threatpost.com Open in urlscan Pro
35.173.160.135 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/
Submission: On April 24 via api (April 24th 2021, 3:06:26 am UTC) from US

Summary HTTP 222 Redirects Links 12 Behaviour Indicators

Summary

This website contacted 64 IPs in 9 countries across 58 domains to perform 222 HTTP transactions. The main IP is 35.173.160.135, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is threatpost.com.
TLS certificate: Issued by DigiCert SHA2 Secure Server CA on June 10th 2020. Valid for: a year.

This is the only time threatpost.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
18	35.173.160.135 35.173.160.135	14618 (AMAZON-AES) (AMAZON-AES)
3	13.33.139.65 13.33.139.65	16509 (AMAZON-02) (AMAZON-02)
7	2606:4700:303... 2606:4700:3037::6815:fad	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 13	2a00:1450:400... 2a00:1450:4001:810::2002	15169 (GOOGLE) (GOOGLE)
8	2600:9000:215... 2600:9000:215d:f800:2:9275:3d40:93a1	16509 (AMAZON-02) (AMAZON-02)
11	2600:9000:206... 2600:9000:206f:600:0:5c46:4f40:93a1	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:4001:82b::2004	15169 (GOOGLE) (GOOGLE)
9	216.58.212.162 216.58.212.162	15169 (GOOGLE) (GOOGLE)
3	143.204.247.127 143.204.247.127	16509 (AMAZON-02) (AMAZON-02)
1 11	151.101.114.137 151.101.114.137	54113 (FASTLY) (FASTLY)
6	151.101.14.137 151.101.14.137	54113 (FASTLY) (FASTLY)
1	2a00:1450:400... 2a00:1450:4001:811::2008	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:811::200e	15169 (GOOGLE) (GOOGLE)
1 2	2620:116:800d... 2620:116:800d:21:8c6e:cf2c:8d6:9fb5	16509 (AMAZON-02) (AMAZON-02)
1	199.232.136.157 199.232.136.157	54113 (FASTLY) (FASTLY)
2	2a00:1450:400... 2a00:1450:4001:827::200e	15169 (GOOGLE) (GOOGLE)
1	2600:9000:215... 2600:9000:215d:e200:6:44e3:f8c0:93a1	16509 (AMAZON-02) (AMAZON-02)
1	104.244.42.5 104.244.42.5	13414 (TWITTER) (TWITTER)
1	2a00:1450:400... 2a00:1450:400c:c0d::9c	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:811::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82b::2003	15169 (GOOGLE) (GOOGLE)
17	3.136.53.133 3.136.53.133	16509 (AMAZON-02) (AMAZON-02)
5	2a00:1450:400... 2a00:1450:4001:800::2003	15169 (GOOGLE) (GOOGLE)
1	104.244.42.67 104.244.42.67	13414 (TWITTER) (TWITTER)
1	2a03:2880:f03... 2a03:2880:f03d:12:face:b00c:0:2	32934 (FACEBOOK) (FACEBOOK)
1	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	151.101.113.140 151.101.113.140	54113 (FASTLY) (FASTLY)
1 8	52.95.124.165 52.95.124.165	16509 (AMAZON-02) (AMAZON-02)
2 8	2.18.234.21 2.18.234.21	16625 (AKAMAI-AS) (AKAMAI-AS)
2	2a02:fa8:8806... 2a02:fa8:8806:16::1370	41041 (VCLK-EU-SE) (VCLK-EU-SE)
3	2.18.233.180 2.18.233.180	16625 (AKAMAI-AS) (AKAMAI-AS)
2	104.111.230.142 104.111.230.142	16625 (AKAMAI-AS) (AKAMAI-AS)
3 3	185.33.221.50 185.33.221.50	29990 (ASN-APPNEX) (ASN-APPNEX)
2 2	3.121.70.57 3.121.70.57	16509 (AMAZON-02) (AMAZON-02)
7 9	142.250.74.194 142.250.74.194	15169 (GOOGLE) (GOOGLE)
2 4	52.30.186.230 52.30.186.230	16509 (AMAZON-02) (AMAZON-02)
1	72.21.206.140 72.21.206.140	16509 (AMAZON-02) (AMAZON-02)
1 1	54.74.23.153 54.74.23.153	16509 (AMAZON-02) (AMAZON-02)
1	192.132.33.46 192.132.33.46	18568 (BIDTELLECT) (BIDTELLECT)
1 1	3.91.110.183 3.91.110.183	14618 (AMAZON-AES) (AMAZON-AES)
1 1	35.186.193.173 35.186.193.173	15169 (GOOGLE) (GOOGLE)
1	185.64.190.78 185.64.190.78	62713 (AS-PUBMATIC) (AS-PUBMATIC)
4 5	69.173.144.165 69.173.144.165	26667 (RUBICONPR...) (RUBICONPROJECT)
2 2	213.155.156.166 213.155.156.166	1299 (TELIANET ...) (TELIANET Telia Carrier)
14	185.64.190.80 185.64.190.80	62713 (AS-PUBMATIC) (AS-PUBMATIC)
1	178.250.0.163 178.250.0.163	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1 1	85.114.159.118 85.114.159.118	24961 (MYLOC-AS ...) (MYLOC-AS IP Backbone of myLoc managed IT AG)
2 3	52.209.246.140 52.209.246.140	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700:10:... 2606:4700:10::6816:1957	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 2	77.243.60.138 77.243.60.138	42697 (NETIC-AS) (NETIC-AS)
2 2	35.201.96.126 35.201.96.126	15169 (GOOGLE) (GOOGLE)
1	185.64.189.249 185.64.189.249	62713 (AS-PUBMATIC) (AS-PUBMATIC)
2 2	37.157.4.24 37.157.4.24	198622 (ADFORM) (ADFORM)
2 2	185.29.135.227 185.29.135.227	30419 (MEDIAMATH...) (MEDIAMATH-INC)
4 4	52.57.230.211 52.57.230.211	16509 (AMAZON-02) (AMAZON-02)
2 2	54.154.113.1 54.154.113.1	16509 (AMAZON-02) (AMAZON-02)
1 2	2a00:1288:110... 2a00:1288:110:c305::8000	34010 (YAHOO-IRD) (YAHOO-IRD)
2 2	18.156.0.31 18.156.0.31	16509 (AMAZON-02) (AMAZON-02)
1	185.64.190.81 185.64.190.81	62713 (AS-PUBMATIC) (AS-PUBMATIC)
1 1	2001:678:cb4:... 2001:678:cb4:bbbb::11	56396 (TURN) (TURN)
3 4	151.101.114.49 151.101.114.49	54113 (FASTLY) (FASTLY)
1 1	159.65.196.12 159.65.196.12	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
2 2	66.155.71.25 66.155.71.25	13768 (COGECO-PEER1) (COGECO-PEER1)
1	159.253.128.183 159.253.128.183	36351 (SOFTLAYER) (SOFTLAYER)
1 1	34.98.107.212 34.98.107.212	15169 (GOOGLE) (GOOGLE)
1 1	185.33.220.241 185.33.220.241	29990 (ASN-APPNEX) (ASN-APPNEX)
3	69.173.144.139 69.173.144.139	26667 (RUBICONPR...) (RUBICONPROJECT)
1	35.244.174.68 35.244.174.68	15169 (GOOGLE) (GOOGLE)
6	2a00:1450:400... 2a00:1450:4001:828::200a	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80e::2006	15169 (GOOGLE) (GOOGLE)
10	2a00:1450:400... 2a00:1450:4001:828::2002	15169 (GOOGLE) (GOOGLE)
3	2607:f8b0:400... 2607:f8b0:4000:814::2003	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82a::2001	15169 (GOOGLE) (GOOGLE)
1 2	2a00:1450:400... 2a00:1450:4001:2a::8	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:813::2001	15169 (GOOGLE) (GOOGLE)
1	142.250.185.102 142.250.185.102	15169 (GOOGLE) (GOOGLE)
6	142.250.186.130 142.250.186.130	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:400c:c07::8a	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:811::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:813::2002	15169 (GOOGLE) (GOOGLE)
1	142.250.186.98 142.250.186.98	15169 (GOOGLE) (GOOGLE)
222	64

18 35.173.160.135 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-35-173-160-135.compute-1.amazonaws.com

threatpost.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
kasperskycontenthub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 13.33.139.65 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-33-139-65.cph50.r.cloudfront.net

tagan.adlightning.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2606:4700:3037::6815:fad (United States)

ASN13335 (CLOUDFLARENET, US)

qd.admetricspro.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 2a00:1450:4001:810::2002 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2600:9000:215d:f800:2:9275:3d40:93a1 (United States)

ASN16509 (AMAZON-02, US)

assets.threatpost.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2600:9000:206f:600:0:5c46:4f40:93a1 (United States)

ASN16509 (AMAZON-02, US)

media.threatpost.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82b::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 216.58.212.162 (Mountain View, United States)

ASN15169 (GOOGLE, US)
PTR: ams15s22-in-f162.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 143.204.247.127 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-247-127.cph50.r.cloudfront.net

c.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 151.101.114.137 (Frankfurt am Main, Germany) 1 redirects

ASN54113 (FASTLY, US)

cd.connatix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
lit.connatix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
vid.connatix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 151.101.14.137 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

cds.connatix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
img.connatix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:811::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:811::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:116:800d:21:8c6e:cf2c:8d6:9fb5 (United States) 1 redirects

ASN16509 (AMAZON-02, US)

secure.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 199.232.136.157 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

static.ads-twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:827::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:215d:e200:6:44e3:f8c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

rules.quantcount.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.5 (United States)

ASN13414 (TWITTER, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c0d::9c (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:811::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82b::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 3.136.53.133 (Columbus, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-136-53-133.us-east-2.compute.amazonaws.com

capi.connatix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:800::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.67 (United States)

ASN13414 (TWITTER, US)

analytics.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f03d:12:face:b00c:0:2 (United States)

ASN32934 (FACEBOOK, US)

graph.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:21::14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.113.140 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

www.reddit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 52.95.124.165 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)

aax-eu.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2.18.234.21 (Frankfurt am Main, Germany) 2 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-234-21.deploy.static.akamaitechnologies.com

ssum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:fa8:8806:16::1370 (United States)

ASN41041 (VCLK-EU-SE, US)

amazon-tam-match.dotomi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pubmatic-match.dotomi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2.18.233.180 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-233-180.deploy.static.akamaitechnologies.com

ads.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.111.230.142 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-230-142.deploy.static.akamaitechnologies.com

eus.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 185.33.221.50 (Amsterdam, Netherlands) 3 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 728.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.121.70.57 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-121-70-57.eu-central-1.compute.amazonaws.com

eb2.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 142.250.74.194 (United States) 7 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s02-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 52.30.186.230 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-30-186-230.eu-west-1.compute.amazonaws.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 72.21.206.140 (Ashburn, United States)

ASN16509 (AMAZON-02, US)
PTR: 206-140.amazon.com

s.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.74.23.153 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-54-74-23-153.eu-west-1.compute.amazonaws.com

d.adroll.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.132.33.46 (United States)

ASN18568 (BIDTELLECT, US)
PTR: 46.bidtellect.com

bttrack.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.91.110.183 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-91-110-183.compute-1.amazonaws.com

beacon.lynx.cognitivlabs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.186.193.173 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 173.193.186.35.bc.googleusercontent.com

cm.ctnsnet.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.64.190.78 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 69.173.144.165 (Frankfurt am Main, Germany) 4 redirects

ASN26667 (RUBICONPROJECT, US)

token.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel-eu.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 213.155.156.166 (Sweden) 2 redirects

ASN1299 (TELIANET Telia Carrier, SE)

d5p.de17a.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 185.64.190.80 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)

image2.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
simage2.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.250.0.163 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

dis.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 85.114.159.118 (Germany) 1 redirects

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)
PTR: dsp.adfarm1.adition.com

dsp.adfarm1.adition.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 52.209.246.140 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-209-246-140.eu-west-1.compute.amazonaws.com

match.prod.bidr.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:10::6816:1957 (United States)

ASN13335 (CLOUDFLARENET, US)

mwzeom.zeotap.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 77.243.60.138 (Aalborg, Denmark) 1 redirects

ASN42697 (NETIC-AS, DK)

uipglob.semasio.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.201.96.126 (Kansas City, United States) 2 redirects

ASN15169 (GOOGLE, US)

visitor.fiftyt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.64.189.249 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)

aud.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 37.157.4.24 (Denmark) 2 redirects

ASN198622 (ADFORM, DK)

c1.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.29.135.227 (United Kingdom) 2 redirects

ASN30419 (MEDIAMATH-INC, US)

sync.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 52.57.230.211 (Frankfurt am Main, Germany) 4 redirects

ASN16509 (AMAZON-02, US)

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.154.113.1 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)

r.scoota.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1288:110:c305::8000 (United Kingdom) 1 redirects

ASN34010 (YAHOO-IRD, GB)

pr-bh.ybp.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.156.0.31 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.64.190.81 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)

image4.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:678:cb4:bbbb::11 (United Kingdom) 1 redirects

ASN56396 (TURN, GB)

ad.turn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 151.101.114.49 (Frankfurt am Main, Germany) 3 redirects

ASN54113 (FASTLY, US)

sync-tm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 159.65.196.12 (Amsterdam, Netherlands) 1 redirects

ASN14061 (DIGITALOCEAN-ASN, US)

match.adsby.bidtheatre.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 66.155.71.25 (Portsmouth, United Kingdom) 2 redirects

ASN13768 (COGECO-PEER1, CA)

pixel-sync.sitescout.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 159.253.128.183 (Amsterdam, Netherlands)

ASN36351 (SOFTLAYER, US)
PTR: b7.80.fd9f.ip4.static.sl-reverse.com

um.simpli.fi	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.98.107.212 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)

ads.playground.xyz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.33.220.241 (Amsterdam, Netherlands) 1 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 732.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 69.173.144.139 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.244.174.68 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 68.174.244.35.bc.googleusercontent.com

id.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:828::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

imasdk.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80e::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a00:1450:4001:828::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2607:f8b0:4000:814::2003 (United States)

ASN15169 (GOOGLE, US)

csi.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82a::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

yt3.ggpht.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:2a::8 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

r2---sn-4g5e6ne6.googlevideo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:813::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.185.102 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s49-in-f6.1e100.net

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 142.250.186.130 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s07-in-f2.1e100.net

ade.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400c:c07::8a (Brussels, Belgium)

ASN15169 (GOOGLE, US)

s.youtube.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:811::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:813::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.186.98 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s06-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
36	threatpost.com threatpost.com assets.threatpost.com media.threatpost.com	703 KB
34	connatix.com 1 redirects cd.connatix.com cds.connatix.com capi.connatix.com lit.connatix.com vid.connatix.com img.connatix.com	2 MB
29	doubleclick.net 8 redirects securepubads.g.doubleclick.net stats.g.doubleclick.net cm.g.doubleclick.net pubads.g.doubleclick.net googleads.g.doubleclick.net ad.doubleclick.net	143 KB
20	pubmatic.com ads.pubmatic.com image6.pubmatic.com image2.pubmatic.com simage2.pubmatic.com aud.pubmatic.com image4.pubmatic.com	41 KB
19	googlesyndication.com pagead2.googlesyndication.com tpc.googlesyndication.com ade.googlesyndication.com	93 KB
12	amazon-adsystem.com 1 redirects c.amazon-adsystem.com aax-eu.amazon-adsystem.com s.amazon-adsystem.com	39 KB
11	google.com www.google.com adservice.google.com	19 KB
10	rubiconproject.com 4 redirects eus.rubiconproject.com token.rubiconproject.com pixel-eu.rubiconproject.com pixel.rubiconproject.com	15 KB
8	casalemedia.com 2 redirects ssum-sec.casalemedia.com dsum-sec.casalemedia.com	9 KB
8	gstatic.com www.gstatic.com csi.gstatic.com	1 MB
7	admetricspro.com qd.admetricspro.com	325 KB
6	googleapis.com imasdk.googleapis.com	1 MB
4	everesttech.net 3 redirects sync-tm.everesttech.net	1 KB
4	yahoo.com 3 redirects pr-bh.ybp.yahoo.com ups.analytics.yahoo.com	3 KB
4	bidswitch.net 4 redirects x.bidswitch.net	2 KB
4	adsrvr.org 2 redirects match.adsrvr.org	1 KB
4	adnxs.com 4 redirects ib.adnxs.com secure.adnxs.com	4 KB
3	bidr.io 2 redirects match.prod.bidr.io	2 KB
3	google-analytics.com www.google-analytics.com	19 KB
3	adlightning.com tagan.adlightning.com	54 KB
2	youtube.com s.youtube.com
2	googlevideo.com 1 redirects r2---sn-4g5e6ne6.googlevideo.com	1020 KB
2	sitescout.com 2 redirects pixel-sync.sitescout.com	947 B
2	scoota.co 2 redirects r.scoota.co	1 KB
2	mathtag.com 2 redirects sync.mathtag.com	1 KB
2	adform.net 2 redirects c1.adform.net	1 KB
2	fiftyt.com 2 redirects visitor.fiftyt.com	994 B
2	semasio.net 1 redirects uipglob.semasio.net	1 KB
2	de17a.com 2 redirects d5p.de17a.com	637 B
2	3lift.com 2 redirects eb2.3lift.com	744 B
2	dotomi.com amazon-tam-match.dotomi.com pubmatic-match.dotomi.com	103 B
2	quantserve.com 1 redirects secure.quantserve.com pixel.quantserve.com	9 KB
1	googleadservices.com www.googleadservices.com
1	ggpht.com yt3.ggpht.com	2 KB
1	2mdn.net s0.2mdn.net	17 KB
1	rlcdn.com id.rlcdn.com	42 B
1	playground.xyz 1 redirects ads.playground.xyz	485 B
1	simpli.fi um.simpli.fi	611 B
1	bidtheatre.com 1 redirects match.adsby.bidtheatre.com	550 B
1	turn.com 1 redirects ad.turn.com	518 B
1	zeotap.com mwzeom.zeotap.com	596 B
1	adition.com 1 redirects dsp.adfarm1.adition.com	501 B
1	criteo.com dis.criteo.com	304 B
1	ctnsnet.com 1 redirects cm.ctnsnet.com	236 B
1	cognitivlabs.com 1 redirects beacon.lynx.cognitivlabs.com	378 B
1	bttrack.com bttrack.com	380 B
1	adroll.com 1 redirects d.adroll.com	112 B
1	reddit.com www.reddit.com	1 KB
1	linkedin.com www.linkedin.com
1	facebook.com graph.facebook.com	593 B
1	twitter.com analytics.twitter.com	285 B
1	google.de www.google.de	107 B
1	t.co t.co	170 B
1	quantcount.com rules.quantcount.com quantcount.com Failed	357 B
1	ads-twitter.com static.ads-twitter.com	2 KB
1	googletagmanager.com www.googletagmanager.com	51 KB
1	kasperskycontenthub.com kasperskycontenthub.com	398 B
1	googletagservices.com www.googletagservices.com	21 KB
222	58

	Domain	Requested by
17	capi.connatix.com	cd.connatix.com
17	threatpost.com	threatpost.com
11	pagead2.googlesyndication.com	srcdoc tpc.googlesyndication.com
11	media.threatpost.com	threatpost.com
9	googleads.g.doubleclick.net	1 redirects
9	simage2.pubmatic.com	ads.pubmatic.com
9	cm.g.doubleclick.net	7 redirects aax-eu.amazon-adsystem.com
9	vid.connatix.com	cd.connatix.com
8	aax-eu.amazon-adsystem.com	1 redirects tagan.adlightning.com aax-eu.amazon-adsystem.com ssum-sec.casalemedia.com ads.pubmatic.com
8	assets.threatpost.com	threatpost.com assets.threatpost.com
7	pubads.g.doubleclick.net	imasdk.googleapis.com
7	qd.admetricspro.com	threatpost.com qd.admetricspro.com
6	ade.googlesyndication.com
6	imasdk.googleapis.com	cd.connatix.com imasdk.googleapis.com
6	www.google.com	threatpost.com tagan.adlightning.com www.gstatic.com www.google.com
5	adservice.google.com	imasdk.googleapis.com
5	image2.pubmatic.com	ads.pubmatic.com
5	dsum-sec.casalemedia.com	1 redirects ssum-sec.casalemedia.com
5	www.gstatic.com	www.google.com
4	sync-tm.everesttech.net	3 redirects aax-eu.amazon-adsystem.com
4	x.bidswitch.net	4 redirects
4	token.rubiconproject.com	3 redirects aax-eu.amazon-adsystem.com
4	match.adsrvr.org	2 redirects ssum-sec.casalemedia.com aax-eu.amazon-adsystem.com
3	csi.gstatic.com	imasdk.googleapis.com
3	pixel.rubiconproject.com	aax-eu.amazon-adsystem.com
3	match.prod.bidr.io	2 redirects ads.pubmatic.com
3	ib.adnxs.com	3 redirects
3	ads.pubmatic.com	aax-eu.amazon-adsystem.com ads.pubmatic.com
3	ssum-sec.casalemedia.com	1 redirects aax-eu.amazon-adsystem.com ssum-sec.casalemedia.com
3	img.connatix.com	threatpost.com www.googletagservices.com
3	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com threatpost.com
3	cds.connatix.com	threatpost.com tagan.adlightning.com cd.connatix.com
3	c.amazon-adsystem.com	qd.admetricspro.com c.amazon-adsystem.com
3	tagan.adlightning.com	threatpost.com tagan.adlightning.com
2	s.youtube.com	blank
2	tpc.googlesyndication.com	imasdk.googleapis.com tpc.googlesyndication.com
2	r2---sn-4g5e6ne6.googlevideo.com	1 redirects
2	pixel-sync.sitescout.com	2 redirects
2	ups.analytics.yahoo.com	2 redirects
2	pr-bh.ybp.yahoo.com	1 redirects ads.pubmatic.com
2	r.scoota.co	2 redirects
2	sync.mathtag.com	2 redirects
2	c1.adform.net	2 redirects
2	visitor.fiftyt.com	2 redirects
2	uipglob.semasio.net	1 redirects ads.pubmatic.com
2	d5p.de17a.com	2 redirects
2	eb2.3lift.com	2 redirects
2	eus.rubiconproject.com	aax-eu.amazon-adsystem.com eus.rubiconproject.com
2	securepubads.g.doubleclick.net	www.googletagservices.com tagan.adlightning.com
1	www.googleadservices.com
1	ad.doubleclick.net
1	yt3.ggpht.com
1	s0.2mdn.net	imasdk.googleapis.com
1	id.rlcdn.com	aax-eu.amazon-adsystem.com
1	pixel-eu.rubiconproject.com	1 redirects
1	secure.adnxs.com	1 redirects
1	ads.playground.xyz	1 redirects
1	um.simpli.fi	ads.pubmatic.com
1	pubmatic-match.dotomi.com	ads.pubmatic.com
1	match.adsby.bidtheatre.com	1 redirects
1	ad.turn.com	1 redirects
1	pixel.quantserve.com	1 redirects
1	image4.pubmatic.com	ads.pubmatic.com
1	aud.pubmatic.com	ads.pubmatic.com
1	mwzeom.zeotap.com	ads.pubmatic.com
1	dsp.adfarm1.adition.com	1 redirects
1	dis.criteo.com	ads.pubmatic.com
1	image6.pubmatic.com	ads.pubmatic.com
1	cm.ctnsnet.com	1 redirects
1	beacon.lynx.cognitivlabs.com	1 redirects
1	bttrack.com	ssum-sec.casalemedia.com
1	d.adroll.com	1 redirects
1	s.amazon-adsystem.com	ssum-sec.casalemedia.com
1	amazon-tam-match.dotomi.com	aax-eu.amazon-adsystem.com
1	lit.connatix.com	cd.connatix.com
1	www.reddit.com	threatpost.com
1	www.linkedin.com	threatpost.com
1	graph.facebook.com	threatpost.com
1	analytics.twitter.com	tagan.adlightning.com
1	www.google.de	threatpost.com
1	stats.g.doubleclick.net	www.google-analytics.com
1	t.co	threatpost.com
1	rules.quantcount.com	secure.quantserve.com
1	static.ads-twitter.com	www.googletagmanager.com
1	secure.quantserve.com	www.googletagmanager.com
1	www.googletagmanager.com	threatpost.com
1	kasperskycontenthub.com	threatpost.com
1	cd.connatix.com	1 redirects
1	www.googletagservices.com	threatpost.com
0	quantcount.com Failed	secure.quantserve.com
222	90

This site contains links to these domains. Also see Links.

Domain
www.facebook.com
twitter.com
www.linkedin.com
www.youtube.com
feedly.com
www.instagram.com
www.intego.com
attendee.gotowebinar.com
t.co
indd.adobe.com

Subject Issuer	Validity	Valid
threatpost.com DigiCert SHA2 Secure Server CA	`2020-06-10` - `2021-06-15`	a year	crt.sh
*.adlightning.com Amazon	`2020-07-22` - `2021-08-22`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2020-08-10` - `2021-08-10`	a year	crt.sh
*.g.doubleclick.net GTS CA 1O1	`2021-03-23` - `2021-06-15`	3 months	crt.sh
assets.threatpost.com Amazon	`2021-02-04` - `2022-03-05`	a year	crt.sh
media.threatpost.com Amazon	`2021-02-04` - `2022-03-05`	a year	crt.sh
www.google.com GTS CA 1O1	`2021-03-23` - `2021-06-15`	3 months	crt.sh
c.amazon-adsystem.com Amazon	`2020-08-04` - `2021-08-02`	a year	crt.sh
*.connatix.com Go Daddy Secure Certificate Authority - G2	`2020-09-29` - `2021-10-19`	a year	crt.sh
kasperskycontenthub.com DigiCert SHA2 Secure Server CA	`2020-06-01` - `2021-06-09`	a year	crt.sh
*.google-analytics.com GTS CA 1O1	`2021-03-23` - `2021-06-15`	3 months	crt.sh
*.quantserve.com DigiCert SHA2 High Assurance Server CA	`2020-10-02` - `2021-10-07`	a year	crt.sh
ads-twitter.com DigiCert SHA2 High Assurance Server CA	`2020-08-14` - `2021-08-19`	a year	crt.sh
t.co DigiCert TLS RSA SHA256 2020 CA1	`2021-02-05` - `2022-02-04`	a year	crt.sh
*.google.com GTS CA 1O1	`2021-03-23` - `2021-06-15`	3 months	crt.sh
www.google.de GTS CA 1O1	`2021-03-23` - `2021-06-15`	3 months	crt.sh
*.gstatic.com GTS CA 1O1	`2021-03-23` - `2021-06-15`	3 months	crt.sh
*.twitter.com DigiCert TLS RSA SHA256 2020 CA1	`2021-02-05` - `2022-02-04`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2021-04-06` - `2021-07-03`	3 months	crt.sh
www.linkedin.com DigiCert SHA2 Secure Server CA	`2021-02-17` - `2021-08-16`	6 months	crt.sh
*.reddit.com DigiCert TLS RSA SHA256 2020 CA1	`2021-01-08` - `2021-07-06`	6 months	crt.sh
aax-eu.amazon-adsystem.com Amazon	`2021-04-09` - `2022-03-20`	a year	crt.sh
san.casalemedia.com GeoTrust RSA CA 2018	`2021-02-05` - `2022-02-09`	a year	crt.sh
*.dotomi.com GlobalSign RSA OV SSL CA 2018	`2019-06-19` - `2021-08-31`	2 years	crt.sh
*.pubmatic.com DigiCert SHA2 Secure Server CA	`2021-03-30` - `2022-04-04`	a year	crt.sh
*.rubiconproject.com DigiCert TLS RSA SHA256 2020 CA1	`2021-04-01` - `2022-04-04`	a year	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2021-03-18` - `2022-04-19`	a year	crt.sh
s.amazon-adsystem.com Amazon	`2020-08-28` - `2021-08-20`	a year	crt.sh
*.bttrack.com Sectigo RSA Domain Validation Secure Server CA	`2021-03-29` - `2022-03-29`	a year	crt.sh
*.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2021-04-14` - `2021-07-12`	3 months	crt.sh
*.match.prod.bidr.io Amazon	`2021-02-26` - `2022-03-27`	a year	crt.sh
*.semasio.net GlobalSign GCC R3 DV TLS CA 2020	`2021-03-09` - `2022-04-10`	a year	crt.sh
*.ybp.yahoo.com DigiCert SHA2 High Assurance Server CA	`2020-10-30` - `2021-04-27`	6 months	crt.sh
*.simpli.fi DigiCert SHA2 Secure Server CA	`2019-09-18` - `2021-12-12`	2 years	crt.sh
*.everesttech.net GlobalSign Atlas R3 DV TLS CA 2020	`2021-03-22` - `2022-04-23`	a year	crt.sh
*.rlcdn.com Sectigo RSA Domain Validation Secure Server CA	`2021-02-25` - `2022-03-28`	a year	crt.sh
upload.video.google.com GTS CA 1O1	`2021-03-23` - `2021-06-15`	3 months	crt.sh
*.doubleclick.net GTS CA 1O1	`2021-03-23` - `2021-06-15`	3 months	crt.sh
*.googleusercontent.com GTS CA 1O1	`2021-03-23` - `2021-06-15`	3 months	crt.sh
*.c.docs.google.com GTS CA 1O1	`2021-04-13` - `2021-06-22`	2 months	crt.sh
tpc.googlesyndication.com GTS CA 1O1	`2021-03-23` - `2021-06-15`	3 months	crt.sh
www.googleadservices.com GTS CA 1O1	`2021-03-23` - `2021-06-15`	3 months	crt.sh

This page contains 31 frames:

Primary Page: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/
Frame ID: D4D790B7BD735BABB31D77DAC48B0178
Requests: 76 HTTP requests in this frame

Frame: https://cds.connatix.com/p/114866/connatix.player.dc.js
Frame ID: EDDB541F011C6F5533B54E3B355A1F56
Requests: 34 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LehhAETAAAAAAcsm2ZGDsLCqyGhesy4Yn43WNBe&co=aHR0cHM6Ly90aHJlYXRwb3N0LmNvbTo0NDM.&hl=en&v=dpzVjBAupwRfx3UzvXRnnAKb&theme=light&size=normal&cb=wckugumhohv6
Frame ID: 9E68ADABCE0C3AD1E5C911E0954F8209
Requests: 5 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/bframe?hl=en&v=dpzVjBAupwRfx3UzvXRnnAKb&k=6LehhAETAAAAAAcsm2ZGDsLCqyGhesy4Yn43WNBe&cb=j0z4wkwvbly4
Frame ID: 9322EAE51236D715484486E904AD0E74
Requests: 3 HTTP requests in this frame

Frame: https://aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-index_pm-db5_rbd_cnv_an-db5_3lift&dcc=t
Frame ID: DDF8E08273E1043D9C4CB48541E979DD
Requests: 1 HTTP requests in this frame

Frame: https://aax-eu.amazon-adsystem.com/s/v3/pr?exlist=n-index_cnv_pm-db5_rbd_an-db5_3lift&fv=1.0&a=cm&cm3ppd=1
Frame ID: 191654BAC6C709010C5623C3998B798F
Requests: 1 HTTP requests in this frame

