8zPlrFLD2m2v4tjrWLo6_nJRD8RWJOaiSrWwcQdpl9QUpoHBJAgLac9rf2SSIB-cG_ecC1_izRc&sig=Cg0ArKJSzIlt3lK_O4S4EAE&id=ampim&o=1082,416&d=300,250&ss=1600,1200&bs=1600,1200&mcvt=1001&mtos=0,0,1001,1001,1001&tos=0,0,1001,0,0&tfs=1773&tls=2774&g=100&h=100&tt=2774&r=v&avms=ampa&uap=&uapv=&uaa=&uam=&uafv=&uab=&adk=1414505084
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 23 Mar 2022 08:53:16 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
activeview
pagead2.googlesyndication.com/pcs/ Frame 49AC 		42 B
64 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjst6YLBihonzEsAdlnVYwX7tspEQ6sE23JGWb0l1n_-7LpBL9S_G4kczaW1z1Q2qsOJL7F5JFlMWGCiBojLArRBLxuOqyXjCkBOmqbFTKt8PxH-zpbs&sai=AMfl-YSKyguya64zexe09CFYVK3p_7up6ZNR8ojj2GDsluwdExLhy8KSWAoYkTFPeu7NLJwTCq4BHv-dgX4v_1-c5Eki28SXlrbxHZpqVjgDd4gNUruMqO_iD-DV9-lp1HU&sig=Cg0ArKJSzMLD0LMl98kUEAE&cid=CAASJ-Ro0mhWEB6pSw80lVD2TCj5eVK9S6RTNB0b7oNE7d8GHNi0BkdrsA&id=ampim&o=315,8&d=970,250&ss=1600,1200&bs=1600,1200&mcvt=1001&mtos=0,0,0,1001,1001&tos=0,0,0,1001,0&tfs=1983&tls=2984&g=100&h=100&tt=2984&r=v&avms=ampa&uap=&uapv=&uaa=&uam=&uafv=&uab=&adk=4166723991
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 23 Mar 2022 08:53:16 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
abt
capi-tier-1-us-east-2.connatix.com/tr/ Frame 897B 		0
315 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://capi-tier-1-us-east-2.connatix.com/tr/abt?v=155403
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.223.60.0 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-223-60-0.us-east-2.compute.amazonaws.com
Software
Kestrel /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type
multipart/form-data

Response headers

date
Wed, 23 Mar 2022 08:53:15 GMT
content-encoding
gzip
server
Kestrel
vary
Accept-Encoding
content-type
application/x-protobuf
access-control-allow-origin
https://threatpost.com
access-control-allow-credentials
true
Connection
keep-alive
Content-Length
20
async_usersync
ib.adnxs.com/ Frame D25E 		0
743 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/async_usersync?cbfn=queuePixels
Requested by
Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.221.52 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
725.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://acdn.adnxs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 23 Mar 2022 08:53:16 GMT
X-Proxy-Origin
217.64.151.30; 217.64.151.30; 725.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid
35614d19-f13c-4d69-8f05-b72872d6762c
Server
nginx/1.21.3
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
async_usersync
ib.adnxs.com/ Frame CED6 		0
743 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/async_usersync?cbfn=queuePixels
Requested by
Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.221.52 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
725.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://acdn.adnxs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 23 Mar 2022 08:53:16 GMT
X-Proxy-Origin
217.64.151.30; 217.64.151.30; 725.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid
b0ce1a8a-a566-48c1-ae56-1132acbd2d81
Server
nginx/1.21.3
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
2000891.html
serverbid-sync.nyc3.cdn.digitaloceanspaces.com/ss/ Frame 83E6
Redirect Chain
  • https://sync.serverbid.com/ss/2000891.html
  • https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/ss/2000891.html
5 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/ss/2000891.html
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
205.185.216.42 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
map2.hwcdn.net
Software
/
Resource Hash
f3d66b78ca0c93adf48dec8533da3c4db538cc648dc60e383d5fd0b666859206
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/

Response headers

Date
Wed, 23 Mar 2022 08:53:17 GMT
Connection
Keep-Alive
Cache-Control
max-age=11743
Content-Length
4947
Content-Type
text/html
Last-Modified
Wed, 20 Nov 2019 20:29:05 GMT
Accept-Ranges
bytes
etag
"1b0ebac83fe30af80513039edbdf566f"
x-amz-request-id
tx00000000000000adf71bd-006239bc5c-14d1c90f-nyc3a
strict-transport-security
max-age=15552000; includeSubDomains; preload
age
0
x-rgw-object-type
Normal
Vary
Access-Control-Request-Headers,Access-Control-Request-Method,Origin
X-HW
1648025597.dop120.fr8.t,1648025597.cds261.fr8.shn,1648025597.dop120.fr8.t,1648025597.cds227.fr8.c

Redirect headers

content-length
0
location
https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/ss/2000891.html
cache-control
no-cache
ixmatch.html
js-sec.indexww.com/um/ Frame 5F78 		3 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://js-sec.indexww.com/um/ixmatch.html
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.20.85.164 Milan, Italy, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-20-85-164.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
7c3b96f238042f73d0bedf5877fa02eb834e89649bbd122e2f10cc35238173cf

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/

Response headers

Server
Apache
Last-Modified
Fri, 18 Feb 2022 16:05:37 GMT
ETag
"e20015-b6b-5d84d0db0c30a"
Accept-Ranges
bytes
P3P
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type
text/html; charset=UTF-8
Vary
Accept-Encoding
Content-Encoding
gzip
Content-Length
1388
Date
Wed, 23 Mar 2022 08:53:17 GMT
Connection
keep-alive
beacon
ap.lijit.com/ Frame 2C48 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://ap.lijit.com/beacon?informer=13394437
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
72.251.249.9 Amsterdam, Netherlands, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/

Response headers

Date
Wed, 23 Mar 2022 08:53:17 GMT
Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
Pragma
no-cache
Expires
Fri, 20 Mar 2009 00:00:00 GMT
P3P
CP="CUR ADM OUR NOR STA NID"
X-Sovrn-Pod
ad_ap3ams1
sync
eb2.3lift.com/ Frame 11C2
Redirect Chain
  • https://eb2.3lift.com/sync?
  • https://eb2.3lift.com/sync?&ld=1
1 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://eb2.3lift.com/sync?&ld=1
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.248.245.213 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a0f671730127a0812.awsglobalaccelerator.com
Software
/
Resource Hash
d1f38be7ca89984280dc50b1f11908e986924b20229a486071f7d225562e3e35

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/

Response headers

date
Wed, 23 Mar 2022 08:53:17 GMT
content-type
text/html; charset=utf-8
content-length
461
content-encoding
gzip
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
cache-control
no-cache, no-store, must-revalidate

Redirect headers

date
Wed, 23 Mar 2022 08:53:17 GMT
content-length
0
location
/sync?&ld=1
cache-control
no-cache, no-store, must-revalidate
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame 05E0 		15 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156858
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.218.208.200 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-218-208-200.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/

Response headers

last-modified
Tue, 01 Feb 2022 06:38:00 GMT
etag
"1300708-3de4-5d6ef246ef4cf"
server
Apache/2.2.15 (CentOS)
accept-ranges
bytes
content-encoding
gzip
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length
5549
content-type
text/html; charset=UTF-8
cache-control
max-age=106247
expires
Thu, 24 Mar 2022 14:24:04 GMT
date
Wed, 23 Mar 2022 08:53:17 GMT
vary
Accept-Encoding
sync.html
public.servenobid.com/ Frame 23C2 		8 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://public.servenobid.com/sync.html
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:29::45 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
0849eef021b381cb3f64d424bdd29839513dbb4e964aef0420136906426a18de

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/

Response headers

cache-control
max-age=86400
content-type
text/html
content-encoding
br
last-modified
Tue, 15 Mar 2022 23:39:48 GMT
accept-ranges
bytes
etag
"866b66bb3ccc5c8de41913672c69b8f7"
x-cache
TCP_HIT
server
AmazonS3
x-amz-id-2
UtpqhVAz3JDqJqJdVZ0TlLI0Rl6IeVUq0zvEGlPeD/sZyP7I49zI9oPiZ7EsngBXnGVQTXzQ8xo=
x-amz-request-id
6N7D04EPJ2N3J1FE
x-amz-meta-codebuild-content-sha256
1bd3623b950dcf081744ebf0150c6ff72edcc5cbd4a3ea8293d7f9c29b2e9c0b
x-amz-meta-codebuild-buildarn
arn:aws:codebuild:us-east-1:559734745816:build/adserver-public-prod:a4519585-d31b-4588-8499-6641ec459b43
x-amz-meta-codebuild-content-md5
d97b029b026ab1b5da9f71fc8f6cf19a
x-azure-ref
0/t86YgAAAABopkxFoet6SYnSFtBrctXgTE9OMjFFREdFMDEwOAA4NGU3ZGZhMi0xNDQyLTQzMzQtYjM0Zi1lNDJkM2Y3ZGRhZDk=
date
Wed, 23 Mar 2022 08:53:17 GMT
async_usersync.html
acdn.adnxs.com/dmp/ Frame AB8B 		52 KB
17 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://acdn.adnxs.com/dmp/async_usersync.html
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.218.208.187 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-218-208-187.deploy.static.akamaitechnologies.com
Software
nginx/1.13.10 /
Resource Hash
3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/

Response headers

Last-Modified
Wed, 02 Dec 2020 20:56:47 GMT
ETag
"5fc7ff8f-cf34"
Server
nginx/1.13.10
Access-Control-Allow-Origin
*
Content-Type
text/html
Content-Encoding
gzip
Content-Length
17053
Cache-Control
max-age=86402
Expires
Thu, 24 Mar 2022 08:53:19 GMT
Date
Wed, 23 Mar 2022 08:53:17 GMT
Connection
keep-alive
Vary
Accept-Encoding
usync.html
eus.rubiconproject.com/ Frame C22A 		281 B
554 B 		Document
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.html
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.89.20.125 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-89-20-125.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/

Response headers

Server
Apache/2.2.15 (CentOS)
Last-Modified
Tue, 14 Dec 2021 23:07:59 GMT
ETag
"40014-119-5d32342a551c0"
Accept-Ranges
bytes
Content-Encoding
gzip
Content-Length
233
Content-Type
text/html; charset=UTF-8
Date
Wed, 23 Mar 2022 08:53:17 GMT
Connection
keep-alive
Vary
Accept-Encoding
pd
u.openx.net/w/1.0/ Frame 2442 		0
35 B 		Document
General
Check archive.org
Download Go to
Full URL
https://u.openx.net/w/1.0/pd
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/17.2.1 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/

Response headers

vary
Accept, Accept-Encoding
server
OXGW/17.2.1
date
Wed, 23 Mar 2022 08:53:17 GMT
content-type
text/html
content-length
20
content-encoding
gzip
via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
async_usersync
ib.adnxs.com/ Frame AB8B 		0
743 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/async_usersync?cbfn=queuePixels
Requested by
Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.221.52 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
725.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://acdn.adnxs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 23 Mar 2022 08:53:17 GMT
X-Proxy-Origin
217.64.151.30; 217.64.151.30; 725.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid
74aae09d-9c39-43f9-b25c-1a111410caed
Server
nginx/1.21.3
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
generic
match.adsrvr.org/track/cmf/ Frame 11C2 		70 B
264 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.adsrvr.org/track/cmf/generic?ttd_pid=svx9t50&ttd_tpi=1&gdpr=1&gdpr_consent=
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?&ld=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.33.220.150 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a12b7a488abeaa9e4.awsglobalaccelerator.com
Software
/
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 23 Mar 2022 08:53:17 GMT
cache-control
private,no-cache, must-revalidate
x-aspnet-version
4.0.30319
content-type
image/gif
content-length
70
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
pixel
cm.g.doubleclick.net/ Frame 11C2
Redirect Chain
  • https://eb2.3lift.com/ebda?sync=1&gdpr=1&cmp_cs=
  • https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=NDYyMDY4NDgwNDQ1NzQ0MTAzMDcxNw%3D%3D
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=NDYyMDY4NDgwNDQ1NzQ0MTAzMDcxNw%3D%3D
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?&ld=1
Protocol
H3
Server
142.250.185.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 23 Mar 2022 08:53:17 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=NDYyMDY4NDgwNDQ1NzQ0MTAzMDcxNw%3D%3D
date
Wed, 23 Mar 2022 08:53:17 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
0
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
pixel
cm.g.doubleclick.net/ Frame 11C2 		170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=triplelift&google_cm&google_sc&gdpr=1&gdpr_consent=
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?&ld=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 23 Mar 2022 08:53:17 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame 11C2
Redirect Chain
  • https://eb2.3lift.com/sync/google/demand?sync=1&gdpr=1&gdpr_consent=
  • https://cm.g.doubleclick.net/pixel?google_nid=triplelift&gdpr=1&gdpr_consent=&us_privacy=&google_hm=NDYyMDY4NDgwNDQ1NzQ0MTAzMDcxNw%3D%3D
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=triplelift&gdpr=1&gdpr_consent=&us_privacy=&google_hm=NDYyMDY4NDgwNDQ1NzQ0MTAzMDcxNw%3D%3D
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?&ld=1
Protocol
H3
Server
142.250.185.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 23 Mar 2022 08:53:17 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location
https://cm.g.doubleclick.net/pixel?google_nid=triplelift&gdpr=1&gdpr_consent=&us_privacy=&google_hm=NDYyMDY4NDgwNDQ1NzQ0MTAzMDcxNw%3D%3D
date
Wed, 23 Mar 2022 08:53:17 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
0
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
setuid
px.ads.linkedin.com/ Frame 11C2 		0
142 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.ads.linkedin.com/setuid?partner=tripleliftdbredirect&tlUid=4620684804457441030717&dbredirect=true&gdpr=1&consent=
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?&ld=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:22::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 23 Mar 2022 08:53:17 GMT
x-li-pop
afd-prod-lva1-x
x-msedge-ref
Ref A: 4B03053807FF4193B7EE5A1F8E540A8C Ref B: VIEEDGE3308 Ref C: 2022-03-23T08:53:17Z
linkedin-action
1
x-cache
CONFIG_NOCACHE
x-li-fabric
prod-lva1
x-li-proto
http/2
content-length
0
x-li-uuid
AAXa3txWZFCjFIHoPd8h9Q==
xuid
eb2.3lift.com/ Frame 11C2
Redirect Chain
  • https://pr-bh.ybp.yahoo.com/sync/triplelift/4620684804457441030717?gdpr=1&gdpr_consent=
  • https://eb2.3lift.com/xuid?mid=2662&xuid=y-bHx5G39E2oTpavaOWDoO9HYad1jvXo1pIAxDqm21kw--~A&dongle=0883
37 B
354 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://eb2.3lift.com/xuid?mid=2662&xuid=y-bHx5G39E2oTpavaOWDoO9HYad1jvXo1pIAxDqm21kw--~A&dongle=0883
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?&ld=1
Protocol
H2
Server
13.248.245.213 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a0f671730127a0812.awsglobalaccelerator.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 23 Mar 2022 08:53:17 GMT
cache-control
no-cache, no-store, must-revalidate
content-type
image/gif
content-length
37
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

date
Wed, 23 Mar 2022 08:53:17 GMT
referrer-policy
strict-origin-when-cross-origin
server
ATS
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security
max-age=31536000
location
https://eb2.3lift.com/xuid?mid=2662&xuid=y-bHx5G39E2oTpavaOWDoO9HYad1jvXo1pIAxDqm21kw--~A&dongle=0883
x-xss-protection
1; mode=block
content-length
0
x-content-type-options
nosniff
sync
x.bidswitch.net/ Frame 11C2 		43 B
220 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://x.bidswitch.net/sync?ssp=triplelift&user_id=4620684804457441030717&gdpr=1&gdpr_consent=
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?&ld=1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.185.196.75 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-185-196-75.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date
Wed, 23 Mar 2022 08:53:18 GMT
Cache-Control
no-cache, no-store, must-revalidate
Connection
keep-alive
Content-Length
43
Content-Type
image/gif
c.gif
c.bing.com/ Frame 11C2 		42 B
595 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://c.bing.com/c.gif?xid=4620684804457441030717&Red3=TLMS_pd
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?&ld=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/ ASP.NET
Resource Hash
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 23 Mar 2022 08:53:16 GMT
etag
"8120eaf0ff3ad81:0"
last-modified
Fri, 18 Mar 2022 19:39:54 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: 470CCEA875DB4DC5956F1E5CE599AC2C Ref B: FRAEDGE1207 Ref C: 2022-03-23T08:53:17Z
x-powered-by
ASP.NET
x-cache
CONFIG_NOCACHE
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control
private, no-cache, proxy-revalidate, no-store
accept-ranges
bytes
content-type
image/gif
content-length
42
iu3
s.amazon-adsystem.com/ Frame 11C2
Redirect Chain
  • https://s.amazon-adsystem.com/x/757c0557066e95cfd4c7?gdpr=1&gdpr_consent=&uid=4620684804457441030717
  • https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&dl=3lift&gdpr=1&gdpr_consent=&uid=4620684804457441030717&dcc=t
0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&dl=3lift&gdpr=1&gdpr_consent=&uid=4620684804457441030717&dcc=t
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?&ld=1
Protocol
HTTP/1.1
Server
52.46.154.242 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Redirect headers

Pragma
no-cache
Date
Wed, 23 Mar 2022 08:53:17 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
V0ABTGZBB7903Z4R8WDV
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location
https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&dl=3lift&gdpr=1&gdpr_consent=&uid=4620684804457441030717&dcc=t
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy
interest-cohort=()
Connection
keep-alive
Content-Length
0
Expires
Thu, 01 Jan 1970 00:00:00 GMT
xuid
eb2.3lift.com/ Frame 11C2
Redirect Chain
  • https://b1sync.zemanta.com/usersync/triplelift?gdpr=1&gdpr_consent=
  • https://eb2.3lift.com/xuid?mid=2460&dongle=dba8&xuid=&gdpr=1
37 B
139 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://eb2.3lift.com/xuid?mid=2460&dongle=dba8&xuid=&gdpr=1
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?&ld=1
Protocol
H2
Server
13.248.245.213 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a0f671730127a0812.awsglobalaccelerator.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 23 Mar 2022 08:53:18 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
37
content-type
image/gif