Frame: https://ssum-sec.casalemedia.com/usermatch?s=192259&cb=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&C=1
Frame ID: 6897539853748938E84AF2C694F96D2C
Requests: 10 HTTP requests in this frame

Frame: https://amazon-tam-match.dotomi.com/match/bounce/current?networkId=31082&version=1&rurl=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dcnv.com%26id%3D
Frame ID: 43C86EE5175B4FF5455A2DB9742B7D6F
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156657&predirect=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fid%3DPM_UID%26ex%3Dpubmatic.com&userIdMacro=PM_UID
Frame ID: F5F9671CA474099DA7152B08EBE4815C
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?p=a9eu&endpoint=eu
Frame ID: 2B418DB915E46311E127A9D809E2C527
Requests: 12 HTTP requests in this frame

Frame: https://aax-eu.amazon-adsystem.com/s/ecm3?id=4195336843414698414&ex=appnexus.com
Frame ID: 497D47FDAB0C61B46907BA986B1D66C6
Requests: 1 HTTP requests in this frame

Frame: https://aax-eu.amazon-adsystem.com/s/ecm3?ex=3lift.com&id=5165561730560935737
Frame ID: AD5D599E313802DB2A26C0C7A0878E5F
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/showad.js
Frame ID: 6CF099984CC8326735D9FD58EDE3F629
Requests: 22 HTTP requests in this frame

Frame: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=7277977192404791427
Frame ID: 69AFCF6D2FC4EB9BFEB90EB584F550ED
Requests: 1 HTTP requests in this frame

Frame: https://dis.criteo.com/dis/usersync.aspx?r=3&p=4&cp=pubmaticUS&cu=1&&gdpr=0&gdpr_consent=&url=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCookie=uid:@@CRITEO_USERID@@
Frame ID: C2233ADB54C3B6A2EF7F1A6F32BD322A
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA=&piggybackCookie=6954555206264092814
Frame ID: C672753FAFE4F1CB212420332906760C
Requests: 1 HTTP requests in this frame

Frame: https://match.prod.bidr.io/cookie-sync/adx?bee_sync_partners=sas%2Cpp%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&bee_sync_hop_count=1
Frame ID: F86006FDA1B57597D7744D20D34533A3
Requests: 1 HTTP requests in this frame

Frame: https://aax-eu.amazon-adsystem.com/s/ecm3?id=511A2743-6F0D-449F-9951-8F18C16D51E5&ex=pubmatic.com
Frame ID: A655935E7A303A9B1B4689E001A7FBB2
Requests: 1 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.453.0_en.html
Frame ID: F970E043254E10136B47B2F1743F4A5B
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: 6E3D6608FB43CEC987CD1B3FEF4276EA
Requests: 1 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.453.0_en.html
Frame ID: 0891DC7FB13813F3C66F1BD545B21B41
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: 8649E34C52E177B45349882E799A20D0
Requests: 1 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.453.0_en.html
Frame ID: 2EAB4510E5F1A00822EB59A03BE26636
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: 316A3CAF2C1A835CCEC1615CBD2E002C
Requests: 1 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.453.0_en.html
Frame ID: E6CE0C9C45D104588BCC756FCBB1B87B
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: A1551CA3347F220C7619FC821ED9ED32
Requests: 1 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.453.0_en.html
Frame ID: E5E68E0B2AC732BFF967C436701A482C
Requests: 28 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: 14B4FB97FF8277C3AA78E9C4367E969A
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/hhrtBw21.html
Frame ID: 8281B1CD74FBDC6D0D3B8B46C924B994
Requests: 3 HTTP requests in this frame

Frame: https://s.youtube.com/api/stats/playback?ns=yt&fexp=44738437%2C44739826&el=adunit&cpn=YxBUPOmm-hLPYKeo&docid=AR7jBzqhGL0&ver=2&cmt=0.169&fmt=18&rt=0.000&adformat=2_2_1&euri=https%3A%2F%2Fthreatpost.com%2F&len=20.016&vtype=gvp&c=web_gvp_ads&cver=h.0.0.0&cbr=Chrome&cbrver=89.0.4389.72&cos=Linux%20x86_64&cosver=537.36&cplatform=desktop&mos=1&volume=0&delay=18&rtn=10
Frame ID: BC14B996B22755CCD8D126A038E5F54B
Requests: 1 HTTP requests in this frame

Frame: https://s.youtube.com/api/stats/watchtime?rti=10&st=0.000&et=10.169&rtn=20.000&ns=yt&fexp=44738437%2C44739826&el=adunit&cpn=YxBUPOmm-hLPYKeo&docid=AR7jBzqhGL0&ver=2&cmt=10.169&fmt=18&rt=10.000&adformat=2_2_1&euri=https%3A%2F%2Fthreatpost.com%2F&len=20.016&vtype=gvp&c=web_gvp_ads&cver=h.0.0.0&cbr=Chrome&cbrver=89.0.4389.72&cos=Linux%20x86_64&cosver=537.36&cplatform=desktop
Frame ID: C84A7513559E51EC5ED2D5F9C9789F27
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

html /<link rel=["']stylesheet["'] [^>]+\/wp-(?:content|includes)\//i
headers link /rel="https:\/\/api\.w\.org\/"/i

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

html /<link rel=["']stylesheet["'] [^>]+\/wp-(?:content|includes)\//i
headers link /rel="https:\/\/api\.w\.org\/"/i

MySQL (Databases) Expand

Overall confidence: 100%
Detected patterns

html /<link rel=["']stylesheet["'] [^>]+\/wp-(?:content|includes)\//i
headers link /rel="https:\/\/api\.w\.org\/"/i

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

DoubleClick for Publishers (DFP) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

script /googletagservices\.com\/tag\/js\/gpt(?:_mobile)?\.js/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Quantcast (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /\.quantserve\.com\/quant\.js/i

Page Statistics

222
Requests

100 %
HTTPS

37 %
IPv6

58
Domains

90
Subdomains

64
IPs

9
Countries

6295 kB
Transfer

11977 kB
Size

3
Cookies

12 Outgoing links

These are links going to different origins than the main page.

URL: https://www.facebook.com/Threatpost/

Search URL Search Domain Scan URL

URL: https://twitter.com/threatpost/

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/threatpost/

Search URL Search Domain Scan URL

URL: https://www.youtube.com/user/threatpost

Search URL Search Domain Scan URL

URL: https://feedly.com/threatpost

Search URL Search Domain Scan URL

URL: https://www.instagram.com/Threatpost/

Search URL Search Domain Scan URL

URL: https://www.intego.com/mac-security-blog/new-mac-malware-reveals-google-searches-can-be-unsafe/
Title: a posting

Search URL Search Domain Scan URL

URL: https://attendee.gotowebinar.com/register/3265005683762389007?source=ART
Title: June 24 at 2 p.m. ET

Search URL Search Domain Scan URL

URL: http://twitter.com/search?q=%23Ransomware
Title: #Ransomware

Search URL Search Domain Scan URL

URL: https://t.co/rX0HIGpyvj
Title: https://t.co/rX0HIGpyvj

Search URL Search Domain Scan URL

URL: https://twitter.com/threatpost
Title: Follow @threatpost

Search URL Search Domain Scan URL

URL: https://indd.adobe.com/view/01579c19-a6ca-4cb0-8106-ed4d5d02a292
Title: Advertise With Us

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 24

https://cd.connatix.com/connatix.player.js HTTP 302
https://cds.connatix.com/p/114866/connatix.player.dc.js

Request Chain 95

https://aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-index_pm-db5_rbd_cnv_an-db5_3lift HTTP 302
https://aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-index_pm-db5_rbd_cnv_an-db5_3lift&dcc=t

Request Chain 103

https://ssum-sec.casalemedia.com/usermatch?s=192259&cb=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID HTTP 302
https://ssum-sec.casalemedia.com/usermatch?s=192259&cb=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&C=1

Request Chain 107

https://ib.adnxs.com/getuid?https://aax-eu.amazon-adsystem.com/s/ecm3?id=$UID&ex=appnexus.com HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fid%3D%24UID%26ex%3Dappnexus.com HTTP 302
https://aax-eu.amazon-adsystem.com/s/ecm3?id=4195336843414698414&ex=appnexus.com

Request Chain 108

https://eb2.3lift.com/getuid?redir=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3D3lift.com%26id%3D%24UID HTTP 302
https://eb2.3lift.com/getuid?ld=1&gdpr=1&cmp_cs=&us_privacy=&redir=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3D3lift.com%26id%3D%24UID HTTP 302
https://aax-eu.amazon-adsystem.com/s/ecm3?ex=3lift.com&id=5165561730560935737

Request Chain 111

https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=YIOLHB6HFwXnV0p6jJiw6gAABJQAAAAB HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm=&google_hm=YIOLHB6HFwXnV0p6jJiw6gAABJQAAAAB&google_tc= HTTP 302
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&google_gid=CAESECwDYPElz0c8S6V4hQK_vfA&google_cver=1

Request Chain 112

https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=YIOLHB6HFwXnV0p6jJiw6gAA HTTP 302
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEKNyFD2QV5pxqPRumDReQ3Y&google_cver=1

Request Chain 115

https://d.adroll.com/cm/index/ssp HTTP 302
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=105&external_user_id=0

Request Chain 117

https://beacon.lynx.cognitivlabs.com/ix.gif HTTP 302
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=8&external_user_id=75e79a3f-9442-48f8-877f-566bb5a72183&expiration=1650769565

Request Chain 118

https://cm.ctnsnet.com/int/cm?exc=19 HTTP 302
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=109&external_user_id=9dede8ea2ed4444d9e008a5e9292c83a&expiration=1621825565

Request Chain 122

https://d5p.de17a.com/getuid/pubmatic?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID HTTP 302
https://d5p.de17a.com/getuid/pubmatic;c?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=7277977192404791427

Request Chain 124

https://dsp.adfarm1.adition.com/cookie/?ssp=9 HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA=&piggybackCookie=6954555206264092814

Request Chain 125

https://match.prod.bidr.io/cookie-sync/pm&gdpr=0&gdpr_consent= HTTP 303
https://match.prod.bidr.io/cookie-sync/pm&gdpr=0&gdpr_consent=?_bee_ppp=1 HTTP 303
https://cm.g.doubleclick.net/pixel?google_nid=beeswaxio&google_sc=&google_hm=QUFJbWdVN0JCeFlBQUNxdThXVklxQQ&bee_sync_partners=sas%2Cpp%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&bee_sync_hop_count=1 HTTP 302
https://match.prod.bidr.io/cookie-sync/adx?bee_sync_partners=sas%2Cpp%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&bee_sync_hop_count=1

Request Chain 127

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=URonQ28NRJ-ZUY8YwW1R5Q%3D%3D HTTP 302
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=

Request Chain 129

https://uipglob.semasio.net/pubmatic/1/info?sType=sync&sExtCookieId=511A2743-6F0D-449F-9951-8F18C16D51E5&sInitiator=external&gdpr=0&gdpr_consent= HTTP 302
https://uipglob.semasio.net/pubmatic/1/info2?sType=sync&sExtCookieId=511A2743-6F0D-449F-9951-8F18C16D51E5&sInitiator=external&gdpr=0&gdpr_consent=

Request Chain 130

https://visitor.fiftyt.com/p.gif?ev=sync&p=pm&pm_uid=511A2743-6F0D-449F-9951-8F18C16D51E5&gdpr= HTTP 302
https://visitor.fiftyt.com/p.gif?ev=sync&p=pm&pm_uid=511A2743-6F0D-449F-9951-8F18C16D51E5&gdpr=&fbounce=1 HTTP 302
https://aud.pubmatic.com/AdServer/Artemis?dpid=431&userid=511A2743-6F0D-449F-9951-8F18C16D51E5&addseg=19,36,42

Request Chain 131

https://match.adsrvr.org/track/cmf/generic?ttd_pid=pubmatic&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
https://match.adsrvr.org/track/cmb/generic?ttd_pid=pubmatic&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=44ca770a-f057-43ff-9f8b-412d854f9e50

Request Chain 132

https://c1.adform.net/serving/cookie/match?party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COOKIES%20HERE]&gdpr=0&gdpr_consent= HTTP 302
https://c1.adform.net/serving/cookie/match?CC=1&party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COOKIES%20HERE]&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=5846345242757176151

Request Chain 133

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm&google_sc&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEO62mtRBssFIbXKRVDd5P9g&google_cver=1

Request Chain 134

https://sync.mathtag.com/sync/img?mt_exid=3&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA%3D%3D%26piggybackCookie%3Duid%3A%5BMM_UUID%5D HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA==&piggybackCookie=uid:044c6083-8b1d-4000-91da-5423b908fbdb&gdpr=0&gdpr_consent=

Request Chain 135

https://ib.adnxs.com/getuid?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=$UID&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=4195336843414698414&gdpr=0&gdpr_consent=

Request Chain 136

https://x.bidswitch.net/sync?ssp=pubmatic&gdpr=0&gdpr_consent= HTTP 302
https://x.bidswitch.net/ul_cb/sync?ssp=pubmatic&gdpr=0&gdpr_consent= HTTP 302
https://r.scoota.co/sync?ssp=bidswitch&bidswitch_ssp_id=pubmatic HTTP 302
https://r.scoota.co/ul_cb/sync?ssp=bidswitch&bidswitch_ssp_id=pubmatic HTTP 302
https://x.bidswitch.net/sync?dsp_id=29&expires=30&user_id=ec91e464-f219-499d-9d2d-6081d25df0ee&ssp=pubmatic HTTP 302
https://x.bidswitch.net/ul_cb/sync?dsp_id=29&expires=30&user_id=ec91e464-f219-499d-9d2d-6081d25df0ee&ssp=pubmatic HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=882492ba-7d3f-42bd-b6cd-8f6e1be7172d&gdpr=&gdpr_consent=&gdpr_pd=

Request Chain 138

https://ups.analytics.yahoo.com/ups/58292/sync?_origin=1&uid=511A2743-6F0D-449F-9951-8F18C16D51E5&redir=true&gdpr=0&gdpr_consent= HTTP 302
https://ups.analytics.yahoo.com/ups/58292/sync?_origin=1&uid=511A2743-6F0D-449F-9951-8F18C16D51E5&redir=true&gdpr=0&gdpr_consent=&verify=true HTTP 302
https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-adeSOJNE2uVoPiAGptz3cKhMO28JqOw-~A&gdpr=0&gdpr_consent=

Request Chain 139

https://pixel.quantserve.com/pixel/p-5aWVS_roA1dVM.gif?idmatch=0&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=4_eTe-2lmiz48pJw4fKGeOX3mXn48Ml84qUysqiM

Request Chain 140

https://ad.turn.com/r/cs?pid=1&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=2327924657810071314&gdpr=0&gdpr_consent=&us_privacy=

Request Chain 141

https://sync-tm.everesttech.net/upi/pid/b9pj45k4?redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%7D%26gdpr%3D0%26gdpr_consent%3D HTTP 302
https://sync-tm.everesttech.net/ct/upi/pid/b9pj45k4?redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%7D%26gdpr%3D0%26gdpr_consent%3D&_test=YIOLHgAAbWyABQA4 HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=YIOLHgAAbWyABQA4&gdpr=0&gdpr_consent=&_test=YIOLHgAAbWyABQA4

Request Chain 142

https://match.adsby.bidtheatre.com/pubmaticmatch?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?piggybackCookie=uid:90e501b0-c5fc-4b75-bac3-fbc0d92e093b&vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw

Request Chain 143

https://pixel-sync.sitescout.com/dmp/pixelSync?nid=3&gdpr=0&gdpr_consent= HTTP 302
https://pixel-sync.sitescout.com/dmp/pixelSync?cookieQ=1&nid=3&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5NjkmdGw9MjU5MjAw=&piggybackCookie=a3dd7a01-1f0c-4ad7-b1ff-12a2c83b126c-60838b1d-4348&gdpr=0&gdpr_consent=

Request Chain 146

https://ads.playground.xyz/usersync/apn?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=$UID HTTP 302
https://secure.adnxs.com/getuid?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=$UID HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=4195336843414698414

Request Chain 147

https://pixel-eu.rubiconproject.com/exchange/sync.php?p=a9eu HTTP 302
https://aax-eu.amazon-adsystem.com/s/ecm3?id=KNV5UV8E-K-L48F&ex=d-rubiconproject.com&status=ok

Request Chain 148

https://sync-tm.everesttech.net/upi/pid/btu4jd3a?redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D191940%26nid%3D3778%26put%3D%24%7BUSER_ID%7D HTTP 302
https://sync-tm.everesttech.net/ct/upi/pid/btu4jd3a?redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D191940%26nid%3D3778%26put%3D%24%7BUSER_ID%7D&_test=YIOLHgAAa3WYNAAC

Request Chain 149

https://token.rubiconproject.com/token?pid=2249&pt=n HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=Y2ZjOTQ0OWU0MGM1Y2JjZmIyZmY5MzNiNTQ4YjljMDFjMmZjMDhiNQ

Request Chain 150

https://sync.mathtag.com/sync/img?mt_exid=9&redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D4222%26nid%3D1512%26put%3D%5BMM_UUID%5D HTTP 302
https://pixel.rubiconproject.com/tap.php?v=4222&nid=1512&put=a8a36083-8b1d-4c00-916f-3cfdccd810de

Request Chain 151

https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm&google_sc HTTP 302
https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEDuqn9jpjmcrKo2VNJRHx3w&google_cver=1

Request Chain 153

https://token.rubiconproject.com/token?pid=25470 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S05WNVVWOEUtSy1MNDhG

Request Chain 154

https://token.rubiconproject.com/token?pid=2974&pt=n&a=1 HTTP 302
https://pr-bh.ybp.yahoo.com/sync/rubicon/G_X0P9aM1FFEBHSc8s4_-Q?csrc= HTTP 302
https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=7756146004115048338

Request Chain 186

https://r2---sn-4g5e6ne6.googlevideo.com/videoplayback?expire=1619262370&ei=IouDYLqEJN2Fx_APxte1sAk&ip=89.187.165.152&id=011ee3073aa118bd&itag=18&source=youtube&requiressl=yes&mh=6F&mm=31&mn=sn-4g5e6ne6&ms=au&mv=m&mvi=2&pl=24&susc=gvp&acao=yes&ctier=L&mime=video/mp4&vprv=1&dur=20.062&lmt=1610633152863037&mt=1619233237&txp=5530432&sparams=expire,ei,ip,id,itag,source,requiressl,susc,acao,ctier,mime,vprv,dur,lmt&sig=AOq0QJ8wRQIgC3Lcg2VMGCepXU8D9zQsRujst4vgMNR9xu1U_GTJMVkCIQDlFLF10VhXfpytVal1IF3icpqOSmu7sOsKH5i9B_jLXw==&lsparams=mh,mm,mn,ms,mv,mvi,pl&lsig=AG3C_xAwRQIhAKGpaXfEDxOZ1Q6RB9eSqg8ylRmS8dX2Zl9FgKcufobLAiA7VgIm9zQsenqdheu30QBURjWnA1bjObA1p1scYyNfcw==&cpn=YxBUPOmm-hLPYKeo HTTP 302
https://r2---sn-4g5e6ne6.googlevideo.com/videoplayback?expire=1619262370&ei=IouDYLqEJN2Fx_APxte1sAk&ip=89.187.165.152&id=011ee3073aa118bd&itag=18&source=youtube&requiressl=yes&susc=gvp&acao=yes&ctier=L&mime=video/mp4&vprv=1&dur=20.062&lmt=1610633152863037&txp=5530432&sparams=expire,ei,ip,id,itag,source,requiressl,susc,acao,ctier,mime,vprv,dur,lmt&sig=AOq0QJ8wRQIgC3Lcg2VMGCepXU8D9zQsRujst4vgMNR9xu1U_GTJMVkCIQDlFLF10VhXfpytVal1IF3icpqOSmu7sOsKH5i9B_jLXw==&cpn=YxBUPOmm-hLPYKeo&redirect_counter=1&rm=sn-4g5ell7l&req_id=c7b480e16aec36e2&cms_redirect=yes&ipbypass=yes&mh=6F&mip=2a01:4f8:192:5414::2&mm=31&mn=sn-4g5e6ne6&ms=au&mt=1619233481&mv=m&mvi=2&pl=50&lsparams=ipbypass,mh,mip,mm,mn,ms,mv,mvi,pl&lsig=AG3C_xAwRAIgJtAPr-n1eI1-Ci65enkpt3rAtJ5jGyVAHB9AjwuBV_oCICEAoSXctplSAQZfm-Dp4i0MSw1mQBV39qDtNbTfce4Y

Request Chain 218

https://googleads.g.doubleclick.net/aclk?sa=l&ai=CmvfdIouDYMiCGpXygAeIsLL4DezinKVixqLj3uINsJAfEAEg0pbmOGCVAqAB7smU7wLIAQWpAuia16jxS7Q-4AIAqAMBmAQAqgS0Ak_QIIhnpizi_kkN4lxPn5psPAkLeIP3QT9XzEyzrb0EnsoJWyNsX7SykDKmZ8-ZENymZaFb6MeHV_q4-qeyyQcpEkKzVR0g1fgGzs7ha4NlQtW8PQsnocZ4dOQ0jcqVQboOsNjFq2dDArthIero2SsMyaGHX3CKp3_Am8Er2neP6e_Ex3tBSOCPGly9-z6u-IGQ83NPUcWX4OXMABhDo4J-ow7W45q_MyXjuLN_UAM34khTUj2e2xSgKrlkdZNXKLD29znru2Kw-9WV2dWVNiWYvlyelnn2S11v-15WFbIDjT3iBoETQYq7PNM69QvTGpZ1t2_4e7s6sLAblz_bM4Ch0Jlffo5lURlNjd3fPdfyiE5KogxxZrtXXGsLVIloIdEWw1AKfxPKvpBWHtk1M4zhK-uwwASflePdzAPgBAGIBbju6rcvkgUGCAMQAhgBoAZUgAf6teuQAagH1ckbqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAec3BuoB-6WsQKoB6a-G6gH7NUbqAfz0RuoB-zVG6gHltgb2AcBqAgB0ggJCIDhgBAQARgd8ggbYWR4LXN1YnN5bi0xMzU2NjMyODYyMzU0NDg2mglCaHR0cHM6Ly93d3cucGhpbGlwcy5kZS9jLW0tcGUvb25lYmxhZGUtdHJpbW1lbi1zdHlsZW4tdW5kLXJhc2llcmVusQmaNczM7uQcZYAKA8gLAdALD-ALAbgMAbATyo-cC9gTAtgUAagWAQ&num=1&sig=AOD64_0g1pX0r8D1sKyNIh6qN4_caZSknQ&client=ca-pub-7379978810940306&adurl=https://ad.doubleclick.net/ddm/trackclk/N485604.3473192DV360_PH_DE/B25168070.292863583%3Bdc_trk_aid%3D486148734%3Bdc_trk_cid%3D144204931%3Bdc_lat%3D%3Bdc_rdid%3D%3Btag_for_child_directed_treatment%3D%3Btfua%3D%3Bgdpr%3D%24%7BGDPR%7D%3Bgdpr_consent%3D%24%7BGDPR_CONSENT_755%7D&ctype=110&label=video_10s_engaged_view&ad_mt=10169&acvw=sv%3D894%26cb%3Dj%26nas%3D1%26sdk%3Dh%26p%3D974,1199,1199,1599%26p0%3D974,1199,1199,1599%26p1%3D974,1199,1199,1599%26p2%3D974,1199,1199,1599%26tos%3D10242,0,0,0,0%26mtos%3D10242,10242,10242,10242,10242%26amtos%3D0,0,0,0,0%26mtos1%3D5239,0,0%26mtos2%3D5000,0,0%26mcvt%3D10242%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26a0%3D0%26a1%3D0%26a2%3D0%26ft%3D0%26at%3D0%26as%3D0%26vpt%3D10242%26gmm%3D4%26efpf%3D2%26nmt%3D1%26tcm%3D0%26bt%3D2119%26pst%3D271%26dur%3D20015%26vmtime%3D10168%26is%3D275%26i0%3D275%26i1%3D275%26i2%3D275%26cs%3D16782099%26c%3D1%26c0%3D1%26c1%3D1%26c2%3D1%26mc%3D1%26nc%3D1%26mv%3D0%26nv%3D0%26qmt%3D3,3,3,3,3%26qnc%3D1%26qmv%3D0%26qnv%3D0%26lte%3D1%26ces%26femt%3D916%26femvt%3D0%26emc%3D53%26emuc%3D0%26emb%3D53,0,0,0,0%26avms%3Dexc%26qi%3D832356600%26psm%3D-2147481601%26psv%3D-2147481601%26psfv%3D-2147481601%26psa%3D0%26ptlt%3D1619233581224%26pngs%3D9s,14,15s%26veid%3Dxdi%3A0,amp%3A0%26ssb%3D0,0,0,0,0,0,0,0,0,0,10242%26ss0%3D0.04%26ss1%3D0.04%26ss2%3D0.04&gv=atos%3D0,0,0,0,0%26avt%3D0%26ss%3D0.04%26t%3D1619233570761 HTTP 302
https://www.googleadservices.com/pagead/aclk?sa=L&ai=CJo4wIouDYMiCGpXygAeIsLL4DezinKVixqLj3uINsJAfEAEg0pbmOGCVAqAB7smU7wLIAQWpAuia16jxS7Q-4AIAqAMBmAQAqgS0Ak_QIIhnpizi_kkN4lxPn5psPAkLeIP3QT9XzEyzrb0EnsoJWyNsX7SykDKmZ8-ZENymZaFb6MeHV_q4-qeyyQcpEkKzVR0g1fgGzs7ha4NlQtW8PQsnocZ4dOQ0jcqVQboOsNjFq2dDArthIero2SsMyaGHX3CKp3_Am8Er2neP6e_Ex3tBSOCPGly9-z6u-IGQ83NPUcWX4OXMABhDo4J-ow7W45q_MyXjuLN_UAM34khTUj2e2xSgKrlkdZNXKLD29znru2Kw-9WV2dWVNiWYvlyelnn2S11v-15WFbIDjT3iBoETQYq7PNM69QvTGpZ1t2_4e7s6sLAblz_bM4Ch0Jlffo5lURlNjd3fPdfyiE5KogxxZrtXXGsLVIloIdEWw1AKfxPKvpBWHtk1M4zhK-uwwASflePdzAPgBAGIBbju6rcvkgUGCAMQAhgBwAVuoAZUgAf6teuQAagH1ckbqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAec3BuoB-6WsQKoB6a-G6gH7NUbqAfz0RuoB-zVG6gHltgb2AcBqAgB0ggJCIDhgBAQARgd8ggbYWR4LXN1YnN5bi0xMzU2NjMyODYyMzU0NDg2mglCaHR0cHM6Ly93d3cucGhpbGlwcy5kZS9jLW0tcGUvb25lYmxhZGUtdHJpbW1lbi1zdHlsZW4tdW5kLXJhc2llcmVusQmaNczM7uQcZYAKA8gLAdALD-ALAbgMAbATyo-cC9gTAtgUAagWAQ&num=1&client=ca-pub-7379978810940306&ctype=110&label=video_10s_engaged_view&ad_mt=10169&acvw=sv%3D894%26cb%3Dj%26nas%3D1%26sdk%3Dh%26p%3D974,1199,1199,1599%26p0%3D974,1199,1199,1599%26p1%3D974,1199,1199,1599%26p2%3D974,1199,1199,1599%26tos%3D10242,0,0,0,0%26mtos%3D10242,10242,10242,10242,10242%26amtos%3D0,0,0,0,0%26mtos1%3D5239,0,0%26mtos2%3D5000,0,0%26mcvt%3D10242%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26a0%3D0%26a1%3D0%26a2%3D0%26ft%3D0%26at%3D0%26as%3D0%26vpt%3D10242%26gmm%3D4%26efpf%3D2%26nmt%3D1%26tcm%3D0%26bt%3D2119%26pst%3D271%26dur%3D20015%26vmtime%3D10168%26is%3D275%26i0%3D275%26i1%3D275%26i2%3D275%26cs%3D16782099%26c%3D1%26c0%3D1%26c1%3D1%26c2%3D1%26mc%3D1%26nc%3D1%26mv%3D0%26nv%3D0%26qmt%3D3,3,3,3,3%26qnc%3D1%26qmv%3D0%26qnv%3D0%26lte%3D1%26ces%26femt%3D916%26femvt%3D0%26emc%3D53%26emuc%3D0%26emb%3D53,0,0,0,0%26avms%3Dexc%26qi%3D832356600%26psm%3D-2147481601%26psv%3D-2147481601%26psfv%3D-2147481601%26psa%3D0%26ptlt%3D1619233581224%26pngs%3D9s,14,15s%26veid%3Dxdi:0,amp:0%26ssb%3D0,0,0,0,0,0,0,0,0,0,10242%26ss0%3D0.04%26ss1%3D0.04%26ss2%3D0.04&gv=atos%3D0,0,0,0,0%26avt%3D0%26ss%3D0.04%26t%3D1619233570761&cid=CAQSKQCNIrLMeTrl6dqPtECLlgyPD8kesuIdsua6B3Rl2SFL81XBM4ZZzuqb&dblrd=1&val=ChAyMjBiZWMwM2VkYzcwMGVmEK2WjoQGGgi4BnhA4PPRMyABKAE&sig=AOD64_055RnN9ZPVN_0pCITcTvAH2oBzzg&adurl=https://ad.doubleclick.net/ddm/trackclk/N485604.3473192DV360_PH_DE/B25168070.292863583%3Bdc_trk_aid%3D486148734%3Bdc_trk_cid%3D144204931%3Bdc_lat%3D%3Bdc_rdid%3D%3Btag_for_child_directed_treatment%3D%3Btfua%3D%3Bgdpr%3D%24%7BGDPR%7D%3Bgdpr_consent%3D%24%7BGDPR_CONSENT_755%7D

222 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request / Show response
threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/ 77 KB
20 KB 548ms
138ms Document
text/html 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-35-173-160-135.compute-1.amazonaws.com

Software

nginx /

Resource Hash

7f5a24dcfe7dcebdd7a0528b9b472e9ed77a94720bac3cc6a3ee91bb4441e2d6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Host: threatpost.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Server: nginx
Date: Sat, 24 Apr 2021 03:06:01 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Link: <https://threatpost.com/wp-json/>; rel="https://api.w.org/" <https://threatpost.com/wp-json/wp/v2/posts/156669>; rel="alternate"; type="application/json" <https://threatpost.com/?p=156669>; rel=shortlink
X-Frame-Options: SAMEORIGIN
X-Debug-Auth: off
X-Request-Host: threatpost.com
x-cache-hit: HIT
Content-Encoding: gzip

GET
H/1.1 200
OK main.css
threatpost.com/wp-content/themes/threatpost-2018/assets/css/ 253 KB
39 KB 412ms
139ms Stylesheet
text/css 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/css/main.css?v=1619168472
Requested by: Host: threatpost.com
URL: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 41f3222c29889fb48f5dca1d481858e5339a759655510c256ef4edf56c80f7f5

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: threatpost.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: text/css,*/*;q=0.1
Cache-Control: no-cache
Sec-Fetch-Dest: style
Referer: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/
Connection: keep-alive
Referer: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: public
Date: Sat, 24 Apr 2021 03:06:02 GMT
Content-Encoding: gzip
Last-Modified: Fri, 23 Apr 2021 09:01:11 GMT
Server: nginx
ETag: W/"60828cd7-3f2b8"
Transfer-Encoding: chunked
Content-Type: text/css
Cache-Control: max-age=604800 public
Connection: close
Expires: Sat, 01 May 2021 03:06:02 GMT

GET
H2 200 op.js Show response
tagan.adlightning.com/math-aids-threatpost/ 39 KB
14 KB 281ms
120ms Script
application/javascript 13.33.139.65
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Requested by: Host: threatpost.com
URL: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.33.139.65 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-33-139-65.cph50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 612516365fd01d2eab054b01f74bf049689482adf689d60332447e670ca3d8d5

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: pnTFnBip6uwgNFib0c0naFUWdgYDNtLE
content-encoding: gzip
last-modified: Fri, 23 Apr 2021 04:32:09 GMT
server: AmazonS3
x-amz-cf-pop: CPH50-C2
etag: "f8f6c1f63d714d1097566fd51a44d806"
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 576e9a9724e7cec0e8a2c29aba5de9d8.cloudfront.net (CloudFront)
cache-control: max-age=3600
date: Sat, 24 Apr 2021 03:06:02 GMT
accept-ranges: bytes
content-length: 14265
x-amz-cf-id: bKCw52nb9wmlws-lfScV8TaImy79qPhhjTae6i2hl5K81Wq7d80STA==
x-amz-meta-git_commit: 49c6f47

GET
H2 200 ros-layout.js Show response
qd.admetricspro.com/js/threatpost/ 25 KB
3 KB 38ms
11ms Script
application/javascript 2606:4700:3037::6815:fad
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://qd.admetricspro.com/js/threatpost/ros-layout.js
Requested by: Host: threatpost.com
URL: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3037::6815:fad , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bbc688ea0af0051ff5a2e638a07cc36980f10deef3e1d0bdd069811768c6fe30

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 24 Apr 2021 03:06:01 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"max_age":604800,"report_to":"cf-nel"}
age: 270
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 09a370751200004ab5591a8000000001
last-modified: Fri, 05 Mar 2021 17:45:49 GMT
server: cloudflare
etag: W/"626e-5bccda7913385-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=OjWsJkpocB7Q%2FCCmXtj6mvD8lXSKGKfvleftdayFXkSRm0pgvBqe8vxt%2BupvB0HlAbUTWB9V9nAQkFRBnWwTKGtz1kYsx9ikF1mPpg%2B0xC0U3%2BG5Fgj37toVveJdY7cb"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=14400
cf-ray: 644c1d01b9824ab5-FRA
expires: Sat, 24 Apr 2021 03:03:03 GMT

GET
H2 200 gpt.js Show response
www.googletagservices.com/tag/js/ 62 KB
21 KB 17ms
14ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: threatpost.com
URL: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b5b714db37b15f12751494535f3b0010aa0bcaa9db892dafaba7ae356e86187c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 24 Apr 2021 03:06:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "851 / 673 of 1000 / last-modified: 1619215815"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21128
x-xss-protection: 0
expires: Sat, 24 Apr 2021 03:06:01 GMT

GET
H2 200 cmp.js Show response
qd.admetricspro.com/js/threatpost/ 305 KB
82 KB 51ms
25ms Script
application/javascript 2606:4700:3037::6815:fad
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://qd.admetricspro.com/js/threatpost/cmp.js
Requested by: Host: threatpost.com
URL: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3037::6815:fad , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 73339d824e344121a3039b2e0e9c9353fb8132e005bb6d53249814c213520d5d

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 24 Apr 2021 03:06:01 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"max_age":604800,"report_to":"cf-nel"}
age: 271
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 09a370751200004ab532883000000001
last-modified: Tue, 06 Oct 2020 19:53:29 GMT
server: cloudflare
etag: W/"4c426-5b105f3f297c7-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=O7nMXNFoHohhkk5oRtkAlNsOkwrGwI64%2B%2BEt8pIdmtzVazslfx%2FotYDWT7ZvYTN4QkfW0WWR0NqVs99oz9IOE5KEqkxR6v9La9Sn2NJnei7UK6VsUfTAAauD5URVOAbP"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=14400
cf-ray: 644c1d01b9834ab5-FRA
expires: Sat, 24 Apr 2021 03:11:30 GMT

GET
H2 200 uspcmp.js Show response
qd.admetricspro.com/js/threatpost/ 148 KB
55 KB 44ms
19ms Script
application/javascript 2606:4700:3037::6815:fad
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://qd.admetricspro.com/js/threatpost/uspcmp.js
Requested by: Host: threatpost.com
URL: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3037::6815:fad , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1ae61ed61290f9bf2619f52667aafa622c805072c75765025f0b61a23862005f

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 24 Apr 2021 03:06:01 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"max_age":604800,"report_to":"cf-nel"}
age: 271
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 09a370751200004ab5e61e1000000001
last-modified: Sat, 08 Aug 2020 22:40:07 GMT
server: cloudflare
etag: W/"24e50-5ac65673cef1c-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=XOLCVYIdaIDYewmX0UuvT90LcUtxvsNnxBtkJXEcVporbDdM3abz04xvj8m2eHKzZvLs4dRTK8aR9k34ue%2BlP4ISOY57CJMJGyfVr4hDDwU2%2BZy%2B%2BwYqgye%2Fjg%2Frxj8P"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=14400
cf-ray: 644c1d01b9854ab5-FRA
expires: Sat, 24 Apr 2021 03:11:30 GMT

GET
H2 200 targeting.js Show response
qd.admetricspro.com/js/threatpost/ 275 B
461 B 38ms
13ms Script
application/javascript 2606:4700:3037::6815:fad
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://qd.admetricspro.com/js/threatpost/targeting.js
Requested by: Host: threatpost.com
URL: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3037::6815:fad , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6cdc57f82f4b0d09e5b4e584ca4736cd3871f20563d4ce25120b057d8ffb4eb2

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 24 Apr 2021 03:06:01 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"max_age":604800,"report_to":"cf-nel"}
age: 270
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 09a370751200004ab52e3bd000000001
last-modified: Sat, 08 Feb 2020 20:49:18 GMT
server: cloudflare
etag: W/"113-59e16a3cfb471-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=Uz15w7HOAUbaQYMgIPfd9anGFa3SUUjvDwolsFw3s2DzTkPAsbOQRnMYyzmLPPLVpFq1ItZY6l8iYMdVbaqDk%2FNfiCpK7dlTiSQp4i7tHD42Le%2FFYPZSy21h3lbjQqpn"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=14400
cf-ray: 644c1d01b9864ab5-FRA
expires: Sat, 24 Apr 2021 03:11:31 GMT

GET
H2 200 prebid.js Show response
qd.admetricspro.com/js/threatpost/ 520 KB
144 KB 69ms
44ms Script
application/javascript 2606:4700:3037::6815:fad
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Requested by: Host: threatpost.com
URL: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3037::6815:fad , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c5dec046e34be07896b049576ab815e325858284addd14fb16f61f7b1c119378

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 24 Apr 2021 03:06:01 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"max_age":604800,"report_to":"cf-nel"}
age: 271
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 09a370751400004ab514940000000001
last-modified: Thu, 15 Apr 2021 21:43:37 GMT
server: cloudflare
etag: W/"821d6-5c009c17ea754-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=aCcY7THyJyx2z1FXr34Tf4%2FYA2Njp8QWvuP1MG0LlRI39RLtboO80Hjj07NM71f0y1VjWRv%2B7L8d%2Fj6ijxd6v73AfDA2NHjD7VtAlaov1KxVrMb7eJn62U03AEdhiKLS"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=14400
cf-ray: 644c1d01b9874ab5-FRA
expires: Sat, 24 Apr 2021 03:07:42 GMT

GET
H2 200 engine.js Show response
qd.admetricspro.com/js/threatpost/ 33 KB
9 KB 38ms
13ms Script
application/javascript 2606:4700:3037::6815:fad
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://qd.admetricspro.com/js/threatpost/engine.js
Requested by: Host: threatpost.com
URL: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3037::6815:fad , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 83c6bdb6c54b2fb90a204cf0279e2d868513572d0963ec534083902c1307844b

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 24 Apr 2021 03:06:01 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"max_age":604800,"report_to":"cf-nel"}
age: 271
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 09a370751200004ab5208e2000000001
last-modified: Mon, 19 Apr 2021 20:48:42 GMT
server: cloudflare
etag: W/"83c9-5c059747d2d30-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=%2B10RF5LndJ3O2%2FkpATC9gDmvLiGiDpArlZHmK3BE0NMcJiYLOFS8OSMe6vnV9nfDNOqbXk%2BYEZlfXfKp70jfGw%2FdUheVleI6ZqYOmirKuWqsVsq6cKDJd%2BUddaFkQzq1"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=14400
cf-ray: 644c1d01b9894ab5-FRA
expires: Sat, 24 Apr 2021 03:11:30 GMT

GET
H2 200 /
assets.threatpost.com/wp-content/plugins/bwp-minify/min/ 94 KB
19 KB 582ms
489ms Stylesheet
text/css 2600:9000:215d:f800:2:9275:3d40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-includes/css/dist/block-library/style.min.css,wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=4669a1de

Requested by

Host: threatpost.com
URL: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:215d:f800:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

72eaaf36ecf9e2e0757d5154ce285d44296ee79b32ea122953df2a1133c6f2fb

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 24 Apr 2021 03:06:02 GMT
content-encoding: gzip
x-amz-cf-pop: CPH50-C1
x-cache: Miss from cloudfront
content-length: 19117
x-cache-hit: HIT
last-modified: Fri, 23 Apr 2021 09:01:11 GMT
server: nginx
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/css; charset=utf-8
via: 1.1 7a024d32abd1bf1da267d76e57a01fa1.cloudfront.net (CloudFront)
cache-control: max-age=86400
x-debug-auth: off
x-request-host: assets.threatpost.com
x-amz-cf-id: OD4H9fsAD1A8JFe7OAMXQnJwCImOGiNbPA99oAPw8CYmRPjpSCFU4Q==
expires: Sat, 24 Apr 2021 17:16:42 GMT

GET
H/1.1 200
OK jquery-1.12.4-wp.js Show response
threatpost.com/wp-content/plugins/kaspersky-enable-jquery-migrate-helper/js/jquery/ 95 KB
37 KB 413ms
139ms Script
application/x-javascript 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/plugins/kaspersky-enable-jquery-migrate-helper/js/jquery/jquery-1.12.4-wp.js?ver=1.12.4-wp
Requested by: Host: threatpost.com
URL: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 3bb2621a4c0c710f6e78404473aebff8e115a28f8d53f44339b867c63ad93b26

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: threatpost.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: script
Referer: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/
Connection: keep-alive
Referer: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: public
Date: Sat, 24 Apr 2021 03:06:02 GMT
Content-Encoding: gzip
Last-Modified: Fri, 23 Apr 2021 09:01:09 GMT
Server: nginx
ETag: W/"60828cd5-17a56"
Transfer-Encoding: chunked
Content-Type: application/x-javascript
Cache-Control: max-age=604800 public
Connection: close
Expires: Sat, 01 May 2021 03:06:02 GMT

GET
H2 200 / Show response
assets.threatpost.com/wp-content/plugins/bwp-minify/min/ 177 KB
55 KB 669ms
577ms Script
application/x-javascript 2600:9000:215d:f800:2:9275:3d40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/kaspersky-cookies-notification/scripts/alert_text.js,wp-content/plugins/kaspersky-cookies-notification/scripts/alert.js,wp-content/plugins/honeypot-comments/public/assets/js/public.js,wp-content/plugins/kspr_twitter_pullquote/js/kaspersky-twitter-pullquote.js,wp-content/themes/threatpost-2018/assets/js/main.js,wp-content/themes/threatpost-2018/assets/js/loadmore.js,wp-content/plugins/kaspersky-social-sharing/assets/js/social-share.js&ver=4669a1de

Requested by

Host: threatpost.com
URL: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:215d:f800:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

b0209d39595432d762f6ba2a81dc0bffa6a6e1ed9021ba24ffa06c3c7e4bcb02

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 24 Apr 2021 03:06:02 GMT
content-encoding: gzip
x-amz-cf-pop: CPH50-C1
x-cache: Miss from cloudfront
content-length: 56256
x-cache-hit: HIT
last-modified: Fri, 23 Apr 2021 09:01:22 GMT
server: nginx
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
via: 1.1 7a024d32abd1bf1da267d76e57a01fa1.cloudfront.net (CloudFront)
cache-control: max-age=86400
x-debug-auth: off
x-request-host: assets.threatpost.com
x-amz-cf-id: BuHnaXd1ut1V259rC4hdZ7lbDwXRCoRj3QvrPDeB9K1DfqMrXKomeA==
expires: Sat, 24 Apr 2021 17:16:42 GMT

GET
H2 200 trojan-malware.jpg
media.threatpost.com/wp-content/uploads/sites/103/2020/01/22100148/ 126 KB
126 KB 53ms
10ms Image
image/jpeg 2600:9000:206f:600:0:5c46:4f40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.threatpost.com/wp-content/uploads/sites/103/2020/01/22100148/trojan-malware.jpg
Requested by: Host: threatpost.com
URL: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206f:600:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 4edf4e4d19fa8ec8abf42e728012fb704a7d8e49a25bbf778b77abd20d90b8ce

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 22 Apr 2021 04:32:03 GMT
via: 1.1 c1fb60e38be5022a78e4b52bedded7c2.cloudfront.net (CloudFront), 1.1 715791ebe4663055c84208b8a58b2b80.cloudfront.net (CloudFront)
last-modified: Wed, 22 Jan 2020 15:01:49 GMT
server: AmazonS3
age: 167640
etag: "3f035e1c9c491a99670f6755b2e8e29f"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=31536000
x-amz-cf-pop: FRA6-C1, FRA56-C1
accept-ranges: bytes
content-length: 128905
x-amz-cf-id: x12grKvvf6Ng1cJ6fknZ5NKw0_yFvgW7DdbM__7imlasYdtOUdN2ng==
expires: Thu, 21 Jan 2021 15:01:48 GMT

GET
H2 200 / Show response
assets.threatpost.com/wp-content/plugins/bwp-minify/min/ 2 KB
1 KB 396ms
396ms Script
application/x-javascript 2600:9000:215d:f800:2:9275:3d40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/gravityforms/js/jquery.json.min.js&ver=4669a1de

Requested by

Host: threatpost.com
URL: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:215d:f800:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

172314ff74044b918766ed4763279b5e8798622087c0a2930f59c9d44662213d

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 24 Apr 2021 03:06:02 GMT
content-encoding: gzip
x-amz-cf-pop: CPH50-C1
x-cache: Miss from cloudfront
content-length: 926
x-cache-hit: HIT
last-modified: Fri, 23 Apr 2021 09:01:20 GMT
server: nginx
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
via: 1.1 7a024d32abd1bf1da267d76e57a01fa1.cloudfront.net (CloudFront)
cache-control: max-age=86400
x-debug-auth: off
x-request-host: assets.threatpost.com
x-amz-cf-id: 0RYcIR9a2ynMLlS1JARVmFI0Xw0bYWbyk67RBJaRoMzm1CrH78b4zw==
expires: Sat, 24 Apr 2021 17:16:43 GMT

GET
H/1.1 200
OK gravityforms.min.js Show response
threatpost.com/wp-content/plugins/gravityforms/js/ 34 KB
12 KB 962ms
137ms Script
application/x-javascript 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/plugins/gravityforms/js/gravityforms.min.js?ver=2.4.17.15
Requested by: Host: threatpost.com
URL: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 3097d0444becd9d089b52b7074072f19201525de874d0775012572fb375b7838

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: threatpost.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: script
Referer: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/
Connection: keep-alive
Referer: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: public
Date: Sat, 24 Apr 2021 03:06:03 GMT
Content-Encoding: gzip
Last-Modified: Fri, 23 Apr 2021 09:01:09 GMT
Server: nginx
ETag: W/"60828cd5-88c2"
Transfer-Encoding: chunked
Content-Type: application/x-javascript
Cache-Control: max-age=604800 public
Connection: close
Expires: Sat, 01 May 2021 03:06:03 GMT

GET
H2 200 / Show response
assets.threatpost.com/wp-content/plugins/bwp-minify/min/ 7 KB
3 KB 389ms
387ms Script
application/x-javascript 2600:9000:215d:f800:2:9275:3d40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/gravityforms/js/conditional_logic.min.js&ver=4669a1de

Requested by

Host: threatpost.com
URL: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:215d:f800:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

f75166e3f70100b65a6ce1d4128bc15286e92b19a546fa7709f739e9bcfe52c6

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 24 Apr 2021 03:06:03 GMT
content-encoding: gzip
x-amz-cf-pop: CPH50-C1
x-cache: Miss from cloudfront
content-length: 2685
x-cache-hit: HIT
last-modified: Fri, 23 Apr 2021 09:01:20 GMT
server: nginx
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
via: 1.1 7a024d32abd1bf1da267d76e57a01fa1.cloudfront.net (CloudFront)
cache-control: max-age=86400
x-debug-auth: off
x-request-host: assets.threatpost.com
x-amz-cf-id: Em9YKyENjq_6MiHEadGQyPvLKSSgq9kZ9YVh_IJuWqG0h-sr0fD_mw==
expires: Sat, 24 Apr 2021 17:16:42 GMT

GET
H2 200 / Show response
assets.threatpost.com/wp-content/plugins/bwp-minify/min/ 5 KB
2 KB 395ms
393ms Script
application/x-javascript 2600:9000:215d:f800:2:9275:3d40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/gravityforms/js/placeholders.jquery.min.js&ver=4669a1de

Requested by

Host: threatpost.com
URL: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:215d:f800:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

d62a7b7ec5313469ebff5c006b9068dc44d6d1c122cf787ffa29a10113b34060

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 24 Apr 2021 03:06:03 GMT
content-encoding: gzip
x-amz-cf-pop: CPH50-C1
x-cache: Miss from cloudfront
content-length: 1747
x-cache-hit: HIT
last-modified: Fri, 23 Apr 2021 09:01:09 GMT
server: nginx
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
via: 1.1 7a024d32abd1bf1da267d76e57a01fa1.cloudfront.net (CloudFront)
cache-control: max-age=86400
x-debug-auth: off
x-request-host: assets.threatpost.com
x-amz-cf-id: fSQmG9CyKmyH5I_JqyqZw5UFkmtkaXaKDLpODsryeqItB3YgitkAxw==
expires: Sat, 24 Apr 2021 17:16:55 GMT

GET
H2 200 api.js Show response
www.google.com/recaptcha/ 852 B
652 B 16ms
14ms Script
text/javascript 2a00:1450:4001:82b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api.js?hl=en&render=explicit&ver=5.7

Requested by

Host: threatpost.com
URL: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

aabef6fdf6754720952bba161391163f9b54dcd8302f64c85746a92c5aa8bae7

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 24 Apr 2021 03:06:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
content-security-policy: frame-ancestors 'self'
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 556
x-xss-protection: 1; mode=block
expires: Sat, 24 Apr 2021 03:06:02 GMT

GET
H2 200 / Show response
assets.threatpost.com/wp-content/plugins/bwp-minify/min/ 1 KB
1 KB 307ms
305ms Script
application/x-javascript 2600:9000:215d:f800:2:9275:3d40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-includes/js/wp-embed.min.js&ver=4669a1de

Requested by

Host: threatpost.com
URL: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:215d:f800:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

5be614bce53f767993a5f5f14a6badd6aae6bf3af7cbdbf4d31520de49e27991

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 24 Apr 2021 03:06:02 GMT
content-encoding: gzip
x-amz-cf-pop: CPH50-C1
x-cache: Miss from cloudfront
content-length: 765
x-cache-hit: HIT
last-modified: Tue, 09 Mar 2021 20:32:23 GMT
server: nginx
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
via: 1.1 7a024d32abd1bf1da267d76e57a01fa1.cloudfront.net (CloudFront)
cache-control: max-age=86400
x-debug-auth: off
x-request-host: assets.threatpost.com
x-amz-cf-id: EUAU3nmG2YNnZOfl3P0vkvzOSsN2gYPPf7eVDPKycrm3HfP3szj5XQ==
expires: Sat, 24 Apr 2021 17:17:29 GMT

GET
H2 200 b-49c6f47-67be9a36.js Show response
tagan.adlightning.com/math-aids-threatpost/ 69 KB
23 KB 94ms
92ms Script
application/javascript 13.33.139.65
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/math-aids-threatpost/b-49c6f47-67be9a36.js
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.33.139.65 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-33-139-65.cph50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 178f058426830d14a05750625b5f6750efc3cb905e25899209cde01fcd4877af

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Apr 2021 18:34:38 GMT
content-encoding: gzip
age: 1585885
x-cache: Hit from cloudfront
content-length: 23203
x-amz-meta-git_commit: 49c6f47
last-modified: Mon, 05 Apr 2021 18:33:10 GMT
server: AmazonS3
etag: "a932a716635a0bdbfeda3195fd6261d6"
x-amz-version-id: NW9xaMZs.szhdoIzks3cD5Qpn1RWVACw
via: 1.1 576e9a9724e7cec0e8a2c29aba5de9d8.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: CPH50-C2
accept-ranges: bytes
content-type: application/javascript
x-amz-cf-id: JE1Uk1ssAVhjRSZnDKirBd4g0Uh_jUqouM6wZS62gPX_-2_KX_kY9w==

GET
H2 200 bl-d02cc15-382fe285.js Show response
tagan.adlightning.com/math-aids-threatpost/ 55 KB
17 KB 121ms
119ms Script
application/javascript 13.33.139.65
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/math-aids-threatpost/bl-d02cc15-382fe285.js
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.33.139.65 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-33-139-65.cph50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 3b232d2d8db1494df82982150951c2c27488d8cba66f1dd0a11f99034117dce3

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 23 Apr 2021 05:26:29 GMT
content-encoding: gzip
age: 77973
x-cache: Hit from cloudfront
content-length: 16897
x-amz-meta-git_commit: d02cc15
last-modified: Fri, 23 Apr 2021 04:31:48 GMT
server: AmazonS3
etag: "4744f178766c333001b03c917451c618"
x-amz-version-id: PWK7Bxgvcfe.pxlnVYU9O1tbIMHGwf9c
via: 1.1 576e9a9724e7cec0e8a2c29aba5de9d8.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: CPH50-C2
accept-ranges: bytes
content-type: application/javascript
x-amz-cf-id: vZ0x2Z9sI5taG5tqvcbKQfCWzTr4wZlY4dl7hj6MdKlVkoDGpRvCrw==

GET
H2 200 pubads_impl_2021042101.js Show response
securepubads.g.doubleclick.net/gpt/ 301 KB
106 KB 54ms
52ms Script
text/javascript 216.58.212.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021042101.js?31060871

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.212.162 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s22-in-f162.1e100.net

Software

sffe /

Resource Hash

59c35f54d601301c5ad4ac4d92d0d60f8c09e264cafe2e61a756c059889b6da9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date: Sat, 24 Apr 2021 03:06:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 21 Apr 2021 08:38:12 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 108325
x-xss-protection: 0
expires: Sat, 24 Apr 2021 03:06:02 GMT

GET
H3-29 200 vendor-list.json Show response
qd.admetricspro.com/js/cmp2/ 286 KB
31 KB 165ms
153ms XHR
application/json 2606:4700:3037::6815:fad
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://qd.admetricspro.com/js/cmp2/vendor-list.json
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/cmp.js
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3037::6815:fad , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ec95a631650981cd2ff2eecd07118042dee23fc0a3fd6ed70926fa3d94e4e5d3

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 24 Apr 2021 03:06:02 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"max_age":604800,"report_to":"cf-nel"}
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 09a37078040000d6e9f22e9000000001
last-modified: Tue, 06 Oct 2020 19:31:27 GMT
server: cloudflare
etag: W/"4773b-5b105a5302c6b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"max_age":604800,"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=DpUNuR24all7oexdUG%2BCmsHzkvvMUjQccvwlKRlWHexlKEvzn3r1tk2G5hKRrQGquvTM9SmeQPIK3kt4dtjqKnIZzMqUttToDQjBW0KWWSnB50TiFY6jEmR2rIdjkiJe"}]}
content-type: application/json
access-control-allow-origin: *
cache-control: max-age=600
cf-ray: 644c1d06683cd6e9-FRA
expires: Sat, 24 Apr 2021 03:16:02 GMT

GET
H2 200 apstag.js Show response
c.amazon-adsystem.com/aax2/ 119 KB
31 KB 252ms
93ms Script
application/javascript 143.204.247.127
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/aax2/apstag.js
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/engine.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.247.127 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-247-127.cph50.r.cloudfront.net
Software: Server /
Resource Hash: 9e5a3984c873d9f7009795b85f0d9bfa38e8f9dddc2309d83556aea4d7ee41a0

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 24 Apr 2021 02:54:58 GMT
content-encoding: gzip
server: Server
age: 663
etag: 433bd8b9aebf928ab8f51e43abc531d2
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 8cd193739d511303cb3678dc24369a0c.cloudfront.net (CloudFront)
cache-control: public, max-age=900
x-amz-cf-pop: CPH50-C1
accept-ranges: bytes
timing-allow-origin: *
x-amz-version-id: FUA623DCjlDRvcvJxerHmi4TRUp1BV44
x-amz-cf-id: Q61thhfSbRFMpkfMvuSigsLsXXSND67RtHw_czJJPN7ng0wyeJPQTw==

GET
H2

200

connatix.player.dc.js Show response
cds.connatix.com/p/114866/ Frame EDDB
Redirect Chain

https://cd.connatix.com/connatix.player.js
https://cds.connatix.com/p/114866/connatix.player.dc.js

1006 KB
219 KB

153ms
50ms

Script
application/javascript

151.101.14.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cds.connatix.com/p/114866/connatix.player.dc.js
Requested by: Host: threatpost.com
URL: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.14.137 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 19d350a23f46ee2c61e56905e3f24c9c829204c49e2052554358330f7970b6bb

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 24 Apr 2021 03:06:02 GMT
content-encoding: br
last-modified: Fri, 23 Apr 2021 19:39:13 GMT
age: 26588
etag: "167a2f974f9eef9d4b1671910593a476"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: max-age=31557600
accept-ranges: bytes
content-length: 223687

Redirect headers

location: https://cds.connatix.com/p/114866/connatix.player.dc.js
date: Sat, 24 Apr 2021 03:06:02 GMT
cache-control: no-cache, no-store, must-revalidate, max-age=0
age: 0
accept-ranges: bytes
content-length: 0
retry-after: 0

GET
H/1.1 200
OK / Show response
kasperskycontenthub.com/ 0
398 B 549ms
137ms Script
application/javascript 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://kasperskycontenthub.com/?dm=ed1f9e435dc885292eab65620c51f3fb&action=load&blogid=103&siteid=1&t=52859375&back=https%3A%2F%2Fthreatpost.com%2Fshlayer-mac-malware-extra-sneakiness%2F156669%2F

Requested by

Host: threatpost.com
URL: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-35-173-160-135.compute-1.amazonaws.com

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 24 Apr 2021 03:06:03 GMT
X-Content-Type-Options: nosniff
Server: nginx
X-Frame-Options: SAMEORIGIN
Connection: close
Content-Type: application/javascript
x-cache-hit: HIT
Transfer-Encoding: chunked
X-Debug-Auth: off
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Request-Host: kasperskycontenthub.com
X-XSS-Protection: 1; mode=block

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 162 KB
51 KB 26ms
25ms Script
application/javascript 2a00:1450:4001:811::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-PM29HLF

Requested by

Host: threatpost.com
URL: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

6fb22a39cc3607d5e14d89ffc077285e091c70cbdb71bc20bf1b1797be9a0906

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 24 Apr 2021 03:06:02 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 52499
x-xss-protection: 0
expires: Sat, 24 Apr 2021 03:06:02 GMT

GET
H/1.1 200
OK icons.svg
threatpost.com/wp-content/themes/threatpost-2018//assets/sprite/ 13 KB
5 KB 946ms
142ms Other
image/svg+xml 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018//assets/sprite/icons.svg
Requested by: Host: threatpost.com
URL: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 01864580e1f385dc4512aed0de4b324cc1a04812709e7020e857612fc0ce9f4c

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: threatpost.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: same-origin
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/
Connection: keep-alive
Referer: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: public
Date: Sat, 24 Apr 2021 03:06:03 GMT
Content-Encoding: gzip
Last-Modified: Fri, 23 Apr 2021 09:01:10 GMT
Server: nginx
ETag: W/"60828cd6-3496"
Transfer-Encoding: chunked
Content-Type: image/svg+xml
Cache-Control: max-age=604800 public
Connection: close
Expires: Sat, 01 May 2021 03:06:03 GMT

GET
H/1.1 200
OK icons.svg
threatpost.com/wp-content/themes/threatpost-2018/assets/sprite/ 13 KB
5 KB 940ms
141ms Other
image/svg+xml 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/sprite/icons.svg
Requested by: Host: threatpost.com
URL: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 01864580e1f385dc4512aed0de4b324cc1a04812709e7020e857612fc0ce9f4c

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: threatpost.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: same-origin
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/
Connection: keep-alive
Referer: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: public
Date: Sat, 24 Apr 2021 03:06:03 GMT
Content-Encoding: gzip
Last-Modified: Fri, 23 Apr 2021 09:01:11 GMT
Server: nginx
ETag: W/"60828cd7-3496"
Transfer-Encoding: chunked
Content-Type: image/svg+xml
Cache-Control: max-age=604800 public
Connection: close
Expires: Sat, 01 May 2021 03:06:03 GMT

GET
H/1.1 200
OK logo.png
threatpost.com/wp-content/themes/threatpost-2018/assets/images/ 19 KB
19 KB 937ms
137ms Image
image/png 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/images/logo.png
Requested by: Host: threatpost.com
URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/css/main.css?v=1619168472
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 39af7c1116fb967a330e8770f775e6b5ee871add01ed45c98a1634911cebfb0a

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: threatpost.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://threatpost.com/wp-content/themes/threatpost-2018/assets/css/main.css?v=1619168472
Connection: keep-alive
Referer: https://threatpost.com/wp-content/themes/threatpost-2018/assets/css/main.css?v=1619168472
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: public
Date: Sat, 24 Apr 2021 03:06:03 GMT
Last-Modified: Fri, 23 Apr 2021 09:01:10 GMT
Server: nginx
ETag: "60828cd6-4a32"
Content-Type: image/png
Cache-Control: max-age=604800 public
Connection: close
Accept-Ranges: bytes
Content-Length: 18994
Expires: Sat, 01 May 2021 03:06:03 GMT