Redirect headers

Location
https://eb2.3lift.com/xuid?mid=2460&dongle=dba8&xuid=&gdpr=1
Pragma
no-cache
Date
Wed, 23 Mar 2022 08:53:18 GMT
Cache-Control
no-cache, no-store, must-revalidate
Expires
Thu, 01 Dec 1994 16:00:00 GMT
Content-Length
95
Content-Type
text/html; charset=utf-8
usync.js
eus.rubiconproject.com/ Frame C22A 		32 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.js
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.89.20.125 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-89-20-125.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash
6046941efa0656622a5f07faee34cc197eafa53b446e6114bdc7b3e9a1af7023

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/usync.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date
Wed, 23 Mar 2022 08:53:17 GMT
Content-Encoding
gzip
Last-Modified
Wed, 02 Mar 2022 16:28:01 GMT
Server
Apache/2.2.15 (CentOS)
X-Powered-By
PHP/5.3.3
Vary
Accept-Encoding
p3p
CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control
max-age=49490
Connection
keep-alive
Content-Type
text/html; charset=UTF-8
Content-Length
9539
Expires
Wed, 23 Mar 2022 22:38:07 GMT
ecm3
s.amazon-adsystem.com/ Frame C22A
Redirect Chain
  • https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=
  • https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=&dcc=t
  • https://pixel.rubiconproject.com/token?pid=2179&pt=n&puid=ALAYrKxXQsWyIJrHcEd0tA&rk=usync-na
  • https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=ALAYrKxXQsWyIJrHcEd0tA
43 B
556 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=ALAYrKxXQsWyIJrHcEd0tA
Protocol
HTTP/1.1
Server
52.46.154.242 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 23 Mar 2022 08:53:18 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
DSWTRXQPJGVG4N4K79EY
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy
interest-cohort=()
Connection
keep-alive
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Location
https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=ALAYrKxXQsWyIJrHcEd0tA
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
4cdacfaa68e4ab216fffbcc107c5b898
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
pixel
cm.g.doubleclick.net/ Frame C22A
Redirect Chain
  • https://token.rubiconproject.com/token?pid=2249&pt=n
  • https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=N2I1MjA2ZTY1MDU5N2IwNzVmNjcwZTY3M2QxNDA2NjQyMmUyOTM3NQ
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=N2I1MjA2ZTY1MDU5N2IwNzVmNjcwZTY3M2QxNDA2NjQyMmUyOTM3NQ
Protocol
H3
Server
142.250.185.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 23 Mar 2022 08:53:17 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location
https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=N2I1MjA2ZTY1MDU5N2IwNzVmNjcwZTY3M2QxNDA2NjQyMmUyOTM3NQ
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
3bafef7aa4e37890defcd73f0a080481
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
709414.gif
id.rlcdn.com/ Frame C22A 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://id.rlcdn.com/709414.gif
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.174.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
68.174.244.35.bc.googleusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers
v1
ads.yahoo.com/cms/ Frame C22A
Redirect Chain
  • https://token.rubiconproject.com/token?pid=26594
  • https://ads.yahoo.com/cms/v1?nwid=10000010181&eid=L13BVWZ9-1T-7EZD&sigv=1&esig=2~772d716347837d8fcc5c7bc25fc2a2c6c0fd951c
0
194 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ads.yahoo.com/cms/v1?nwid=10000010181&eid=L13BVWZ9-1T-7EZD&sigv=1&esig=2~772d716347837d8fcc5c7bc25fc2a2c6c0fd951c
Protocol
H2
Server
2a00:1288:80:807::1 , United Kingdom, ASN203220 (YAHOO-DEB, GB),
Reverse DNS
Software
ATS /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 23 Mar 2022 08:53:18 GMT
cache-control
no-store
x-content-type-options
nosniff
server
ATS
strict-transport-security
max-age=15552000
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-xss-protection
1; mode=block

Redirect headers

Location
https://ads.yahoo.com/cms/v1?nwid=10000010181&eid=L13BVWZ9-1T-7EZD&sigv=1&esig=2~772d716347837d8fcc5c7bc25fc2a2c6c0fd951c
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
3bafef7aa4e37890defcd73f0a080481
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
ecm3
aax-eu.amazon-adsystem.com/s/ Frame C22A
Redirect Chain
  • https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id=
  • https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id=&dcc=t
  • https://pixel.rubiconproject.com/token?pid=2179&pt=n&puid=qpstN9X2QzmH26Ybk9aP8g&rk=usync-other
  • https://aax-eu.amazon-adsystem.com/s/ecm3?ex=rubiconprojectHMT&id=qpstN9X2QzmH26Ybk9aP8g
43 B
556 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://aax-eu.amazon-adsystem.com/s/ecm3?ex=rubiconprojectHMT&id=qpstN9X2QzmH26Ybk9aP8g
Protocol
HTTP/1.1
Server
52.95.125.22 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 23 Mar 2022 08:53:18 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
QCFQA268V6SD72H3QGV0
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy
interest-cohort=()
Connection
keep-alive
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Location
https://aax-eu.amazon-adsystem.com/s/ecm3?ex=rubiconprojectHMT&id=qpstN9X2QzmH26Ybk9aP8g
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
4cdacfaa68e4ab216fffbcc107c5b898
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
setuid
px.ads.linkedin.com/ Frame C22A
Redirect Chain
  • https://token.rubiconproject.com/token?pid=36584
  • https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=L13BVWZ9-1T-7EZD
0
142 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=L13BVWZ9-1T-7EZD
Protocol
H2
Server
2620:1ec:22::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 23 Mar 2022 08:53:17 GMT
x-li-pop
afd-prod-lva1-x
x-msedge-ref
Ref A: C8BB3B38B17F474EA655E79699488C33 Ref B: VIEEDGE3308 Ref C: 2022-03-23T08:53:17Z
linkedin-action
1
x-cache
CONFIG_NOCACHE
x-li-fabric
prod-lva1
x-li-proto
http/2
content-length
0
x-li-uuid
AAXa3txaBYsP7wIW2ekVVQ==

Redirect headers

Location
https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=L13BVWZ9-1T-7EZD
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
3bafef7aa4e37890defcd73f0a080481
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
tap.php
pixel.rubiconproject.com/ Frame C22A
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm&google_sc
  • https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEMpBD9GZEZHbTdlBWEd_SaU&google_cver=1
0
239 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEMpBD9GZEZHbTdlBWEd_SaU&google_cver=1
Protocol
HTTP/1.1
Server
69.173.144.138 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost
4cdacfaa68e4ab216fffbcc107c5b898
Content-Type
image/gif

Redirect headers

pragma
no-cache
date
Wed, 23 Mar 2022 08:53:17 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEMpBD9GZEZHbTdlBWEd_SaU&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
326
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame C22A
Redirect Chain
  • https://token.rubiconproject.com/token?pid=25470
  • https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDEzQlZXWjktMVQtN0VaRA==
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDEzQlZXWjktMVQtN0VaRA==
Protocol
H3
Server
142.250.185.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 23 Mar 2022 08:53:17 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDEzQlZXWjktMVQtN0VaRA==
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
3bafef7aa4e37890defcd73f0a080481
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
um
cs.emxdgt.com/ Frame A1E1 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://cs.emxdgt.com/um?ssp=pbs&redirect=https%3A%2F%2Fe.serverbid.com%2Fudb%2F9969%2Fsync%2Fi.gif%3FpartnerId%3D44%26userId%3D%24UID
Requested by
Host: serverbid-sync.nyc3.cdn.digitaloceanspaces.com
URL: https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/ss/2000891.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.195.155.181 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-195-155-181.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/

Response headers

content-type
text/html
date
Wed, 23 Mar 2022 08:53:17 GMT
content-length
0
usync.html
eus.rubiconproject.com/ Frame F224
Redirect Chain
  • https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=17632&endpoint=us-east
  • https://eus.rubiconproject.com/usync.html?p=17632&endpoint=us-east
281 B
554 B 		Document
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.html?p=17632&endpoint=us-east
Requested by
Host: serverbid-sync.nyc3.cdn.digitaloceanspaces.com
URL: https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/ss/2000891.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.89.20.125 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-89-20-125.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/

Response headers

Server
Apache/2.2.15 (CentOS)
Last-Modified
Tue, 14 Dec 2021 23:07:59 GMT
ETag
"40014-119-5d32342a551c0"
Accept-Ranges
bytes
Content-Encoding
gzip
Content-Length
233
Content-Type
text/html; charset=UTF-8
Date
Wed, 23 Mar 2022 08:53:18 GMT
Connection
keep-alive
Vary
Accept-Encoding

Redirect headers

server
AkamaiGHost
content-length
0
location
https://eus.rubiconproject.com/usync.html?p=17632&endpoint=us-east
date
Wed, 23 Mar 2022 08:53:18 GMT
access-control-allow-credentials
true
access-control-allow-origin
*
uc.html
go.sonobi.com/ Frame EDC7 		43 B
573 B 		Document
General
Check archive.org
Download Go to
Full URL
https://go.sonobi.com/uc.html?pubid=e55fb5d7c2
Requested by
Host: serverbid-sync.nyc3.cdn.digitaloceanspaces.com
URL: https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/ss/2000891.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
178.162.133.148 Rijswijk, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
ams-1.go.sonobi.com
Software
sonobi-go /
Resource Hash
bcdf010ba3dc61605c33de9b33e7e76dbc3bb4326dcec49f33970345e517fb25
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/

Response headers

Date
Wed, 23 Mar 2022 08:53:18 GMT
Content-Type
text/html
Transfer-Encoding
chunked
Expires
Sat, 26 Jul 1997 05:00:00 GMT
Cache-Control
no-cache, no-store, private
P3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Pragma
no-cache
Tcn
Choice
Vary
negotiate,Accept-Encoding
X-Go-Server
go-ams-1-7-8
X-Xss-Protection
0
Content-Encoding
gzip
Server
sonobi-go
cm
gift-connect-d.openx.net/w/1.0/ Frame CBEB 		0
83 B 		Document
General
Check archive.org
Download Go to
Full URL
https://gift-connect-d.openx.net/w/1.0/cm?id=fd531c74-f5ed-4e60-8874-939fb2acafa1&r=https%3A%2F%2Fe.serverbid.com%2Fudb%2F9969%2Fsync%2Fi.gif%3FpartnerId%3D19%26userId%3D
Requested by
Host: serverbid-sync.nyc3.cdn.digitaloceanspaces.com
URL: https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/ss/2000891.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/17.2.1 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/

Response headers

vary
Accept, Accept-Encoding
server
OXGW/17.2.1
date
Wed, 23 Mar 2022 08:53:18 GMT
content-type
text/html
content-length
20
content-encoding
gzip
via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame FA59 		15 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156319&userIdMacro=PM_UID&predirect=https%3A%2F%2Fe.serverbid.com%2Fudb%2F9969%2Fsync%2Fi.gif%3FpartnerId%3D4%26userId%3DPM_UID
Requested by
Host: serverbid-sync.nyc3.cdn.digitaloceanspaces.com
URL: https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/ss/2000891.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.218.208.200 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-218-208-200.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/

Response headers

last-modified
Tue, 01 Feb 2022 06:38:00 GMT
etag
"1300708-3de4-5d6ef246ef4cf"
server
Apache/2.2.15 (CentOS)
accept-ranges
bytes
content-encoding
gzip
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length
5549
content-type
text/html; charset=UTF-8
cache-control
max-age=106246
expires
Thu, 24 Mar 2022 14:24:04 GMT
date
Wed, 23 Mar 2022 08:53:18 GMT
vary
Accept-Encoding
i.gif
e.serverbid.com/udb/9969/sync/ Frame 83E6
Redirect Chain
  • https://ib.adnxs.com/getuid?https%3A%2F%2Fe.serverbid.com%2Fudb%2F9969%2Fsync%2Fi.gif%3FpartnerId%3D28%26userId%3D%24UID
  • https://e.serverbid.com/udb/9969/sync/i.gif?partnerId=28&userId=7885811828844822058
0
44 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://e.serverbid.com/udb/9969/sync/i.gif?partnerId=28&userId=7885811828844822058
Requested by
Host: serverbid-sync.nyc3.cdn.digitaloceanspaces.com
URL: https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/ss/2000891.html
Protocol
H2
Server
134.209.129.254 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 23 Mar 2022 08:53:18 GMT
content-length
0

Redirect headers

Pragma
no-cache
Date
Wed, 23 Mar 2022 08:53:18 GMT
X-Proxy-Origin
217.64.151.30; 217.64.151.30; 725.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid
78243618-4b96-4fae-9a06-ea96d334a3f7
Server
nginx/1.21.3
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://e.serverbid.com/udb/9969/sync/i.gif?partnerId=28&userId=7885811828844822058
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
i.gif
e.serverbid.com/udb/9969/sync/ Frame 83E6
Redirect Chain
  • https://ssum-sec.casalemedia.com/usermatchredir?s=185073&cb=https%3A%2F%2Fe.serverbid.com%2Fudb%2F9969%2Fsync%2Fi.gif%3FpartnerId%3D1%26userId%3D
  • https://e.serverbid.com/udb/9969/sync/i.gif?partnerId=1&userId=Yjrf.noNB57K5wdhKQJBxAAA%261115
0
44 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://e.serverbid.com/udb/9969/sync/i.gif?partnerId=1&userId=Yjrf.noNB57K5wdhKQJBxAAA%261115
Requested by
Host: serverbid-sync.nyc3.cdn.digitaloceanspaces.com
URL: https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/ss/2000891.html
Protocol
H2
Server
134.209.129.254 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 23 Mar 2022 08:53:18 GMT
content-length
0

Redirect headers

Pragma
no-cache
Date
Wed, 23 Mar 2022 08:53:18 GMT
Server
Apache
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location
https://e.serverbid.com/udb/9969/sync/i.gif?partnerId=1&userId=Yjrf.noNB57K5wdhKQJBxAAA%261115
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
text/html; charset=iso-8859-1
Content-Length
282
Expires
Wed, 23 Mar 2022 08:53:18 GMT
pixel
ap.lijit.com/ Frame 83E6 		0
277 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ap.lijit.com/pixel?redir=https%3A%2F%2Fe.serverbid.com%2Fudb%2F9969%2Fsync%2Fi.gif%3FpartnerId%3D24%26userId%3D%24UID
Requested by
Host: serverbid-sync.nyc3.cdn.digitaloceanspaces.com
URL: https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/ss/2000891.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
72.251.249.9 Amsterdam, Netherlands, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Access-Control-Allow-Origin
*
Date
Wed, 23 Mar 2022 08:53:18 GMT
Access-Control-Allow-Credentials
true
X-Sovrn-Pod
ad_ap3ams1
Access-Control-Allow-Headers
X-Requested-With, Content-Type
Access-Control-Allow-Methods
GET, POST, DELETE, PUT
usa
sync.go.sonobi.com/ Frame 83E6 		0
474 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.go.sonobi.com/usa?https://e.serverbid.com/udb/9969/sync/i.gif?partnerId=38&userId=
Requested by
Host: serverbid-sync.nyc3.cdn.digitaloceanspaces.com
URL: https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/ss/2000891.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
178.162.133.149 Rijswijk, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
ams-1-sync.go.sonobi.com
Software
sonobi-go /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 23 Mar 2022 08:53:18 GMT
Server
sonobi-go
Vary
negotiate,Accept-Encoding
X-Go-Server
xcp-ams-1-7-9
P3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control
no-cache, no-store, private
Tcn
Choice
Content-Type
text/plain; charset=utf8
Content-Length
0
X-Xss-Protection
0
Expires
Sat, 26 Jul 1997 05:00:00 GMT
i.gif
e.serverbid.com/udb/9969/sync/ Frame 83E6
Redirect Chain
  • https://pixel.advertising.com/ups/56621/occ
  • https://ups.analytics.yahoo.com/ups/56621/occ?apid=UPad9279c9-aa86-11ec-a09e-020390defe0c
  • https://e.serverbid.com/udb/9969/sync/i.gif?partnerId=29&userId=UPad9279c9-aa86-11ec-a09e-020390defe0c
0
44 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://e.serverbid.com/udb/9969/sync/i.gif?partnerId=29&userId=UPad9279c9-aa86-11ec-a09e-020390defe0c
Requested by
Host: serverbid-sync.nyc3.cdn.digitaloceanspaces.com
URL: https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/ss/2000891.html
Protocol
H2
Server
134.209.129.254 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 23 Mar 2022 08:53:18 GMT
content-length
0

Redirect headers

location
https://e.serverbid.com/udb/9969/sync/i.gif?partnerId=29&userId=UPad9279c9-aa86-11ec-a09e-020390defe0c
date
Wed, 23 Mar 2022 08:53:18 GMT
server
ATS/9.1.0.33
age
0
content-length
0
strict-transport-security
max-age=31536000
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
us.gif
sync.go.sonobi.com/ Frame 83E6
Redirect Chain
  • https://e.serverbid.com/udb/9969/match?redir=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Dco%26nuid%3D
  • https://sync.go.sonobi.com/us.gif?nw=co&nuid=ue1-sb1-36e87130-fe31-414b-a1bc-a58b28b6edb3
49 B
513 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.go.sonobi.com/us.gif?nw=co&nuid=ue1-sb1-36e87130-fe31-414b-a1bc-a58b28b6edb3
Requested by
Host: serverbid-sync.nyc3.cdn.digitaloceanspaces.com
URL: https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/ss/2000891.html
Protocol
HTTP/1.1
Server
178.162.133.149 Rijswijk, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
ams-1-sync.go.sonobi.com
Software
sonobi-go /
Resource Hash
8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 23 Mar 2022 08:53:18 GMT
Server
sonobi-go
Vary
negotiate,Accept-Encoding
X-Go-Server
xcp-ams-1-7-129
P3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control
no-cache, no-store, private
Tcn
Choice
Content-Type
image/gif
Content-Length
49
X-Xss-Protection
0
Expires
Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

location
https://sync.go.sonobi.com/us.gif?nw=co&nuid=ue1-sb1-36e87130-fe31-414b-a1bc-a58b28b6edb3
cache-control
no-cache
content-length
0
56939
i6.liadm.com/s/ Frame 83E6
Redirect Chain
  • https://e.serverbid.com/udb/9969/match?redir=https%3A%2F%2Fi.liadm.com%2Fs%2F56939%3Fbidder_id%3D203802%26bidder_uuid%3D
  • https://i.liadm.com/s/56939?bidder_id=203802&bidder_uuid=ue1-sb1-36e87130-fe31-414b-a1bc-a58b28b6edb3
  • https://i.liadm.com/s/56939?bidder_id=203802&bidder_uuid=ue1-sb1-36e87130-fe31-414b-a1bc-a58b28b6edb3&_li_chk=true&previous_uuid=3f2dd594b1c2437ba3daa184b381630a
  • https://i6.liadm.com/s/56939?bidder_id=203802&bidder_uuid=ue1-sb1-36e87130-fe31-414b-a1bc-a58b28b6edb3
43 B
419 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i6.liadm.com/s/56939?bidder_id=203802&bidder_uuid=ue1-sb1-36e87130-fe31-414b-a1bc-a58b28b6edb3
Requested by
Host: serverbid-sync.nyc3.cdn.digitaloceanspaces.com
URL: https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/ss/2000891.html
Protocol
HTTP/1.1
Server
2600:1f18:444a:4602:f850:4eec:7dd:fbc1 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
/
Resource Hash
caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date
Wed, 23 Mar 2022 08:53:18 GMT
Cache-Control
no-store
Connection
keep-alive
Content-Length
43
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Type
image/gif