GET
H/1.1 200
OK museosans-700-webfont.woff2
threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 20 KB
21 KB 373ms
141ms Font
font/woff2 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-700-webfont.woff2
Requested by: Host: threatpost.com
URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/css/main.css?v=1619168472
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: ae00ae9c862bc8b8923efd1d9a18befa912678a869d4dd01179a59ed3de731be

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Origin: https://threatpost.com
Accept-Encoding: gzip, deflate, br
Host: threatpost.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: font
Referer: https://threatpost.com/wp-content/themes/threatpost-2018/assets/css/main.css?v=1619168472
Connection: keep-alive
Origin: https://threatpost.com
Referer: https://threatpost.com/wp-content/themes/threatpost-2018/assets/css/main.css?v=1619168472
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: public
Date: Sat, 24 Apr 2021 03:06:03 GMT
Last-Modified: Fri, 23 Apr 2021 09:01:11 GMT
Server: nginx
ETag: "60828cd7-51a4"
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Cache-Control: max-age=31536000 public
Connection: close
Accept-Ranges: bytes
Content-Length: 20900
Expires: Sun, 24 Apr 2022 03:06:03 GMT

GET
H/1.1 200
OK museosans-100-webfont.woff2
threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 20 KB
21 KB 394ms
137ms Font
font/woff2 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-100-webfont.woff2
Requested by: Host: threatpost.com
URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/css/main.css?v=1619168472
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 06fc565587b8b700936a1677218cb269a6cc31ca5f701eb45461e86a3d54d5c7

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Origin: https://threatpost.com
Accept-Encoding: gzip, deflate, br
Host: threatpost.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: font
Referer: https://threatpost.com/wp-content/themes/threatpost-2018/assets/css/main.css?v=1619168472
Connection: keep-alive
Origin: https://threatpost.com
Referer: https://threatpost.com/wp-content/themes/threatpost-2018/assets/css/main.css?v=1619168472
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: public
Date: Sat, 24 Apr 2021 03:06:03 GMT
Last-Modified: Fri, 23 Apr 2021 09:01:10 GMT
Server: nginx
ETag: "60828cd6-50c8"
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Cache-Control: max-age=31536000 public
Connection: close
Accept-Ranges: bytes
Content-Length: 20680
Expires: Sun, 24 Apr 2022 03:06:03 GMT

GET
H/1.1 200
OK museosans-300-webfont.woff2
threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 20 KB
21 KB 403ms
137ms Font
font/woff2 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-300-webfont.woff2
Requested by: Host: threatpost.com
URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/css/main.css?v=1619168472
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 45ddc09b0ad6ab916bd9a0282070b161045e186fc025303f4aa1aa821fc45ac7

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Origin: https://threatpost.com
Accept-Encoding: gzip, deflate, br
Host: threatpost.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: font
Referer: https://threatpost.com/wp-content/themes/threatpost-2018/assets/css/main.css?v=1619168472
Connection: keep-alive
Origin: https://threatpost.com
Referer: https://threatpost.com/wp-content/themes/threatpost-2018/assets/css/main.css?v=1619168472
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: public
Date: Sat, 24 Apr 2021 03:06:03 GMT
Last-Modified: Fri, 23 Apr 2021 09:01:11 GMT
Server: nginx
ETag: "60828cd7-51b8"
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Cache-Control: max-age=31536000 public
Connection: close
Accept-Ranges: bytes
Content-Length: 20920
Expires: Sun, 24 Apr 2022 03:06:03 GMT

GET
H/1.1 200
OK museosans-500-webfont.woff2
threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 20 KB
21 KB 505ms
233ms Font
font/woff2 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-500-webfont.woff2
Requested by: Host: threatpost.com
URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/css/main.css?v=1619168472
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 2de77164bb9924542e1dea4ee4a0ff27d40b51a3d7939dac7db11a95045c9b7d

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Origin: https://threatpost.com
Accept-Encoding: gzip, deflate, br
Host: threatpost.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: font
Referer: https://threatpost.com/wp-content/themes/threatpost-2018/assets/css/main.css?v=1619168472
Connection: keep-alive
Origin: https://threatpost.com
Referer: https://threatpost.com/wp-content/themes/threatpost-2018/assets/css/main.css?v=1619168472
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: public
Date: Sat, 24 Apr 2021 03:06:03 GMT
Last-Modified: Fri, 23 Apr 2021 09:01:22 GMT
Server: nginx
ETag: "60828ce2-5194"
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Cache-Control: max-age=31536000 public
Connection: close
Accept-Ranges: bytes
Content-Length: 20884
Expires: Sun, 24 Apr 2022 03:06:03 GMT

GET
H/1.1 200
OK museosans-700italic-webfont.woff2
threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 15 KB
16 KB 409ms
137ms Font
font/woff2 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-700italic-webfont.woff2
Requested by: Host: threatpost.com
URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/css/main.css?v=1619168472
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 859faa9b9ed0990288b2f393a102b1fe2668ac79088b113b6f0beaee521221eb

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Origin: https://threatpost.com
Accept-Encoding: gzip, deflate, br
Host: threatpost.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: font
Referer: https://threatpost.com/wp-content/themes/threatpost-2018/assets/css/main.css?v=1619168472
Connection: keep-alive
Origin: https://threatpost.com
Referer: https://threatpost.com/wp-content/themes/threatpost-2018/assets/css/main.css?v=1619168472
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: public
Date: Sat, 24 Apr 2021 03:06:03 GMT
Last-Modified: Fri, 23 Apr 2021 09:01:10 GMT
Server: nginx
ETag: "60828cd6-3dcc"
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Cache-Control: max-age=31536000 public
Connection: close
Accept-Ranges: bytes
Content-Length: 15820
Expires: Sun, 24 Apr 2022 03:06:03 GMT

GET
H/1.1 200
OK museosans-300italic-webfont.woff2
threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 23 KB
23 KB 368ms
140ms Font
font/woff2 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-300italic-webfont.woff2
Requested by: Host: threatpost.com
URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/css/main.css?v=1619168472
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: f8a2b5b62eb722c3379b30cf0cc58d3176ee6be48036d6ad2aa838d2029c4189

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Origin: https://threatpost.com
Accept-Encoding: gzip, deflate, br
Host: threatpost.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: font
Referer: https://threatpost.com/wp-content/themes/threatpost-2018/assets/css/main.css?v=1619168472
Connection: keep-alive
Origin: https://threatpost.com
Referer: https://threatpost.com/wp-content/themes/threatpost-2018/assets/css/main.css?v=1619168472
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: public
Date: Sat, 24 Apr 2021 03:06:03 GMT
Last-Modified: Fri, 23 Apr 2021 09:01:11 GMT
Server: nginx
ETag: "60828cd7-5bac"
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Cache-Control: max-age=31536000 public
Connection: close
Accept-Ranges: bytes
Content-Length: 23468
Expires: Sun, 24 Apr 2022 03:06:03 GMT

GET
H2 200 Tara-headshot.jpg
media.threatpost.com/wp-content/uploads/sites/103/2018/08/15114841/ 13 KB
13 KB 8ms
7ms Image
image/jpeg 2600:9000:206f:600:0:5c46:4f40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.threatpost.com/wp-content/uploads/sites/103/2018/08/15114841/Tara-headshot.jpg
Requested by: Host: threatpost.com
URL: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206f:600:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 89ce08431545cd3c6d42419d99ee0152027a68c1d0c7c82838cc9a51d9d52451

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 22 Dec 2020 00:34:25 GMT
via: 1.1 9fc99ee5c5f05c23e5f643dbb0f4aeb9.cloudfront.net (CloudFront), 1.1 715791ebe4663055c84208b8a58b2b80.cloudfront.net (CloudFront)
last-modified: Fri, 17 Aug 2018 16:22:08 GMT
server: AmazonS3
age: 10636298
etag: "dee18dfeea6de13bec60c1e5237eb723"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=31536000
x-amz-cf-pop: HAM50-C3, FRA56-C1
accept-ranges: bytes
content-length: 13097
x-amz-cf-id: jjHHkhNP7GyvY2r-F7AZmSdh2ICt9j1zW5TjfBkoTj2zza-0fcd_yw==
expires: Sat, 17 Aug 2019 16:22:07 GMT

GET
H2 200 subscribe2.jpg
media.threatpost.com/wp-content/uploads/sites/103/2019/02/19151457/ 8 KB
9 KB 8ms
7ms Image
image/jpeg 2600:9000:206f:600:0:5c46:4f40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.threatpost.com/wp-content/uploads/sites/103/2019/02/19151457/subscribe2.jpg
Requested by: Host: threatpost.com
URL: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206f:600:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: aa64fa30a3263fa3105736228a6feaaa4f7d32d8ef96b12e56f6fb95511b66a7

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 08 Jan 2021 02:29:18 GMT
via: 1.1 85e4c30db6ed9459bdead04635e1ab69.cloudfront.net (CloudFront), 1.1 715791ebe4663055c84208b8a58b2b80.cloudfront.net (CloudFront)
last-modified: Tue, 19 Feb 2019 20:14:58 GMT
server: AmazonS3
age: 9160605
etag: "5ba45563f793f39ef6baf02645651654"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=31536000
x-amz-cf-pop: HAM50-C3, FRA56-C1
accept-ranges: bytes
content-length: 8281
x-amz-cf-id: -CyuOF1iAqtSafQYjA7wCOjuWCcX-cGripfWYO7HaVfdzG3o9xLMpA==
expires: Wed, 19 Feb 2020 20:14:57 GMT

GET
H2 200 44-540x270.jpeg
media.threatpost.com/wp-content/uploads/sites/103/2018/12/21152801/ 24 KB
25 KB 12ms
11ms Image
image/jpeg 2600:9000:206f:600:0:5c46:4f40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.threatpost.com/wp-content/uploads/sites/103/2018/12/21152801/44-540x270.jpeg
Requested by: Host: threatpost.com
URL: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206f:600:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 204f07f3fdb4b724f817614f493ede02272a0621eed615f1cd3556fc78d5f88d

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 07 Feb 2021 08:57:51 GMT
via: 1.1 a75b67932d84d80b40e12159613deb17.cloudfront.net (CloudFront), 1.1 715791ebe4663055c84208b8a58b2b80.cloudfront.net (CloudFront)
last-modified: Fri, 21 Dec 2018 20:28:04 GMT
server: AmazonS3
age: 6545292
etag: "273943558f5839b5c05f6d276cc00c83"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=31536000
x-amz-cf-pop: FRA53-C1, FRA56-C1
accept-ranges: bytes
content-length: 24999
x-amz-cf-id: eacMIaQEhB5NLGc6pNpLRcLP8vE830o8Jvkl6Hl0zcoJ81r8VQVeGQ==
expires: Sat, 21 Dec 2019 20:28:01 GMT

GET
H2 200 BIOS-540x270.jpg
media.threatpost.com/wp-content/uploads/sites/103/2020/12/03142833/ 54 KB
54 KB 19ms
19ms Image
image/jpeg 2600:9000:206f:600:0:5c46:4f40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.threatpost.com/wp-content/uploads/sites/103/2020/12/03142833/BIOS-540x270.jpg
Requested by: Host: threatpost.com
URL: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206f:600:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 6c01eb186b97a4eb31c83dd37dea284d5aa0fba9498409dc0335cd0c792f6923

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 12 Feb 2021 05:39:09 GMT
via: 1.1 15d3b4db3728feaae1780610a1bac86e.cloudfront.net (CloudFront), 1.1 715791ebe4663055c84208b8a58b2b80.cloudfront.net (CloudFront)
last-modified: Thu, 03 Dec 2020 19:28:37 GMT
server: AmazonS3
age: 6125214
etag: "45648886562962965c481362d6ac9ec5"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=31536000
x-amz-cf-pop: FRA53-C1, FRA56-C1
accept-ranges: bytes
content-length: 54885
x-amz-cf-id: ZQHResjLiGOs19eUFMCrYRnxMBJ3tVhp0JqkDbIC7o7oNLAV-jguIg==
expires: Fri, 03 Dec 2021 19:28:36 GMT

GET
H2 200 Peppers-e1607015398923-540x270.jpg
media.threatpost.com/wp-content/uploads/sites/103/2020/12/03115625/ 34 KB
34 KB 10ms
10ms Image
image/jpeg 2600:9000:206f:600:0:5c46:4f40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.threatpost.com/wp-content/uploads/sites/103/2020/12/03115625/Peppers-e1607015398923-540x270.jpg
Requested by: Host: threatpost.com
URL: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206f:600:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: ded1460ee944d899efb0142c9acf24aadb4633a3085d4355a769b93393796947

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 11 Feb 2021 11:04:36 GMT
via: 1.1 511c8b6c7e903efca023a504d527516b.cloudfront.net (CloudFront), 1.1 715791ebe4663055c84208b8a58b2b80.cloudfront.net (CloudFront)
last-modified: Thu, 03 Dec 2020 17:10:01 GMT
server: AmazonS3
age: 6192087
etag: "7578988185778fa7220e68dbd09821af"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=31536000
x-amz-cf-pop: FRA53-C1, FRA56-C1
accept-ranges: bytes
content-length: 34839
x-amz-cf-id: t28zIvBeSww2nj_uoocDqrZwSgrRBd0DiyJNrZCgIap0fUXotJ37aQ==
expires: Fri, 03 Dec 2021 17:09:58 GMT

GET
H/1.1 200
OK mail-plane-light.svg
threatpost.com/wp-content/themes/threatpost-2018/assets/images/ 828 B
722 B 839ms
136ms Image
image/svg+xml 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/images/mail-plane-light.svg
Requested by: Host: threatpost.com
URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/css/main.css?v=1619168472
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 5a7ed822968963e31d88424c96387ad9f4fd4f4b5a5b581a33f65e3784d162cf

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: threatpost.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://threatpost.com/wp-content/themes/threatpost-2018/assets/css/main.css?v=1619168472
Connection: keep-alive
Referer: https://threatpost.com/wp-content/themes/threatpost-2018/assets/css/main.css?v=1619168472
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: public
Date: Sat, 24 Apr 2021 03:06:03 GMT
Content-Encoding: gzip
Last-Modified: Fri, 23 Apr 2021 09:01:22 GMT
Server: nginx
ETag: W/"60828ce2-33c"
Transfer-Encoding: chunked
Content-Type: image/svg+xml
Cache-Control: max-age=604800 public
Connection: close
Expires: Sat, 01 May 2021 03:06:03 GMT

GET
H/1.1 200
OK twitter-blue.svg
threatpost.com/wp-content/themes/threatpost-2018/assets/images/ 868 B
847 B 835ms
141ms Image
image/svg+xml 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/images/twitter-blue.svg
Requested by: Host: threatpost.com
URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/css/main.css?v=1619168472
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 420508fc523520f35de5c851905543294123d7676b5a5668744691f2abe9e730

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: threatpost.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://threatpost.com/wp-content/themes/threatpost-2018/assets/css/main.css?v=1619168472
Connection: keep-alive
Referer: https://threatpost.com/wp-content/themes/threatpost-2018/assets/css/main.css?v=1619168472
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: public
Date: Sat, 24 Apr 2021 03:06:03 GMT
Content-Encoding: gzip
Last-Modified: Fri, 23 Apr 2021 09:01:10 GMT
Server: nginx
ETag: W/"60828cd6-364"
Transfer-Encoding: chunked
Content-Type: image/svg+xml
Cache-Control: max-age=604800 public
Connection: close
Expires: Sat, 01 May 2021 03:06:03 GMT

GET
H2 200 IoT-City-64x64.jpg
media.threatpost.com/wp-content/uploads/sites/103/2020/08/25192407/ 2 KB
2 KB 8ms
7ms Image
image/jpeg 2600:9000:206f:600:0:5c46:4f40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.threatpost.com/wp-content/uploads/sites/103/2020/08/25192407/IoT-City-64x64.jpg
Requested by: Host: threatpost.com
URL: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206f:600:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 3f8a0180f1faf6374a1d4fa3cb72d63d223fa6e139d1d854eb0b250be56dbfe7

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 23 Apr 2021 17:13:50 GMT
via: 1.1 c275031486c6f7b744b8d30847e98b14.cloudfront.net (CloudFront), 1.1 715791ebe4663055c84208b8a58b2b80.cloudfront.net (CloudFront)
last-modified: Tue, 25 Aug 2020 23:24:11 GMT
server: AmazonS3
age: 35533
etag: "b5d12e24a9b93a53fb9ade99937ae55c"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=31536000
x-amz-cf-pop: FRA6-C1, FRA56-C1
accept-ranges: bytes
content-length: 1633
x-amz-cf-id: Xgit3yUNIv70Sfkl76g0m7CguNfXTQqGEkYRCQooqU44RO-h3SqD3A==
expires: Wed, 25 Aug 2021 23:24:10 GMT

GET
H2 200 bugs-64x64.jpg
media.threatpost.com/wp-content/uploads/sites/103/2020/12/09162617/ 2 KB
3 KB 9ms
9ms Image
image/jpeg 2600:9000:206f:600:0:5c46:4f40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.threatpost.com/wp-content/uploads/sites/103/2020/12/09162617/bugs-64x64.jpg
Requested by: Host: threatpost.com
URL: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206f:600:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: c92fded78b78e33ed04f2afa01045ef08f5b7bee1d4e22420faf621b1111a5b3

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 21 Apr 2021 20:49:42 GMT
via: 1.1 2ef0748a2a8fca13fd6065b6b046c33c.cloudfront.net (CloudFront), 1.1 715791ebe4663055c84208b8a58b2b80.cloudfront.net (CloudFront)
last-modified: Wed, 09 Dec 2020 21:26:20 GMT
server: AmazonS3
age: 195381
etag: "653f8b3a21406b781133ebe82180fbb1"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=31536000
x-amz-cf-pop: FRA6-C1, FRA56-C1
accept-ranges: bytes
content-length: 2481
x-amz-cf-id: 5oRLguQN3d6SzVyjhxNfwJd8fHDeGdnSELH_omawPUkJ4glvIVW36A==
expires: Thu, 09 Dec 2021 21:26:19 GMT

GET
H2 200 climate-change-64x64.jpg
media.threatpost.com/wp-content/uploads/sites/103/2021/04/19111446/ 2 KB
2 KB 8ms
8ms Image
image/jpeg 2600:9000:206f:600:0:5c46:4f40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.threatpost.com/wp-content/uploads/sites/103/2021/04/19111446/climate-change-64x64.jpg
Requested by: Host: threatpost.com
URL: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206f:600:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 3143145c4a165c8481f6c7c3b7488069c45fead97d7b6cc8f2f5187d9ff0dc38

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 19 Apr 2021 15:32:13 GMT
via: 1.1 89c822bb1ce1445a7be6d1057088cfbf.cloudfront.net (CloudFront), 1.1 715791ebe4663055c84208b8a58b2b80.cloudfront.net (CloudFront)
last-modified: Mon, 19 Apr 2021 15:14:51 GMT
server: AmazonS3
age: 387230
etag: "bbfd4b068325b80e74eb1b1172a694bc"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=31536000
x-amz-cf-pop: FRA6-C1, FRA56-C1
accept-ranges: bytes
content-length: 1883
x-amz-cf-id: Tq__7AhgXE0C10zqJhaDmT8FWreMtLArKP6g7alsZCBHgkL7P7Xu8w==
expires: Tue, 19 Apr 2022 15:14:50 GMT

GET
H2 200 microsoft-exchange-64x64.jpg
media.threatpost.com/wp-content/uploads/sites/103/2020/04/07164022/ 2 KB
2 KB 8ms
8ms Image
image/jpeg 2600:9000:206f:600:0:5c46:4f40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.threatpost.com/wp-content/uploads/sites/103/2020/04/07164022/microsoft-exchange-64x64.jpg
Requested by: Host: threatpost.com
URL: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206f:600:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: d36998265578b1657d38d960ab7940b23e0e4c79ecb4709132768f1e14f61e73

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 16 Apr 2021 14:03:07 GMT
via: 1.1 f2fa38e6635ded6d22a69d089217bc90.cloudfront.net (CloudFront), 1.1 715791ebe4663055c84208b8a58b2b80.cloudfront.net (CloudFront)
last-modified: Tue, 07 Apr 2020 20:40:26 GMT
server: AmazonS3
age: 651776
etag: "4e45b663b839a412cf5c1c7ff8ffb8da"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=31536000
x-amz-cf-pop: FRA56-C1, FRA56-C1
accept-ranges: bytes
content-length: 1616
x-amz-cf-id: 5daO29qbwTZJCJ1zuu10nY2wWoSf60hs5Y2e4VDsbnBTar0MeareBQ==
expires: Wed, 07 Apr 2021 20:40:25 GMT

GET
H2 200 data-privacy-64x64.jpg
media.threatpost.com/wp-content/uploads/sites/103/2021/04/14131926/ 2 KB
3 KB 8ms
8ms Image
image/jpeg 2600:9000:206f:600:0:5c46:4f40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.threatpost.com/wp-content/uploads/sites/103/2021/04/14131926/data-privacy-64x64.jpg
Requested by: Host: threatpost.com
URL: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206f:600:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 1d77f1857d13f4f1ba3f5af594e669146b07c8cddfb9e8ebd66c217f62d50b19

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 14 Apr 2021 17:23:22 GMT
via: 1.1 df86e917220bc08caa68b0eb8ddabe91.cloudfront.net (CloudFront), 1.1 715791ebe4663055c84208b8a58b2b80.cloudfront.net (CloudFront)
last-modified: Wed, 14 Apr 2021 17:19:31 GMT
server: AmazonS3
age: 812561
etag: "6c0906b98808352990a80e88e8d3be00"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=31536000
x-amz-cf-pop: FRA6-C1, FRA56-C1
accept-ranges: bytes
content-length: 2480
x-amz-cf-id: EypqpMXM5uime8BlgDAssksT8gPHwoNQdljuW2DD8rTiwChVKkPO-w==
expires: Thu, 14 Apr 2022 17:19:30 GMT

GET
H/1.1 200
OK mail-plane-large-dark.svg
threatpost.com/wp-content/themes/threatpost-2018/assets/images/ 812 B
722 B 408ms
137ms Image
image/svg+xml 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/images/mail-plane-large-dark.svg
Requested by: Host: threatpost.com
URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/css/main.css?v=1619168472
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: a9d2b2df99c1a115d5394c70a898d8801092208dc582f8bd6fb01b35c30d6b22

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: threatpost.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://threatpost.com/wp-content/themes/threatpost-2018/assets/css/main.css?v=1619168472
Cookie: _ga=GA1.2.1041137439.1619233563; _gid=GA1.2.2098072113.1619233563; _gat_UA-35676203-21=1
Connection: keep-alive
Referer: https://threatpost.com/wp-content/themes/threatpost-2018/assets/css/main.css?v=1619168472
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: public
Date: Sat, 24 Apr 2021 03:06:03 GMT
Content-Encoding: gzip
Last-Modified: Fri, 23 Apr 2021 09:01:10 GMT
Server: nginx
ETag: W/"60828cd6-32c"
Transfer-Encoding: chunked
Content-Type: image/svg+xml
Cache-Control: max-age=604800 public
Connection: close
Expires: Sat, 01 May 2021 03:06:03 GMT

GET
H/1.1 200
OK logo-white.png
threatpost.com/wp-content/themes/threatpost-2018/assets/images/ 10 KB
10 KB 421ms
140ms Image
image/png 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/images/logo-white.png
Requested by: Host: threatpost.com
URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/css/main.css?v=1619168472
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: e4058d4ee9da1ceaddfa91ddb63650ba67285f1bbfee487d9dfe648bced669a0

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: threatpost.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://threatpost.com/wp-content/themes/threatpost-2018/assets/css/main.css?v=1619168472
Cookie: _ga=GA1.2.1041137439.1619233563; _gid=GA1.2.2098072113.1619233563; _gat_UA-35676203-21=1
Connection: keep-alive
Referer: https://threatpost.com/wp-content/themes/threatpost-2018/assets/css/main.css?v=1619168472
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: public
Date: Sat, 24 Apr 2021 03:06:03 GMT
Last-Modified: Fri, 23 Apr 2021 09:01:22 GMT
Server: nginx
ETag: "60828ce2-260a"
Content-Type: image/png
Cache-Control: max-age=604800 public
Connection: close
Accept-Ranges: bytes
Content-Length: 9738
Expires: Sat, 01 May 2021 03:06:03 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 48 KB
19 KB 5ms
5ms Script
text/javascript 2a00:1450:4001:811::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PM29HLF

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

2cb09c7b3e19bfc41743ca3624ef81c3258d56525647feac76aa757e0292627a

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 09 Apr 2021 23:59:54 GMT
server: Golfe2
age: 6199
date: Sat, 24 Apr 2021 01:22:43 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19569
expires: Sat, 24 Apr 2021 03:22:43 GMT

GET
H2 200 quant.js Show response
secure.quantserve.com/ 23 KB
9 KB 23ms
7ms Script
application/javascript 2620:116:800d:21:8c6e:cf2c:8d6:9fb5
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.quantserve.com/quant.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PM29HLF
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2620:116:800d:21:8c6e:cf2c:8d6:9fb5 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 8000d797097e74bfff377d2f3fca7e046ee4490ea4edb70c2c0b189575847629

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 24 Apr 2021 03:06:02 GMT
content-encoding: gzip
etag: "9iaPKZLFg6XYoMRMhilE8g=="
vary: Accept-Encoding
content-type: application/javascript
cache-control: private, max-age=604800
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
expires: Sat, 01 May 2021 03:06:02 GMT

GET
H2 200 uwt.js Show response
static.ads-twitter.com/ 5 KB
2 KB 44ms
44ms Script
application/javascript 199.232.136.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PM29HLF
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 199.232.136.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 4cf52cc73734aa71f26f6a10be9aeec89602af45bf0f9abd5c8445a076c1ae1a

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 24 Apr 2021 03:06:02 GMT
via: 1.1 varnish
last-modified: Fri, 04 Dec 2020 00:21:46 GMT
age: 8072
etag: "cbc512946c8abb461c6215ed5b454e5f+gzip"
vary: Accept-Encoding,Host
x-cache: HIT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
content-encoding: gzip
cache-control: no-cache
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
content-length: 1957
x-timer: S1619233563.884607,VS0,VE0
x-served-by: cache-hhn11563-HHN

POST
H3-29 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 27ms
13ms XHR
text/plain 2a00:1450:4001:827::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j90&aip=1&a=912488426&t=pageview&_s=1&dl=https%3A%2F%2Fthreatpost.com%2Fshlayer-mac-malware-extra-sneakiness%2F156669%2F&ul=en-us&de=UTF-8&dt=Shlayer%20Mac%20Malware%20Returns%20with%20Extra%20Sneakiness%20%7C%20Threatpost&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEABAAAAAC~&jid=1132157192&gjid=1402828876&cid=1041137439.1619233563&tid=UA-35676203-21&_gid=2098072113.1619233563&_r=1&gtm=2wg4e1PM29HLF&z=897090825

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sat, 24 Apr 2021 03:06:02 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://threatpost.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 collect
www.google-analytics.com/ 35 B
55 B 10ms
10ms Image
image/gif 2a00:1450:4001:827::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j90&aip=1&a=912488426&t=event&ni=0&_s=1&dl=https%3A%2F%2Fthreatpost.com%2Fshlayer-mac-malware-extra-sneakiness%2F156669%2F&ul=en-us&de=UTF-8&dt=Shlayer%20Mac%20Malware%20Returns%20with%20Extra%20Sneakiness%20%7C%20Threatpost&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=VISIBILITY&ea=elementVisibility%20%2F%20%5BHeader%5D%20%2F%20Social%20Networks%20View&_u=YEDAAEABAAAAAC~&jid=&gjid=&cid=1041137439.1619233563&tid=UA-35676203-21&_gid=2098072113.1619233563&gtm=2wg4e1PM29HLF&z=1731229636

Requested by

Host: threatpost.com
URL: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 23 Apr 2021 10:04:15 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 61307
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 rules-p-_7kVx0t9Jqj90.js Show response
rules.quantcount.com/ 3 B
357 B 218ms
155ms Script
application/x-javascript 2600:9000:215d:e200:6:44e3:f8c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rules.quantcount.com/rules-p-_7kVx0t9Jqj90.js
Requested by: Host: secure.quantserve.com
URL: https://secure.quantserve.com/quant.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:215d:e200:6:44e3:f8c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 24 Apr 2021 03:04:05 GMT
via: 1.1 7c587fa0463f61b130aff5ca04c29170.cloudfront.net (CloudFront)
last-modified: Fri, 03 Mar 2017 23:52:35 GMT
server: AmazonS3
age: 118
etag: "8a80554c91d9fca8acb82f023de02f11"
x-cache: Error from cloudfront
content-type: application/x-javascript
cache-control: max-age=300
x-amz-cf-pop: CPH50-C1
accept-ranges: bytes
content-length: 3
x-amz-cf-id: w7IQ9wK8J8aFR3Bue6lrBoJzRCkLtqPfGqYG-m4jsqZ9kw75FECzTA==

GET
H2 200 adsct
t.co/i/ 43 B
170 B 165ms
165ms Image
image/gif 104.244.42.5
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?type=javascript&version=1.1.1&p_id=Twitter&p_user_id=0&txn_id=ntt0j&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&tw_document_href=https%3A%2F%2Fthreatpost.com%2Fshlayer-mac-malware-extra-sneakiness%2F156669%2F

Requested by

Host: threatpost.com
URL: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.5 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 24 Apr 2021 03:06:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 65
x-xss-protection: 0
x-response-time: 121
pragma: no-cache
last-modified: Sat, 24 Apr 2021 03:06:03 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=0
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: 613737ae41c5600e5329bcc00090cf55
x-transaction: 008acb9800dc641b
expires: Tue, 31 Mar 1981 05:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
87 B 14ms
14ms XHR
text/plain 2a00:1450:400c:c0d::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j90&tid=UA-35676203-21&cid=1041137439.1619233563&jid=1132157192&gjid=1402828876&_gid=2098072113.1619233563&_u=YEBAAEAAAAAAAC~&z=629348714

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c0d::9c Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Sat, 24 Apr 2021 03:06:02 GMT
content-type: text/plain
access-control-allow-origin: https://threatpost.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 ga-audiences
www.google.com/ads/ 42 B
63 B 25ms
24ms Image
image/gif 2a00:1450:4001:811::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j90&tid=UA-35676203-21&cid=1041137439.1619233563&jid=1132157192&_u=YEBAAEAAAAAAAC~&z=2085358868

Requested by

Host: threatpost.com
URL: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 24 Apr 2021 03:06:02 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
107 B 18ms
16ms Image
image/gif 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j90&tid=UA-35676203-21&cid=1041137439.1619233563&jid=1132157192&_u=YEBAAEAAAAAAAC~&z=2085358868

Requested by

Host: threatpost.com
URL: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 24 Apr 2021 03:06:02 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 aps_csm.js Show response
c.amazon-adsystem.com/bao-csm/aps-comm/ 6 KB
3 KB 236ms
80ms XHR
application/javascript 143.204.247.127
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.247.127 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-247-127.cph50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: eEYYOb32LZFr6yGAi8hXG4401uAIPew2
content-encoding: gzip
etag: W/"a4d296427fc806b21335359e398c025c"
age: 85253
x-cache: Hit from cloudfront
access-control-max-age: 3000
access-control-allow-origin: *
last-modified: Wed, 07 Apr 2021 05:49:36 GMT
server: AmazonS3
date: Fri, 23 Apr 2021 04:06:52 GMT
vary: Origin
access-control-allow-methods: GET
content-type: application/javascript
via: 1.1 3a630ce21c7f0cd3702d89e40e7e5376.cloudfront.net (CloudFront)
cache-control: public, max-age=86400
x-amz-cf-pop: CPH50-C1
x-amz-cf-id: PJS6otCEohulMbG7BNj_yI0gb4Q7rvmeBXWXJ20UsqHfEYi7ycfW2w==

GET
H2 200 connatix.player.css
cds.connatix.com/p/114866/ 54 KB
8 KB 56ms
55ms Stylesheet
text/css 151.101.14.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cds.connatix.com/p/114866/connatix.player.css
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.14.137 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: f1c022aff023cba27a95c593e440595dfb6f16413a18483866e74a56e2563db5

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 24 Apr 2021 03:06:03 GMT
content-encoding: br
last-modified: Fri, 23 Apr 2021 19:39:13 GMT
age: 26588
etag: "fcaa0ea82bb0765612e6ce7eef717e24"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: max-age=31557600
accept-ranges: bytes
content-length: 8363

POST error
quantcount.com/log/ 0
0

POST
H/1.1 200
OK pls Show response
capi.connatix.com/core/ Frame EDDB 11 KB
4 KB 596ms
162ms XHR
multipart/form-data 3.136.53.133
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://capi.connatix.com/core/pls?v=114866
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.136.53.133 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-136-53-133.us-east-2.compute.amazonaws.com
Software: /
Resource Hash: f028005ddb70b89e43a3f9256aaf0d47bd4565fb5099a53211941b87bedb0d10

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: multipart/form-data

Response headers

Date: Sat, 24 Apr 2021 03:06:03 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Type: multipart/form-data
Access-Control-Allow-Origin: https://threatpost.com
transfer-encoding: chunked
Connection: keep-alive
Access-Control-Allow-Credentials: true

GET
H2 200 recaptcha__en.js Show response
www.gstatic.com/recaptcha/releases/dpzVjBAupwRfx3UzvXRnnAKb/ 334 KB
334 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/dpzVjBAupwRfx3UzvXRnnAKb/recaptcha__en.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api.js?hl=en&render=explicit&ver=5.7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e47eca73d4f42cce27c15cbff1e6b28a6716616c71f893d912ae941b37460998

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://threatpost.com
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 23 Apr 2021 21:51:26 GMT
x-content-type-options: nosniff
last-modified: Mon, 19 Apr 2021 04:04:08 GMT
server: sffe
age: 18877
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 341908
x-xss-protection: 0
expires: Sat, 23 Apr 2022 21:51:26 GMT

GET
H2 200 flipboard.svg
assets.threatpost.com/wp-content/plugins/kaspersky-social-sharing/assets/img/ 236 B
564 B 397ms
397ms Image
image/svg+xml 2600:9000:215d:f800:2:9275:3d40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.threatpost.com/wp-content/plugins/kaspersky-social-sharing/assets/img/flipboard.svg
Requested by: Host: assets.threatpost.com
URL: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-includes/css/dist/block-library/style.min.css,wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=4669a1de
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:215d:f800:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 506d565f94cecbb486394c545a96e8459217f8d045496b511e8c815142abfc70

Request headers

Referer: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-includes/css/dist/block-library/style.min.css,wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=4669a1de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: public
date: Sat, 24 Apr 2021 03:06:04 GMT
content-encoding: gzip
last-modified: Fri, 23 Apr 2021 09:01:21 GMT
server: nginx
x-amz-cf-pop: CPH50-C1
etag: W/"60828ce1-ec"
x-cache: Miss from cloudfront
content-type: image/svg+xml
via: 1.1 7a024d32abd1bf1da267d76e57a01fa1.cloudfront.net (CloudFront)
cache-control: max-age=604800, public
x-amz-cf-id: Ff-8vwIEgth_OHJsVfc9g4o-ykIPTAIUlNLBG06FFTrs0qe-W3xa0g==
expires: Sat, 01 May 2021 03:06:04 GMT

GET
H2 200 fontawesome-webfont.woff2
assets.threatpost.com/wp-content/plugins/kaspersky-social-sharing/assets/fonts/ 75 KB
76 KB 519ms
452ms Font
font/woff2 2600:9000:215d:f800:2:9275:3d40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.threatpost.com/wp-content/plugins/kaspersky-social-sharing/assets/fonts/fontawesome-webfont.woff2?v=4.7.0
Requested by: Host: assets.threatpost.com
URL: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-includes/css/dist/block-library/style.min.css,wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=4669a1de
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:215d:f800:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe

Request headers

Origin: https://threatpost.com
Referer: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-includes/css/dist/block-library/style.min.css,wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=4669a1de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: public
date: Sat, 24 Apr 2021 03:06:04 GMT
via: 1.1 8cd193739d511303cb3678dc24369a0c.cloudfront.net (CloudFront)
last-modified: Fri, 23 Apr 2021 09:01:12 GMT
server: nginx
x-amz-cf-pop: CPH50-C1
etag: "60828cd8-12d68"
x-cache: Miss from cloudfront
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=31536000, public
accept-ranges: bytes
content-length: 77160
x-amz-cf-id: 6lOhiqNPQmVq2kh_cCMlMfofqUvu3NDJthK95Ykc4bOi7_cudBsxUA==
expires: Sun, 24 Apr 2022 03:06:04 GMT

GET
H2 200 adsct Show response
analytics.twitter.com/i/ 31 B
285 B 318ms
318ms Script
application/javascript 104.244.42.67
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://analytics.twitter.com/i/adsct?type=javascript&version=1.1.1&p_id=Twitter&p_user_id=0&txn_id=ntt0j&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&tpx_cb=twttr.conversion.loadPixels&tw_document_href=https%3A%2F%2Fthreatpost.com%2Fshlayer-mac-malware-extra-sneakiness%2F156669%2F

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.67 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 24 Apr 2021 03:06:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status: 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 57
x-xss-protection: 0
x-response-time: 273
pragma: no-cache
last-modified: Sat, 24 Apr 2021 03:06:03 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=631138519
content-type: application/javascript;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: 82251f94d9ca2cc879015efafc4a1d2d
x-transaction: 00375938009a4f08
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H2 400 / Show response
graph.facebook.com/ 202 B
593 B 94ms
67ms XHR
application/json 2a03:2880:f03d:12:face:b00c:0:2
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://graph.facebook.com/?id=https%3A%2F%2Fthreatpost.com%2Fshlayer-mac-malware-extra-sneakiness%2F156669%2F

Requested by

Host: threatpost.com
URL: https://threatpost.com/wp-content/plugins/kaspersky-enable-jquery-migrate-helper/js/jquery/jquery-1.12.4-wp.js?ver=1.12.4-wp

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f03d:12:face:b00c:0:2 , United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e413a831d66905df2d4938796ae271fd0c172709e20a50199d927eb4b7aad97e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=15552000; preload
content-encoding: br
www-authenticate: OAuth "Facebook Platform" "invalid_request" "(#2) Service temporarily unavailable"
x-fb-rev: 1003679805
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 147
x-fb-rlafr: 0
pragma: no-cache
x-fb-debug: Dee8lFFxUNEEfQpJQufE4Zv+rrtJbalJtvpQd0xHvcME20yI/pbahgoX8q2dkcSR1ECPChX93LxWbnUoNE7TEA==
x-fb-trace-id: GyRYhCJRfWX
date: Sat, 24 Apr 2021 03:06:03 GMT
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-fb-request-id: ALbco2NpEDb2-pzxAxIAk-g
cache-control: no-store
facebook-api-version: v3.2
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 404 share
www.linkedin.com/countserv/count/ 0
0 126ms
111ms Script
text/html 2620:1ec:21::14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.linkedin.com/countserv/count/share?url=https%3A%2F%2Fthreatpost.com%2Fshlayer-mac-malware-extra-sneakiness%2F156669%2F&format=jsonp&callback=jQuery112406630234158801604_1619233562679&_=1619233562680
Requested by: Host: threatpost.com
URL: https://threatpost.com/wp-content/plugins/kaspersky-enable-jquery-migrate-helper/js/jquery/jquery-1.12.4-wp.js?ver=1.12.4-wp
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H2 200 info.json Show response
www.reddit.com/api/ 102 B
1 KB 254ms
161ms XHR
application/json 151.101.113.140
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.reddit.com/api/info.json?url=https%3A%2F%2Fthreatpost.com%2Fshlayer-mac-malware-extra-sneakiness%2F156669%2F

Requested by

Host: threatpost.com
URL: https://threatpost.com/wp-content/plugins/kaspersky-enable-jquery-migrate-helper/js/jquery/jquery-1.12.4-wp.js?ver=1.12.4-wp

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.113.140 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

snooserv /

Resource Hash

f4f2c0a4763f01ee2b13b4f8189e6fd5f32bd704d71fed8d0f11883de9724198

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 24 Apr 2021 03:06:03 GMT
via: 1.1 varnish
x-content-type-options: nosniff
content-length: 102
x-xss-protection: 1; mode=block
x-ua-compatible: IE=edge
x-moose: majestic
server: snooserv
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
access-control-expose-headers: X-Moose
cache-control: private, s-maxage=0, max-age=0, must-revalidate, no-store, max-age=0, must-revalidate
accept-ranges: bytes
expires: -1

GET
H3-29 200 anchor Show response
www.google.com/recaptcha/api2/ Frame 9E68 20 KB
11 KB 23ms
23ms Document
text/html 2a00:1450:4001:811::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LehhAETAAAAAAcsm2ZGDsLCqyGhesy4Yn43WNBe&co=aHR0cHM6Ly90aHJlYXRwb3N0LmNvbTo0NDM.&hl=en&v=dpzVjBAupwRfx3UzvXRnnAKb&theme=light&size=normal&cb=wckugumhohv6

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

1a4aff293b2e8e1bddee4ae19e065a4ba43dc1f40bc6851b6501d76aba3b102e

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-AylUL5w00TttmUwKRSZj0w' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/anchor?ar=1&k=6LehhAETAAAAAAcsm2ZGDsLCqyGhesy4Yn43WNBe&co=aHR0cHM6Ly90aHJlYXRwb3N0LmNvbTo0NDM.&hl=en&v=dpzVjBAupwRfx3UzvXRnnAKb&theme=light&size=normal&cb=wckugumhohv6
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://threatpost.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://threatpost.com/

Response headers

content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 24 Apr 2021 03:06:03 GMT
content-security-policy: script-src 'report-sample' 'nonce-AylUL5w00TttmUwKRSZj0w' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 10939
server: GSE
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 styles__ltr.css
www.gstatic.com/recaptcha/releases/dpzVjBAupwRfx3UzvXRnnAKb/ Frame 9E68 51 KB
52 KB 16ms
14ms Stylesheet
text/css 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/dpzVjBAupwRfx3UzvXRnnAKb/styles__ltr.css

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LehhAETAAAAAAcsm2ZGDsLCqyGhesy4Yn43WNBe&co=aHR0cHM6Ly90aHJlYXRwb3N0LmNvbTo0NDM.&hl=en&v=dpzVjBAupwRfx3UzvXRnnAKb&theme=light&size=normal&cb=wckugumhohv6

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4ef414f947bc802bea88d18ae69ca7d56939d81d7df79a7266688a8e1c14b190

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 23 Apr 2021 18:50:17 GMT
x-content-type-options: nosniff
last-modified: Mon, 19 Apr 2021 04:04:08 GMT
server: sffe
age: 29746
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 52732
x-xss-protection: 0
expires: Sat, 23 Apr 2022 18:50:17 GMT

GET
H3-29 200 recaptcha__en.js Show response
www.gstatic.com/recaptcha/releases/dpzVjBAupwRfx3UzvXRnnAKb/ Frame 9E68 334 KB
334 KB 29ms
28ms Script
text/javascript 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/dpzVjBAupwRfx3UzvXRnnAKb/recaptcha__en.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e47eca73d4f42cce27c15cbff1e6b28a6716616c71f893d912ae941b37460998

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 23 Apr 2021 21:51:26 GMT
x-content-type-options: nosniff
last-modified: Mon, 19 Apr 2021 04:04:08 GMT
server: sffe
age: 18877
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 341908
x-xss-protection: 0
expires: Sat, 23 Apr 2022 21:51:26 GMT

GET
H2 200 blockedDomains_1.bin Show response
lit.connatix.com/08d79ac9-d151-59b7-8ffc-1666f862d246/ Frame EDDB 51 B
265 B 137ms
44ms XHR
application/octet-stream 151.101.114.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://lit.connatix.com/08d79ac9-d151-59b7-8ffc-1666f862d246/blockedDomains_1.bin
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.114.137 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 814221921d936293a6dcceebe84bea01d2a40a18be1072d4b216914014532e2a

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 24 Apr 2021 03:06:03 GMT
content-encoding: gzip
fastly-restarts: 1
last-modified: Tue, 16 Feb 2021 13:25:11 GMT
age: 2818486
etag: "6867d1891d8793fd49a645adb5b6b6c3"
vary: Accept-Encoding
content-type: application/octet-stream
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: max-age=31557600
accept-ranges: bytes
content-length: 62

POST
H/1.1 200
OK sr Show response
capi.connatix.com/tr/ Frame EDDB 0
295 B 141ms
141ms XHR
multipart/form-data 3.136.53.133
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://capi.connatix.com/tr/sr?v=114866
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.136.53.133 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-136-53-133.us-east-2.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: multipart/form-data

Response headers

Date: Sat, 24 Apr 2021 03:06:03 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Type: multipart/form-data
Access-Control-Allow-Origin: https://threatpost.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 20

GET
H3-29 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 62 KB
21 KB 106ms
53ms Script
text/javascript 216.58.212.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

216.58.212.162 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s22-in-f162.1e100.net

Software

sffe /

Resource Hash

ad309904b3882d0bc665ba54e6fc9a708e89a6155fdce036c73ab386c80086c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 24 Apr 2021 03:06:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "851 / 433 of 1000 / last-modified: 1619215752"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21081
x-xss-protection: 0
expires: Sat, 24 Apr 2021 03:06:03 GMT

GET
H2 200 2_media.bin Show response
vid.connatix.com/60764267-557e-410f-85cb-f102d92ee134/f4f66138-624a-4b49-9ed2-4179c64c3dec/ Frame EDDB 285 B
339 B 58ms
51ms XHR
application/octet-stream 151.101.114.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://vid.connatix.com/60764267-557e-410f-85cb-f102d92ee134/f4f66138-624a-4b49-9ed2-4179c64c3dec/2_media.bin
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.114.137 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 7a13adfcd0d4d1ad9751711847c4875c38549debf944bb85b34dd3c09ab47bc8

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 24 Apr 2021 03:06:03 GMT
content-encoding: gzip
last-modified: Fri, 19 Mar 2021 22:23:12 GMT
age: 43552
etag: "cc1f27e910bf2d9272252ed6ffdb4ebe"
vary: Accept-Encoding
content-type: application/octet-stream
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: max-age=31557600
accept-ranges: bytes
content-length: 249

GET
H2 200 1.png
img.connatix.com/c2ecd04f-0dca-4ffa-8761-d93b34717380/ 6 KB
6 KB 52ms
50ms Image
image/png 151.101.14.137
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.connatix.com/c2ecd04f-0dca-4ffa-8761-d93b34717380/1.png
Requested by: Host: threatpost.com
URL: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.14.137 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 739ab1cbd5fc795c806cfbc012e937834a1d566f02ed72ff02af2700c0629eb4

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 24 Apr 2021 03:06:03 GMT
age: 1981319
etag: "CDlq0wWU2N6Hha9Y1OkqKS7K/JyWAUvXYL5GlZ2se8g"
access-control-max-age: 86400
fastly-io-info: ifsz=8114 idim=288x42 ifmt=png ofsz=6487 odim=288x42 ofmt=png
access-control-allow-origin: *
cache-control: max-age=31557600
fastly-stats: io=1
accept-ranges: bytes
content-type: image/png
content-length: 6487

GET
H2 200 DyFBV8dFhaagfC176qoxgGi05aRpe8uZUsWptLVOFSA.js Show response
www.google.com/js/bg/ Frame 9E68 14 KB
6 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:82b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/js/bg/DyFBV8dFhaagfC176qoxgGi05aRpe8uZUsWptLVOFSA.js

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/dpzVjBAupwRfx3UzvXRnnAKb/recaptcha__en.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0f214157c74585a6a07c2d7beaaa318068b4e5a4697bcb9952c5a9b4b54e1520

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LehhAETAAAAAAcsm2ZGDsLCqyGhesy4Yn43WNBe&co=aHR0cHM6Ly90aHJlYXRwb3N0LmNvbTo0NDM.&hl=en&v=dpzVjBAupwRfx3UzvXRnnAKb&theme=light&size=normal&cb=wckugumhohv6
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 21 Apr 2021 15:15:54 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Thu, 08 Apr 2021 09:30:00 GMT
server: sffe
age: 215409
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5760
x-xss-protection: 0
expires: Thu, 21 Apr 2022 15:15:54 GMT

GET
H3-29 200 webworker.js
www.google.com/recaptcha/api2/ Frame 9E68 102 B
131 B 15ms
15ms Other
text/javascript 2a00:1450:4001:811::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/webworker.js?hl=en&v=dpzVjBAupwRfx3UzvXRnnAKb

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

5d77edb71e1031ff06541a7a2bd05cd3dbc3bfd5434711bae081fc06f8791558

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LehhAETAAAAAAcsm2ZGDsLCqyGhesy4Yn43WNBe&co=aHR0cHM6Ly90aHJlYXRwb3N0LmNvbTo0NDM.&hl=en&v=dpzVjBAupwRfx3UzvXRnnAKb&theme=light&size=normal&cb=wckugumhohv6
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 24 Apr 2021 03:06:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
content-security-policy: frame-ancestors 'self'
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 111
x-xss-protection: 1; mode=block
expires: Sat, 24 Apr 2021 03:06:04 GMT

POST
H/1.1 200
OK ao Show response
capi.connatix.com/tr/ Frame EDDB 0
295 B 141ms
141ms XHR
multipart/form-data 3.136.53.133
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://capi.connatix.com/tr/ao?v=114866
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.136.53.133 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-136-53-133.us-east-2.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: multipart/form-data

Response headers

Date: Sat, 24 Apr 2021 03:06:04 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Type: multipart/form-data
Access-Control-Allow-Origin: https://threatpost.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 20

GET
H2 200 prebid4.30.0.js Show response
cds.connatix.com/p/plugins/ Frame EDDB 321 KB
90 KB 52ms
51ms Script
application/javascript 151.101.14.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cds.connatix.com/p/plugins/prebid4.30.0.js
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.14.137 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: ae28c06365d595f3ebaa60c0955647fd8410dca74a6530e482e8a06b4fbf0a8a

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 24 Apr 2021 03:06:04 GMT
content-encoding: br
last-modified: Fri, 12 Mar 2021 10:57:07 GMT
age: 2818791
etag: "14fba94fa49bc59e2e3a605ef0738d7a"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: max-age=31557600
accept-ranges: bytes
content-length: 91629

POST
H/1.1 200
OK g Show response
capi.connatix.com/rtb/ Frame EDDB 640 B
744 B 660ms
238ms XHR
multipart/form-data 3.136.53.133
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://capi.connatix.com/rtb/g?v=114866
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.136.53.133 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-136-53-133.us-east-2.compute.amazonaws.com
Software: /
Resource Hash: 1638f274e5791d3814ad4ba4e1c229015d6023e0e9b6d7c0ec906cbb3358a5d9

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: multipart/form-data

Response headers

Date: Sat, 24 Apr 2021 03:06:04 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Type: multipart/form-data
Access-Control-Allow-Origin: https://threatpost.com
transfer-encoding: chunked
Connection: keep-alive
Access-Control-Allow-Credentials: true

POST
H/1.1 200
OK ps Show response
capi.connatix.com/tr/ Frame EDDB 0
295 B 277ms
141ms XHR
multipart/form-data 3.136.53.133
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://capi.connatix.com/tr/ps?v=114866
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.136.53.133 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-136-53-133.us-east-2.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: multipart/form-data

Response headers

Date: Sat, 24 Apr 2021 03:06:04 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Type: multipart/form-data
Access-Control-Allow-Origin: https://threatpost.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 20

GET
H2 200 1_th.jpg
img.connatix.com/60764267-557e-410f-85cb-f102d92ee134/f4f66138-624a-4b49-9ed2-4179c64c3dec/ 8 KB
8 KB 58ms
57ms Image
image/jpeg 151.101.14.137
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.connatix.com/60764267-557e-410f-85cb-f102d92ee134/f4f66138-624a-4b49-9ed2-4179c64c3dec/1_th.jpg?crop=400:225,smart&width=400&height=225&format=jpeg&quality=60&fit=crop
Requested by: Host: threatpost.com
URL: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.14.137 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 4acda90e0e320a5ca3fb7146151c98339708a86deae2d6c04aa542eb06c6033b

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 24 Apr 2021 03:06:04 GMT
age: 51599
etag: "iUvBA6WrI/w28Nq8NsP50ik93VECEUHfu3ivB9i+Gm0"
access-control-max-age: 86400
fastly-io-info: ifsz=98311 idim=2560x1440 ifmt=jpeg ofsz=8023 odim=400x225 ofmt=jpeg
access-control-allow-origin: *
cache-control: max-age=31557600
fastly-stats: io=1
accept-ranges: bytes
content-type: image/jpeg
content-length: 8023

GET
H2 200 bid Show response
c.amazon-adsystem.com/e/dtb/ 137 B
514 B 202ms
202ms XHR
text/javascript 143.204.247.127
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fthreatpost.com%2Fshlayer-mac-malware-extra-sneakiness%2F156669%2F&pid=UbEkLS6FdWxPU&cb=0&ws=1600x1200&v=7.61.00&t=2000&slots=%5B%7B%22id%22%3A%22Amazon_400x225%22%2C%22mt%22%3A%22v%22%7D%5D&cfgv=0&pubid=cb8cfc89-e83e-44aa-a3a2-ff78eda781ef&gdprl=%7B%22status%22%3A%22tcfv2-timeout%22%7D
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.247.127 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-247-127.cph50.r.cloudfront.net
Software: Server /
Resource Hash: 19f9f1d89394148453c31fa1b22c55b46687eb6dcb47ac01a5f7e7656aa43f6c

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 24 Apr 2021 03:06:04 GMT
content-encoding: gzip
server: Server
x-amz-cf-pop: CPH50-C1
vary: Accept-Encoding,User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://threatpost.com
access-control-allow-credentials: true
timing-allow-origin: *
content-length: 138
via: 1.1 8cd193739d511303cb3678dc24369a0c.cloudfront.net (CloudFront)
x-amz-cf-id: 80JIBW7FeVWyIKGrtAUhvGCU62tQVHvkPPAE51evYTgurpbdDmHq6Q==

GET
H3-29 200 bframe Show response
www.google.com/recaptcha/api2/ Frame 9322 7 KB
1 KB 16ms
16ms Document
text/html 2a00:1450:4001:811::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/bframe?hl=en&v=dpzVjBAupwRfx3UzvXRnnAKb&k=6LehhAETAAAAAAcsm2ZGDsLCqyGhesy4Yn43WNBe&cb=j0z4wkwvbly4

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

0e4d3f3445e3a29793cfea20a36e8b23a8f56b88c05a50d1c83ae410fb72fced

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-9nZWzvlCerVHOLQ8DnbQ+A' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/bframe?hl=en&v=dpzVjBAupwRfx3UzvXRnnAKb&k=6LehhAETAAAAAAcsm2ZGDsLCqyGhesy4Yn43WNBe&cb=j0z4wkwvbly4
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://threatpost.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://threatpost.com/

Response headers

content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 24 Apr 2021 03:06:04 GMT
content-security-policy: script-src 'report-sample' 'nonce-9nZWzvlCerVHOLQ8DnbQ+A' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 1113
server: GSE
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 playlist.m3u8 Show response
vid.connatix.com/60764267-557e-410f-85cb-f102d92ee134/f4f66138-624a-4b49-9ed2-4179c64c3dec/ Frame EDDB 309 B
294 B 44ms
44ms XHR
application/x-mpegurl 151.101.114.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://vid.connatix.com/60764267-557e-410f-85cb-f102d92ee134/f4f66138-624a-4b49-9ed2-4179c64c3dec/playlist.m3u8
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.114.137 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 05a58707d25ec9885faf81f026410f37d3757c0689d56b7ec1fc8b2f9cffb9d1

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 24 Apr 2021 03:06:04 GMT
content-encoding: gzip
last-modified: Fri, 19 Mar 2021 22:23:11 GMT
age: 46432
etag: "8a966507b13615ecdc1330a4bc9dcfe1"
vary: Accept-Encoding
content-type: application/x-mpegURL
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: max-age=31557600
accept-ranges: bytes
content-length: 164

GET
H3-29 200 styles__ltr.css
www.gstatic.com/recaptcha/releases/dpzVjBAupwRfx3UzvXRnnAKb/ Frame 9322 51 KB
52 KB 7ms
7ms Stylesheet
text/css 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/dpzVjBAupwRfx3UzvXRnnAKb/styles__ltr.css

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api2/bframe?hl=en&v=dpzVjBAupwRfx3UzvXRnnAKb&k=6LehhAETAAAAAAcsm2ZGDsLCqyGhesy4Yn43WNBe&cb=j0z4wkwvbly4

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4ef414f947bc802bea88d18ae69ca7d56939d81d7df79a7266688a8e1c14b190

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 23 Apr 2021 18:50:17 GMT
x-content-type-options: nosniff
last-modified: Mon, 19 Apr 2021 04:04:08 GMT
server: sffe
age: 29747
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 52732
x-xss-protection: 0
expires: Sat, 23 Apr 2022 18:50:17 GMT

GET
H3-29 200 recaptcha__en.js Show response
www.gstatic.com/recaptcha/releases/dpzVjBAupwRfx3UzvXRnnAKb/ Frame 9322 334 KB
334 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/dpzVjBAupwRfx3UzvXRnnAKb/recaptcha__en.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api2/bframe?hl=en&v=dpzVjBAupwRfx3UzvXRnnAKb&k=6LehhAETAAAAAAcsm2ZGDsLCqyGhesy4Yn43WNBe&cb=j0z4wkwvbly4

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e47eca73d4f42cce27c15cbff1e6b28a6716616c71f893d912ae941b37460998

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 23 Apr 2021 21:51:26 GMT
x-content-type-options: nosniff
last-modified: Mon, 19 Apr 2021 04:04:08 GMT
server: sffe
age: 18878
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 341908
x-xss-protection: 0
expires: Sat, 23 Apr 2022 21:51:26 GMT

POST
H/1.1 200
OK g Show response
capi.connatix.com/rtb/ Frame EDDB 346 B
541 B 580ms
160ms XHR
multipart/form-data 3.136.53.133
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://capi.connatix.com/rtb/g?v=114866
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.136.53.133 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-136-53-133.us-east-2.compute.amazonaws.com
Software: /
Resource Hash: 911ab7e37e6c5f99c9abd4681ce46812477ec1cda52e235ad3c6b297c2681422

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: multipart/form-data

Response headers

Date: Sat, 24 Apr 2021 03:06:04 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Type: multipart/form-data
Access-Control-Allow-Origin: https://threatpost.com
transfer-encoding: chunked
Connection: keep-alive
Access-Control-Allow-Credentials: true

GET
H2 200 0.m3u8 Show response
vid.connatix.com/60764267-557e-410f-85cb-f102d92ee134/f4f66138-624a-4b49-9ed2-4179c64c3dec/ Frame EDDB 665 B
346 B 44ms
44ms XHR
application/x-mpegurl 151.101.114.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://vid.connatix.com/60764267-557e-410f-85cb-f102d92ee134/f4f66138-624a-4b49-9ed2-4179c64c3dec/0.m3u8
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.114.137 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: e3999ebe18f28ba6a3e1156095d2f0fea666be5c573424025f3ef573ce890d05

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 24 Apr 2021 03:06:04 GMT
content-encoding: gzip
last-modified: Fri, 19 Mar 2021 22:23:10 GMT
age: 46432
etag: "0725d6b40750afdcf21f18ecb5f32cea"
vary: Accept-Encoding
content-type: application/x-mpegURL
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: max-age=31557600
accept-ranges: bytes
content-length: 261

OPTIONS
H2 200 0.mp4
vid.connatix.com/60764267-557e-410f-85cb-f102d92ee134/f4f66138-624a-4b49-9ed2-4179c64c3dec/ Frame 0
0 44ms
44ms Preflight 151.101.114.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://vid.connatix.com/60764267-557e-410f-85cb-f102d92ee134/f4f66138-624a-4b49-9ed2-4179c64c3dec/0.mp4
Protocol: H2
Server: 151.101.114.137 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: range
Origin: https://threatpost.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

retry-after: 0
access-control-allow-methods: *
access-control-allow-headers: range
accept-ranges: bytes
date: Sat, 24 Apr 2021 03:06:04 GMT
access-control-max-age: 86400
cache-control: max-age=31557600
access-control-allow-origin: *
content-length: 0

GET
H2 206 0.mp4 Show response
vid.connatix.com/60764267-557e-410f-85cb-f102d92ee134/f4f66138-624a-4b49-9ed2-4179c64c3dec/ Frame EDDB 1 KB
1 KB 45ms
45ms XHR
video/mp4 151.101.114.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://vid.connatix.com/60764267-557e-410f-85cb-f102d92ee134/f4f66138-624a-4b49-9ed2-4179c64c3dec/0.mp4
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.114.137 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: b38a921c451be2d94cab9e5d58a914197ed2a00c4a1c2ba421e3e5b34755200d

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Range: bytes=0-1361

Response headers

date: Sat, 24 Apr 2021 03:06:04 GMT
last-modified: Fri, 19 Mar 2021 22:23:10 GMT
age: 46432
etag: "c19d4cd22f358253f058d1f2846e8c33"
access-control-max-age: 86400
content-type: video/mp4
Content-Range: bytes 0-1361/5670625
cache-control: max-age=31557600
accept-ranges: bytes
access-control-allow-origin: *
Content-Length: 1362

GET
H/1.1

200
OK

Cookie set iu3 Show response
aax-eu.amazon-adsystem.com/s/ Frame DDF8
Redirect Chain

https://aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-index_pm-db5_rbd_cnv_an-db5_3lift
https://aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-index_pm-db5_rbd_cnv_an-db5_3lift&dcc=t

259 B
943 B

222ms
222ms

Document
text/html

52.95.124.165
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-index_pm-db5_rbd_cnv_an-db5_3lift&dcc=t
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.95.124.165 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Server /
Resource Hash: f48a8c7ae378de608399b5c6874dd10eda599ea4bb8e53dcc667381a04e24e93