Redirect headers

Location
https://i6.liadm.com/s/56939?bidder_id=203802&bidder_uuid=ue1-sb1-36e87130-fe31-414b-a1bc-a58b28b6edb3
Date
Wed, 23 Mar 2022 08:53:18 GMT
Connection
keep-alive
Content-Length
0
Strict-Transport-Security
max-age=31536000; includeSubDomains
usync.js
eus.rubiconproject.com/ Frame F224 		32 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.js
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=17632&endpoint=us-east
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.89.20.125 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-89-20-125.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash
6046941efa0656622a5f07faee34cc197eafa53b446e6114bdc7b3e9a1af7023

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/usync.html?p=17632&endpoint=us-east
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date
Wed, 23 Mar 2022 08:53:18 GMT
Content-Encoding
gzip
Last-Modified
Wed, 02 Mar 2022 16:28:01 GMT
Server
Apache/2.2.15 (CentOS)
X-Powered-By
PHP/5.3.3
Vary
Accept-Encoding
p3p
CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control
max-age=49489
Connection
keep-alive
Content-Type
text/html; charset=UTF-8
Content-Length
9539
Expires
Wed, 23 Mar 2022 22:38:07 GMT
13926
g2.gumgum.com/usync/ Frame 8089 		4 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Requested by
Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.194.49.117 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-194-49-117.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
b7912b3e6a6e50cd3a18d24e639fccd0a1d30042b2dd8466f046a21b0ecbcf51

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://public.servenobid.com/

Response headers

date
Wed, 23 Mar 2022 08:53:18 GMT
content-type
text/html;charset=UTF-8
server
nginx
etag
W/"0d718c11b0d83fe2e87358f4866d610b6"
timing-allow-origin
*
content-encoding
gzip
ps
pixel.33across.com/ Frame DEF2 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://pixel.33across.com/ps?m=xch&rt=html&id=0010b00002Mq2FYAAZ&ru=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D304%26uid%3D33XUSERID33X
Requested by
Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
67.202.105.22 , United States, ASN32748 (STEADFAST, US),
Reverse DNS
ip22.67-202-105.static.steadfastdns.net
Software
33XP003 /
Resource Hash

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://public.servenobid.com/

Response headers

x-33x-status
2000208
server
33XP003
date
Wed, 23 Mar 2022 08:53:17 GMT
/
onetag-sys.com/usync/ Frame 08F2 		2 KB
814 B 		Document
General
Check archive.org
Download Go to
Full URL
https://onetag-sys.com/usync/?pubId=694e68b73971b58&gdpr=0&gdpr_consent=&us_privacy=1YN-&https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D318%26uid%3D
Requested by
Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
51.89.9.252 London, United Kingdom, ASN16276 (OVH, FR),
Reverse DNS
ip252.ip-51-89-9.eu
Software
/
Resource Hash
37a31642af0a7fe695ed0fd68a06a55af44e854d083dc7f5d0e70535f0189ae0
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://public.servenobid.com/

Response headers

content-type
text/html
cache-control
no-transform, no-cache
content-encoding
gzip
content-length
731
strict-transport-security
max-age=15552000
sync
ssbsync.smartadserver.com/api/ Frame 5AA9 		619 B
869 B 		Document
General
Check archive.org
Download Go to
Full URL
https://ssbsync.smartadserver.com/api/sync?callerId=9&gdpr=0&gdpr_consent=&us_privacy=1YN-&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D317%26uid%3D%24UID
Requested by
Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
185.86.139.104 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software
/
Resource Hash
e14bf2515da158c68dc4dc46c6b4af1c73fe2e3ba8fba3524881880d0628a990

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://public.servenobid.com/

Response headers

content-length
619
content-type
text/html
date
Wed, 23 Mar 2022 08:53:17 GMT
usermatch
ssum-sec.casalemedia.com/ Frame 00BB 		2 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ssum-sec.casalemedia.com/usermatch?s=195491&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D
Requested by
Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.20.85.164 Milan, Italy, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-20-85-164.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
09dee5f31c58ea276723d34e9bb7556170b5dd1e8098f727900e6b79db0a9763

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://public.servenobid.com/

Response headers

Server
Apache
Content-Type
text/html
Dropped-Udsids
241|39|230|73|51|156|17|221
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Vary
Is-Traffic-Usersync
Expires
Wed, 23 Mar 2022 08:53:18 GMT
Cache-Control
max-age=0, no-cache, no-store
Pragma
no-cache
Date
Wed, 23 Mar 2022 08:53:18 GMT
Content-Length
1554
Connection
keep-alive
sync
ads.servenobid.com/ Frame 23C2
Redirect Chain
  • https://ib.adnxs.com/getuid?https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D312%26uid%3D%24UID
  • https://ads.servenobid.com/sync?pid=312&uid=7885811828844822058
0
344 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ads.servenobid.com/sync?pid=312&uid=7885811828844822058
Requested by
Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol
H2
Server
63.32.154.251 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-63-32-154-251.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://public.servenobid.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 23 Mar 2022 08:53:18 GMT
amp-access-control-allow-source-origin
*
content-type
image/avif;charset=ISO-8859-1
access-control-allow-origin
*
access-control-expose-headers
AMP-Access-Control-Allow-Source-Origin
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials
true
content-length
0

Redirect headers

Pragma
no-cache
Date
Wed, 23 Mar 2022 08:53:18 GMT
X-Proxy-Origin
217.64.151.30; 217.64.151.30; 725.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid
35934ba5-4398-4d53-ba97-f39dd984360f
Server
nginx/1.21.3
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://ads.servenobid.com/sync?pid=312&uid=7885811828844822058
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
sync
ads.servenobid.com/ Frame 23C2
Redirect Chain
  • https://ce.lijit.com/merge?pid=273657&3pid=273657&gdpr=0&gdpr_consent=&us_privacy=1YN-&&location=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D310%26uid%3D%5BSOVRNID%5D
  • https://ce.lijit.com/merge?pid=273657&3pid=273657&gdpr=0&gdpr_consent=&us_privacy=1YN-&location=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D310%26uid%3D%5BSOVRNID%5D&dnr=1
  • https://ads.servenobid.com/sync?pid=310&uid=be4b9180a229236247304b8a
0
347 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ads.servenobid.com/sync?pid=310&uid=be4b9180a229236247304b8a
Requested by
Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol
H2
Server
63.32.154.251 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-63-32-154-251.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://public.servenobid.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 23 Mar 2022 08:53:18 GMT
amp-access-control-allow-source-origin
*
content-type
image/avif;charset=ISO-8859-1
access-control-allow-origin
*
access-control-expose-headers
AMP-Access-Control-Allow-Source-Origin
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials
true
content-length
0

Redirect headers

Pragma
no-cache
Date
Wed, 23 Mar 2022 08:53:18 GMT
P3P
CP="CUR ADM OUR NOR STA NID"
Location
https://ads.servenobid.com/sync?pid=310&uid=be4b9180a229236247304b8a
Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod
ad_ap3ams1
Content-Length
0
Expires
Fri, 20 Mar 2009 00:00:00 GMT
pixel
ap.lijit.com/ Frame 23C2 		0
277 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ap.lijit.com/pixel?pid=273657&3pid=273657&gdpr=0&gdpr_consent=&us_privacy=1YN-&&redir=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D310%26uid%3D%24UID
Requested by
Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
72.251.249.9 Amsterdam, Netherlands, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://public.servenobid.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Access-Control-Allow-Origin
*
Date
Wed, 23 Mar 2022 08:53:18 GMT
Access-Control-Allow-Credentials
true
X-Sovrn-Pod
ad_ap3ams1
Access-Control-Allow-Headers
X-Requested-With, Content-Type
Access-Control-Allow-Methods
GET, POST, DELETE, PUT
rmpssp
sync.1rx.io/usersync2/ Frame 23C2 		0
0
sync
ads.servenobid.com/ Frame 23C2
Redirect Chain
  • https://p.rfihub.com/cm?pub=44007&in=1
  • https://ads.servenobid.com/sync?pid=324&uid=5109685622694528826
0
344 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ads.servenobid.com/sync?pid=324&uid=5109685622694528826
Requested by
Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol
H2
Server
63.32.154.251 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-63-32-154-251.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://public.servenobid.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 23 Mar 2022 08:53:18 GMT
amp-access-control-allow-source-origin
*
content-type
image/avif;charset=ISO-8859-1
access-control-allow-origin
*
access-control-expose-headers
AMP-Access-Control-Allow-Source-Origin
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials
true
content-length
0

Redirect headers

Location
https://ads.servenobid.com/sync?pid=324&uid=5109685622694528826
Date
Wed, 23 Mar 2022 08:53:18 GMT
Server
Jetty(9.3.29.v20201019)
Content-Length
0
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
usa
sync.go.sonobi.com/ Frame 23C2 		0
474 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.go.sonobi.com/usa?loc=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D332%26uid%3D
Requested by
Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
178.162.133.149 Rijswijk, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
ams-1-sync.go.sonobi.com
Software
sonobi-go /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://public.servenobid.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 23 Mar 2022 08:53:18 GMT
Server
sonobi-go
Vary
negotiate,Accept-Encoding
X-Go-Server
xcp-ams-1-7-9
P3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control
no-cache, no-store, private
Tcn
Choice
Content-Type
text/plain; charset=utf8
Content-Length
0
X-Xss-Protection
0
Expires
Sat, 26 Jul 1997 05:00:00 GMT
sync
ads.servenobid.com/ Frame 23C2
Redirect Chain
  • https://prebid.a-mo.net/cchain/0?gdpr=0&gdpr_consent=&us_privacy=1YN-&&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D327%26uid%3D
  • https://ads.servenobid.com/sync?pid=327&uid=0e4a0f67-a119-49bc-85ea-f922d2c0c9f3&gdpr=0&gdpr_consent=&us_privacy=1YN-
0
356 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ads.servenobid.com/sync?pid=327&uid=0e4a0f67-a119-49bc-85ea-f922d2c0c9f3&gdpr=0&gdpr_consent=&us_privacy=1YN-
Requested by
Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol
H2
Server
63.32.154.251 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-63-32-154-251.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://public.servenobid.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 23 Mar 2022 08:53:18 GMT
amp-access-control-allow-source-origin
*
content-type
image/avif;charset=ISO-8859-1
access-control-allow-origin
*
access-control-expose-headers
AMP-Access-Control-Allow-Source-Origin
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials
true
content-length
0

Redirect headers

location
https://ads.servenobid.com/sync?pid=327&uid=0e4a0f67-a119-49bc-85ea-f922d2c0c9f3&gdpr=0&gdpr_consent=&us_privacy=1YN-
date
Wed, 23 Mar 2022 08:53:17 GMT
cache-control
max-age=0, private, must-revalidate
x-envoy-upstream-service-time
1
server
envoy
content-length
0
sync
ads.servenobid.com/ Frame 23C2
Redirect Chain
  • https://ups.analytics.yahoo.com/ups/58559/occ
  • https://ads.servenobid.com/sync?pid=337&uid=y-6sqdysVE2uExSzNHj79I43DBjRfHEZ2dn5QyrG4-~A
0
367 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ads.servenobid.com/sync?pid=337&uid=y-6sqdysVE2uExSzNHj79I43DBjRfHEZ2dn5QyrG4-~A
Requested by
Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol
H2
Server
63.32.154.251 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-63-32-154-251.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://public.servenobid.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 23 Mar 2022 08:53:18 GMT
amp-access-control-allow-source-origin
*
content-type
image/avif;charset=ISO-8859-1
access-control-allow-origin
*
access-control-expose-headers
AMP-Access-Control-Allow-Source-Origin
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials
true
content-length
0

Redirect headers

location
https://ads.servenobid.com/sync?pid=337&uid=y-6sqdysVE2uExSzNHj79I43DBjRfHEZ2dn5QyrG4-~A
date
Wed, 23 Mar 2022 08:53:18 GMT
server
ATS/9.1.0.33
age
0
content-length
0
strict-transport-security
max-age=31536000
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
dcm
s.amazon-adsystem.com/ Frame 00BB
Redirect Chain
  • https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=Yjrf-noNB57K5wdhKQJBxAAABFsAAAAB
  • https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=Yjrf-noNB57K5wdhKQJBxAAABFsAAAAB&dcc=t
43 B
645 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=Yjrf-noNB57K5wdhKQJBxAAABFsAAAAB&dcc=t
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=195491&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D
Protocol
HTTP/1.1
Server
52.46.154.242 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 23 Mar 2022 08:53:18 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
4WGKHYEX6K5N2W9XVMWV
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy
interest-cohort=()
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Wed, 23 Mar 2022 08:53:18 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
TS4J2XWZY7SX8P2J90EV
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=Yjrf-noNB57K5wdhKQJBxAAABFsAAAAB&dcc=t
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy
interest-cohort=()
Connection
keep-alive
Content-Length
0
Expires
Thu, 01 Jan 1970 00:00:00 GMT
casale
match.adsrvr.org/track/cmf/ Frame 00BB 		70 B
264 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.adsrvr.org/track/cmf/casale?gdpr=1
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=195491&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.33.220.150 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a12b7a488abeaa9e4.awsglobalaccelerator.com
Software
/
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 23 Mar 2022 08:53:18 GMT
cache-control
private,no-cache, must-revalidate
x-aspnet-version
4.0.30319
content-type
image/gif
content-length
70
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
pixel
cm.g.doubleclick.net/ Frame 00BB 		170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=Yjrf-noNB57K5wdhKQJBxAAABFsAAAAB&gdpr_consent=&us_privacy=&gdpr=1
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=195491&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 23 Mar 2022 08:53:18 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
Yjrf-noNB57K5wdhKQJBxAAABFsAAAAB
pr-bh.ybp.yahoo.com/sync/casale/ Frame 00BB 		43 B
991 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pr-bh.ybp.yahoo.com/sync/casale/Yjrf-noNB57K5wdhKQJBxAAABFsAAAAB?gdpr_consent=&us_privacy=&gdpr=1
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=195491&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a05:d018:d29:3601:4405:fc16:ad1d:f00e Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
ATS /
Resource Hash
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 23 Mar 2022 08:53:18 GMT
referrer-policy
strict-origin-when-cross-origin
server
ATS
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security
max-age=31536000
content-type
image/gif
x-xss-protection
1; mode=block
content-length
43
x-content-type-options
nosniff
sync
x.bidswitch.net/ Frame 00BB 		43 B
220 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://x.bidswitch.net/sync?ssp=index&gdpr=1
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=195491&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.185.196.75 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-185-196-75.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date
Wed, 23 Mar 2022 08:53:18 GMT
Cache-Control
no-cache, no-store, must-revalidate
Connection
keep-alive
Content-Length
43
Content-Type
image/gif
cookiesync
bttrack.com/pixel/ Frame 00BB 		35 B
380 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bttrack.com/pixel/cookiesync?source=67e94f23-25d6-4008-8236-375d1743c2e0&secure=1
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=195491&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
192.132.33.46 , United States, ASN18568 (BIDTELLECT, US),
Reverse DNS
46.bidtellect.com
Software
Microsoft-IIS/8.5 /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

X-ServerName
Track001-iad
Pragma
no-cache
Date
Wed, 23 Mar 2022 08:53:16 GMT
X-AspNetMvc-Version
5.2
Server
Microsoft-IIS/8.5
X-AspNet-Version
4.0.30319
P3P
CP="CAO DSP COR ADMo DEVo PSAo PSDo HISo IVAo IVDo OUR IND OTC"
Cache-Control
private,no-cache
Content-Type
image/gif
Content-Length
35
Expires
-1
crum
dsum-sec.casalemedia.com/ Frame 00BB
Redirect Chain
  • https://b1sync.zemanta.com/usersync/index/?us_privacy=&gdpr=1&gdpr_consent=
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=17&external_user_id=&gdpr=1
43 B
315 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=17&external_user_id=&gdpr=1
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=195491&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D
Protocol
HTTP/1.1
Server
2.20.85.164 Milan, Italy, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-20-85-164.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 23 Mar 2022 08:53:18 GMT
Server
Apache
Vary
Is-Traffic-Usersync
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Length
43
Expires
Wed, 23 Mar 2022 08:53:18 GMT

Redirect headers

Location
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=17&external_user_id=&gdpr=1
Pragma
no-cache
Date
Wed, 23 Mar 2022 08:53:18 GMT
Cache-Control
no-cache, no-store, must-revalidate
Expires
Thu, 01 Dec 1994 16:00:00 GMT
Content-Length
106
Content-Type
text/html; charset=utf-8
qmap
sync.crwdcntrl.net/ Frame 00BB
Redirect Chain
  • https://sync.crwdcntrl.net/qmap?c=6725&tp=INDX&tpid=Yjrf.noNB57K5wdhKQJBxAAA%261115&gdpr=1&gdpr_consent=&us_privacy=
  • https://sync.crwdcntrl.net/qmap?c=6725&tp=INDX&tpid=Yjrf.noNB57K5wdhKQJBxAAA%261115&gdpr=1&gdpr_consent=&us_privacy=&ct=y
49 B
543 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.crwdcntrl.net/qmap?c=6725&tp=INDX&tpid=Yjrf.noNB57K5wdhKQJBxAAA%261115&gdpr=1&gdpr_consent=&us_privacy=&ct=y
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=195491&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D
Protocol
H2
Server
52.30.140.199 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-30-140-199.eu-west-1.compute.amazonaws.com
Software
Jetty(9.4.38.v20210224) /
Resource Hash
2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 23 Mar 2022 08:53:18 GMT
server
Jetty(9.4.38.v20210224)
p3p
CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin
*
cache-control
no-cache
x-server
10.45.13.85
content-type
image/gif
content-length
49
expires
0

Redirect headers

pragma
no-cache
date
Wed, 23 Mar 2022 08:53:18 GMT
server
Jetty(9.4.38.v20210224)
p3p
CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
location
https://sync.crwdcntrl.net/qmap?c=6725&tp=INDX&tpid=Yjrf.noNB57K5wdhKQJBxAAA%261115&gdpr=1&gdpr_consent=&us_privacy=&ct=y
cache-control
no-cache
x-server
10.45.2.51
content-length
0
expires
0
sync
ads.servenobid.com/ Frame 00BB 		0
356 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ads.servenobid.com/sync?pid=333&uid=Yjrf-noNB57K5wdhKQJBxAAABFsAAAAB
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=195491&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
63.32.154.251 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-63-32-154-251.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 23 Mar 2022 08:53:18 GMT
amp-access-control-allow-source-origin
*
content-type
image/avif;charset=ISO-8859-1
access-control-allow-origin
*
access-control-expose-headers
AMP-Access-Control-Allow-Source-Origin
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials
true
content-length
0
usersync
rtb.gumgum.com/ Frame 8089
Redirect Chain
  • https://secure.adnxs.com/getuid?https://rtb.gumgum.com/usersync?b=apn&i=$UID
  • https://rtb.gumgum.com/usersync?b=apn&i=7885811828844822058
35 B
208 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb.gumgum.com/usersync?b=apn&i=7885811828844822058
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
H2
Server
54.194.49.117 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-194-49-117.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://g2.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 23 Mar 2022 08:53:18 GMT
server
nginx
content-type
image/gif;charset=UTF-8
cache-control
private, no-store, must-revalidate, max-age=0
timing-allow-origin
*
content-length
35
expires
0

Redirect headers

Pragma
no-cache
Date
Wed, 23 Mar 2022 08:53:18 GMT
X-Proxy-Origin
217.64.151.30; 217.64.151.30; 623.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid
f2a34adf-3526-4be7-959f-12d8ac890381
Server
nginx/1.21.3
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://rtb.gumgum.com/usersync?b=apn&i=7885811828844822058
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
usersync
rtb.gumgum.com/ Frame 8089
Redirect Chain
  • https://x.bidswitch.net/sync?ssp=gumgum2&user_id=e_1fdb47d0-ac42-4e51-8e45-825c44522803&gdpr=0&gdpr_consent=&us_privacy=1---
  • https://x.bidswitch.net/ul_cb/sync?ssp=gumgum2&user_id=e_1fdb47d0-ac42-4e51-8e45-825c44522803&gdpr=0&gdpr_consent=&us_privacy=1---
  • https://bidswitch-eu.splicky.com/cm?bidswitch_ssp_id=gumgum2&bsw_custom_parameter=beebf8ce-b9c0-46a0-98dc-69f902b39712
  • https://x.bidswitch.net/sync?dsp_id=311&user_id=&user_group=2&ssp=gumgum2&expires=10&bsw_param=beebf8ce-b9c0-46a0-98dc-69f902b39712
  • https://rtb.gumgum.com/usersync?b=bsw&i=beebf8ce-b9c0-46a0-98dc-69f902b39712
35 B
208 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb.gumgum.com/usersync?b=bsw&i=beebf8ce-b9c0-46a0-98dc-69f902b39712
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
H2
Server
54.194.49.117 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-194-49-117.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://g2.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 23 Mar 2022 08:53:18 GMT
server
nginx
content-type
image/gif;charset=UTF-8
cache-control
private, no-store, must-revalidate, max-age=0
timing-allow-origin
*
content-length
35
expires
0

Redirect headers

Location
//rtb.gumgum.com/usersync?b=bsw&i=beebf8ce-b9c0-46a0-98dc-69f902b39712
Date
Wed, 23 Mar 2022 08:53:18 GMT
Cache-Control
no-cache, no-store, must-revalidate
Connection
keep-alive
Content-Length
0
cookie-sync
sync.outbrain.com/ Frame 8089
Redirect Chain
  • https://sync.outbrain.com/redirectObuid?platformId=GUMGU18H7EL9NI653I7DPEH51&gdpr=0&gdprConsent=&platformRdUrl=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dobn%26i%3D%7BOB_UID%7D%26r%3D%7BobRdUrl%7D
  • https://rtb.gumgum.com/usersync?b=obn&i=ENC%28HgFSHcn2nntWlDev6zEZ1rX7-GT29f2BfaxURfO8xZoaeoEF6EUvcmKYfC7q_FR5%29&r=https%3A%2F%2Fsync.outbrain.com%2FsyncUser%3FplatformId%3D%7Bplatform_id%7D%26pla...
  • https://sync.outbrain.com/syncUser?platformId=GUMGU18H7EL9NI653I7DPEH51&platformUid=e_1fdb47d0-ac42-4e51-8e45-825c44522803&obuid=ENC(HgFSHcn2nntWlDev6zEZ1rX7-GT29f2BfaxURfO8xZoaeoEF6EUvcmKYfC7q_FR5)
  • https://sync.outbrain.com/syncPartner?platformId=GUMGU18H7EL9NI653I7DPEH51
  • https://b1sync.zemanta.com/usersync/outbrain/?puid=HgFSHcn2nntWlDev6zEZ1rX7-GT29f2BfaxURfO8xZoaeoEF6EUvcmKYfC7q_FR5
  • https://sync.outbrain.com/cookie-sync?p=zemanta&uid=GkqupoTjpjztjZryub99
0
292 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.outbrain.com/cookie-sync?p=zemanta&uid=GkqupoTjpjztjZryub99
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
HTTP/1.1
Server
64.202.112.255 Leesburg, United States, ASN23352 (SERVERCENTRAL, US),
Reverse DNS
ny.outbrain.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://g2.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date
Wed, 23 Mar 2022 08:53:19 GMT
Cache-Control
no-cache
X-TraceId
16c8b236f8b0113a3f067676e39a3699
Content-Length
0

Redirect headers

Location
https://sync.outbrain.com/cookie-sync?p=zemanta&uid=GkqupoTjpjztjZryub99
Pragma
no-cache
Date
Wed, 23 Mar 2022 08:53:19 GMT
Cache-Control
no-cache, no-store, must-revalidate
Expires
Thu, 01 Dec 1994 16:00:00 GMT
Content-Length
99
Content-Type
text/html; charset=utf-8
usersync
rtb.gumgum.com/ Frame 8089
Redirect Chain
  • https://us-u.openx.net/w/1.0/cm?_={CACHEBUSTER}&id=47f31213-389c-4904-aaa6-9b11aab9c211&gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dopx%26i%3D
  • https://rtb.gumgum.com/usersync?b=opx&i=2308e372-8a9b-4c76-a3a1-2eb51adfa73f
35 B
208 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb.gumgum.com/usersync?b=opx&i=2308e372-8a9b-4c76-a3a1-2eb51adfa73f
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
H2
Server
54.194.49.117 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-194-49-117.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://g2.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 23 Mar 2022 08:53:18 GMT
server
nginx
content-type
image/gif;charset=UTF-8
cache-control
private, no-store, must-revalidate, max-age=0
timing-allow-origin
*
content-length
35
expires
0

Redirect headers

date
Wed, 23 Mar 2022 08:53:18 GMT
content-encoding
gzip
server
OXGW/17.2.1
vary
Accept, Accept-Encoding
p3p
CP="CUR ADM OUR NOR STA NID"
location
https://rtb.gumgum.com/usersync?b=opx&i=2308e372-8a9b-4c76-a3a1-2eb51adfa73f
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
via
1.1 google
usersync
rtb.gumgum.com/ Frame 8089
Redirect Chain
  • https://sync.srv.stackadapt.com/sync?nid=1&gdpr=0&gdpr_consent=
  • https://rtb.gumgum.com/usersync?b=sta&i=0-899f4cc0-e638-4df4-4f07-ce1eed124909$ip$217.64.151.30
35 B
208 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb.gumgum.com/usersync?b=sta&i=0-899f4cc0-e638-4df4-4f07-ce1eed124909$ip$217.64.151.30
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
H2
Server
54.194.49.117 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-194-49-117.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://g2.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 23 Mar 2022 08:53:18 GMT
server
nginx
content-type
image/gif;charset=UTF-8
cache-control
private, no-store, must-revalidate, max-age=0
timing-allow-origin
*
content-length
35
expires
0

Redirect headers

Location
https://rtb.gumgum.com/usersync?b=sta&i=0-899f4cc0-e638-4df4-4f07-ce1eed124909$ip$217.64.151.30
Date
Wed, 23 Mar 2022 08:53:18 GMT
Connection
keep-alive
Content-Length
122
Content-Type
text/html; charset=utf-8
usersync
rtb.gumgum.com/ Frame 8089
Redirect Chain
  • https://pr-bh.ybp.yahoo.com/sync/gumgum?gdpr=0&gdpr_consent=
  • https://rtb.gumgum.com/usersync?b=oth&i=y-ElhjQA1E2pc3IgtB8PWxvcNuQT_9849DpeE9~A
35 B
208 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb.gumgum.com/usersync?b=oth&i=y-ElhjQA1E2pc3IgtB8PWxvcNuQT_9849DpeE9~A
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
H2
Server
54.194.49.117 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-194-49-117.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://g2.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 23 Mar 2022 08:53:18 GMT
server
nginx
content-type
image/gif;charset=UTF-8
cache-control
private, no-store, must-revalidate, max-age=0
timing-allow-origin
*
content-length
35
expires
0

Redirect headers

date
Wed, 23 Mar 2022 08:53:18 GMT
referrer-policy
strict-origin-when-cross-origin
server
ATS
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security
max-age=31536000
location
https://rtb.gumgum.com/usersync?b=oth&i=y-ElhjQA1E2pc3IgtB8PWxvcNuQT_9849DpeE9~A
x-xss-protection
1; mode=block
content-length
0
x-content-type-options
nosniff
usersync
rtb.gumgum.com/ Frame 8089
Redirect Chain
  • https://sync.ipredictive.com/d/sync/cookie/generic?partner=gumgum&cspid=9&append=1&cb=${ADELPHIC_CACHE_BUSTER}&gdpr=0&gdpr_consent=&us_privacy=1---&redirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%...
  • https://rtb.gumgum.com/usersync?b=vnt&i=af527914-aa86-11ec-b3ae-b9599d422bef
35 B
208 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb.gumgum.com/usersync?b=vnt&i=af527914-aa86-11ec-b3ae-b9599d422bef
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
H2
Server
54.194.49.117 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-194-49-117.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://g2.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 23 Mar 2022 08:53:18 GMT
server
nginx
content-type
image/gif;charset=UTF-8
cache-control
private, no-store, must-revalidate, max-age=0
timing-allow-origin
*
content-length
35
expires
0

Redirect headers

Location
https://rtb.gumgum.com/usersync?b=vnt&i=af527914-aa86-11ec-b3ae-b9599d422bef
Date
Wed, 23 Mar 2022 08:53:17 GMT
Server
Apache-Coyote/1.1
Connection
keep-alive
Content-Length
0
X-CI-RTID
af527915-aa86-11ec-b3ae-b9599d422bef
services
sync.technoratimedia.com/ Frame 8089 		0
293 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.technoratimedia.com/services?srv=cs&pid=65&us_privacy=1---&cb=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dsnc%26i%3D%5BUSER_ID%5D
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
132.226.41.106 Ashburn, United States, ASN31898 (ORACLE-BMC-31898, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://g2.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 23 Mar 2022 08:53:18 GMT
via
1.1 varnish
server
nginx
age
0
access-control-allow-methods
POST,GET,HEAD,OPTIONS
x-varnish
982888786
access-control-allow-origin
https://g2.gumgum.com/
access-control-allow-credentials
true
142
match.deepintent.com/usersync/ Frame 8089 		0
44 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.deepintent.com/usersync/142
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
169.197.150.7 , United States, ASN398989 (DEEPINTENT, US),
Reverse DNS
g.deepintent.com
Software
b /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://g2.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 23 Mar 2022 08:53:18 GMT
content-length
0
server
b
usersync
rtb.gumgum.com/ Frame 8089
Redirect Chain
  • https://b1sync.zemanta.com/usersync/gumgum/?puid=e_1fdb47d0-ac42-4e51-8e45-825c44522803&gdpr=0&gdpr_consent=&us_privacy=1---
  • https://stags.bluekai.com/site/23178?id=GkqupoTjpjztjZryub99&redir=https%3A%2F%2Fb1sync.zemanta.com%2Fusersync%2Fbluekai%2Fcallback%2F%3Fd%3DNB2HI4DTHIXS64TUMIXGO5LNM52W2LTDN5WS65LTMVZHG6LOMM7WEPL2...
  • https://b1sync.zemanta.com/usersync/bluekai/callback/?d=NB2HI4DTHIXS64TUMIXGO5LNM52W2LTDN5WS65LTMVZHG6LOMM7WEPL2MVWSMZLYMNUGC3THMU6WO5LNM52W2JTHMRYHEPJQEZUT2R3LOF2XA32UNJYGU6TUNJNHE6LVMI4TSJTVONPXA...
  • https://rtb.gumgum.com/usersync?b=zem&gdpr=0&i=GkqupoTjpjztjZryub99&us_privacy=1---
35 B
208 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb.gumgum.com/usersync?b=zem&gdpr=0&i=GkqupoTjpjztjZryub99&us_privacy=1---
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
H2
Server
54.194.49.117 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-194-49-117.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://g2.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 23 Mar 2022 08:53:18 GMT
server
nginx
content-type
image/gif;charset=UTF-8
cache-control
private, no-store, must-revalidate, max-age=0
timing-allow-origin
*
content-length
35
expires
0

Redirect headers

Pragma
no-cache
Date
Wed, 23 Mar 2022 08:53:18 GMT
P3p
CP="We do not support P3P header."
Location
https://rtb.gumgum.com/usersync?b=zem&gdpr=0&i=GkqupoTjpjztjZryub99&us_privacy=1---
Cache-Control
no-cache, no-store, must-revalidate
Content-Type
text/html; charset=utf-8
Content-Length
118
Expires
Thu, 01 Dec 1994 16:00:00 GMT
usersync
usersync.gumgum.com/ Frame 8089
Redirect Chain
  • https://ad.360yield.com/server_match?partner_id=N&r=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Didi%26i%3D%7BPUB_USER_ID%7D
  • https://ad.360yield.com/ul_cb/server_match?partner_id=N&r=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Didi%26i%3D%7BPUB_USER_ID%7D
  • https://usersync.gumgum.com/usersync?b=idi&i=134d2cd4-3af3-4192-89a0-b8b7e9fdfa6f
35 B
296 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://usersync.gumgum.com/usersync?b=idi&i=134d2cd4-3af3-4192-89a0-b8b7e9fdfa6f
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
HTTP/1.1
Server
3.248.94.125 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-248-94-125.eu-west-1.compute.amazonaws.com
Software
envoy /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://g2.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 23 Mar 2022 08:53:18 GMT
server
envoy
content-type
image/gif
cache-control
private, no-store, must-revalidate, max-age=0
x-envoy-upstream-service-time
5
x-region
ireland
content-length
35
expires
0

Redirect headers

location
https://usersync.gumgum.com/usersync?b=idi&i=134d2cd4-3af3-4192-89a0-b8b7e9fdfa6f
date
Wed, 23 Mar 2022 08:53:18 GMT
access-control-allow-origin
*
content-type
text/plain
content-length
0
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
floor6&gdpr=0&gdpr_consent=
sync.1rx.io/usersync2/ Frame 8089 		0
0
usersync
rtb.gumgum.com/ Frame 8089
Redirect Chain
  • https://bh.contextweb.com/bh/rtset?pid=558355&ev=1&rurl=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dpln%26i%3D%25%25VGUID%25%25
  • https://rtb.gumgum.com/usersync?b=pln&i=WyXjWJMTPDD2&ev=1&pid=558355
35 B
208 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb.gumgum.com/usersync?b=pln&i=WyXjWJMTPDD2&ev=1&pid=558355
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
H2
Server
54.194.49.117 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-194-49-117.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://g2.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 23 Mar 2022 08:53:18 GMT
server
nginx
content-type
image/gif;charset=UTF-8
cache-control
private, no-store, must-revalidate, max-age=0
timing-allow-origin
*
content-length
35
expires
0

Redirect headers

strict-transport-security
max-age=15768000
server
Jetty(9.4.14.v20181114)
p3p
policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
content-language
de-DE
location
https://rtb.gumgum.com/usersync?b=pln&i=WyXjWJMTPDD2&ev=1&pid=558355
cache-control
private, max-age=0, no-cache, no-store
cw-server
bh-deployment-5799967b4-5jd56
expires
-1
sync
ssbsync.smartadserver.com/api/ Frame 8089 		0
75 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ssbsync.smartadserver.com/api/sync?callerId=15
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
185.86.139.104 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://g2.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 23 Mar 2022 08:53:17 GMT
content-length
0
sync
ads.servenobid.com/ Frame 8089 		0
357 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ads.servenobid.com/sync?pid=309&uid=e_1fdb47d0-ac42-4e51-8e45-825c44522803
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
63.32.154.251 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-63-32-154-251.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://g2.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 23 Mar 2022 08:53:18 GMT
amp-access-control-allow-source-origin
*
content-type
image/avif;charset=ISO-8859-1
access-control-allow-origin
*
access-control-expose-headers
AMP-Access-Control-Allow-Source-Origin
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials
true
content-length
0
usersync
rtb.gumgum.com/ Frame 718D
Redirect Chain
  • https://sync.mathtag.com/sync/img?mt_exid=71&gdpr=0&gdpr_consent=&redir=https%3a%2f%2frtb.gumgum.com%2fusersync%3fb%3dmmh%26i%3d%5bMM_UUID%5d
  • https://rtb.gumgum.com/usersync?b=mmh&i=ed87623a-dffb-4100-90e0-bb28ed7073f6&gdpr=0&gdpr_consent=
35 B
208 B 		Document
General
Check archive.org
Download Go to
Full URL
https://rtb.gumgum.com/usersync?b=mmh&i=ed87623a-dffb-4100-90e0-bb28ed7073f6&gdpr=0&gdpr_consent=
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.194.49.117 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-194-49-117.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://g2.gumgum.com/