Request headers

Host: aax-eu.amazon-adsystem.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://threatpost.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: ad-id=A_0XtsPfKkJJtPUDCqO4APM|t
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://threatpost.com/

Response headers

Server: Server
Date: Sat, 24 Apr 2021 03:06:04 GMT
Content-Type: text/html;charset=ISO-8859-1
Content-Length: 206
Connection: keep-alive
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Set-Cookie: ad-id=A_0XtsPfKkJJtPUDCqO4APM; Domain=.amazon-adsystem.com; Expires=Sat, 01-Jan-2022 03:06:04 GMT; Path=/; Secure; HttpOnly; SameSite=None ad-privacy=0; Domain=.amazon-adsystem.com; Expires=Wed, 01-Jul-2026 03:06:04 GMT; Path=/; Secure; HttpOnly; SameSite=None
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip

Redirect headers

Server: Server
Date: Sat, 24 Apr 2021 03:06:04 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location: https://aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-index_pm-db5_rbd_cnv_an-db5_3lift&dcc=t
Set-Cookie: ad-id=A_0XtsPfKkJJtPUDCqO4APM|t; Domain=.amazon-adsystem.com; Expires=Sat, 01-Jan-2022 03:06:04 GMT; Path=/; Secure; HttpOnly; SameSite=None
Vary: User-Agent

OPTIONS
H2 200 0.mp4
vid.connatix.com/60764267-557e-410f-85cb-f102d92ee134/f4f66138-624a-4b49-9ed2-4179c64c3dec/ Frame 0
0 44ms
44ms Preflight 151.101.114.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://vid.connatix.com/60764267-557e-410f-85cb-f102d92ee134/f4f66138-624a-4b49-9ed2-4179c64c3dec/0.mp4
Protocol: H2
Server: 151.101.114.137 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: range
Origin: https://threatpost.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

retry-after: 0
access-control-allow-methods: *
access-control-allow-headers: range
accept-ranges: bytes
date: Sat, 24 Apr 2021 03:06:04 GMT
access-control-max-age: 86400
cache-control: max-age=31557600
access-control-allow-origin: *
content-length: 0

GET
H2 206 0.mp4 Show response
vid.connatix.com/60764267-557e-410f-85cb-f102d92ee134/f4f66138-624a-4b49-9ed2-4179c64c3dec/ Frame EDDB 631 KB
632 KB 45ms
45ms XHR
video/mp4 151.101.114.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://vid.connatix.com/60764267-557e-410f-85cb-f102d92ee134/f4f66138-624a-4b49-9ed2-4179c64c3dec/0.mp4
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.114.137 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 0e2cf736811fb42637e5a38f944244e93de5d0715ad0249716b6222d19d17dae

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Range: bytes=1362-647959

Response headers

date: Sat, 24 Apr 2021 03:06:04 GMT
last-modified: Fri, 19 Mar 2021 22:23:10 GMT
age: 46432
etag: "c19d4cd22f358253f058d1f2846e8c33"
access-control-max-age: 86400
content-type: video/mp4
Content-Range: bytes 1362-647959/5670625
cache-control: max-age=31557600
accept-ranges: bytes
access-control-allow-origin: *
Content-Length: 646598

OPTIONS
H2 200 0.mp4
vid.connatix.com/60764267-557e-410f-85cb-f102d92ee134/f4f66138-624a-4b49-9ed2-4179c64c3dec/ Frame 0
0 44ms
44ms Preflight 151.101.114.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://vid.connatix.com/60764267-557e-410f-85cb-f102d92ee134/f4f66138-624a-4b49-9ed2-4179c64c3dec/0.mp4
Protocol: H2
Server: 151.101.114.137 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: range
Origin: https://threatpost.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

retry-after: 0
access-control-allow-methods: *
access-control-allow-headers: range
accept-ranges: bytes
date: Sat, 24 Apr 2021 03:06:04 GMT
access-control-max-age: 86400
cache-control: max-age=31557600
access-control-allow-origin: *
content-length: 0

GET
H2 206 0.mp4 Show response
vid.connatix.com/60764267-557e-410f-85cb-f102d92ee134/f4f66138-624a-4b49-9ed2-4179c64c3dec/ Frame EDDB 575 KB
575 KB 45ms
45ms XHR
video/mp4 151.101.114.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://vid.connatix.com/60764267-557e-410f-85cb-f102d92ee134/f4f66138-624a-4b49-9ed2-4179c64c3dec/0.mp4
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.114.137 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 19812f977bcab06dbfb2598bcb172cd919e1ba52cae8a6f60b33968fbd50b3d6

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Range: bytes=647960-1236831

Response headers

date: Sat, 24 Apr 2021 03:06:04 GMT
last-modified: Fri, 19 Mar 2021 22:23:10 GMT
age: 46432
etag: "c19d4cd22f358253f058d1f2846e8c33"
access-control-max-age: 86400
content-type: video/mp4
Content-Range: bytes 647960-1236831/5670625
cache-control: max-age=31557600
accept-ranges: bytes
access-control-allow-origin: *
Content-Length: 588872

POST
H/1.1 200
OK mq Show response
capi.connatix.com/tr/ Frame EDDB 0
295 B 141ms
141ms XHR
multipart/form-data 3.136.53.133
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://capi.connatix.com/tr/mq?v=114866
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.136.53.133 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-136-53-133.us-east-2.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: multipart/form-data

Response headers

Date: Sat, 24 Apr 2021 03:06:04 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Type: multipart/form-data
Access-Control-Allow-Origin: https://threatpost.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 20

POST
H/1.1 200
OK g Show response
capi.connatix.com/rtb/ Frame EDDB 2 B
327 B 141ms
141ms XHR
multipart/form-data 3.136.53.133
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://capi.connatix.com/rtb/g?v=114866
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.136.53.133 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-136-53-133.us-east-2.compute.amazonaws.com
Software: /
Resource Hash: ffdbea2a5a9959ea5f9809139a0178c725fa9474a88f1cfe10f702bdb35c3cc0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: multipart/form-data

Response headers

Date: Sat, 24 Apr 2021 03:06:04 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Type: multipart/form-data
Access-Control-Allow-Origin: https://threatpost.com
transfer-encoding: chunked
Connection: keep-alive
Access-Control-Allow-Credentials: true

GET
H/1.1 200
OK pr Show response
aax-eu.amazon-adsystem.com/s/v3/ Frame 1916 1 KB
863 B 68ms
68ms Document
text/html 52.95.124.165
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://aax-eu.amazon-adsystem.com/s/v3/pr?exlist=n-index_cnv_pm-db5_rbd_an-db5_3lift&fv=1.0&a=cm&cm3ppd=1
Requested by: Host: aax-eu.amazon-adsystem.com
URL: https://aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-index_pm-db5_rbd_cnv_an-db5_3lift&dcc=t
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.95.124.165 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Server /
Resource Hash: fdf13c893d73c393034346f4a66e77e1880ba5d99264b63a1a3a048e43c6327c

Request headers

Host: aax-eu.amazon-adsystem.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-index_pm-db5_rbd_cnv_an-db5_3lift&dcc=t
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: ad-id=A_0XtsPfKkJJtPUDCqO4APM; ad-privacy=0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-index_pm-db5_rbd_cnv_an-db5_3lift&dcc=t

Response headers

Server: Server
Date: Sat, 24 Apr 2021 03:06:04 GMT
Content-Type: text/html;charset=ISO-8859-1
Content-Length: 502
Connection: keep-alive
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip

GET
H/1.1

200
OK

Cookie set usermatch Show response
ssum-sec.casalemedia.com/ Frame 6897
Redirect Chain

https://ssum-sec.casalemedia.com/usermatch?s=192259&cb=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID
https://ssum-sec.casalemedia.com/usermatch?s=192259&cb=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&C=1

2 KB
3 KB

55ms
55ms

Document
text/html

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ssum-sec.casalemedia.com/usermatch?s=192259&cb=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&C=1
Requested by: Host: aax-eu.amazon-adsystem.com
URL: https://aax-eu.amazon-adsystem.com/s/v3/pr?exlist=n-index_cnv_pm-db5_rbd_an-db5_3lift&fv=1.0&a=cm&cm3ppd=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 121759a5685d646154007f118926d313bf782423aeab37ffd16de5c183c0d6d0

Request headers

Host: ssum-sec.casalemedia.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: CMID=YIOLHB6HFwXnV0p6jJiw6gAA; CMPS=5212
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Server: Apache
Content-Type: text/html
Dropped-Udsids: 230|45|39|241|105|156|8|109
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Vary: Is-Traffic-Usersync
Content-Length: 1583
Expires: Sat, 24 Apr 2021 03:06:05 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 24 Apr 2021 03:06:05 GMT
Connection: keep-alive
Set-Cookie: CMID=YIOLHB6HFwXnV0p6jJiw6gAA;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Sun, 24 Apr 2022 03:06:05 GMT CMPS=5212;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Fri, 23 Jul 2021 03:06:05 GMT CMPRO=1172;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Fri, 23 Jul 2021 03:06:05 GMT CMRUM3=f160838b1d05a0&e660838b1d27600&6960838b1d05a0&9c60838b1d05a00&0860838b1d05a00&2d60838b1d05a0&6d60838b1d05a0&2760838b1d0b40;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Sun, 24 Apr 2022 03:06:05 GMT CMST=YIOLHWCDix0A;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Sun, 25 Apr 2021 03:06:05 GMT

Redirect headers

Server: Apache
Content-Length: 333
Content-Type: text/html; charset=iso-8859-1
Location: https://ssum-sec.casalemedia.com/usermatch?s=192259&cb=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&C=1
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Expires: Sat, 24 Apr 2021 03:06:04 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 24 Apr 2021 03:06:04 GMT
Connection: keep-alive
Set-Cookie: CMID=YIOLHB6HFwXnV0p6jJiw6gAA;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Sun, 24 Apr 2022 03:06:04 GMT CMPS=5212;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Fri, 23 Jul 2021 03:06:04 GMT

GET
H2 204 current
amazon-tam-match.dotomi.com/match/bounce/ Frame 43C8 0
0 93ms
66ms Document
text/plain 2a02:fa8:8806:16::1370
VCLK-EU-SE

General

Check archive.org

Show headers Download Go to

Full URL: https://amazon-tam-match.dotomi.com/match/bounce/current?networkId=31082&version=1&rurl=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dcnv.com%26id%3D
Requested by: Host: aax-eu.amazon-adsystem.com
URL: https://aax-eu.amazon-adsystem.com/s/v3/pr?exlist=n-index_cnv_pm-db5_rbd_an-db5_3lift&fv=1.0&a=cm&cm3ppd=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:fa8:8806:16::1370 , United States, ASN41041 (VCLK-EU-SE, US),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

:method: GET
:authority: amazon-tam-match.dotomi.com
:scheme: https
:path: /match/bounce/current?networkId=31082&version=1&rurl=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dcnv.com%26id%3D
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

server: nginx
date: Sat, 24 Apr 2021 03:06:04 GMT
cache-control: no-cache, private, max-age=0, no-store
expires: 0
pragma: no-cache

GET
H/1.1 200
OK user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame F5F9 8 KB
3 KB 138ms
45ms Document
text/html 2.18.233.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156657&predirect=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fid%3DPM_UID%26ex%3Dpubmatic.com&userIdMacro=PM_UID
Requested by: Host: aax-eu.amazon-adsystem.com
URL: https://aax-eu.amazon-adsystem.com/s/v3/pr?exlist=n-index_cnv_pm-db5_rbd_an-db5_3lift&fv=1.0&a=cm&cm3ppd=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 23371b5319a53a0a2d3c59d738d679c384822c244ea4e791ef87a4110b8a291e

Request headers

Host: ads.pubmatic.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Last-Modified: Wed, 21 Oct 2020 18:57:29 GMT
ETag: "1300708-1f78-5b232eb4914bb"
Server: Apache/2.2.15 (CentOS)
Accept-Ranges: bytes
Content-Encoding: gzip
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Content-Length: 2654
Content-Type: text/html; charset=UTF-8
Cache-Control: max-age=94292
Expires: Sun, 25 Apr 2021 05:17:36 GMT
Date: Sat, 24 Apr 2021 03:06:04 GMT
Connection: keep-alive
Vary: Accept-Encoding

GET
H/1.1 200
OK usync.html Show response
eus.rubiconproject.com/ Frame 2B41 281 B
554 B 139ms
45ms Document
text/html 104.111.230.142
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html?p=a9eu&endpoint=eu
Requested by: Host: aax-eu.amazon-adsystem.com
URL: https://aax-eu.amazon-adsystem.com/s/v3/pr?exlist=n-index_cnv_pm-db5_rbd_an-db5_3lift&fv=1.0&a=cm&cm3ppd=1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.111.230.142 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-230-142.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Host: eus.rubiconproject.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Server: Apache/2.2.15 (CentOS)
Last-Modified: Tue, 23 Feb 2021 20:47:52 GMT
ETag: "402b0-119-5bc0708346e00"
Accept-Ranges: bytes
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Sat, 24 Apr 2021 03:06:04 GMT
Connection: keep-alive
Vary: Accept-Encoding

GET
H/1.1

200
OK

ecm3 Show response
aax-eu.amazon-adsystem.com/s/ Frame 497D
Redirect Chain

https://ib.adnxs.com/getuid?https://aax-eu.amazon-adsystem.com/s/ecm3?id=$UID&ex=appnexus.com
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fid%3D%24UID%26ex%3Dappnexus.com
https://aax-eu.amazon-adsystem.com/s/ecm3?id=4195336843414698414&ex=appnexus.com

43 B
344 B

114ms
74ms

Document
image/gif

52.95.124.165
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://aax-eu.amazon-adsystem.com/s/ecm3?id=4195336843414698414&ex=appnexus.com
Requested by: Host: aax-eu.amazon-adsystem.com
URL: https://aax-eu.amazon-adsystem.com/s/v3/pr?exlist=n-index_cnv_pm-db5_rbd_an-db5_3lift&fv=1.0&a=cm&cm3ppd=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.95.124.165 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Server /
Resource Hash: c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Request headers

Host: aax-eu.amazon-adsystem.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: ad-id=A_0XtsPfKkJJtPUDCqO4APM; ad-privacy=0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Server: Server
Date: Sat, 24 Apr 2021 03:06:05 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Vary: User-Agent

Redirect headers

Server: nginx/1.17.9
Date: Sat, 24 Apr 2021 03:06:05 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Location: https://aax-eu.amazon-adsystem.com/s/ecm3?id=4195336843414698414&ex=appnexus.com
AN-X-Request-Uuid: ca626761-dd04-4b5f-9d35-bd8d91c6b905
Set-Cookie: uuid2=4195336843414698414; SameSite=None; Path=/; Max-Age=7776000; Expires=Fri, 23-Jul-2021 03:06:05 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin: 89.187.165.152; 89.187.165.152; 728.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.221.44:80

GET
H/1.1

200
OK

ecm3 Show response
aax-eu.amazon-adsystem.com/s/ Frame AD5D
Redirect Chain

https://eb2.3lift.com/getuid?redir=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3D3lift.com%26id%3D%24UID
https://eb2.3lift.com/getuid?ld=1&gdpr=1&cmp_cs=&us_privacy=&redir=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3D3lift.com%26id%3D%24UID
https://aax-eu.amazon-adsystem.com/s/ecm3?ex=3lift.com&id=5165561730560935737

43 B
344 B

71ms
70ms

Document
image/gif

52.95.124.165
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://aax-eu.amazon-adsystem.com/s/ecm3?ex=3lift.com&id=5165561730560935737
Requested by: Host: aax-eu.amazon-adsystem.com
URL: https://aax-eu.amazon-adsystem.com/s/v3/pr?exlist=n-index_cnv_pm-db5_rbd_an-db5_3lift&fv=1.0&a=cm&cm3ppd=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.95.124.165 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Server /
Resource Hash: c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Request headers

Host: aax-eu.amazon-adsystem.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: ad-id=A_0XtsPfKkJJtPUDCqO4APM; ad-privacy=0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Server: Server
Date: Sat, 24 Apr 2021 03:06:05 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Vary: User-Agent

Redirect headers

date: Sat, 24 Apr 2021 03:06:05 GMT
content-length: 0
location: https://aax-eu.amazon-adsystem.com/s/ecm3?ex=3lift.com&id=5165561730560935737
set-cookie: tluid=5165561730560935737; Max-Age=7776000; Expires=Fri, 23 Jul 2021 03:06:05 GMT; Path=/; Domain=.3lift.com; SameSite=None; Secure
cache-control: no-cache, no-store, must-revalidate
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H/1.1 200
OK showad.js Show response
ads.pubmatic.com/AdServer/js/ Frame 6CF0 38 KB
14 KB 56ms
56ms Document
text/html 2.18.233.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/showad.js
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156657&predirect=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fid%3DPM_UID%26ex%3Dpubmatic.com&userIdMacro=PM_UID
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 82f1fbe95dbd4e1128a973db542bf50ab7ac8fbf35bfefca2e782b0a0572e564

Request headers

Host: ads.pubmatic.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156657&predirect=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fid%3DPM_UID%26ex%3Dpubmatic.com&userIdMacro=PM_UID
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156657&predirect=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fid%3DPM_UID%26ex%3Dpubmatic.com&userIdMacro=PM_UID

Response headers

Last-Modified: Wed, 14 Apr 2021 09:18:30 GMT
ETag: "13006b6-98c2-5bfeb3aef82b4"
Server: Apache/2.2.15 (CentOS)
Accept-Ranges: bytes
Content-Encoding: gzip
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Content-Length: 14060
Content-Type: text/html; charset=UTF-8
Cache-Control: public, max-age=108629
Expires: Sun, 25 Apr 2021 09:16:34 GMT
Date: Sat, 24 Apr 2021 03:06:05 GMT
Connection: keep-alive
Vary: Accept-Encoding

GET
H/1.1 200
OK usync.js Show response
eus.rubiconproject.com/ Frame 2B41 31 KB
9 KB 52ms
52ms Script
text/html 104.111.230.142
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=a9eu&endpoint=eu
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.111.230.142 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-230-142.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: a11f48b87a3c4be2196d0b13aca9e2517746dc847d0531d4e4fa6e8545a3eab0

Request headers

Referer: https://eus.rubiconproject.com/usync.html?p=a9eu&endpoint=eu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 24 Apr 2021 03:06:05 GMT
Content-Encoding: gzip
Last-Modified: Mon, 19 Apr 2021 20:34:13 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control: max-age=37322
Connection: keep-alive
Content-Type: text/html; charset=UTF-8
Content-Length: 9241
Expires: Sat, 24 Apr 2021 13:28:07 GMT

GET
H/1.1

200
OK

usermatchredir
ssum-sec.casalemedia.com/ Frame 6897
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=YIOLHB6HFwXnV0p6jJiw6gAABJQAAAAB
https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm=&google_hm=YIOLHB6HFwXnV0p6jJiw6gAABJQAAAAB&google_tc=
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&google_gid=CAESECwDYPElz0c8S6V4hQK_vfA&google_cver=1

43 B
315 B

51ms
47ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ssum-sec.casalemedia.com/usermatchredir?s=184023&google_gid=CAESECwDYPElz0c8S6V4hQK_vfA&google_cver=1
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=192259&cb=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&C=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 24 Apr 2021 03:06:05 GMT
Server: Apache
Vary: Is-Traffic-Usersync
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 43
Expires: Sat, 24 Apr 2021 03:06:05 GMT

Redirect headers

pragma: no-cache
date: Sat, 24 Apr 2021 03:06:05 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ssum-sec.casalemedia.com/usermatchredir?s=184023&google_gid=CAESECwDYPElz0c8S6V4hQK_vfA&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 314
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

crum
dsum-sec.casalemedia.com/ Frame 6897
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=YIOLHB6HFwXnV0p6jJiw6gAA
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEKNyFD2QV5pxqPRumDReQ3Y&google_cver=1

43 B
1 KB

49ms
49ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEKNyFD2QV5pxqPRumDReQ3Y&google_cver=1
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=192259&cb=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&C=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 24 Apr 2021 03:06:05 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Sat, 24 Apr 2021 03:06:05 GMT

Redirect headers

pragma: no-cache
date: Sat, 24 Apr 2021 03:06:05 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEKNyFD2QV5pxqPRumDReQ3Y&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 314
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 casale
match.adsrvr.org/track/cmf/ Frame 6897 70 B
264 B 69ms
67ms Image
image/gif 52.30.186.230
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/casale?cm_callback_url=https%3A%2F%2Fdsum-sec.casalemedia.com%2Fcrum&cm_dsp_id=39&cm_user_id=YIOLHB6HFwXnV0p6jJiw6gAA
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=192259&cb=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&C=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.30.186.230 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-30-186-230.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 24 Apr 2021 03:06:05 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H/1.1 200
OK dcm
s.amazon-adsystem.com/ Frame 6897 43 B
720 B 430ms
146ms Image
image/gif 72.21.206.140
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=YIOLHB6HFwXnV0p6jJiw6gAABJQAAAAB
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=192259&cb=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&C=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 72.21.206.140 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: 206-140.amazon.com
Software: Server /
Resource Hash: c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 24 Apr 2021 03:06:05 GMT
Server: Server
Vary: User-Agent
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1

200
OK

crum
dsum-sec.casalemedia.com/ Frame 6897
Redirect Chain

https://d.adroll.com/cm/index/ssp
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=105&external_user_id=0

43 B
1008 B

50ms
50ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=105&external_user_id=0
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=192259&cb=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&C=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 24 Apr 2021 03:06:05 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Sat, 24 Apr 2021 03:06:05 GMT

Redirect headers

location: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=105&external_user_id=0
date: Sat, 24 Apr 2021 03:06:05 GMT
server: nginx/1.18.0
content-length: 76

GET
H/1.1 200
OK cookiesync
bttrack.com/pixel/ Frame 6897 35 B
380 B 550ms
137ms Image
image/gif 192.132.33.46
BIDTELLECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bttrack.com/pixel/cookiesync?source=67e94f23-25d6-4008-8236-375d1743c2e0&secure=1
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=192259&cb=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&C=1
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 192.132.33.46 , United States, ASN18568 (BIDTELLECT, US),
Reverse DNS: 46.bidtellect.com
Software: Microsoft-IIS/8.5 /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

X-ServerName: Track003-dc3
Pragma: no-cache
Date: Sat, 24 Apr 2021 03:05:58 GMT
X-AspNetMvc-Version: 5.2
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
P3P: CP="CAO DSP COR ADMo DEVo PSAo PSDo HISo IVAo IVDo OUR IND OTC"
Cache-Control: private,no-cache
Content-Type: image/gif
Content-Length: 35
Expires: -1

GET
H/1.1

200
OK

crum
dsum-sec.casalemedia.com/ Frame 6897
Redirect Chain

https://beacon.lynx.cognitivlabs.com/ix.gif
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=8&external_user_id=75e79a3f-9442-48f8-877f-566bb5a72183&expiration=1650769565

43 B
1 KB

52ms
50ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=8&external_user_id=75e79a3f-9442-48f8-877f-566bb5a72183&expiration=1650769565
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=192259&cb=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&C=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 24 Apr 2021 03:06:05 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Sat, 24 Apr 2021 03:06:05 GMT

Redirect headers

location: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=8&external_user_id=75e79a3f-9442-48f8-877f-566bb5a72183&expiration=1650769565
date: Sat, 24 Apr 2021 03:06:05 GMT
server: Kestrel
content-length: 0

GET
H/1.1

200
OK

crum
dsum-sec.casalemedia.com/ Frame 6897
Redirect Chain

https://cm.ctnsnet.com/int/cm?exc=19
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=109&external_user_id=9dede8ea2ed4444d9e008a5e9292c83a&expiration=1621825565

43 B
1007 B

145ms
50ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=109&external_user_id=9dede8ea2ed4444d9e008a5e9292c83a&expiration=1621825565
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=192259&cb=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&C=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 24 Apr 2021 03:06:05 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Sat, 24 Apr 2021 03:06:05 GMT

Redirect headers

pragma: no-cache
date: Sat, 24 Apr 2021 03:06:04 GMT
via: 1.1 google
server: Apache-Coyote/1.1
status: 302
p3p: CP="NOI DSP COR NID CUR OUR NOR"
location: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=109&external_user_id=9dede8ea2ed4444d9e008a5e9292c83a&expiration=1621825565
cache-control: no-cache, must-revalidate
content-type: text/html;charset=UTF-8
alt-svc: clear
content-length: 0
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK ecm3
aax-eu.amazon-adsystem.com/s/ Frame 6897 43 B
344 B 210ms
70ms Image
image/gif 52.95.124.165
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://aax-eu.amazon-adsystem.com/s/ecm3?ex=index.com&id=YIOLHB6HFwXnV0p6jJiw6gAABJQAAAAB
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=192259&cb=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&C=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.95.124.165 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Server /
Resource Hash: c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 24 Apr 2021 03:06:05 GMT
Server: Server
Vary: User-Agent
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK PugMaster Show response
image6.pubmatic.com/AdServer/ Frame 6CF0 4 KB
5 KB 228ms
56ms Script
text/html 185.64.190.78
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image6.pubmatic.com/AdServer/PugMaster?kdntuid=1&rnd=82343476&p=156657&s=0&a=0&ptask=ALL&np=0&fp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=&sec=1&async=1
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.78 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: f0c7a618175b47f314a02a2b8a2858d200a95ad088527eed5ec0090fd03e075c

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 24 Apr 2021 03:06:04 GMT
P3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK khaos.jpg
token.rubiconproject.com/ Frame 2B41 284 B
921 B 194ms
48ms Image
image/jpg 69.173.144.165
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://token.rubiconproject.com/khaos.jpg?
Requested by: Host: aax-eu.amazon-adsystem.com
URL: https://aax-eu.amazon-adsystem.com/s/v3/pr?exlist=n-index_cnv_pm-db5_rbd_an-db5_3lift&fv=1.0&a=cm&cm3ppd=1
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 69.173.144.165 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: 492abbc30ace41332a8f68b7f34f56333a037aebac34e0bc9b9cedb0d1c3b032

Request headers

Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-length: 284
X-RPHost: 611afce88997db6fdd35eb213e662871
Content-Type: image/jpg

GET
H/1.1

200
OK

Cookie set Pug Show response
image2.pubmatic.com/AdServer/ Frame 69AF
Redirect Chain

https://d5p.de17a.com/getuid/pubmatic?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID
https://d5p.de17a.com/getuid/pubmatic;c?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=7277977192404791427

42 B
769 B

90ms
56ms

Document
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=7277977192404791427
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Host: image2.pubmatic.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://ads.pubmatic.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: KADUSERCOOKIE=511A2743-6F0D-449F-9951-8F18C16D51E5; chkChromeAb67Sec=1; DPSync3=1620432000%3A201_227_226_221; SyncRTB3=1620432000%3A56_21_7_3_13_54_161_81_55_71_8_166_22_204%7C1621814400%3A203%7C1620518400%3A35%7C1619827200%3A2_15_223%7C1620086400%3A63
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ads.pubmatic.com/

Response headers

Server: nginx
Date: Sat, 24 Apr 2021 03:06:05 GMT
Content-Type: image/gif; charset=utf-8
Content-Length: 42
Connection: keep-alive
Set-Cookie: KRTBCOOKIE_336=5844-7277977192404791427; domain=pubmatic.com; SameSite=None; secure; expires=Mon, 24-May-2021 03:06:05 GMT; path=/ PugT=1619233565; domain=pubmatic.com; SameSite=None; secure; expires=Mon, 24-May-2021 03:06:05 GMT; path=/ PUBMDCID=3; domain=pubmatic.com; SameSite=None; secure; expires=Fri, 23-Jul-2021 03:06:05 GMT; path=/
X-lat: lhrpug017:0:435
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private

Redirect headers

location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=7277977192404791427
content-length: 0
p3p: CP=NON CURa ADMa DEVa TAIa OUR STP IND UNI COM NAV

GET
H2 200 usersync.aspx Show response
dis.criteo.com/dis/ Frame C223 43 B
304 B 164ms
54ms Document
image/gif 178.250.0.163
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://dis.criteo.com/dis/usersync.aspx?r=3&p=4&cp=pubmaticUS&cu=1&&gdpr=0&gdpr_consent=&url=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCookie=uid:@@CRITEO_USERID@@
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.0.163 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

:method: GET
:authority: dis.criteo.com
:scheme: https
:path: /dis/usersync.aspx?r=3&p=4&cp=pubmaticUS&cu=1&&gdpr=0&gdpr_consent=&url=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCookie=uid:@@CRITEO_USERID@@
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ads.pubmatic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ads.pubmatic.com/

Response headers

cache-control: no-cache
pragma: no-cache
content-type: image/gif
expires: Sat, 24 Apr 2021 00:00:00 GMT
server: Microsoft-IIS/10.0
x-errorlevel: 0
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
server-processing-duration-in-ticks: 1182
date: Sat, 24 Apr 2021 03:06:05 GMT
content-length: 43

GET
H/1.1

200
OK

Cookie set Pug Show response
simage2.pubmatic.com/AdServer/ Frame C672
Redirect Chain

https://dsp.adfarm1.adition.com/cookie/?ssp=9
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA=&piggybackCookie=6954555206264092814

42 B
771 B

1111ms
56ms

Document
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA=&piggybackCookie=6954555206264092814
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Host: simage2.pubmatic.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://ads.pubmatic.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: KADUSERCOOKIE=511A2743-6F0D-449F-9951-8F18C16D51E5; chkChromeAb67Sec=1; DPSync3=1620432000%3A201_227_226_221; SyncRTB3=1620432000%3A56_21_7_3_13_54_161_81_55_71_8_166_22_204%7C1621814400%3A203%7C1620518400%3A35%7C1619827200%3A2_15_223%7C1620086400%3A63
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ads.pubmatic.com/

Response headers

Server: nginx
Date: Sat, 24 Apr 2021 03:06:06 GMT
Content-Type: image/gif; charset=utf-8
Content-Length: 42
Connection: keep-alive
Set-Cookie: KRTBCOOKIE_1101=23040-6954555206264092814; domain=pubmatic.com; SameSite=None; secure; expires=Mon, 24-May-2021 03:06:06 GMT; path=/ PugT=1619233566; domain=pubmatic.com; SameSite=None; secure; expires=Mon, 24-May-2021 03:06:06 GMT; path=/ PUBMDCID=3; domain=pubmatic.com; SameSite=None; secure; expires=Fri, 23-Jul-2021 03:06:06 GMT; path=/
X-lat: lhrpug008:0:560
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private

Redirect headers

Server: nginx
Date: Sat, 24 Apr 2021 03:06:05 GMT
Transfer-Encoding: chunked
Connection: keep-alive
p3p: policyref="http://imagesrv.adition.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"
Set-Cookie: UserID1=6954555206264092814; Max-Age=7776000; domain=.adfarm1.adition.com; Path=/; SameSite=None; Secure
Location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA=&piggybackCookie=6954555206264092814