Response headers

date
Wed, 23 Mar 2022 08:53:18 GMT
content-type
image/gif;charset=UTF-8
content-length
35
server
nginx
cache-control
private, no-store, must-revalidate, max-age=0
expires
0
pragma
no-cache
timing-allow-origin
*

Redirect headers

Date
Wed, 23 Mar 2022 08:53:18 GMT
Content-Type
image/gif
Content-Length
0
Connection
keep-alive
Keep-Alive
timeout=360
Access-Control-Allow-Origin
*
Server
MT3 4281 354de82 master zrh-pixel-x4 config:1.0.0
Cache-Control
no-cache
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location
https://rtb.gumgum.com/usersync?b=mmh&i=ed87623a-dffb-4100-90e0-bb28ed7073f6&gdpr=0&gdpr_consent=
Expires
Wed, 23 Mar 2022 08:53:17 GMT
usersync
usersync.gumgum.com/ Frame 17B0
Redirect Chain
  • https://sync-tm.everesttech.net/upi/pid/URnmbSKM?redir=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Datm%26i%3D%24%7BTM_USER_ID%7D&gdpr=0&gdpr_consent=
  • https://usersync.gumgum.com/usersync?b=atm&i=Yjrf9wAAAGHUlwP7&gdpr=0&gdpr_consent=
35 B
296 B 		Document
General
Check archive.org
Download Go to
Full URL
https://usersync.gumgum.com/usersync?b=atm&i=Yjrf9wAAAGHUlwP7&gdpr=0&gdpr_consent=
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.248.94.125 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-248-94-125.eu-west-1.compute.amazonaws.com
Software
envoy /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://g2.gumgum.com/

Response headers

cache-control
private, no-store, must-revalidate, max-age=0
expires
0
pragma
no-cache
content-type
image/gif
content-length
35
date
Wed, 23 Mar 2022 08:53:18 GMT
x-envoy-upstream-service-time
5
x-region
ireland
server
envoy

Redirect headers

server
Varnish
retry-after
0
location
https://usersync.gumgum.com/usersync?b=atm&i=Yjrf9wAAAGHUlwP7&gdpr=0&gdpr_consent=
accept-ranges
bytes
date
Wed, 23 Mar 2022 08:53:18 GMT
via
1.1 varnish
x-served-by
cache-hhn4051-HHN
x-cache
HIT
x-cache-hits
0
x-timer
S1648025598.202410,VS0,VE0
cache-control
no-cache
pragma
no-cache
content-length
0
pixel
cm.g.doubleclick.net/ Frame 1A98 		170 B
188 B 		Document
General
Check archive.org
Download Go to
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=gumgum_dbm&google_hm=ZV8xZmRiNDdkMC1hYzQyLTRlNTEtOGU0NS04MjVjNDQ1MjI4MDM=&gdpr=0&gdpr_consent=
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://g2.gumgum.com/

Response headers

content-type
image/png
date
Wed, 23 Mar 2022 08:53:18 GMT
pragma
no-cache
expires
Fri, 01 Jan 1990 00:00:00 GMT
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
server
HTTP server (unknown)
content-length
170
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame AE36 		15 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=0&gdprConsent=
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.218.208.200 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-218-208-200.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://g2.gumgum.com/

Response headers

last-modified
Tue, 01 Feb 2022 06:38:00 GMT
etag
"1300708-3de4-5d6ef246ef4cf"
server
Apache/2.2.15 (CentOS)
accept-ranges
bytes
content-encoding
gzip
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length
5549
content-type
text/html; charset=UTF-8
cache-control
max-age=106246
expires
Thu, 24 Mar 2022 14:24:04 GMT
date
Wed, 23 Mar 2022 08:53:18 GMT
vary
Accept-Encoding
/
ssc-cms.33across.com/ps/ Frame 9B6A 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://ssc-cms.33across.com/ps/?m=xch&rt=html&id=0013300001r0t9mAAA&ru=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dtta%26i%3D33XUSERID33X
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
67.202.105.22 , United States, ASN32748 (STEADFAST, US),
Reverse DNS
ip22.67-202-105.static.steadfastdns.net
Software
33XP001 /
Resource Hash

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://g2.gumgum.com/

Response headers

x-33x-status
2000208
server
33XP001
date
Wed, 23 Mar 2022 08:53:17 GMT
usersync
rtb.gumgum.com/ Frame 8C25
Redirect Chain
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=gumgum&ttd_tpi=1&gdpr=0&gdpr_consent=
  • https://rtb.gumgum.com/usersync?b=ttd&i=962dd896-ae01-413a-80d7-db66f5020af3&t=1650617598
35 B
208 B 		Document
General
Check archive.org
Download Go to
Full URL
https://rtb.gumgum.com/usersync?b=ttd&i=962dd896-ae01-413a-80d7-db66f5020af3&t=1650617598
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.194.49.117 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-194-49-117.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://g2.gumgum.com/

Response headers

date
Wed, 23 Mar 2022 08:53:18 GMT
content-type
image/gif;charset=UTF-8
content-length
35
server
nginx
cache-control
private, no-store, must-revalidate, max-age=0
expires
0
pragma
no-cache
timing-allow-origin
*

Redirect headers

date
Wed, 23 Mar 2022 08:53:18 GMT
content-type
text/html
content-length
209
location
https://rtb.gumgum.com/usersync?b=ttd&i=962dd896-ae01-413a-80d7-db66f5020af3&t=1650617598
cache-control
private,no-cache, must-revalidate
pragma
no-cache
x-aspnet-version
4.0.30319
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
usync.html
eus.rubiconproject.com/ Frame B5F6
Redirect Chain
  • https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=gumgum
  • https://eus.rubiconproject.com/usync.html?p=gumgum
281 B
554 B 		Document
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.html?p=gumgum
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.89.20.125 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-89-20-125.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://g2.gumgum.com/

Response headers

Server
Apache/2.2.15 (CentOS)
Last-Modified
Tue, 14 Dec 2021 23:07:59 GMT
ETag
"40014-119-5d32342a551c0"
Accept-Ranges
bytes
Content-Encoding
gzip
Content-Length
233
Content-Type
text/html; charset=UTF-8
Date
Wed, 23 Mar 2022 08:53:18 GMT
Connection
keep-alive
Vary
Accept-Encoding

Redirect headers

server
AkamaiGHost
content-length
0
location
https://eus.rubiconproject.com/usync.html?p=gumgum
date
Wed, 23 Mar 2022 08:53:18 GMT
access-control-allow-credentials
true
access-control-allow-origin
*
um
cs.emxdgt.com/ Frame A30A 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://cs.emxdgt.com/um?redirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Demx%26i%3D%24UID
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.195.155.181 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-195-155-181.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://g2.gumgum.com/

Response headers

content-type
text/html
date
Wed, 23 Mar 2022 08:53:17 GMT
content-length
0
usersync
rtb.gumgum.com/ Frame 63AF
Redirect Chain
  • https://tg.socdm.com/aux/idsync?proto=gumgum
  • https://rtb.gumgum.com/usersync?b=sus&i=Yjrf-sCo8XYAAFCE0IEAAAAA
35 B
208 B 		Document
General
Check archive.org
Download Go to
Full URL
https://rtb.gumgum.com/usersync?b=sus&i=Yjrf-sCo8XYAAFCE0IEAAAAA
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.194.49.117 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-194-49-117.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://g2.gumgum.com/

Response headers

date
Wed, 23 Mar 2022 08:53:19 GMT
content-type
image/gif;charset=UTF-8
content-length
35
server
nginx
cache-control
private, no-store, must-revalidate, max-age=0
expires
0
pragma
no-cache
timing-allow-origin
*

Redirect headers

Server
nginx
Date
Wed, 23 Mar 2022 08:53:18 GMT
Content-Length
0
Connection
keep-alive
Cache-Control
private
Location
https://rtb.gumgum.com/usersync?b=sus&i=Yjrf-sCo8XYAAFCE0IEAAAAA
P3P
CP="See also http://www.scaleout.jp/privacy/"
X-SO-Ads-Time
2
X-SO-HostName
m-ad287.dc4p.scaleout.jp
X-SO-LB-Hostname
m-tgng18.dc4p.scaleout.jp
X-SO-LB-Data
{"ban":false,"clean_query":"\/aux\/idsync?proto=gumgum","cluster_id":31,"gdpr":true,"ipv4":"0.0.0.0","key":"Yjrf-sCo8XYAAFCE0IEAAAAA","privacy_sensitive":true,"uid":"","upstream_id":"m-ad287"}
X-SO-Key
Yjrf-sCo8XYAAFCE0IEAAAAA
X-SO-IP
217.64.151.30
X-SO-Cluster-ID
31
X-SO-Upstream-ID
m-ad287
usersync
rtb.gumgum.com/ Frame 81D7
Redirect Chain
  • https://creativecdn.com/cm-notify?pi=gumgum
  • https://creativecdn.com/cm-notify?pi=gumgum&tc=1
  • https://rtb.gumgum.com/usersync?b=rth&i=BVHCmpEv01LIZbWN00PA&pi=gumgum&tc=1
35 B
208 B 		Document
General
Check archive.org
Download Go to
Full URL
https://rtb.gumgum.com/usersync?b=rth&i=BVHCmpEv01LIZbWN00PA&pi=gumgum&tc=1
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.194.49.117 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-194-49-117.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://g2.gumgum.com/

Response headers

date
Wed, 23 Mar 2022 08:53:18 GMT
content-type
image/gif;charset=UTF-8
content-length
35
server
nginx
cache-control
private, no-store, must-revalidate, max-age=0
expires
0
pragma
no-cache
timing-allow-origin
*

Redirect headers

date
Wed, 23 Mar 2022 08:53:18 GMT Wed, 23 Mar 2022 08:53:18 GMT
location
https://rtb.gumgum.com/usersync?b=rth&i=BVHCmpEv01LIZbWN00PA&pi=gumgum&tc=1
cache-control
no-cache, no-store, must-revalidate, private, max-age=0
pragma
no-cache
expires
Thu, 01 Jan 1970 00:00:00 GMT
content-length
0
sync.php
pixel-us-east.rubiconproject.com/exchange/ Frame F224 		0
239 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel-us-east.rubiconproject.com/exchange/sync.php?p=17632&khaos=L13BVWZ9-1T-7EZD
Requested by
Host: serverbid-sync.nyc3.cdn.digitaloceanspaces.com
URL: https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/ss/2000891.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
69.173.151.100 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost
af308bb17a856a105b8c87aaae7d7f8c
Content-Type
image/gif
usync.js
eus.rubiconproject.com/ Frame B5F6 		32 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.js
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=gumgum
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.89.20.125 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-89-20-125.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash
6046941efa0656622a5f07faee34cc197eafa53b446e6114bdc7b3e9a1af7023

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/usync.html?p=gumgum
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date
Wed, 23 Mar 2022 08:53:18 GMT
Content-Encoding
gzip
Last-Modified
Wed, 02 Mar 2022 16:28:01 GMT
Server
Apache/2.2.15 (CentOS)
X-Powered-By
PHP/5.3.3
Vary
Accept-Encoding
p3p
CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control
max-age=49489
Connection
keep-alive
Content-Type
text/html; charset=UTF-8
Content-Length
9539
Expires
Wed, 23 Mar 2022 22:38:07 GMT
sync
ads.servenobid.com/ Frame 5AA9 		0
345 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ads.servenobid.com/sync?pid=317&uid=6877251438818989466&gdpr=0&gdpr_consent=
Requested by
Host: ssbsync.smartadserver.com
URL: https://ssbsync.smartadserver.com/api/sync?callerId=9&gdpr=0&gdpr_consent=&us_privacy=1YN-&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D317%26uid%3D%24UID
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
63.32.154.251 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-63-32-154-251.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ssbsync.smartadserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 23 Mar 2022 08:53:18 GMT
amp-access-control-allow-source-origin
*
content-type
image/avif;charset=ISO-8859-1
access-control-allow-origin
*
access-control-expose-headers
AMP-Access-Control-Allow-Source-Origin
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials
true
content-length
0
smartadserver
cs.admanmedia.com/sync/ Frame 5AA9 		0
225 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cs.admanmedia.com/sync/smartadserver?us_privacy=&coppa=&gdpr=0&gdpr_consent=
Requested by
Host: ssbsync.smartadserver.com
URL: https://ssbsync.smartadserver.com/api/sync?callerId=9&gdpr=0&gdpr_consent=&us_privacy=1YN-&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D317%26uid%3D%24UID
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
88.214.206.142 , United Kingdom, ASN46636 (NATCOWEB, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Frame-Options DENY

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ssbsync.smartadserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date
Wed, 23 Mar 2022 08:53:18 GMT
Strict-Transport-Security
max-age=63072000; includeSubdomains; preload
Server
nginx
Connection
keep-alive
X-Frame-Options
DENY
Content-Type
text/plain
/
rtb-csync.smartadserver.com/redir/ Frame 5AA9
Redirect Chain
  • https://c1.adform.net/serving/cookie/match?party=10&sspurl=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D22%26partneruserid%3DYOUR_USER_ID&gdpr=0&gdpr_consent=
  • https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=22&partneruserid=1869514360088373970&gdpr=0&gdpr_consent=
43 B
408 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=22&partneruserid=1869514360088373970&gdpr=0&gdpr_consent=
Requested by
Host: ssbsync.smartadserver.com
URL: https://ssbsync.smartadserver.com/api/sync?callerId=9&gdpr=0&gdpr_consent=&us_privacy=1YN-&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D317%26uid%3D%24UID
Protocol
HTTP/1.1
Server
185.86.137.132 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software
/
Resource Hash
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ssbsync.smartadserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 23 Mar 2022 08:53:17 GMT
cache-control
no-cache,no-store
content-type
image/gif
transfer-encoding
chunked
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"

Redirect headers

pragma
no-cache
date
Wed, 23 Mar 2022 08:53:18 GMT
server
nginx
location
https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=22&partneruserid=1869514360088373970&gdpr=0&gdpr_consent=
access-control-max-age
86400
access-control-allow-methods
GET
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length
0
expires
-1
/
rtb-csync.smartadserver.com/redir/ Frame 5AA9
Redirect Chain
  • https://dsp.adfarm1.adition.com/cookie/?ssp=5&gdpr=0&gdpr_consent=
  • https://rtb-csync.smartadserver.com/redir/?partnerid=49&partneruserid=7078216046387067029&gdpr=0&gdpr_consent=
43 B
408 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb-csync.smartadserver.com/redir/?partnerid=49&partneruserid=7078216046387067029&gdpr=0&gdpr_consent=
Requested by
Host: ssbsync.smartadserver.com
URL: https://ssbsync.smartadserver.com/api/sync?callerId=9&gdpr=0&gdpr_consent=&us_privacy=1YN-&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D317%26uid%3D%24UID
Protocol
HTTP/1.1
Server
185.86.137.132 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software
/
Resource Hash
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ssbsync.smartadserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 23 Mar 2022 08:53:17 GMT
cache-control
no-cache,no-store
content-type
image/gif
transfer-encoding
chunked
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"

Redirect headers

Location
https://rtb-csync.smartadserver.com/redir/?partnerid=49&partneruserid=7078216046387067029&gdpr=0&gdpr_consent=
Date
Wed, 23 Mar 2022 08:53:18 GMT
Server
nginx
Connection
keep-alive
Transfer-Encoding
chunked
p3p
policyref="http://imagesrv.adition.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"
/
rtb-csync.smartadserver.com/redir/ Frame 5AA9
Redirect Chain
  • https://pixel.quantserve.com/pixel/p-EtBqU4Lj3YbAv.gif?idmatch=0&gdpr=0&gdpr_consent=
  • https://rtb-csync.smartadserver.com/redir/?partnerid=80&&partneruserid=6nmzPLgt5mXxfbhtv3-tOOkp5mTxKLU76Hq-4mja
43 B
163 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb-csync.smartadserver.com/redir/?partnerid=80&&partneruserid=6nmzPLgt5mXxfbhtv3-tOOkp5mTxKLU76Hq-4mja
Requested by
Host: ssbsync.smartadserver.com
URL: https://ssbsync.smartadserver.com/api/sync?callerId=9&gdpr=0&gdpr_consent=&us_privacy=1YN-&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D317%26uid%3D%24UID
Protocol
HTTP/1.1
Server
185.86.137.132 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software
/
Resource Hash
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ssbsync.smartadserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 23 Mar 2022 08:53:17 GMT
transfer-encoding
chunked
content-type
image/gif

Redirect headers

pragma
no-cache
date
Wed, 23 Mar 2022 08:53:18 GMT
strict-transport-security
max-age=86400
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
location
https://rtb-csync.smartadserver.com/redir/?partnerid=80&&partneruserid=6nmzPLgt5mXxfbhtv3-tOOkp5mTxKLU76Hq-4mja
cache-control
private, no-cache, no-store, proxy-revalidate
content-length
0
expires
Fri, 04 Aug 1978 12:00:00 GMT
st
capi-tier-1-us-east-2.connatix.com/tr/ Frame 897B 		0
315 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://capi-tier-1-us-east-2.connatix.com/tr/st?v=155403
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.223.60.0 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-223-60-0.us-east-2.compute.amazonaws.com
Software
Kestrel /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type
multipart/form-data

Response headers

date
Wed, 23 Mar 2022 08:53:17 GMT
content-encoding
gzip
server
Kestrel
vary
Accept-Encoding
content-type
application/x-protobuf
access-control-allow-origin
https://threatpost.com
access-control-allow-credentials
true
Connection
keep-alive
Content-Length
20
sync.php
pixel.rubiconproject.com/exchange/ Frame B5F6 		0
239 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.rubiconproject.com/exchange/sync.php?p=gumgum&khaos=L13BVWZ9-1T-7EZD
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
69.173.144.138 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost
4cdacfaa68e4ab216fffbcc107c5b898
Content-Type
image/gif
async_usersync
ib.adnxs.com/ Frame AB8B 		0
743 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/async_usersync?cbfn=queuePixels
Requested by
Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.221.52 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
725.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://acdn.adnxs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 23 Mar 2022 08:53:18 GMT
X-Proxy-Origin
217.64.151.30; 217.64.151.30; 725.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid
dadbe103-33a3-4cd1-8f03-93f88d041d5b
Server
nginx/1.21.3
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
sync.1rx.io
URL
https://sync.1rx.io/usersync2/rmpssp?sub=duration&redir=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D321%26uid%3D%5BRX_UUID%5D
Domain
sync.1rx.io
URL
https://sync.1rx.io/usersync2/floor6&gdpr=0&gdpr_consent=

Verdicts & Comments Add Verdict or Comment

416 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| 6 object| 7 object| 8 object| 9 object| 10 object| 11 object| 12 object| 13 object| 14 object| 15 object| 16 object| 17 object| 18 object| 19 object| 20 object| 21 object| 22 object| 23 object| 24 object| 25 object| 26 function| structuredClone object| oncontextlost object| oncontextrestored object| gform string| gAMP_urlhost string| gAMP_urlpath string| gAMP_urlquery string| gAMP_contentid string| gAMP_category string| gAMP_contenttags number| kPrebidTimeout number| kRefreshPollTime number| gRefreshCount number| gOXRefreshCount boolean| gRefreshDebug boolean| gPrebidDebug boolean| gTrackVisibility boolean| gLazyLoad boolean| gTrackPageVisibility number| k30SecondRefreshInterval number| k60SecondRefreshInterval number| k90SecondRefreshInterval number| k120SecondRefreshInterval number| k180SecondRefreshInterval number| k999SecondRefreshInterval number| kDoNotRefresh number| kDefaultRefreshInterval object| gSChainNodes undefined| gGDPR_forceLocale boolean| gGDPR_silentNoConsent boolean| gGDPR_forceNoConsent object| gGDPR_NonTCFVendors string| gGDPR_publisherCountryCode string| gGDPR_logoURL string| gGDPR_privacyPolicyURL string| kAmazonPublisherID object| ad728x90ATF object| ad300x250ATF object| ad300x250ATF2 object| ad728x90ATFTAB object| ad728x90STICKY object| ad300x250ATFTAB object| ad300x250ATF2TAB object| ad320x50ATF object| ad300x250ATFM object| ad300x250ATF2M object| ad2x2skin object| adGoogleAdXInterstitial number| gBrowserWidth object| desktopAdUnits object| tabletAdUnits object| mobileAdUnits object| gAllSlotData number| gAllSlotCount function| _0x2484c2 object| gRefreshSlots object| gRefreshIDs object| gRefreshTimes object| gRefreshIntervals object| gThisRefreshIDs object| gThisRefreshSlots boolean| gInitialLoad object| gIntersectionObserver object| gPBJSTimeoutTimer object| gAmazonSlots object| gAmazonBids boolean| gAmazonBidsBack boolean| gPrebidBidsBack object| googletag object| pbjs function| _0x47b6 boolean| gHasGDPRCMP object| gGDPRTCData function| amp_getBidsForAllChannels function| amp_dumpBids function| amp_dumpWins function| amp_dumpTable function| amp_getBestBids function| sendAdserverRequest function| _0x4815 function| checkIfAllBidsBack function| amazonBidsBack function| pbjsBidsBack function| bidsTimeout function| scheduleConsentUpdates function| sendBidRequests function| doSendBidRequests function| amp_refreshAllSlots function| amp_refreshSlots function| refreshAdSlots function| attachCloseBoxSVG function| configureAdSlot function| getCookie object| apstag function| cnx function| $ function| jQuery object| gdprDynamicStrings object| gdprStrings object| kss object| sNew object| s0 object| dataLayer boolean| jQueryMigrateHelperHasSentDowngrade object| cnx_usr_storage object| Lzag6q2 function| Lzag6q3 object| xop object| ggeac object| google_js_reporting_queue boolean| apstagLOADED function| __uspapi function| __uspOpenUI object| google_tag_manager function| postscribe object| google_tag_manager_external function| pbjsChunk object| _pbjsGlobals object| ADAGIO string| nobidVersion object| nobid object| FontAwesomeConfig object| ___FONT_AWESOME___ function| __tcfapi object| __cmpAPI object| __GVL object| __cmpTCModel function| __cmpOpenUI object| MZ1D6o2 function| MZ1D6o3 function| xblocker boolean| creativeVendorLibraryLoaded object| google_tag_data string| GoogleAnalyticsObject function| ga object| _qevents function| twq object| ___grecaptcha_cfg object| grecaptcha string| __recaptcha_api boolean| __google_recaptcha_client object| kasperskyDynamicaReCaptchaData object| jQuery1124007435576714710068 object| kaspersky object| prmOm object| omPlatformsSettings function| trackKLReferrer function| trackTrialSubmit function| trackFraud function| getFilename function| trackFile function| trackTrial function| trackTrialKMS function| trackPU function| trackPU2 function| trackDoc function| trackBeta function| trackDBUpdate function| trackDRFile function| trackLink function| trackCountrySelector function| trackLRC function| trackIPP function| trackPage function| trackLRCFallback function| trackMaxymiser function| trackAuditories function| trackCroSegment function| trackCta function| trackDownload function| trackEvent function| trackExit function| trackForm function| trackGoToPayment function| trackChangePaymentMethod function| trackLena function| trackMarketLincGroup function| trackMarketLincVisitor function| trackPageView function| trackPageViewOnLoad function| trackPartnerLocatorSearchEvent function| trackProductView function| trackRegistration function| trackSaleButton function| trackSignin function| trackSignIn function| trackUpsellPage function| omSetContext function| omSetOmnitureParameters function| omChooseCookieDomain function| omGetAbsoluteUrl function| omGetBusinessType function| omGetGoogleAnalyticsClientId function| omGetHostName function| omGetOrigin function| omGetPageNameFromPath function| omGetQueryParam function| omReadCookie function| omRemoveAllUrlParameters function| omRemoveAllUrlParametersForDownloads function| omRemoveUrlParameter function| omRemoveCookie function| omSafeParseJson function| omSetCookie function| omSetInp function| removeHashFromString function| omPushEventToDataLayer function| omCreateEventParamsObj function| omPushTrackingObjectToDataLayer function| omPrepareProductsString function| omHandleClick function| omHandleMessage function| e object| sng object| s object| visitorConfigObj function| AppMeasurement function| s_gi function| s_pgicq object| adobe function| Visitor object| s_c_il number| s_c_in object| _uxa number| s_objectID number| s_giq object| player_instance_024c02e14acb44b2857048b2ee4126a2 object| cnxEnfStorage function| cnxsetTimeout function| cnxsetInterval object| cnxPlugins object| x0G6GL function| x0G6GC function| xblacklist object| runtime object| regeneratorRuntime function| setImmediate function| clearImmediate object| wp function| sprintf function| vsprintf undefined| google_measure_js_timing object| google_reactive_ads_global_state object| gform_i18n object| gf_global object| gf_legacy_multi object| gf_legacy function| announceAJAXValidationErrors function| gformBindFormatPricingFields function| Currency function| gformCleanNumber function| gformGetDecimalSeparator function| gformIsNumber function| gformIsNumeric function| gformDeleteUploadedFile object| _gformPriceFields undefined| _anyProductSelected function| gformIsHidden function| gformCalculateTotalPrice function| gformUpdateTotalFieldPrice function| gformGetShippingPrice function| gformGetFieldId function| gformCalculateProductPrice function| gformGetProductQuantity function| gformIsProductSelected function| gformGetBasePrice function| gformFormatMoney function| gformFormatPricingField function| gformToNumber function| gformGetPriceDifference function| gformGetOptionLabel function| gformGetProductIds function| gformGetPrice function| gformRoundPrice function| gformRegisterPriceField function| gformInitPriceFields function| gformShowPasswordStrength function| gformPasswordStrength function| gformToggleShowPassword function| gformToggleCheckboxes function| gformToggleRadioOther function| gformAddListItem function| gformDeleteListItem function| gformAdjustClasses function| gformAdjustRowAttributes function| gformToggleIcons function| gformAddRepeaterItem function| gformDeleteRepeaterItem function| gformResetRepeaterAttributes function| gformToggleRepeaterButtons function| gformMatchCard function| gformFindCardType function| gformToggleCreditCard function| gformInitChosenFields function| gformInitCurrencyFormatFields function| GFMergeTag function| GFCalc undefined| __gf_keyup_timeout function| gformFormatNumber function| getMatchGroups function| gf_get_field_number_format function| gformValidateFileSize function| gformInitSpinner function| gformAddSpinner function| gformReInitTinymceInstance function| gf_raw_input_change function| gf_get_input_id_by_html_id function| gf_get_form_id_by_html_id function| gf_get_ids_by_html_id function| gf_input_change function| gformExtractFieldId function| gformExtractInputIndex function| rgars function| rgar function| HandleUnsavedChanges function| renderRecaptcha function| gformIsRecaptchaPending object| gfMultiFileUploader undefined| __gf_timeout_handle function| gf_apply_rules function| gf_check_field_rule function| gf_get_field_logic function| gf_apply_field_rule function| gf_get_field_action function| gf_is_match function| gf_is_match_checkable function| gf_is_checkable_empty function| gf_is_match_default function| gf_format_number function| gf_try_convert_float function| gf_matches_operation function| gf_get_value function| gf_do_field_action function| gf_do_next_button_action function| gf_do_action function| gf_reset_to_default function| gf_is_hidden_pricing_input object| Placeholders object| gf_form_conditional_logic string| gf_number_format function| do_callback object| PublisherCommonId function| gtag object| ID5 function| quantserve function| __qc object| ezt object| _qoptions function| qtrack object| twttr object| gaplugins object| gaGlobal object| gaData object| recaptcha number| google_global_correlator function| onYouTubeIframeAPIReady function| cnxProxyTask object| closure_lm_146429 object| sas object| apntag object| _ADAGIO string| main_loc object| in_domain object| locale_out undefined| url_path_start_latam undefined| locale_out_latam string| firstPart undefined| locale object| url_path_start undefined| domain_loc function| SetCookie string| newCookieValue string| _linkedin_data_partner_id object| googleToken object| googleIMState function| processGoogleToken number| google_unique_id object| GoogleGcLKhOms function| lintrk boolean| _already_called_lintrk object| s_i_kaspersky-single-suite object| ONFOCUS boolean| DFPSFMessageEnabled object| ampInaboxIframes object| ampInaboxPendingMessages object| google_image_requests object| ampInaboxPositionObserver object| ampInaboxFrameOverlayManager function| cnxAddEventListener

100 Cookies

Domain/Path Name / Value
.3lift.com/sync Name: sync
Value: CgoIoQEQ7e3rr_svCgoIgQIQ7e3rr_svCgoI4gEQ7e3rr_svCgoI5gEQ7e3rr_svCgoIhwIQ7e3rr_svCgkICRDt7euv-y8KCQg6EO3t66_7LwoJCAsQ7e3rr_svCgoIjAIQ7e3rr_svCgkIXxDt7euv-y8=
i.liadm.com/s Name: _li_ss
Value: MgkI_____wcQ8BE
.threatpost.com/ Name: _cs_mk
Value: 0.6511754912105747_1648025591705
.demdex.net/ Name: demdex
Value: 36674683789198166813550287922905169188
.threatpost.com/ Name: AMCVS_983502BE532960BE0A490D4C%40AdobeOrg
Value: 1
.everesttech.net/ Name: everest_g_v2
Value: g_surferid~Yjrf9wAAAGHUlwP7
.dpm.demdex.net/ Name: dpm
Value: 36674683789198166813550287922905169188
.threatpost.com/ Name: _gid
Value: GA1.2.1581084601.1648025592
.threatpost.com/ Name: _gat_UA-35676203-21
Value: 1
.rubiconproject.com/ Name: khaos
Value: L13BVWZ9-1T-7EZD
.rubiconproject.com/ Name: audit
Value: 1|hLZGFuTafB1cpNLnm6OcGCAkF7RiBdb4AgvEG2sPPZq/zJBpTbUTS0sKysMnMzLub05ecXDiI+jhlI2uKWkDtsxuhZpbWKLtINWY3Pa16NE=
.adnxs.com/ Name: icu
Value: ChgIzLJhEAoYASABKAEw97_rkQY4AUABSAEQ97_rkQYYAA..
.adnxs.com/ Name: uuid2
Value: 7885811828844822058
e.serverbid.com/ Name: azk
Value: ue1-sb1-36e87130-fe31-414b-a1bc-a58b28b6edb3
.t.co/ Name: muc_ads
Value: e976a3b9-5697-4d7d-a1e1-f83317fec4b0
.threatpost.com/ Name: AMCV_983502BE532960BE0A490D4C%40AdobeOrg
Value: 1585540135%7CMCIDTS%7C19075%7CMCMID%7C43773785847027393794548580237456872318%7CMCAAMLH-1648630391%7C6%7CMCAAMB-1648630391%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1648032792s%7CNONE%7CMCAID%7CNONE%7CMCSYNCSOP%7C411-19082%7CvVersion%7C4.4.0
threatpost.com/ Name: usprivacy
Value: 1---
.quantserve.com/ Name: mc
Value: 623adff8-680c4-e5bf9-c5f41
threatpost.com/ Name: _pbjs_userid_consent_data
Value: 6683316680106290
.threatpost.com/ Name: _pubcid
Value: 0799785b-0b09-4bd7-9e0c-f6b0b6a89584
.threatpost.com/ Name: __qca
Value: P0-686673234-1648025592820
.threatpost.com/ Name: _gat_UA-63997723-2
Value: 1
threatpost.com/ Name: CookieConsent
Value: {stamp:1349786355=='|Cnecessary:true|Cpreferences:true|Cstatistics:true|Cmarketing:true|Cver:1|Cutc:1030020886|Cregion:'not_gdpr'}
.openx.net/ Name: i
Value: 0799785b-0b09-4bd7-9e0c-f6b0b6a89584|1648025592
prebid.a-mo.net/ Name: __amc
Value: 2_1648025591_1648025592
.threatpost.com/ Name: _gcl_au
Value: 1.1.1351215056.1648025593
.linkedin.com/ Name: UserMatchHistory
Value: AQICjrJqeq8L0wAAAX-1-uQS9g0WoXsh9YCnqVwavOMuMioIgxFz2RkNFLs30KlLEezDWBT6HOwMgg
.linkedin.com/ Name: AnalyticsSyncHistory
Value: AQJN5JPx31qlYgAAAX-1-uQSjHV2mqVj9_gCDzJZ78S88MplgNyjnU7ztwnPKl45YhMdPVYj6oqx6SmpYiDsJQ
.ads.linkedin.com/ Name: lang
Value: v=2&lang=en-us
.linkedin.com/ Name: bcookie
Value: "v=2&a1b6c629-6870-4a06-8bde-45c56e3d7ba0"
.linkedin.com/ Name: lidc
Value: "b=VGST08:s=V:r=V:a=V:p=V:g=2259:u=1:x=1:i=1648025592:t=1648111992:v=2:sig=AQH-v6HRBptcn4NWVWzWruk55oa2mHNa"
.threatpost.com/ Name: _ga_YP1JLG57CH
Value: GS1.1.1648025593.1.0.1648025593.0
.threatpost.com/ Name: _ga
Value: GA1.1.1699936158.1648025592
.threatpost.com/ Name: s_cc
Value: true
.linkedin.com/ Name: lang
Value: v=2&lang=de-de
.www.linkedin.com/ Name: bscookie
Value: "v=1&202203230853131213fc05-0ef3-419a-8af4-875d84089bd3AQHEdW_TddXAtfJk0gCpRcFTKhNp6NJn"
.linkedin.com/ Name: li_gc
Value: MTswOzE2NDgwMjU1OTM7MjswMjFoGDuaeslTyMfH5Hg5vxrnbqJQ0KWzfCzu1pTblfclfA==
.threatpost.com/ Name: __gads
Value: ID=799230666d67c145-2225549d63cd00dd:T=1648025592:S=ALNI_MbelwnRgZWU3dA6Rq0siUc9IO7aTg
.doubleclick.net/ Name: IDE
Value: AHWqTUnKxC-cqhc0h8P_f1nTSHe0Rs6OKjSBbUwCBVw96HtZ71eQ7drGP0kpg9xqlIM
.mmtro.com/ Name: RUID
Value: 567cad27-a819-432a-be49-211d86cea8fb
.casalemedia.com/ Name: CMID
Value: Yjrf.noNB57K5wdhKQJBxAAA
.casalemedia.com/ Name: CMPS
Value: 5201
.casalemedia.com/ Name: CMPRO
Value: 1115
.doubleclick.net/ Name: DSID
Value: NO_DATA
.adnxs.com/ Name: anj
Value: dTM7k!M41.D>6NRF']wIg2In?x3bl1!]tbPl1M>e)ZlrFUfJ+tGXxp2`t)FETAc7uU^[>YHs=^4@//UX_KBw0^>%ZM3If)y3KL9D3I?+vR$/m%
.openx.net/ Name: pd
Value: v2|1648025595|gekin0vNiygu
.advertising.com/ Name: APID
Value: UPad9279c9-aa86-11ec-a09e-020390defe0c
.adsrvr.org/ Name: TDID
Value: 962dd896-ae01-413a-80d7-db66f5020af3
.yahoo.com/ Name: A3
Value: d=AQABBPvfOmICEAg7QRVPJADoDinzAn3W9xQFEgEBAQExPGJEYgAAAAAA_eMAAA&S=AQAAAoEewouICNeTLDqpmiuFq-c
.mathtag.com/ Name: uuid
Value: ed87623a-dffb-4100-90e0-bb28ed7073f6
.adform.net/ Name: C
Value: 1
.adform.net/ Name: uid
Value: 1869514360088373970
.threatpost.com/ Name: cto_bundle
Value: rmL6kV9SYU5WVmJUZDU2ODVhTXNvWlMzTHdITVJJd2JrcDhGV2NQSGhVUjIxVU00bGRpJTJCM2pVOGpuZ29LRTNPbjJESTlrWU5rdklJMnpQT1BiVWpCRTNkVEh4eHVMZVZjMiUyQnc0RjBocHVPVlZvU1Via0pvN0tWTkR1M1BucCUyRjFCJTJGeHh0
.threatpost.com/ Name: cto_bidid
Value: yA3Ao19pNCUyQjFrNE9MVDhKZ3pwaDZFRWFLY0psWktyQ1VDaTllZzhVMWdacmdTQ3pkNlZ1Y2UlMkZpWjJHamJzM2RCQTZwcW1UTWpXY1RCUzlReFVQRjZvM1RzTUElM0QlM0Q
.3lift.com/ Name: tluid
Value: 4620684804457441030717
.bing.com/ Name: MUID
Value: 1E76227C69A56DE007E0330C68776C71
.go.sonobi.com/ Name: HAPLB5G
Value: s578|YjrgA
.analytics.yahoo.com/ Name: IDSYNC
Value: "187s~23ww:17ot~23ww:196n~23ww"
.casalemedia.com/ Name: CMST
Value: Yjrf+2I63-4A
.lijit.com/ Name: ljt_reader
Value: be4b9180a229236247304b8a
.servenobid.com/ Name: pid_337
Value: y-6sqdysVE2uExSzNHj79I43DBjRfHEZ2dn5QyrG4-~A
.servenobid.com/ Name: pid_312
Value: 7885811828844822058
.casalemedia.com/ Name: CMRUM3
Value: 49623adffe05a0&27623adffe0b40&33623adffe05a0&2d623adffb05a0CAESECfj2luyT3_BkfgwCS2JUpA&11623adffe05a0&e6623adffe2760&dd623adffe2760&f1623adffe05a0&9c623adffe05a00
.lijit.com/ Name: _ljtrtb_273657
Value: 273657
.rfihub.com/ Name: eud
Value: H4sIAAAAAAAAADslzmtoZmJhYGRqamlhaGoJAPwQeMYQAAAA
.rfihub.com/ Name: ruds
Value: H4sIAAAAAAAAAOMSNjU0sDSzMDUzMjKzNDE1srAwMhPiM9T1LE_LcNM1082MynMFACt5pBclAAAA
.rfihub.com/ Name: rud
Value: H4sIAAAAAAAAAOMSNjU0sDSzMDUzMjKzNDE1srAwMhPiM9T1LE_LcNM1082MynOV4jU0M7EwMDI1tbQwNLUEAAJfCz40AAAA
.gumgum.com/ Name: vst
Value: e_1fdb47d0-ac42-4e51-8e45-825c44522803
.a-mo.net/ Name: amuid2
Value: 0e4a0f67-a119-49bc-85ea-f922d2c0c9f3
.servenobid.com/ Name: pid_310
Value: be4b9180a229236247304b8a
.servenobid.com/ Name: pid_333
Value: Yjrf-noNB57K5wdhKQJBxAAABFsAAAAB
.bidswitch.net/ Name: tuuid
Value: beebf8ce-b9c0-46a0-98dc-69f902b39712
.bidswitch.net/ Name: c
Value: 1648025598
.bidswitch.net/ Name: tuuid_lu
Value: 1648025598
.servenobid.com/ Name: pid_324
Value: 5109685622694528826
.servenobid.com/ Name: pid_327
Value: 0e4a0f67-a119-49bc-85ea-f922d2c0c9f3
.servenobid.com/ Name: pid_309
Value: e_1fdb47d0-ac42-4e51-8e45-825c44522803
.smartadserver.com/ Name: pid
Value: 6877251438818989466
.adsrvr.org/ Name: TDCPM
Value: CAEYASABKAIyCwiirPDnqa3GOhAFOAFaBmd1bWd1bWAC
.amazon-adsystem.com/ Name: ad-privacy
Value: 0
.amazon-adsystem.com/ Name: ad-id
Value: A25XVU001UHovwttFdACh2E
.creativecdn.com/ Name: u
Value: BVHCmpEv01LIZbWN00PA
.creativecdn.com/ Name: ts
Value: 1648025598
.quantserve.com/ Name: d
Value: EH8BEwHdJYqsMP3-kQA
.crwdcntrl.net/ Name: _cc_dc
Value: 1
.crwdcntrl.net/ Name: _cc_id
Value: 4db7c59971ebfac5b1d5750ffa66e32c
.servenobid.com/ Name: pid_317
Value: 6877251438818989466
.adfarm1.adition.com/ Name: UserID1
Value: 7078216046387067029
.360yield.com/ Name: tuuid
Value: 134d2cd4-3af3-4192-89a0-b8b7e9fdfa6f
.360yield.com/ Name: tuuid_lu
Value: 1648025598
.zemanta.com/ Name: zuid
Value: GkqupoTjpjztjZryub99
.smartadserver.com/ Name: csync
Value: 49:7078216046387067029
.technoratimedia.com/ Name: tads_uid
Value: GDPR
bh.contextweb.com/ Name: INGRESSCOOKIE
Value: 395d390a893bbbd3
.liadm.com/ Name: lidid
Value: 3f2dd594-b1c2-437b-a3da-a184b381630a
.outbrain.com/ Name: obuid
Value: 87da48f0-7f4e-4478-a687-e059a0a6840c
sync.srv.stackadapt.com/ Name: sa-user-id
Value: s%3A0-899f4cc0-e638-4df4-4f07-ce1eed124909.b4abNQnEfBdzbfD7edYJG6MdWm2hUSmq1zd7%2Bae4M9Y
.srv.stackadapt.com/ Name: sa-user-id-v2
Value: s%3AiZ9MwOY4TfRPB84e7RJJCdlAlx4.dli89SGnFq2hLn2aQkbWKpKSJJ4L3JyQP8i%2FJOLTZU8
.ipredictive.com/ Name: cu
Value: af527914-aa86-11ec-b3ae-b9599d422bef|1648025598540
.outbrain.com/ Name: zmnta
Value: GkqupoTjpjztjZryub99