GET
H/1.1

200
OK

adx Show response
match.prod.bidr.io/cookie-sync/ Frame F860
Redirect Chain

https://match.prod.bidr.io/cookie-sync/pm&gdpr=0&gdpr_consent=
https://match.prod.bidr.io/cookie-sync/pm&gdpr=0&gdpr_consent=?_bee_ppp=1
https://cm.g.doubleclick.net/pixel?google_nid=beeswaxio&google_sc=&google_hm=QUFJbWdVN0JCeFlBQUNxdThXVklxQQ&bee_sync_partners=sas%2Cpp%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&bee_sy...
https://match.prod.bidr.io/cookie-sync/adx?bee_sync_partners=sas%2Cpp%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&bee_sync_hop_count=1

43 B
430 B

65ms
65ms

Document
image/gif

52.209.246.140
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://match.prod.bidr.io/cookie-sync/adx?bee_sync_partners=sas%2Cpp%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&bee_sync_hop_count=1

Requested by

Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.209.246.140 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-209-246-140.eu-west-1.compute.amazonaws.com

Software

nginx /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains

Request headers

Host: match.prod.bidr.io
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://ads.pubmatic.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: bito=AAImgU7BBxYAACqu8WVIqA; bitoIsSecure=ok
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ads.pubmatic.com/

Response headers

cache-control: no-cache, must-revalidate
content-type: image/gif
Date: Sat, 24 Apr 2021 03:06:05 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
p3p: CP="This is not a P3P policy! See https://beeswax.com/privacy for more info."
pragma: no-cache
Server: nginx
strict-transport-security: max-age=2592000; includeSubDomains
Content-Length: 43
Connection: keep-alive

Redirect headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://match.prod.bidr.io/cookie-sync/adx?bee_sync_partners=sas%2Cpp%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&bee_sync_hop_count=1
date: Sat, 24 Apr 2021 03:06:05 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
server: HTTP server (unknown)
content-length: 355
x-xss-protection: 0
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H/1.1 200
OK ecm3 Show response
aax-eu.amazon-adsystem.com/s/ Frame A655 43 B
344 B 72ms
70ms Document
image/gif 52.95.124.165
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://aax-eu.amazon-adsystem.com/s/ecm3?id=511A2743-6F0D-449F-9951-8F18C16D51E5&ex=pubmatic.com
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.95.124.165 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Server /
Resource Hash: c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Request headers

Host: aax-eu.amazon-adsystem.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://ads.pubmatic.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: ad-id=A_0XtsPfKkJJtPUDCqO4APM; ad-privacy=0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ads.pubmatic.com/

Response headers

Server: Server
Date: Sat, 24 Apr 2021 03:06:05 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Vary: User-Agent

GET
H/1.1

200
OK

user_sync.html
ads.pubmatic.com/AdServer/js/ Frame 6CF0
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=URonQ28NRJ-ZUY8YwW1R5Q%3D%3D
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=

8 KB
8 KB

47ms
46ms

Image
text/html

2.18.233.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 24 Apr 2021 03:06:05 GMT
Content-Encoding: gzip
Last-Modified: Wed, 21 Oct 2020 18:57:29 GMT
Server: Apache/2.2.15 (CentOS)
ETag: "1300708-1f78-5b232eb4914bb"
Vary: Accept-Encoding
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: max-age=94291
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: text/html; charset=UTF-8
Content-Length: 2654
Expires: Sun, 25 Apr 2021 05:17:36 GMT

Redirect headers

pragma: no-cache
date: Sat, 24 Apr 2021 03:06:05 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 272
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 mw
mwzeom.zeotap.com/ Frame 6CF0 95 B
596 B 48ms
28ms Image
image/png 2606:4700:10::6816:1957
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?zpartnerid=1384&env=mWeb&gdpr=0&gdpr_consent=&cid=511A2743-6F0D-449F-9951-8F18C16D51E5
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:1957 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 24 Apr 2021 03:06:05 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://ads.pubmatic.com
access-control-allow-credentials: true
cf-ray: 644c1d175caf3237-FRA
access-control-allow-headers: *
content-length: 95
cf-request-id: 09a370829400003237133ca000000001

GET
H/1.1

200
OK

info2
uipglob.semasio.net/pubmatic/1/ Frame 6CF0
Redirect Chain

https://uipglob.semasio.net/pubmatic/1/info?sType=sync&sExtCookieId=511A2743-6F0D-449F-9951-8F18C16D51E5&sInitiator=external&gdpr=0&gdpr_consent=
https://uipglob.semasio.net/pubmatic/1/info2?sType=sync&sExtCookieId=511A2743-6F0D-449F-9951-8F18C16D51E5&sInitiator=external&gdpr=0&gdpr_consent=

42 B
604 B

81ms
81ms

Image
image/gif

77.243.60.138
NETIC-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://uipglob.semasio.net/pubmatic/1/info2?sType=sync&sExtCookieId=511A2743-6F0D-449F-9951-8F18C16D51E5&sInitiator=external&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 77.243.60.138 Aalborg, Denmark, ASN42697 (NETIC-AS, DK),
Reverse DNS
Software: /
Resource Hash: 99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 24 Apr 2021 03:06:04 GMT
frontend-id: 13
p3p: policyref="http://uip.semasio.net/w3c/p3p.xml", CP="NOI PSAa PSDa OUR IND UNI CNT"
access-control-allow-origin: *
uip-response-status: Ok
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-type: image/gif
content-length: 42
routing-server-id: -1
expires: Sat, 01 Jan 2011 12:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 24 Apr 2021 03:06:04 GMT
frontend-id: 7
location: /pubmatic/1/info2?sType=sync&sExtCookieId=511A2743-6F0D-449F-9951-8F18C16D51E5&sInitiator=external&gdpr=0&gdpr_consent=
p3p: policyref="http://uip.semasio.net/w3c/p3p.xml", CP="NOI PSAa PSDa OUR IND UNI CNT"
access-control-allow-origin: *
uip-response-status: Ok
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-length: 0
routing-server-id: -1
expires: Sat, 01 Jan 2011 12:00:00 GMT

GET
H/1.1

200
OK

Artemis
aud.pubmatic.com/AdServer/ Frame 6CF0
Redirect Chain

https://visitor.fiftyt.com/p.gif?ev=sync&p=pm&pm_uid=511A2743-6F0D-449F-9951-8F18C16D51E5&gdpr=
https://visitor.fiftyt.com/p.gif?ev=sync&p=pm&pm_uid=511A2743-6F0D-449F-9951-8F18C16D51E5&gdpr=&fbounce=1
https://aud.pubmatic.com/AdServer/Artemis?dpid=431&userid=511A2743-6F0D-449F-9951-8F18C16D51E5&addseg=19,36,42

7 B
147 B

2950ms
60ms

Image
text/plain

185.64.189.249
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://aud.pubmatic.com/AdServer/Artemis?dpid=431&userid=511A2743-6F0D-449F-9951-8F18C16D51E5&addseg=19,36,42
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.64.189.249 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 24 Apr 2021 03:06:08 GMT
Connection: keep-alive
Content-Length: 7
Content-Type: text/plain; charset=utf-8

Redirect headers

date: Sat, 24 Apr 2021 03:06:05 GMT
via: 1.1 google
p3p: CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
location: https://aud.pubmatic.com/AdServer/Artemis?dpid=431&userid=511A2743-6F0D-449F-9951-8F18C16D51E5&addseg=19,36,42
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
content-type: text/html; charset=utf-8
alt-svc: clear
content-length: 141

GET
H/1.1

200
OK

Pug
simage2.pubmatic.com/AdServer/ Frame 6CF0
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=pubmatic&ttd_tpi=1&gdpr=0&gdpr_consent=
https://match.adsrvr.org/track/cmb/generic?ttd_pid=pubmatic&ttd_tpi=1&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=44ca770a-f057-43ff-9f8b-412d854f9e50

42 B
882 B

1220ms
56ms

Image
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=44ca770a-f057-43ff-9f8b-412d854f9e50
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 24 Apr 2021 03:06:06 GMT
X-lat: lhrpug014:0:403
Server: nginx
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif; charset=utf-8
Content-Length: 42

Redirect headers

pragma: no-cache
date: Sat, 24 Apr 2021 03:06:05 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=44ca770a-f057-43ff-9f8b-412d854f9e50
cache-control: private,no-cache, must-revalidate
content-type: text/html
content-length: 313

GET
H/1.1

200
OK

Pug
simage2.pubmatic.com/AdServer/ Frame 6CF0
Redirect Chain

https://c1.adform.net/serving/cookie/match?party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COO...
https://c1.adform.net/serving/cookie/match?CC=1&party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%...
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=5846345242757176151

42 B
801 B

1200ms
56ms

Image
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=5846345242757176151
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 24 Apr 2021 03:06:06 GMT
X-lat: lhrpug003:0:488
Server: nginx
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif; charset=utf-8
Content-Length: 42

Redirect headers

pragma: no-cache
date: Sat, 24 Apr 2021 03:06:05 GMT
server: nginx
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=5846345242757176151
access-control-max-age: 86400
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H/1.1

200
OK

Pug
image2.pubmatic.com/AdServer/ Frame 6CF0
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm&google_sc&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEO62mtRBssFIbXKRVDd5P9g&google_cver=1

42 B
855 B

366ms
56ms

Image
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEO62mtRBssFIbXKRVDd5P9g&google_cver=1
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 24 Apr 2021 03:06:05 GMT
X-lat: lhrpug012:0:429
Server: nginx
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif; charset=utf-8
Content-Length: 42

Redirect headers

pragma: no-cache
date: Sat, 24 Apr 2021 03:06:05 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEO62mtRBssFIbXKRVDd5P9g&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 379
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

Pug
simage2.pubmatic.com/AdServer/ Frame 6CF0
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=3&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA%3D%3D%26piggybackCookie%3...
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA==&piggybackCookie=uid:044c6083-8b1d-4000-91da-5423b908fbdb&gdpr=0&gdpr_consent=

42 B
947 B

1220ms
58ms

Image
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA==&piggybackCookie=uid:044c6083-8b1d-4000-91da-5423b908fbdb&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 24 Apr 2021 03:06:06 GMT
X-lat: lhrpug016:0:2294
Server: nginx
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif; charset=utf-8
Content-Length: 42

Redirect headers

Date: Sat, 24 Apr 2021 03:07:12 GMT
Server: MT3 3660 495c301 master cdg-pixel-x5
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA==&piggybackCookie=uid:044c6083-8b1d-4000-91da-5423b908fbdb&gdpr=0&gdpr_consent=
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Sat, 24 Apr 2021 03:07:11 GMT

GET
H/1.1

200
OK

Pug
image2.pubmatic.com/AdServer/ Frame 6CF0
Redirect Chain

https://ib.adnxs.com/getuid?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=$UID&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=4195336843414698414&gdpr=0&gdpr_consent=

42 B
769 B

348ms
57ms

Image
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=4195336843414698414&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 24 Apr 2021 03:06:05 GMT
X-lat: lhrpug004:0:396
Server: nginx
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif; charset=utf-8
Content-Length: 42

Redirect headers

Pragma: no-cache
Date: Sat, 24 Apr 2021 03:06:05 GMT
X-Proxy-Origin: 89.187.165.152; 89.187.165.152; 728.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.220.37:80
AN-X-Request-Uuid: 1f457562-8ac6-4cc8-b7bb-74321b00b948
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=4195336843414698414&gdpr=0&gdpr_consent=
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200
OK

Pug
simage2.pubmatic.com/AdServer/ Frame 6CF0
Redirect Chain

https://x.bidswitch.net/sync?ssp=pubmatic&gdpr=0&gdpr_consent=
https://x.bidswitch.net/ul_cb/sync?ssp=pubmatic&gdpr=0&gdpr_consent=
https://r.scoota.co/sync?ssp=bidswitch&bidswitch_ssp_id=pubmatic
https://r.scoota.co/ul_cb/sync?ssp=bidswitch&bidswitch_ssp_id=pubmatic
https://x.bidswitch.net/sync?dsp_id=29&expires=30&user_id=ec91e464-f219-499d-9d2d-6081d25df0ee&ssp=pubmatic
https://x.bidswitch.net/ul_cb/sync?dsp_id=29&expires=30&user_id=ec91e464-f219-499d-9d2d-6081d25df0ee&ssp=pubmatic
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=882492ba-7d3f-42bd-b6cd-8f6e1be7172d&gdpr=&gdpr_consent=&gdpr_pd=

1 B
745 B

113ms
56ms

Image
text/html

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=882492ba-7d3f-42bd-b6cd-8f6e1be7172d&gdpr=&gdpr_consent=&gdpr_pd=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 24 Apr 2021 03:06:08 GMT
X-lat: lhrpug011:0:438
Server: nginx
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 1

Redirect headers

location: //simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=882492ba-7d3f-42bd-b6cd-8f6e1be7172d&gdpr=&gdpr_consent=&gdpr_pd=
date: Sat, 24 Apr 2021 03:06:08 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0

GET
H2 200 511A2743-6F0D-449F-9951-8F18C16D51E5
pr-bh.ybp.yahoo.com/sync/pubmatic/ Frame 6CF0 43 B
836 B 107ms
33ms Image
image/gif 2a00:1288:110:c305::8000
YAHOO-IRD

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pr-bh.ybp.yahoo.com/sync/pubmatic/511A2743-6F0D-449F-9951-8F18C16D51E5?gdpr=0&gdpr_consent=

Requested by

Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1288:110:c305::8000 , United Kingdom, ASN34010 (YAHOO-IRD, GB),

Reverse DNS

Software

ATS /

Resource Hash

48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 24 Apr 2021 03:06:05 GMT
referrer-policy: strict-origin-when-cross-origin
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=31536000
content-type: image/gif
x-xss-protection: 1; mode=block
content-length: 43
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1

200
OK

SPug
image4.pubmatic.com/AdServer/ Frame 6CF0
Redirect Chain

https://ups.analytics.yahoo.com/ups/58292/sync?_origin=1&uid=511A2743-6F0D-449F-9951-8F18C16D51E5&redir=true&gdpr=0&gdpr_consent=
https://ups.analytics.yahoo.com/ups/58292/sync?_origin=1&uid=511A2743-6F0D-449F-9951-8F18C16D51E5&redir=true&gdpr=0&gdpr_consent=&verify=true
https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-adeSOJNE2uVoPiAGptz3cKhMO28JqOw-~A&gdpr=0&gdpr_consent=

0
418 B

226ms
56ms

Image
text/plain

185.64.190.81
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-adeSOJNE2uVoPiAGptz3cKhMO28JqOw-~A&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.81 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 24 Apr 2021 02:44:59 GMT
Cache-Control: no-store, no-cache, private
Server: nginx
Connection: keep-alive
Transfer-Encoding: chunked
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Date: Sat, 24 Apr 2021 03:06:05 GMT
Server: ATS/7.1.2.128
Age: 0
Strict-Transport-Security: max-age=31536000
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Location: https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-adeSOJNE2uVoPiAGptz3cKhMO28JqOw-~A&gdpr=0&gdpr_consent=
Connection: keep-alive
Content-Length: 0

GET
H/1.1

200
OK

Pug
image2.pubmatic.com/AdServer/ Frame 6CF0
Redirect Chain

https://pixel.quantserve.com/pixel/p-5aWVS_roA1dVM.gif?idmatch=0&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=4_eTe-2lmiz48pJw4fKGeOX3mXn48Ml84qUysqiM

42 B
894 B

234ms
56ms

Image
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=4_eTe-2lmiz48pJw4fKGeOX3mXn48Ml84qUysqiM
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 24 Apr 2021 03:06:05 GMT
X-lat: lhrpug016:0:428
Server: nginx
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif; charset=utf-8
Content-Length: 42

Redirect headers

pragma: no-cache
date: Sat, 24 Apr 2021 03:06:05 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
location: https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=4_eTe-2lmiz48pJw4fKGeOX3mXn48Ml84qUysqiM
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 0
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H/1.1

200
OK

Pug
simage2.pubmatic.com/AdServer/ Frame 6CF0
Redirect Chain

https://ad.turn.com/r/cs?pid=1&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=2327924657810071314&gdpr=0&gdpr_consent=&us_privacy=

1 B
727 B

1173ms
56ms

Image
text/html

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=2327924657810071314&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 24 Apr 2021 03:06:06 GMT
X-lat: lhrpug012:0:454
Server: nginx
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 1

Redirect headers

location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=2327924657810071314&gdpr=0&gdpr_consent=&us_privacy=
pragma: no-cache
date: Sat, 24 Apr 2021 03:06:04 GMT
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length: 0
p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

GET
H/1.1

200
OK

Pug
simage2.pubmatic.com/AdServer/ Frame 6CF0
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/b9pj45k4?redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%7D%...
https://sync-tm.everesttech.net/ct/upi/pid/b9pj45k4?redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%...
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=YIOLHgAAbWyABQA4&gdpr=0&gdpr_consent=&_test=YIOLHgAAbWyABQA4

1 B
809 B

56ms
56ms

Image
text/html

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=YIOLHgAAbWyABQA4&gdpr=0&gdpr_consent=&_test=YIOLHgAAbWyABQA4
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 24 Apr 2021 03:06:06 GMT
X-lat: lhrpug014:0:376
Server: nginx
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 1

Redirect headers

pragma: no-cache
date: Sat, 24 Apr 2021 03:06:06 GMT
via: 1.1 varnish
server: Varnish
x-timer: S1619233567.752230,VS0,VE0
x-served-by: cache-hhn4021-HHN
x-cache: HIT
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=YIOLHgAAbWyABQA4&gdpr=0&gdpr_consent=&_test=YIOLHgAAbWyABQA4
cache-control: no-cache
accept-ranges: bytes
content-length: 0
retry-after: 0
x-cache-hits: 0

GET
H/1.1

200
OK

Pug
simage2.pubmatic.com/AdServer/ Frame 6CF0
Redirect Chain

https://match.adsby.bidtheatre.com/pubmaticmatch?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?piggybackCookie=uid:90e501b0-c5fc-4b75-bac3-fbc0d92e093b&vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw

42 B
505 B

57ms
56ms

Image
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?piggybackCookie=uid:90e501b0-c5fc-4b75-bac3-fbc0d92e093b&vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 24 Apr 2021 03:06:07 GMT
X-lat: lhrpug016:0:323
Server: nginx
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif; charset=utf-8
Content-Length: 42

Redirect headers

Location: https://simage2.pubmatic.com/AdServer/Pug?piggybackCookie=uid:90e501b0-c5fc-4b75-bac3-fbc0d92e093b&vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw
Date: Sat, 24 Apr 2021 03:06:07 GMT
Server: Apache/2.4.41 (Ubuntu)
Connection: Keep-Alive
Keep-Alive: timeout=5, max=3000
Content-Length: 0
P3P: policyref="/w3c/p3p.xml", CP="DSP NON LAW OUR CUR DEVo PSAo PSDo IND STA NAV COM INT"

GET
H/1.1

200
OK

Pug
image2.pubmatic.com/AdServer/ Frame 6CF0
Redirect Chain

https://pixel-sync.sitescout.com/dmp/pixelSync?nid=3&gdpr=0&gdpr_consent=
https://pixel-sync.sitescout.com/dmp/pixelSync?cookieQ=1&nid=3&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5NjkmdGw9MjU5MjAw=&piggybackCookie=a3dd7a01-1f0c-4ad7-b1ff-12a2c83b126c-60838b1d-4348&gdpr=0&gdpr_consent=

42 B
800 B

56ms
56ms

Image
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5NjkmdGw9MjU5MjAw=&piggybackCookie=a3dd7a01-1f0c-4ad7-b1ff-12a2c83b126c-60838b1d-4348&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 24 Apr 2021 03:06:06 GMT
X-lat: lhrpug006:0:400
Server: nginx
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif; charset=utf-8
Content-Length: 42

Redirect headers

pragma: no-cache
date: Sat, 24 Apr 2021 03:06:04 GMT
server: AC1.1
p3p: CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5NjkmdGw9MjU5MjAw=&piggybackCookie=a3dd7a01-1f0c-4ad7-b1ff-12a2c83b126c-60838b1d-4348&gdpr=0&gdpr_consent=
cache-control: max-age=0,no-cache,no-store
content-length: 0
expires: Tue, 11 Oct 1977 12:34:56 GMT

GET
H2 204 current
pubmatic-match.dotomi.com/match/bounce/ Frame 6CF0 0
103 B 14ms
11ms Image
text/plain 2a02:fa8:8806:16::1370
VCLK-EU-SE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pubmatic-match.dotomi.com/match/bounce/current?networkId=17100&version=1&nuid=511A2743-6F0D-449F-9951-8F18C16D51E5&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:fa8:8806:16::1370 , United States, ASN41041 (VCLK-EU-SE, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 24 Apr 2021 03:06:05 GMT
cache-control: no-cache, private, max-age=0, no-store
server: nginx
expires: 0

GET
H2 200 pubmatic
um.simpli.fi/ Frame 6CF0 43 B
611 B 1177ms
49ms Image
image/gif 159.253.128.183
SOFTLAYER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://um.simpli.fi/pubmatic?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODA2JnRsPTUxODQwMA==&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent=

Requested by

Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

159.253.128.183 Amsterdam, Netherlands, ASN36351 (SOFTLAYER, US),

Reverse DNS

b7.80.fd9f.ip4.static.sl-reverse.com

Software

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 24 Apr 2021 03:06:06 GMT
x-content-type-options: nosniff
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
access-control-allow-methods: GET, POST, OPTIONS
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 43
expires: Fri, 23 Apr 2021 03:06:06 GMT

GET
H/1.1

200
OK

Pug
simage2.pubmatic.com/AdServer/ Frame 6CF0
Redirect Chain

https://ads.playground.xyz/usersync/apn?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=$UID
https://secure.adnxs.com/getuid?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=$UID
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=4195336843414698414

42 B
505 B

446ms
56ms

Image
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=4195336843414698414
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 24 Apr 2021 03:06:06 GMT
X-lat: lhrpug020:0:352
Server: nginx
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif; charset=utf-8
Content-Length: 42

Redirect headers

Pragma: no-cache
Date: Sat, 24 Apr 2021 03:06:06 GMT
X-Proxy-Origin: 89.187.165.152; 89.187.165.152; 732.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.220.90:80
AN-X-Request-Uuid: b5412901-9adf-49fa-ae9d-c00a3225449a
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=4195336843414698414
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200
OK

ecm3
aax-eu.amazon-adsystem.com/s/ Frame 2B41
Redirect Chain

https://pixel-eu.rubiconproject.com/exchange/sync.php?p=a9eu
https://aax-eu.amazon-adsystem.com/s/ecm3?id=KNV5UV8E-K-L48F&ex=d-rubiconproject.com&status=ok

43 B
344 B

70ms
70ms

Image
image/gif

52.95.124.165
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://aax-eu.amazon-adsystem.com/s/ecm3?id=KNV5UV8E-K-L48F&ex=d-rubiconproject.com&status=ok
Requested by: Host: aax-eu.amazon-adsystem.com
URL: https://aax-eu.amazon-adsystem.com/s/v3/pr?exlist=n-index_cnv_pm-db5_rbd_an-db5_3lift&fv=1.0&a=cm&cm3ppd=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.95.124.165 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Server /
Resource Hash: c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Request headers

Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 24 Apr 2021 03:06:06 GMT
Server: Server
Vary: User-Agent
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://aax-eu.amazon-adsystem.com/s/ecm3?id=KNV5UV8E-K-L48F&ex=d-rubiconproject.com&status=ok
Cache-Control: no-cache,no-store,must-revalidate
Content-Type: text/html
content-length: 0
X-RPHost: 611afce88997db6fdd35eb213e662871
Expires: 0

GET
H2

200

btu4jd3a
sync-tm.everesttech.net/ct/upi/pid/ Frame 2B41
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/btu4jd3a?redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D191940%26nid%3D3778%26put%3D%24%7BUSER_ID%7D
https://sync-tm.everesttech.net/ct/upi/pid/btu4jd3a?redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D191940%26nid%3D3778%26put%3D%24%7BUSER_ID%7D&_test=YIOLHgAAa3WYNAAC

85 B
165 B

44ms
44ms

Image
image/png

151.101.114.49
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync-tm.everesttech.net/ct/upi/pid/btu4jd3a?redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D191940%26nid%3D3778%26put%3D%24%7BUSER_ID%7D&_test=YIOLHgAAa3WYNAAC
Requested by: Host: aax-eu.amazon-adsystem.com
URL: https://aax-eu.amazon-adsystem.com/s/v3/pr?exlist=n-index_cnv_pm-db5_rbd_an-db5_3lift&fv=1.0&a=cm&cm3ppd=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.114.49 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: Jetty(9.4.35.v20201120) /
Resource Hash: acccc501aa6afa3cfac15e8ddccf1561deed2ed08c2f7d652abbdbe9aa71609a

Request headers

Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 24 Apr 2021 03:06:06 GMT
via: 1.1 varnish
server: Jetty(9.4.35.v20201120)
age: 1832
x-served-by: cache-hhn4021-HHN
x-cache: HIT
content-type: image/png
cache-control: no-cache
accept-ranges: bytes
x-timer: S1619233567.752025,VS0,VE0
content-length: 85
x-cache-hits: 3460

Redirect headers

pragma: no-cache
date: Sat, 24 Apr 2021 03:06:06 GMT
via: 1.1 varnish
server: Jetty(9.4.35.v20201120)
x-timer: S1619233567.613970,VS0,VE93
x-served-by: cache-hhn4021-HHN
x-cache: MISS
p3p: CP="NOI DSP COR LAW PSAo PSDo IVAo IVDo OUR BUS UNI DEM"
location: https://sync-tm.everesttech.net/ct/upi/pid/btu4jd3a?redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D191940%26nid%3D3778%26put%3D%24%7BUSER_ID%7D&_test=YIOLHgAAa3WYNAAC
cache-control: no-cache
accept-ranges: bytes
access-control-allow-origin: *
content-length: 0
x-cache-hits: 0

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 2B41
Redirect Chain

https://token.rubiconproject.com/token?pid=2249&pt=n
https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=Y2ZjOTQ0OWU0MGM1Y2JjZmIyZmY5MzNiNTQ4YjljMDFjMmZjMDhiNQ

170 B
188 B

66ms
66ms

Image
image/png

142.250.74.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=Y2ZjOTQ0OWU0MGM1Y2JjZmIyZmY5MzNiNTQ4YjljMDFjMmZjMDhiNQ

Requested by

Host: aax-eu.amazon-adsystem.com
URL: https://aax-eu.amazon-adsystem.com/s/v3/pr?exlist=n-index_cnv_pm-db5_rbd_an-db5_3lift&fv=1.0&a=cm&cm3ppd=1

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.74.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s02-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 24 Apr 2021 03:06:05 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=Y2ZjOTQ0OWU0MGM1Y2JjZmIyZmY5MzNiNTQ4YjljMDFjMmZjMDhiNQ
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 611afce88997db6fdd35eb213e662871
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H/1.1

200
OK

tap.php
pixel.rubiconproject.com/ Frame 2B41
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=9&redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D4222%26nid%3D1512%26put%3D%5BMM_UUID%5D
https://pixel.rubiconproject.com/tap.php?v=4222&nid=1512&put=a8a36083-8b1d-4c00-916f-3cfdccd810de

42 B
678 B

359ms
48ms

Image
image/gif

69.173.144.139
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=4222&nid=1512&put=a8a36083-8b1d-4c00-916f-3cfdccd810de
Requested by: Host: aax-eu.amazon-adsystem.com
URL: https://aax-eu.amazon-adsystem.com/s/v3/pr?exlist=n-index_cnv_pm-db5_rbd_an-db5_3lift&fv=1.0&a=cm&cm3ppd=1
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 69.173.144.139 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-length: 42
X-RPHost: 3bafef7aa4e37890defcd73f0a080481
Content-Type: image/gif

Redirect headers

Date: Sat, 24 Apr 2021 03:07:12 GMT
Server: MT3 3686 fbd934f master cdg-pixel-x1
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://pixel.rubiconproject.com/tap.php?v=4222&nid=1512&put=a8a36083-8b1d-4c00-916f-3cfdccd810de
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Sat, 24 Apr 2021 03:07:11 GMT

GET
H/1.1

200
OK

tap.php
pixel.rubiconproject.com/ Frame 2B41
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm&google_sc
https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEDuqn9jpjmcrKo2VNJRHx3w&google_cver=1

42 B
678 B

313ms
48ms

Image
image/gif

69.173.144.139
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEDuqn9jpjmcrKo2VNJRHx3w&google_cver=1
Requested by: Host: aax-eu.amazon-adsystem.com
URL: https://aax-eu.amazon-adsystem.com/s/v3/pr?exlist=n-index_cnv_pm-db5_rbd_an-db5_3lift&fv=1.0&a=cm&cm3ppd=1
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 69.173.144.139 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-length: 42
X-RPHost: 3bafef7aa4e37890defcd73f0a080481
Content-Type: image/gif

Redirect headers

pragma: no-cache
date: Sat, 24 Apr 2021 03:06:05 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEDuqn9jpjmcrKo2VNJRHx3w&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 326
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 451 709414.gif
id.rlcdn.com/ Frame 2B41 0
42 B 67ms
62ms Image
text/plain 35.244.174.68
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://id.rlcdn.com/709414.gif
Requested by: Host: aax-eu.amazon-adsystem.com
URL: https://aax-eu.amazon-adsystem.com/s/v3/pr?exlist=n-index_cnv_pm-db5_rbd_an-db5_3lift&fv=1.0&a=cm&cm3ppd=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.174.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 68.174.244.35.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 24 Apr 2021 03:06:05 GMT
via: 1.1 google
alt-svc: clear
content-length: 0

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 2B41
Redirect Chain

https://token.rubiconproject.com/token?pid=25470
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S05WNVVWOEUtSy1MNDhG

170 B
188 B

67ms
63ms

Image
image/png

142.250.74.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S05WNVVWOEUtSy1MNDhG

Requested by

Host: aax-eu.amazon-adsystem.com
URL: https://aax-eu.amazon-adsystem.com/s/v3/pr?exlist=n-index_cnv_pm-db5_rbd_an-db5_3lift&fv=1.0&a=cm&cm3ppd=1

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.74.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s02-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 24 Apr 2021 03:06:05 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S05WNVVWOEUtSy1MNDhG
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 611afce88997db6fdd35eb213e662871
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H/1.1

200
OK

tap.php
pixel.rubiconproject.com/ Frame 2B41
Redirect Chain

https://token.rubiconproject.com/token?pid=2974&pt=n&a=1
https://pr-bh.ybp.yahoo.com/sync/rubicon/G_X0P9aM1FFEBHSc8s4_-Q?csrc=
https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=7756146004115048338

42 B
678 B

289ms
47ms

Image
image/gif

69.173.144.139
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=7756146004115048338
Requested by: Host: aax-eu.amazon-adsystem.com
URL: https://aax-eu.amazon-adsystem.com/s/v3/pr?exlist=n-index_cnv_pm-db5_rbd_an-db5_3lift&fv=1.0&a=cm&cm3ppd=1
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 69.173.144.139 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-length: 42
X-RPHost: 3bafef7aa4e37890defcd73f0a080481
Content-Type: image/gif