26 Console Messages

Source Level URL
Text
network error URL: https://analytics.twitter.com/i/adsct?type=javascript&version=2.0.10&p_id=Twitter&p_user_id=0&txn_id=ntt0j&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&event_id=ae05c718-9ea8-4072-af9d-e21c127fbad0&tw_document_href=https%3A%2F%2Fthreatpost.com%2Fmalware-hunter-crawls-internet-looking-for-rat-c2s%2F125360%2F&tpx_cb=twttr.conversion.loadPixels
Message:
Failed to load resource: the server responded with a status of 403 ()
other warning URL: https://www.googletagmanager.com/gtag/js?id=DC-9582686(Line 40)
Message:
Unrecognized feature: 'attribution-reporting'.
other warning URL: https://cdn.ampproject.org/rtv/012203150226000/v0/amp-ad-exit-0.1.mjs(Line 1)
Message:
Unrecognized feature: 'attribution-reporting'.
other warning URL: https://cdn.ampproject.org/rtv/012203150226000/v0/amp-ad-exit-0.1.mjs(Line 1)
Message:
Unrecognized feature: 'attribution-reporting'.
security error URL: https://qd.admetricspro.com/js/threatpost/uspcmp.js(Line 7)
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://threatpost.com') does not match the recipient window's origin ('https://ads.pubmatic.com').
security error URL: https://qd.admetricspro.com/js/threatpost/uspcmp.js(Line 7)
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://threatpost.com') does not match the recipient window's origin ('https://ads.pubmatic.com').
security error URL: https://qd.admetricspro.com/js/threatpost/uspcmp.js(Line 7)
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://threatpost.com') does not match the recipient window's origin ('https://js-sec.indexww.com').
security error URL: https://qd.admetricspro.com/js/threatpost/uspcmp.js(Line 7)
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://threatpost.com') does not match the recipient window's origin ('https://js-sec.indexww.com').
security error URL: https://qd.admetricspro.com/js/threatpost/uspcmp.js(Line 7)
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://threatpost.com') does not match the recipient window's origin ('https://ads.pubmatic.com').
security error URL: https://qd.admetricspro.com/js/threatpost/uspcmp.js(Line 7)
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://threatpost.com') does not match the recipient window's origin ('https://js-sec.indexww.com').
security error URL: https://qd.admetricspro.com/js/threatpost/uspcmp.js(Line 7)
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://threatpost.com') does not match the recipient window's origin ('https://eus.rubiconproject.com').
network error URL: https://id.rlcdn.com/709414.gif
Message:
Failed to load resource: the server responded with a status of 451 ()
security error URL: https://qd.admetricspro.com/js/threatpost/uspcmp.js(Line 7)
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://threatpost.com') does not match the recipient window's origin ('https://ads.pubmatic.com').
security error URL: https://qd.admetricspro.com/js/threatpost/uspcmp.js(Line 7)
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://threatpost.com') does not match the recipient window's origin ('https://eus.rubiconproject.com').
security error URL: https://qd.admetricspro.com/js/threatpost/uspcmp.js(Line 7)
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://threatpost.com') does not match the recipient window's origin ('https://ads.pubmatic.com').
security error URL: https://qd.admetricspro.com/js/threatpost/uspcmp.js(Line 7)
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://threatpost.com') does not match the recipient window's origin ('https://eus.rubiconproject.com').
javascript warning URL: https://threatpost.com/malware-hunter-crawls-internet-looking-for-rat-c2s/125360/
Message:
The resource https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-500italic-webfont.woff2 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript warning URL: https://threatpost.com/malware-hunter-crawls-internet-looking-for-rat-c2s/125360/
Message:
The resource https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-900-webfont.woff2 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript warning URL: https://threatpost.com/malware-hunter-crawls-internet-looking-for-rat-c2s/125360/
Message:
The resource https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-100italic-webfont.woff2 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript warning URL: https://threatpost.com/malware-hunter-crawls-internet-looking-for-rat-c2s/125360/
Message:
The resource https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-700-webfont.woff2 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript warning URL: https://threatpost.com/malware-hunter-crawls-internet-looking-for-rat-c2s/125360/
Message:
The resource https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-700italic-webfont.woff2 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript warning URL: https://threatpost.com/malware-hunter-crawls-internet-looking-for-rat-c2s/125360/
Message:
The resource https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-500-webfont.woff2 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript warning URL: https://threatpost.com/malware-hunter-crawls-internet-looking-for-rat-c2s/125360/
Message:
The resource https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-100-webfont.woff2 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript warning URL: https://threatpost.com/malware-hunter-crawls-internet-looking-for-rat-c2s/125360/
Message:
The resource https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-900italic-webfont.woff2 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript warning URL: https://threatpost.com/malware-hunter-crawls-internet-looking-for-rat-c2s/125360/
Message:
The resource https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-300italic-webfont.woff2 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript warning URL: https://threatpost.com/malware-hunter-crawls-internet-looking-for-rat-c2s/125360/
Message:
The resource https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-300-webfont.woff2 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

1105ae95aa1529a70b513af5de3aa4db.safeframe.googlesyndication.com
9582686.fls.doubleclick.net
aax-eu.amazon-adsystem.com
acdn.adnxs.com
ad.360yield.com
ads.adaptv.advertising.com
ads.pubmatic.com
ads.servenobid.com
ads.yahoo.com
adservice.google.com
adservice.google.de
analytics.twitter.com
ap.lijit.com
assets.threatpost.com
b1sync.zemanta.com
bh.contextweb.com
bidswitch-eu.splicky.com
btlr.sharethrough.com
bttrack.com
c.amazon-adsystem.com
c.bing.com
c1.adform.net
c2shb.ssp.yahoo.com
capi-tier-1-us-east-2.connatix.com
capi.connatix.com
cd.connatix.com
cdn.ampproject.org
cdn.id5-sync.com
cds.connatix.com
ce.lijit.com
cm.everesttech.net
cm.g.doubleclick.net
creativecdn.com
cs.admanmedia.com
cs.emxdgt.com
data00.adlooxtracking.com
dpm.demdex.net
dsp.adfarm1.adition.com
dsum-sec.casalemedia.com
e.serverbid.com
eb2.3lift.com
eu-u.openx.net
eus.rubiconproject.com
fastlane.rubiconproject.com
fonts.googleapis.com
fonts.gstatic.com
g2.gumgum.com
geo.ipify.org
gift-connect-d.openx.net
go.sonobi.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
gum.criteo.com
hbopenbid.pubmatic.com
htlb.casalemedia.com
i.liadm.com
i6.liadm.com
ib.adnxs.com
id.rlcdn.com
id5-sync.com
imasdk.googleapis.com
img.connatix.com
j.adlooxtracking.com
js-sec.indexww.com
kaspersky.d3.sc.omtrdc.net
kaspersky.demdex.net
kasperskycontenthub.com
lit.connatix.com
match.adsrvr.org
match.deepintent.com
media.kaspersky.com
media.threatpost.com
mmtro.com
mp.4dex.io
mug.criteo.com
onetag-sys.com
p.rfihub.com
pagead2.googlesyndication.com
pixel-us-east.rubiconproject.com
pixel.33across.com
pixel.advertising.com
pixel.quantserve.com
pixel.rubiconproject.com
pr-bh.ybp.yahoo.com
prebid.a-mo.net
public.servenobid.com
px.ads.linkedin.com
px4.ads.linkedin.com
qd.admetricspro.com
rtb-csync.smartadserver.com
rtb.gumgum.com
rules.quantcount.com
s.amazon-adsystem.com
s0.2mdn.net
script.4dex.io
secure-assets.rubiconproject.com
secure.adnxs.com
secure.cdn.fastclick.net
secure.quantserve.com
securepubads.g.doubleclick.net
serverbid-sync.nyc3.cdn.digitaloceanspaces.com
snap.licdn.com
ssbsync.smartadserver.com
ssc-cms.33across.com
ssum-sec.casalemedia.com
stags.bluekai.com
static.ads-twitter.com
stats.g.doubleclick.net
sync-tm.everesttech.net
sync.1rx.io
sync.crwdcntrl.net
sync.go.sonobi.com
sync.ipredictive.com
sync.mathtag.com
sync.outbrain.com
sync.serverbid.com
sync.srv.stackadapt.com
sync.teads.tv
sync.technoratimedia.com
t.co
tag.1rx.io
tagan.adlightning.com
teachingaids-d.openx.net
tg.socdm.com
threatpost.com
tlx.3lift.com
token.rubiconproject.com
tpc.googlesyndication.com
u.openx.net
ups.analytics.yahoo.com
us-u.openx.net
usersync.gumgum.com
vid.connatix.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
www.linkedin.com
x.bidswitch.net
sync.1rx.io
104.111.215.191
104.111.242.245
104.244.42.195
104.244.42.69
104.89.20.125
104.89.31.187
124.146.215.46
13.107.42.14
13.248.245.213
132.226.41.106
134.209.129.254
142.250.185.194
142.250.185.198
142.250.186.34
145.40.89.200
15.236.176.210
151.101.12.157
151.101.130.137
151.101.130.49
151.101.2.137
151.101.66.137
165.227.252.242
169.197.150.7
178.162.133.148
178.162.133.149
178.250.2.146
18.156.195.47
18.185.196.75
18.193.246.175
18.194.97.167
18.195.155.181
18.196.121.26
18.223.60.0
185.184.8.65
185.29.132.241
185.33.220.145
185.33.221.52
185.64.189.112
185.85.15.23
185.86.137.132
185.86.139.104
188.34.190.35
192.132.33.46
193.0.160.128
195.66.82.41
198.148.27.139
2.20.85.164
205.185.216.42
213.19.147.42
216.58.201.66
23.218.208.187
23.218.208.200
23.37.38.181
23.37.42.132
2600:1f18:444a:4602:f850:4eec:7dd:fbc1
2600:9000:214f:9c00:0:5c46:4f40:93a1
2600:9000:2315:1200:2:9275:3d40:93a1
2600:9000:2315:c000:6:44e3:f8c0:93a1
2602:803:c004:200::140
2606:4700:20::ac43:4bf1
2606:4700:3030::ac43:cf70
2606:4700::6812:372
2620:116:800d:21:8c6e:cf2c:8d6:9fb5
2620:1ec:21::14
2620:1ec:22::14
2620:1ec:29::45
2620:1ec:c11::200
2a00:1288:80:807::1
2a00:1450:4001:801::2003
2a00:1450:4001:802::2001
2a00:1450:4001:802::2002
2a00:1450:4001:802::200a
2a00:1450:4001:803::200a
2a00:1450:4001:809::2002
2a00:1450:4001:80f::2002
2a00:1450:4001:810::2002
2a00:1450:4001:810::200e
2a00:1450:4001:813::2008
2a00:1450:4001:827::2004
2a00:1450:4001:828::2006
2a00:1450:4001:82a::2001
2a00:1450:4001:82b::2002
2a00:1450:4001:82f::2001
2a00:1450:4001:830::2003
2a00:1450:400c:c03::9d
2a02:2638:1::13
2a02:26f0:6c00::210:ba08
2a05:d018:d29:3601:4405:fc16:ad1d:f00e
3.126.56.137
3.248.94.125
3.33.220.150
34.98.64.218
35.173.160.135
35.241.31.249
35.244.174.68
37.157.4.29
37.187.27.147
46.105.202.126
51.89.9.252
52.1.164.170
52.19.107.252
52.30.140.199
52.46.154.242
52.95.125.22
54.146.66.83
54.154.124.119
54.194.49.117
54.36.109.183
54.75.68.230
54.77.108.6
54.86.196.175
54.93.153.188
63.32.154.251
64.140.160.2
64.202.112.255
65.9.66.117
65.9.71.173
67.202.105.22
69.173.144.138
69.173.144.165
69.173.151.100
70.42.32.31
72.251.249.9
85.114.159.93
88.214.206.142
01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b
038fc4d49a9191d416d49841f371b6e0b06bb40f719124099d40fe8f393b9e2c
03cc687f0c8a2d1694e509b91fcd6c62c0fbdbdbdb850b8007b8052f649c7f77
04044475412dd2e4c5fc05ebc20fec41c2b49a9156f9852fb9c32a8313039625
04359b624601ed5a59756d9b88168fe743d7720a2d446b20e0168e126b2f6680
05978957c6c8b028f2785dc77271c286bfac76e30b7bcd7e835c2927fbe897cf
05a58707d25ec9885faf81f026410f37d3757c0689d56b7ec1fc8b2f9cffb9d1
0671231fad499da37af091deceac9702ba44cca916f1627b542811ed43c497be
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844
06de0169b6efd73f4d3d807fbd3deadd9cd4ae75b8f8e83852d7b1b420c20eef
06fc565587b8b700936a1677218cb269a6cc31ca5f701eb45461e86a3d54d5c7
084885652dacd1b70a7979e7631caa6fe5985a5c1b872c28dd890d9ea39cec3d
0849eef021b381cb3f64d424bdd29839513dbb4e964aef0420136906426a18de
08d1e9cd1cbc7d8d9af2d32a3fa74b62acb5b6dba1f3992f17393475dc986d52
095f52671e363414bb1d9038d5be6b484e53d5b7bc968d6d3a6d01d8d606b6ca
09dee5f31c58ea276723d34e9bb7556170b5dd1e8098f727900e6b79db0a9763
0aacd34f6a182c0b56a19a6aa9c1b751446377d88fc631ae282361fbd9da3814
0b2215661876465567473cdfc2ad534891b6ce782284c645b983a07986b75581
0b43999f77e447254a78e068f55a6cc9075071b252277337b901e095e607e474
0b53158fac1f17ebd5a4939bd127529b81b44c261bbf65506b151ccae4071617
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
1459a4c2d036e9bf1a897002f1e18a3b502c9661bacd06e616bd08d422058dd9
1791bf831c158912a11ca40bcf5f3573fc54ec8f8343c37780dab679c0203d63
17aee1fe3d7d16e647b97f568230c2ff36c1855ce35ce930c26aec5d2c58eaf4
1ae61ed61290f9bf2619f52667aafa622c805072c75765025f0b61a23862005f
1aeb3ee07f4b462935c5d8047ff038c8e279d75f9be1dcd0b848ba68223a3ee2
1dfe85a37ae1c79d3e9c52ef1ab91df405010640520a5ee23947929a91345b55
1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4
1f3d8b57f69b73694c38ba6bbf8ddc46c8a5e52db401795fa8ab80643e14236d
2059117e54e3b32c07d7c90c99de9a29e903b81c85ec64d800af3652c4de42d4
212b40ce7f28d7399bd126ea5aca480c7c44c2034f30b3cad9572869903e4bd7
213738a8de7a1e55874dcbc92825c84599256579b64f60f19c2514e61844e6bb
22c90613db09ef65c964b143e6adbe584b42eae85c9b7a75fa27c22b25cccb90
258ffeacbc4bcbdfc6667236a43d770a6236f18ff39700f37a4c64e92850d72a
27fab14198ee501fee429ec1be7048d0af1ae5ee2b24a7478729118914c2c726
28f18d39406a4b70dfa6cd479fe03f7ed918ca5c05cee26b87d9e1626cea1ed9
29470aaf49d0c2871ba3acd7d2d8d0d3d5780b247648c7b01c690f03584c71a4
29901ae7864cb7a6e4cfa5389d060445b2eafd37dd5a72ee31be4718c7b207d1
2a647d79b31b4b19f30c795aac862bcf5b424731c732e239775127b8ac4aae0a
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
2c366efc13702d5bf379b6d5d072ff66fe1d602a6c3185ddd6d6009390fea0f5
2cef3a9d0606aecfe2476867e61f76535b9bb5b8e9d31957cc9504cdd1e69396
2d0744b54be7eab148245653f8fad2e4a0e8875b886bcacbb2c70741872eda55
2da64b94dc40ee29ad81c7f1a48b37562a45151f71b227fd9234f2352f3b347f
2ddefcdc9f260c5ffeb93fed110fe9d929028226f9a2d8a4934ea52b546e9640
2de77164bb9924542e1dea4ee4a0ff27d40b51a3d7939dac7db11a95045c9b7d
2e8fa2037c41372ddc72ea1e08a477ba37998b54b5416b8cff0554fa5b865e27
2eb2a641ec9143273f4f5ba4f1526364fd4b1a040b628b4be54b77dbe362690f
2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7
33530b007071281a97e79baab13ddf7cc4b9de942ebd3e212224857335f7cb97
336f1ee20897b74eae39c8469104c74e7e73fe9fff2c0ab488675ec759321de1
3373dca69883fd4d5298c955d822359a23e9c3658b63e06b483e251c10024f21
36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1
36d48b0e122a1698e9501ed19b684dbc79d0e754d3ce390183d9f21433fb82eb
37a31642af0a7fe695ed0fd68a06a55af44e854d083dc7f5d0e70535f0189ae0
39af7c1116fb967a330e8770f775e6b5ee871add01ed45c98a1634911cebfb0a
3bb2621a4c0c710f6e78404473aebff8e115a28f8d53f44339b867c63ad93b26
3d2931b4c2530b3eb7be0d6a3f76160c8ade300ebbe9ded97aba80973b149351
3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd
3df6841ce94cb68930c33babed8cffa02381f76ad02624ca61f0cd00ec52a81e
3ef5bfd224e0baa902eb88c94979cfaeccf2169a996c601fa3de4c3f3b33da01
3fb80de836c28d0fa5a7ff018dc5f6280b6212df5817001900251f1cbfa0d113
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390
40e2c6351168bf86a17a2468c0482dd8602696e5fed9cbc4da4c58f19e67f6c4
41f047950d4db7e04d250ebe65613aaaf482546a855d9321d1536ecb8ab6cccf
420508fc523520f35de5c851905543294123d7676b5a5668744691f2abe9e730
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
446960d738c0cbc761a215d48853920b79bfd23568fd20ec0e06495b54dd01d6
45d975f40037989634e600e6197fa2aca146ea43ab225d8f7e47d918b1dbdd49
45ddc09b0ad6ab916bd9a0282070b161045e186fc025303f4aa1aa821fc45ac7
4658e1122a2190db712f6731d3e8c14b027f0a42bd7c1333b11d272f8e9ea3fd
468d651dd9a11e2a70cc5d85a3aa9316ddd6937e398f1111acaa110693116e8b
4823c011e4b4cb4b7f35ced3ab09d57215ee243676d9bfcc24d10ec77d3db398
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
4a18b0faf6a447454e134730303202f8416b72f1d4f744b1d3b4646636240eb7
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4ce34a632b30baf27bb6f27ecc7d4e3ba4b81b7e9ce953a0d1a2ddf2d8a94d64
4d52f37b83f70c5035632548c652508d793eec55e17f2ac19552f4fa19d323be
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4e0b5563ff1fc5175d65e11e1546bee1945486d65d76c9248bdd77487532dadf
500288356853c7199a27a6a2cdcd14b217d18dd9c8103272d8e6def6acbe2580
5042f25c3eb1530880fa3b05325462c028492caf22141409999cdd7e6364b8ba
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
506d565f94cecbb486394c545a96e8459217f8d045496b511e8c815142abfc70
519815bc4a3dd9a571cb56f57c7c6abfbda2b4e2de8c4b884a7535a1705438f2
546be401414bcb20cdea07cdbcd806409b9629e4895737e214401948c40409f3
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
5619110a07afdd4cfd402a61b90d39bcacf0e30828f102e0f47b2798963df26b
58e2951cc7b1da5d75691227b26936001c5854209d2592d151803bfe03592cdf
596040c64e8754089e1dcaed49da9be58ba538ede4879ca13ee0d78828bed19d
5a7ed822968963e31d88424c96387ad9f4fd4f4b5a5b581a33f65e3784d162cf
5c3afbf6dab5fbbeb2e281b49511fb98b6b6768745af2a5f29dae6465971396e
5d5cf5a4a5b7c02915bc261dca0c755d29beda0c0c3a005c78c1682c9934bb3c
5fa0e87692bef096dfd735b2c3d345eb9967633438beb7989a96009e9f480f19
6046941efa0656622a5f07faee34cc197eafa53b446e6114bdc7b3e9a1af7023
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
62cbf085d014439b719c84c3d2f3222fde66e299c2da1b41dfc4dbb315db0456
62ec898619d3d5d8a54961bcf98740e0d129146fd4213dd06c8d8a515ec226a7
6493fe707262fb8d9bc0e4d487e319fc9ebe7de26ebe7e3b4f58a5d17f03a9ea
6500d7a0dc9943c702e2cd2f97cf3e07117407fad545bc7a7e2b97088d4f8692
68026f99511fbc5c2275b7068b5fac19797d638977ffb9db12c5c1523614c18f
68cdaaeccd079ab33df06d3e5fb47594a4458a6491d48a8ae2f394defb419eb5
693c8b61667ac94847264924178702a190c5113b41b82085dad0641f89e3f864
69f0ade8cca67112ef495f707fb73c68fd5099a6cd9c51d9ba9ceda8dcca16f7
6a59b3b2b9adb8fdab08c5a194bed57c4dedc9e9e5f3f886fba7eb63be329602
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6c8e343da3b15a6a26e0367b83d1c97813863ea6e6a905bd9e69870bb0a0ebd0
6c95865bdf42646146cd2475b0a8a4969d1588d6d95dd3ee39aeb824e36e2723
6e3b5e7774c307c8a6b26e5597f84c8a2f7e8554a703de15af4868e1e526002f
6e6377776a1104aed9b11142115b22dcaad3cf78ae76d255e454b04b7189af32
7104f88840a420f1702717d900db98910deb6141ad639bb7338b88993e989c72
730fa1f3e8b3c4a223c4e69f4a27e690a4552f96ab97dba05b943dff44967658
732ecd65c3d8793bf3f37051792069dbf3ebd29bc1faa6522182e8ad726ee2ad
739ab1cbd5fc795c806cfbc012e937834a1d566f02ed72ff02af2700c0629eb4
78ba6bd2efa79d34a907d6b84276e1493803b29b72e9985afe618deea1fb518b
78ccdfc7ae4727d5852f06d0e2c21439af3b35259531b51f6bd649556b44ce7c
7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8
7c3b96f238042f73d0bedf5877fa02eb834e89649bbd122e2f10cc35238173cf
7e75ade51afcae47ec8dedc46bd50962ebb58b46638a69951f1f494c5052fe14
7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b
7fd9983a3429d6ead1f66bf933770f9b790818b189e39ff0f2a0d3f590bbf67b
8015a89c7e50b71a6597cfc7bc2be462212ae1f57c37e40878a79e7550768ccd
821d9142322d8a997086caa9741b768839d0d7c53f92e15929d611b94aa6f4ad
822c5bdec60b760e2b487ae04cde059cc9f20dd7c68284efbf8a1e752311272a
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
84a5b63538c9d121742bdd65c64a29dfadef478bf3f634d5facf297d5011a6ca
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
859faa9b9ed0990288b2f393a102b1fe2668ac79088b113b6f0beaee521221eb
86820e93561ef23be7da69650fc742c9fd33c9c6d3127ecbc5a817e4db27eef9
86fdc32a64560114e795e92ee856d31e4883ded41406d680e152c27980092cf2
89b4aa9e9bf8516c2ab7b5134f65d47b02071637259a14c9f60dccc207e05ce4
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7
8d6580af877387b05d9ffac3ebeacfe25a7728c77adef6d9b32fd72ccbe21468
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8edaef698e025c37ba9e8d632a895d7252c62251df3f095d5cff17b6f3304854
8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5
904dea2fcdbd8ecb335da751b9526073a48c967188262cf98d3729317567366d
927e16d837ac9f46ddb4a64c8fea1cbe39343902c91b14e11b484e9b01f98cdd
9310c3290722edb39dfc8e9065d9b52f8629a7d969e42868f0eac42b9b7edf3a
931dc539e87db7f509be9c77dfcc9b2baee0b91e5236aa04580ab14ed81e2cc0
9476350068dbd8b61373906f6d9dba49ed31ed5d64d6ee2d48da082c44a447dc
95cb66d2491b693be207cbde51eca93eaf58724f450ca3b5d0f7175eb695ff0a
974feb3b255709419aa9d75228aee116a3a57e4fec91ee42cdceea855b198530
97f5070aadd9475bb56a49a7bc1114e9fe1b992b55f2b227502f35f8bba71d74
98abe3e9a44213d55d9e1e7efd70a300e2962d60d0f7b275680a69649a12173e
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
99fa487ff6a7f0b6d82e03ad41034c7ba1cb6c24a0f7d07c18976662d1a416d0
9e3f824116bf1ec3acc0dd7c003055cfb201ab314633e5874a4c4df752bfa018
a08acd55bb001aa85ced7f4f93a4a1446ca18a17689e872b59a9da81ebe0cd45
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
a23e44d9d02a2a9641a9bd3b47693656054c00b71890aed2fa7fc90151750f73
a33791a01b7980d9b9a88a3e5c7bac125fff41fe237c092761fbb39a28764e29
a37afa4795c0cede82ad0f73f60eafee5e13f6fb3d42a739354d9280966fe434
a3e64300797e8078baa41dbc49e2affc1d2bedd04a470f0c929ed7fac698fbcd
a4350fed8ed92bbf4f462fc245028928ac33afa25d2231b28c334b91cd0d3952
a440f79bde57295a7e4aca47491ccc4e78276e5fa6e45dcf6950b4505b73910d
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a5c6db4b3bc25eee635355573d9cbd9be7e8f40b0f56f350eafa8a0f0c0213b5
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
a9b7eb39b0116aea2f9b24e88501676c174481b0e4775caa9a13a81609d719cd
a9d2b2df99c1a115d5394c70a898d8801092208dc582f8bd6fb01b35c30d6b22
ab7475d461d9f613ef90faa375ec3387987dd7536af23c13cacd6be9c0c0e370
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
ae00ae9c862bc8b8923efd1d9a18befa912678a869d4dd01179a59ed3de731be
aec5ee5147fdc283bcb601dc6231c234d9bec077d32756aef2a75eeedf78038f
affff4f3ff5172af7bae54310f79b9fb990fba71ca0d6fa4531a5da12bc67e63
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b19ed6f6f0d9f58ca899fb554fa2799f0dc313ea37ed6f5cb5bb226b6e901494
b1f863d13dbad7d5240f577a73b47b06227d218909259042da95301e2eb8be55
b77a28e8a0577938555b03d80158bdfdb945154afde9e0b460752f5f7db74c35
b7912b3e6a6e50cd3a18d24e639fccd0a1d30042b2dd8466f046a21b0ecbcf51
b7aaea908b866c1619b9bf156a002c22b717a771bf22d9a2965151f9cf969670
b82939ffc1abe715c87c6b2dfe5f8f9864120c85984e1b953cd1863d140379f4
b94ed570e00f5bba0eaed65da67bf6f2fc5e107446a682eb045f20dbd12ab0e8
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bb46ed079c3dd3c39af5051b4ada48f29f49151dad4fa218117bad2fdb5e616f
bcdf010ba3dc61605c33de9b33e7e76dbc3bb4326dcec49f33970345e517fb25
be89dc987b295bbe3aa422b18e9a5a7b5071743e80d64a0f803aeb94c2f1b364
c11ba090b410063c755ddd6a7023319e23ba732728f1b7467d5c2a9074b33103
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
c366739857e0e96300b414d273c43e63595c5c1a655452348ff9b6079480893d
c61539bd8825c858c738117d09f38aabcb3d229f55d6c2f0d9590f5147a30b5e
c6b6f00ee05a1c3c9a6b36fc360ae5b28f0c2ae93742d04c570b2860b7dd37ab
c6c4147f80da55b9177793bae26fb3124c29c619ba0029896e98af3038eff0c4
c8c03fd4dea0f2c83fa05b10dfd913bfcff51d05e0c6e84b7f340b857fdda517
c9d6a2a58b9c7f4ee284526ef182398d1686c5de84286fd58ae111b172d4d456
caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca
cf3e0af34996fa015664fc06f5ace11387f23230f049d7262fb6b44ed00790e7
cf624cca88c1828e4dc1a61151d2ce6e826191ba2223f4cf4cdacc1d8a52981b
d072a09604e6a1fea8ef42203503771aa36b63a3c91fd1059966e26e6f5812b3
d0bffc7261df1454c5e05475cda7d9e6647318dc6c3936767e1252bfe8849c54
d1f38be7ca89984280dc50b1f11908e986924b20229a486071f7d225562e3e35
d278491b1de51ad826d16be5ab27b1746999c02d45200f107218427e34eed798
d4c4215f41a4bb6f12e0d100854eecc6bc5c57ef23af0e945b8359d7727ae94e
d56518b04c5ed836ec77b2ab5cd502b4b53f341072449ec065a80dc3d8b3ee0f
d62a7b7ec5313469ebff5c006b9068dc44d6d1c122cf787ffa29a10113b34060
d74b681a36d8b36349fe6792610e52898762d4ef25e9bebef8346c27a5394f88
dba466c43a288cc89aa2166d63cd97219a544b6fadb70508323701819052dbb3
dd374d780cdf98511afffc1e7c421d37fc59771b6317086c2d7f2bc4ca321f0f
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
df55b357ed0056f2363a6bb015036e7251bd01c320f8f544c8edae00a1467cd8
e0f1df7af81fd8eb920863093c426fdafd241b8d9aeb6126fb2fd24f36c061b3
e127aead57cd6625f795f8c41d8b7c463c2c50158e3a3dc398424db2b16bd5db
e14bf2515da158c68dc4dc46c6b4af1c73fe2e3ba8fba3524881880d0628a990
e20ddb9ed1fa044cb624f0253bb06b13c92ed9915063bd63a5806440c6b1ce7c
e2511b147f3cf95f742758d3e2062eac98f5265a859dc07959eb8a32f0a2f528
e298a771bf168d9527f16852278457046395969089f365956e1a6fe81a66ff0a
e2c4332b6cd0fea250e89907921adaf7e597b52808cf19c995d6173ae0263f21
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4058d4ee9da1ceaddfa91ddb63650ba67285f1bbfee487d9dfe648bced669a0
e5935466216a250bb06338805b32ffb19eeda9042ead790ebc6e5dda27820adb
e8fe64429e5900c16c7f8dd7861704e2f4d38e00cbb16bc18820b46d92461389
e951b97967974edc90373c03310475fdccaa7dc588c26a1cef531468ee65ba8c
e99fc6b4bdc590600048d586a940b5dcba666ff9478ca9e8d83998efb82a6df5
ebdcbde41345b58eb479d9dc338ab596a8476f7114db997c1f6f116177a4a12a
ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152
ecc2e585ea072abb205881f3aad6f36e92d556537e7100a8a128ddbc75edb436
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f3d66b78ca0c93adf48dec8533da3c4db538cc648dc60e383d5fd0b666859206
f4af4128fc5aab9d5276da9d30a452f5a7ddca4e8230babdca0cd2abe0e3b416
f4b064d961dd5c30917481f9cf22f400d352737e7dac10d70e574877eef1e8ea
f74c04529f8d5f9c248eda87caec654de5e5c61dd40e9ac4696b026d2841b131
f8a2b5b62eb722c3379b30cf0cc58d3176ee6be48036d6ad2aa838d2029c4189
f9bf0a7c93552b516a12d0de482da5a5c0cca521bef71ee8bfa3961316e598f7
fb0dcdaaeb7111c27b3087fa2317998bd05ea0c4bc1d169add4dcbe8bba4f48b