Redirect headers

date: Sat, 24 Apr 2021 03:06:05 GMT
referrer-policy: strict-origin-when-cross-origin
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=31536000
location: https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=7756146004115048338
x-xss-protection: 1; mode=block
content-length: 0
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 rubicon
match.adsrvr.org/track/cmf/ Frame 2B41 70 B
264 B 71ms
66ms Image
image/gif 52.30.186.230
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/rubicon
Requested by: Host: aax-eu.amazon-adsystem.com
URL: https://aax-eu.amazon-adsystem.com/s/v3/pr?exlist=n-index_cnv_pm-db5_rbd_an-db5_3lift&fv=1.0&a=cm&cm3ppd=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.30.186.230 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-30-186-230.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 24 Apr 2021 03:06:05 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H2 200 ima3.js Show response
imasdk.googleapis.com/js/sdkloader/ Frame EDDB 334 KB
115 KB 34ms
13ms Script
text/javascript 2a00:1450:4001:828::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/sdkloader/ima3.js

Requested by

Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5d25942b7da85bc7cdb258cdb436227b1de7e3a2b50c61f7d7050eff911f88f1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 24 Apr 2021 03:06:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 117044
x-xss-protection: 0
expires: Sat, 24 Apr 2021 03:06:06 GMT

POST
H/1.1 200
OK sv Show response
capi.connatix.com/tr/ Frame EDDB 0
295 B 141ms
141ms XHR
multipart/form-data 3.136.53.133
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://capi.connatix.com/tr/sv?v=114866
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.136.53.133 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-136-53-133.us-east-2.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: multipart/form-data

Response headers

Date: Sat, 24 Apr 2021 03:06:06 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Type: multipart/form-data
Access-Control-Allow-Origin: https://threatpost.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 20

GET
H3-29 200 bridge3.453.0_en.html Show response
imasdk.googleapis.com/js/core/ Frame F970 570 KB
186 KB 20ms
7ms Document
text/html 2a00:1450:4001:828::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/core/bridge3.453.0_en.html

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

03fa924099182c607c33fb7877f50e7de0ae3522e1bcff8f7247ae5e88a2b25b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: imasdk.googleapis.com
:scheme: https
:path: /js/core/bridge3.453.0_en.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://threatpost.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://threatpost.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 190793
date: Thu, 22 Apr 2021 15:44:13 GMT
expires: Fri, 22 Apr 2022 15:44:13 GMT
last-modified: Wed, 21 Apr 2021 20:50:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 127313
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 client.js Show response
s0.2mdn.net/instream/video/ Frame EDDB 44 KB
17 KB 37ms
14ms Script
text/javascript 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/instream/video/client.js

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d0bffc7261df1454c5e05475cda7d9e6647318dc6c3936767e1252bfe8849c54

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 24 Apr 2021 03:06:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16746
x-xss-protection: 0
expires: Sat, 24 Apr 2021 03:06:06 GMT

GET
H2 200 omweb-v1.js Show response
pagead2.googlesyndication.com/omsdk/releases/live/ Frame 6E3D 36 KB
12 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js

Requested by

Host: srcdoc
URL: about:srcdoc

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a11f37584d425c821f06a42bb6a20546c9ceaf34bbf5d4d776afbaef40148e6e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 24 Apr 2021 02:14:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 14 Dec 2020 16:45:56 GMT
server: sffe
age: 3105
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=3600
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12603
x-xss-protection: 0
expires: Sat, 24 Apr 2021 03:14:21 GMT

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ Frame EDDB 107 B
165 B 14ms
14ms Script
application/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 24 Apr 2021 03:06:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 ads Show response
pubads.g.doubleclick.net/gampad/ Frame F970 156 B
435 B 251ms
250ms XHR
text/xml 216.58.212.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pubads.g.doubleclick.net/gampad/ads?iu=%2F107430338%2FCNXORTEST%2F8566&description_url=https%3A%2F%2Fthreatpost.com%2Fshlayer-mac-malware-extra-sneakiness%2F156669%2F&tfcd=0&npa=0&sz=400x300%7C640x480&gdfp_req=1&output=xml_vast4&unviewed_position_start=1&env=vp&correlator=365997908924756&cust_params=domains%3Dthreatpost.com&sdkv=h.3.453.0&osd=2&frm=1&vis=1&sdr=1&hl=en&is_amp=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&u_so=l&ctv=0&sdki=44d&adk=2940233645&sdk_apis=2%2C8&sid=2FFF0233-BA2D-43C1-871C-FB518D0C5379&eid=44738437%2C44739826&url=https%3A%2F%2Fthreatpost.com%2Fshlayer-mac-malware-extra-sneakiness%2F156669%2F&dlt=1619233562662&idt=3682&dt=1619233566779&cookie_enabled=1&scor=1883923878812068&ged=ve4_td4_tt1_pd4_la4000_er974.1199.1127.1499_vi0.0.1200.1600_vp100_eb24171

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.453.0_en.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.212.162 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s22-in-f162.1e100.net

Software

cafe /

Resource Hash

8cd629187427fdb93787d7156be7a32c391bb2a8da471bbaa274e806e48b36e7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 24 Apr 2021 03:06:07 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 113
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/xml; charset=UTF-8
access-control-allow-origin: https://imasdk.googleapis.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 bridge3.453.0_en.html Show response
imasdk.googleapis.com/js/core/ Frame 0891 570 KB
187 KB 8ms
7ms Document
text/html 2a00:1450:4001:828::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/core/bridge3.453.0_en.html

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

03fa924099182c607c33fb7877f50e7de0ae3522e1bcff8f7247ae5e88a2b25b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: imasdk.googleapis.com
:scheme: https
:path: /js/core/bridge3.453.0_en.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://threatpost.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://threatpost.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 190793
date: Thu, 22 Apr 2021 15:44:13 GMT
expires: Fri, 22 Apr 2022 15:44:13 GMT
last-modified: Wed, 21 Apr 2021 20:50:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 127314
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 omweb-v1.js Show response
pagead2.googlesyndication.com/omsdk/releases/live/ Frame 8649 36 KB
12 KB 8ms
6ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js

Requested by

Host: srcdoc
URL: about:srcdoc

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a11f37584d425c821f06a42bb6a20546c9ceaf34bbf5d4d776afbaef40148e6e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 24 Apr 2021 02:14:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 14 Dec 2020 16:45:56 GMT
server: sffe
age: 3106
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=3600
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12603
x-xss-protection: 0
expires: Sat, 24 Apr 2021 03:14:21 GMT

GET
H3-29 200 integrator.js Show response
adservice.google.com/adsid/ Frame EDDB 107 B
122 B 26ms
22ms Script
application/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 24 Apr 2021 03:06:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 ads Show response
pubads.g.doubleclick.net/gampad/ Frame 0891 156 B
144 B 227ms
225ms XHR
text/xml 216.58.212.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pubads.g.doubleclick.net/gampad/ads?iu=%2F107430338%2FCNXORTEST%2F2570&description_url=https%3A%2F%2Fthreatpost.com%2Fshlayer-mac-malware-extra-sneakiness%2F156669%2F&tfcd=0&npa=0&sz=400x300%7C640x480&gdfp_req=1&output=xml_vast4&unviewed_position_start=1&env=vp&correlator=1171664027555658&cust_params=domains%3Dthreatpost.com&sdkv=h.3.453.0&osd=2&frm=1&vis=1&sdr=1&hl=en&is_amp=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&u_so=l&ctv=0&sdki=44d&adk=2940233645&sdk_apis=2%2C8&sid=2FFF0233-BA2D-43C1-871C-FB518D0C5379&eid=44738437%2C44739826&url=https%3A%2F%2Fthreatpost.com%2Fshlayer-mac-malware-extra-sneakiness%2F156669%2F&dlt=1619233562662&idt=4470&dt=1619233567618&cookie_enabled=1&scor=3596339070154135&ged=ve4_td5_tt2_pd5_la5000_er974.1199.1127.1499_vi0.0.1200.1600_vp100_ts1_eb24171

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.453.0_en.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

216.58.212.162 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s22-in-f162.1e100.net

Software

cafe /

Resource Hash

8cd629187427fdb93787d7156be7a32c391bb2a8da471bbaa274e806e48b36e7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 24 Apr 2021 03:06:07 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 113
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/xml; charset=UTF-8
access-control-allow-origin: https://imasdk.googleapis.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 bridge3.453.0_en.html Show response
imasdk.googleapis.com/js/core/ Frame 2EAB 570 KB
186 KB 7ms
6ms Document
text/html 2a00:1450:4001:828::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/core/bridge3.453.0_en.html

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

03fa924099182c607c33fb7877f50e7de0ae3522e1bcff8f7247ae5e88a2b25b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: imasdk.googleapis.com
:scheme: https
:path: /js/core/bridge3.453.0_en.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://threatpost.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://threatpost.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 190793
date: Thu, 22 Apr 2021 15:44:13 GMT
expires: Fri, 22 Apr 2022 15:44:13 GMT
last-modified: Wed, 21 Apr 2021 20:50:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 127314
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 omweb-v1.js Show response
pagead2.googlesyndication.com/omsdk/releases/live/ Frame 316A 36 KB
12 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js

Requested by

Host: srcdoc
URL: about:srcdoc

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a11f37584d425c821f06a42bb6a20546c9ceaf34bbf5d4d776afbaef40148e6e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 24 Apr 2021 02:14:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 14 Dec 2020 16:45:56 GMT
server: sffe
age: 3106
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=3600
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12603
x-xss-protection: 0
expires: Sat, 24 Apr 2021 03:14:21 GMT

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ Frame EDDB 107 B
165 B 49ms
13ms Script
application/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 24 Apr 2021 03:06:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 ads Show response
pubads.g.doubleclick.net/gampad/ Frame 2EAB 156 B
142 B 269ms
254ms XHR
text/xml 216.58.212.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pubads.g.doubleclick.net/gampad/ads?iu=%2F107430338%2FCNXORTEST%2F5640&description_url=https%3A%2F%2Fthreatpost.com%2Fshlayer-mac-malware-extra-sneakiness%2F156669%2F&tfcd=0&npa=0&sz=400x300%7C640x480&gdfp_req=1&output=xml_vast4&unviewed_position_start=1&env=vp&correlator=3338017788659391&cust_params=domains%3Dthreatpost.com&sdkv=h.3.453.0&osd=2&frm=1&vis=1&sdr=1&hl=en&is_amp=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&u_so=l&ctv=0&sdki=44d&adk=2940233645&sdk_apis=2%2C8&sid=2FFF0233-BA2D-43C1-871C-FB518D0C5379&eid=44738437%2C44739826&url=https%3A%2F%2Fthreatpost.com%2Fshlayer-mac-malware-extra-sneakiness%2F156669%2F&dlt=1619233562662&idt=5300&dt=1619233568481&cookie_enabled=1&scor=2958081587136089&ged=ve4_td5_tt2_pd5_la5000_er974.1199.1127.1499_vi0.0.1200.1600_vp100_ts0_eb24171

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.453.0_en.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

216.58.212.162 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s22-in-f162.1e100.net

Software

cafe /

Resource Hash

8cd629187427fdb93787d7156be7a32c391bb2a8da471bbaa274e806e48b36e7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 24 Apr 2021 03:06:08 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 113
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/xml; charset=UTF-8
access-control-allow-origin: https://imasdk.googleapis.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 bridge3.453.0_en.html Show response
imasdk.googleapis.com/js/core/ Frame E6CE 570 KB
186 KB 19ms
12ms Document
text/html 2a00:1450:4001:828::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/core/bridge3.453.0_en.html

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

03fa924099182c607c33fb7877f50e7de0ae3522e1bcff8f7247ae5e88a2b25b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: imasdk.googleapis.com
:scheme: https
:path: /js/core/bridge3.453.0_en.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://threatpost.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://threatpost.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 190793
date: Thu, 22 Apr 2021 15:44:13 GMT
expires: Fri, 22 Apr 2022 15:44:13 GMT
last-modified: Wed, 21 Apr 2021 20:50:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 127315
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 omweb-v1.js Show response
pagead2.googlesyndication.com/omsdk/releases/live/ Frame A155 36 KB
12 KB 369ms
6ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js

Requested by

Host: srcdoc
URL: about:srcdoc

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a11f37584d425c821f06a42bb6a20546c9ceaf34bbf5d4d776afbaef40148e6e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 24 Apr 2021 02:14:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 14 Dec 2020 16:45:56 GMT
server: sffe
age: 3108
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=3600
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12603
x-xss-protection: 0
expires: Sat, 24 Apr 2021 03:14:21 GMT

POST
H/1.1 200
OK abt Show response
capi.connatix.com/tr/ Frame EDDB 0
295 B 146ms
145ms XHR
multipart/form-data 3.136.53.133
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://capi.connatix.com/tr/abt?v=114866
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.136.53.133 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-136-53-133.us-east-2.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: multipart/form-data

Response headers

Date: Sat, 24 Apr 2021 03:06:09 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Type: multipart/form-data
Access-Control-Allow-Origin: https://threatpost.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 20

GET
H3-29 200 integrator.js Show response
adservice.google.com/adsid/ Frame EDDB 107 B
122 B 16ms
15ms Script
application/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 24 Apr 2021 03:06:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 ads Show response
pubads.g.doubleclick.net/gampad/ Frame E6CE 156 B
142 B 224ms
224ms XHR
text/xml 216.58.212.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pubads.g.doubleclick.net/gampad/ads?iu=%2F107430338%2FCNXORTEST%2F6148&description_url=https%3A%2F%2Fthreatpost.com%2Fshlayer-mac-malware-extra-sneakiness%2F156669%2F&tfcd=0&npa=0&sz=400x300%7C640x480&gdfp_req=1&output=xml_vast4&unviewed_position_start=1&env=vp&correlator=48932518818354&cust_params=domains%3Dthreatpost.com&sdkv=h.3.453.0&osd=2&frm=1&vis=1&sdr=1&hl=en&is_amp=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&u_so=l&ctv=0&sdki=44d&adk=2940233645&sdk_apis=2%2C8&sid=2FFF0233-BA2D-43C1-871C-FB518D0C5379&eid=44738437%2C44739826&url=https%3A%2F%2Fthreatpost.com%2Fshlayer-mac-malware-extra-sneakiness%2F156669%2F&dt=1619233569531&cookie_enabled=1&scor=4170114376331836&ged=ve4_td7_tt4_pd7_la7000_er974.1199.1127.1499_vi0.0.1200.1600_vp100_ts2_eb24171

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.453.0_en.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

216.58.212.162 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s22-in-f162.1e100.net

Software

cafe /

Resource Hash

8cd629187427fdb93787d7156be7a32c391bb2a8da471bbaa274e806e48b36e7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 24 Apr 2021 03:06:09 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 113
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/xml; charset=UTF-8
access-control-allow-origin: https://imasdk.googleapis.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 bridge3.453.0_en.html Show response
imasdk.googleapis.com/js/core/ Frame E5E6 570 KB
186 KB 7ms
6ms Document
text/html 2a00:1450:4001:828::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/core/bridge3.453.0_en.html

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

03fa924099182c607c33fb7877f50e7de0ae3522e1bcff8f7247ae5e88a2b25b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: imasdk.googleapis.com
:scheme: https
:path: /js/core/bridge3.453.0_en.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://threatpost.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://threatpost.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 190793
date: Thu, 22 Apr 2021 15:44:13 GMT
expires: Fri, 22 Apr 2022 15:44:13 GMT
last-modified: Wed, 21 Apr 2021 20:50:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 127316
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 omweb-v1.js Show response
pagead2.googlesyndication.com/omsdk/releases/live/ Frame 14B4 36 KB
12 KB 3627ms
6ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js

Requested by

Host: srcdoc
URL: about:srcdoc

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a11f37584d425c821f06a42bb6a20546c9ceaf34bbf5d4d776afbaef40148e6e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 24 Apr 2021 02:14:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 14 Dec 2020 16:45:56 GMT
server: sffe
age: 3112
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=3600
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12603
x-xss-protection: 0
expires: Sat, 24 Apr 2021 03:14:21 GMT

GET
H3-29 200 integrator.js Show response
adservice.google.com/adsid/ Frame EDDB 107 B
122 B 17ms
17ms Script
application/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 24 Apr 2021 03:06:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 ads Show response
pubads.g.doubleclick.net/gampad/ Frame E5E6 70 KB
14 KB 295ms
282ms XHR
text/xml 216.58.212.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pubads.g.doubleclick.net/gampad/ads?iu=%2F107430338%2FCNXORTEST%2F6650&description_url=https%3A%2F%2Fthreatpost.com%2Fshlayer-mac-malware-extra-sneakiness%2F156669%2F&tfcd=0&npa=0&sz=400x300%7C640x480&gdfp_req=1&output=xml_vast4&unviewed_position_start=1&env=vp&correlator=4492079152943694&cust_params=domains%3Dthreatpost.com&sdkv=h.3.453.0&osd=2&frm=1&vis=1&sdr=1&hl=en&is_amp=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&u_so=l&ctv=0&sdki=44d&adk=2940233645&sdk_apis=2%2C8&sid=2FFF0233-BA2D-43C1-871C-FB518D0C5379&eid=44738437%2C44739826&url=https%3A%2F%2Fthreatpost.com%2Fshlayer-mac-malware-extra-sneakiness%2F156669%2F&dlt=1619233562662&idt=7192&dt=1619233570337&cookie_enabled=1&scor=2516698332826445&ged=ve4_td7_tt4_pd7_la7000_er974.1199.1127.1499_vi0.0.1200.1600_vp100_ts0_eb24171

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.453.0_en.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

216.58.212.162 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s22-in-f162.1e100.net

Software

cafe /

Resource Hash

b563b359f3e9603a430426bfc3a0ce01463c44f0b93b5eb357f157b51393b57f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 24 Apr 2021 03:06:10 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14369
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/xml; charset=UTF-8
access-control-allow-origin: https://imasdk.googleapis.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 csi
csi.gstatic.com/ Frame E5E6 0
331 B 390ms
139ms Ping
image/gif 2607:f8b0:4000:814::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=ima&dmc=8&puid=1~knv5uypk&c=7114175211985&slotId=3557087605992.5&qqid=CMibmI7zlfACFRU54AodCJgM3w&gqid=IouDYPC8GKSlx_APy6yLkAk&fb=ima-html5&sdkv=h.3.453.0&mrd=4&aab=1&itv=1&eee=missing-element&bi=missing-id&vmfc=1&vhc=0&wta=1&hghme=1&ghmsh_eids=44738437%2C44739826&met.4=ghmsh_s.knv5uzc3~ghmsh_s.knv5uzc4&ghmsh_mi=18%2C&ghmsh_vi=134%2C243%2C&ghmsh_ai=139%2C140%2C250%2C&ghmsh_gvt=0&ams=1&vs=640x360&vc=avc1.42001E&mt=video%2Fmp4&vsrc=youtube&bit=18&cpn=YxBUPOmm-hLPYKeo
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.453.0_en.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:4000:814::2003 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Sat, 24 Apr 2021 03:06:11 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 AAUvwngCM2a2sJSGZA-eWfqr4uFvsv-jyze4narFrqZQ-w=s48-c-k-c0x00ffffff-no-rj
yt3.ggpht.com/ytc/ Frame E5E6 2 KB
2 KB 7ms
5ms Image
image/jpeg 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://yt3.ggpht.com/ytc/AAUvwngCM2a2sJSGZA-eWfqr4uFvsv-jyze4narFrqZQ-w=s48-c-k-c0x00ffffff-no-rj

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

81ab472b1dce1d9c9963902ee0077de0a2e13d75c8e82a6f38da84e6718ced7d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 23 Apr 2021 23:37:28 GMT
x-content-type-options: nosniff
age: 12522
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1904
x-xss-protection: 0
server: fife
etag: "v2865"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Fri, 23 Apr 2021 23:36:08 GMT

GET
H3-29 200 /
googleads.g.doubleclick.net/pagead/interaction/ Frame E5E6 42 B
64 B 16ms
15ms Image
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/interaction/?ai=CmvfdIouDYMiCGpXygAeIsLL4DezinKVixqLj3uINsJAfEAEg0pbmOGCVAqAB7smU7wLIAQWpAuia16jxS7Q-4AIAqAMBmAQAqgS0Ak_QIIhnpizi_kkN4lxPn5psPAkLeIP3QT9XzEyzrb0EnsoJWyNsX7SykDKmZ8-ZENymZaFb6MeHV_q4-qeyyQcpEkKzVR0g1fgGzs7ha4NlQtW8PQsnocZ4dOQ0jcqVQboOsNjFq2dDArthIero2SsMyaGHX3CKp3_Am8Er2neP6e_Ex3tBSOCPGly9-z6u-IGQ83NPUcWX4OXMABhDo4J-ow7W45q_MyXjuLN_UAM34khTUj2e2xSgKrlkdZNXKLD29znru2Kw-9WV2dWVNiWYvlyelnn2S11v-15WFbIDjT3iBoETQYq7PNM69QvTGpZ1t2_4e7s6sLAblz_bM4Ch0Jlffo5lURlNjd3fPdfyiE5KogxxZrtXXGsLVIloIdEWw1AKfxPKvpBWHtk1M4zhK-uwwASflePdzAPgBAGIBbju6rcvkgUGCAMQAhgBoAZUgAf6teuQAagH1ckbqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAec3BuoB-6WsQKoB6a-G6gH7NUbqAfz0RuoB-zVG6gHltgb2AcBqAgB0ggJCIDhgBAQARgd8ggbYWR4LXN1YnN5bi0xMzU2NjMyODYyMzU0NDg2mglCaHR0cHM6Ly93d3cucGhpbGlwcy5kZS9jLW0tcGUvb25lYmxhZGUtdHJpbW1lbi1zdHlsZW4tdW5kLXJhc2llcmVusQmaNczM7uQcZYAKA8gLAdALD-ALAbgMAbATyo-cC9gTAtgUAagWAQ&sigh=qOANsbb9R78&label=show_ad&acvw=&sdkv=h.3.453.0&vci=CmUIARIYcHViYWRzLmcuZG91YmxlY2xpY2submV0GgdBZFNlbnNlIAQqDDQ3MzE4MjAzMjE5ODIMNTEzODgxMzA3NzY2QLQCUh0QDyUAAKBBKAE6B3Vua25vd25CB3Vua25vd25QABgB

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 24 Apr 2021 03:06:10 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 adview
pubads.g.doubleclick.net/pagead/ Frame E5E6 0
0 57ms
55ms Image
text/html 216.58.212.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pubads.g.doubleclick.net/pagead/adview?ai=CgU5LIouDYMiCGpXygAeIsLL4DezinKVixqLj3uINsJAfEAEg0pbmOGCVAqAB7smU7wLIAQWpAuia16jxS7Q-4AIAqAMBmAQAqgS1Ak_QIIhnpizi_kkN4lxPn5psPAkLeIP3QT9XzEyzrb0EnsoJWyNsX7SykDKmZ8-ZENymZaFb6MeHV_q4-qeyyQcpEkKzVR0g1fgGzs7ha4NlQtW8PQsnocZ4dOQ0jcqVQboOsNjFq2dDArthIero2SsMyaGHX1CKaZl6nwXpAYz1BDfTd55zl9G0GlG78jqjXbpvwHtPecDn4L7NABgnpIJ-7Q3L4wn5xmYU-zM_pQJC4UjRpz5rWBSg3bqRdpFX3bMD9DnjTmFF8NWVLNRgNSWaS19rlXj2vl6b-F5W4LH2jj3i84LmQoq7yfDP9gvz77W9s24Ktr0rYkccjH0gPovz2rn_cc1MEQDJXbVI-MtyoLWFlG2DZgXe9VeWzxl3PFZ_mwTyZcPe8-yyDy8NUKt5EWAZx8AEn5Xj3cwD4AQBkgUGCBsQAhgBoAZUgAf6teuQAagH1ckbqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAec3BuoB-6WsQKoB6a-G6gH7NUb2AcB8gcFEMbZlwKoCAHSCAkIgOGAEBABGB3yCBthZHgtc3Vic3luLTEzNTY2MzI4NjIzNTQ0ODaACgPICwGwE8qPnAvCEwYY7smU7wLIE77rpQnYEwLYFAGoFgGyFxoKGAgAEhRwdWItMTkyOTYxNTY5NDM3MzEwMw&sigh=YLtVuoCzmpE&cmd=Ch1jYS12aWRlby1wdWItMTkyOTYxNTY5NDM3MzEwMxAAGAI&vt=10&sdkv=h.3.453.0&vci=CmUIARIYcHViYWRzLmcuZG91YmxlY2xpY2submV0GgdBZFNlbnNlIAQqDDQ3MzE4MjAzMjE5ODIMNTEzODgxMzA3NzY2QLQCUh0QDyUAAKBBKAE6B3Vua25vd25CB3Vua25vd25QABgB
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 216.58.212.162 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS: ams15s22-in-f162.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

POST
H2 204 csi
csi.gstatic.com/ Frame EDDB 0
54 B 248ms
140ms Ping
image/gif 2607:f8b0:4000:814::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=ima&dmc=8&puid=1~knv5uvws&c=7114175211985&slotId=3557087605992.5&eee=missing-element&bi=missing-id
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:4000:814::2003 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Sat, 24 Apr 2021 03:06:11 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H/1.1 200
OK st Show response
capi.connatix.com/tr/ Frame EDDB 0
295 B 451ms
151ms XHR
multipart/form-data 3.136.53.133
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://capi.connatix.com/tr/st?v=114866
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.136.53.133 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-136-53-133.us-east-2.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: multipart/form-data

Response headers

Date: Sat, 24 Apr 2021 03:06:11 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Type: multipart/form-data
Access-Control-Allow-Origin: https://threatpost.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 20

GET
H/1.1

206
Partial Content

videoplayback
r2---sn-4g5e6ne6.googlevideo.com/
Redirect Chain

https://r2---sn-4g5e6ne6.googlevideo.com/videoplayback?expire=1619262370&ei=IouDYLqEJN2Fx_APxte1sAk&ip=89.187.165.152&id=011ee3073aa118bd&itag=18&source=youtube&requiressl=yes&mh=6F&mm=31&mn=sn-4g5...
https://r2---sn-4g5e6ne6.googlevideo.com/videoplayback?expire=1619262370&ei=IouDYLqEJN2Fx_APxte1sAk&ip=89.187.165.152&id=011ee3073aa118bd&itag=18&source=youtube&requiressl=yes&susc=gvp&acao=yes&cti...

1018 KB
1019 KB

22ms
7ms

Media
video/mp4

2a00:1450:4001:2a::8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://r2---sn-4g5e6ne6.googlevideo.com/videoplayback?expire=1619262370&ei=IouDYLqEJN2Fx_APxte1sAk&ip=89.187.165.152&id=011ee3073aa118bd&itag=18&source=youtube&requiressl=yes&susc=gvp&acao=yes&ctier=L&mime=video/mp4&vprv=1&dur=20.062&lmt=1610633152863037&txp=5530432&sparams=expire,ei,ip,id,itag,source,requiressl,susc,acao,ctier,mime,vprv,dur,lmt&sig=AOq0QJ8wRQIgC3Lcg2VMGCepXU8D9zQsRujst4vgMNR9xu1U_GTJMVkCIQDlFLF10VhXfpytVal1IF3icpqOSmu7sOsKH5i9B_jLXw==&cpn=YxBUPOmm-hLPYKeo&redirect_counter=1&rm=sn-4g5ell7l&req_id=c7b480e16aec36e2&cms_redirect=yes&ipbypass=yes&mh=6F&mip=2a01:4f8:192:5414::2&mm=31&mn=sn-4g5e6ne6&ms=au&mt=1619233481&mv=m&mvi=2&pl=50&lsparams=ipbypass,mh,mip,mm,mn,ms,mv,mvi,pl&lsig=AG3C_xAwRAIgJtAPr-n1eI1-Ci65enkpt3rAtJ5jGyVAHB9AjwuBV_oCICEAoSXctplSAQZfm-Dp4i0MSw1mQBV39qDtNbTfce4Y

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:2a::8 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gvs 1.0 /

Resource Hash

3ca8d7a9f4ff5f8b4fbdc361a9a62b7e59518751f332a65ed290ef5c86d62f82

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 24 Apr 2021 03:06:10 GMT
X-Content-Type-Options: nosniff
Last-Modified: Thu, 14 Jan 2021 14:05:52 GMT
Server: gvs 1.0
Vary: Origin
Content-Type: video/mp4
Content-Range: bytes 0-1042643/1042644
Cache-Control: private, max-age=28500
Cross-Origin-Resource-Policy: cross-origin
Connection: close
Accept-Ranges: bytes
Alt-Svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Content-Length: 1042644
Expires: Sat, 24 Apr 2021 03:06:10 GMT

Redirect headers

Date: Sat, 24 Apr 2021 03:06:10 GMT
X-Content-Type-Options: nosniff
Last-Modified: Wed, 02 May 2007 10:26:10 GMT
Server: gvs 1.0
Vary: Origin
Content-Type: text/html
Location: https://r2---sn-4g5e6ne6.googlevideo.com/videoplayback?expire=1619262370&ei=IouDYLqEJN2Fx_APxte1sAk&ip=89.187.165.152&id=011ee3073aa118bd&itag=18&source=youtube&requiressl=yes&susc=gvp&acao=yes&ctier=L&mime=video/mp4&vprv=1&dur=20.062&lmt=1610633152863037&txp=5530432&sparams=expire,ei,ip,id,itag,source,requiressl,susc,acao,ctier,mime,vprv,dur,lmt&sig=AOq0QJ8wRQIgC3Lcg2VMGCepXU8D9zQsRujst4vgMNR9xu1U_GTJMVkCIQDlFLF10VhXfpytVal1IF3icpqOSmu7sOsKH5i9B_jLXw==&cpn=YxBUPOmm-hLPYKeo&redirect_counter=1&rm=sn-4g5ell7l&req_id=c7b480e16aec36e2&cms_redirect=yes&ipbypass=yes&mh=6F&mip=2a01:4f8:192:5414::2&mm=31&mn=sn-4g5e6ne6&ms=au&mt=1619233481&mv=m&mvi=2&pl=50&lsparams=ipbypass,mh,mip,mm,mn,ms,mv,mvi,pl&lsig=AG3C_xAwRAIgJtAPr-n1eI1-Ci65enkpt3rAtJ5jGyVAHB9AjwuBV_oCICEAoSXctplSAQZfm-Dp4i0MSw1mQBV39qDtNbTfce4Y
Cache-Control: private, max-age=900
Cross-Origin-Resource-Policy: cross-origin
Connection: close
Content-Length: 0
Expires: Sat, 24 Apr 2021 03:06:10 GMT

POST
H2 204 csi
csi.gstatic.com/ Frame E5E6 0
54 B 153ms
141ms Ping
image/gif 2607:f8b0:4000:814::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=ima&dmc=8&puid=2~knv5uzdp&c=7114175211985&slotId=3557087605992.5&qqid=CMibmI7zlfACFRU54AodCJgM3w&gqid=IouDYPC8GKSlx_APy6yLkAk&fb=ima-html5&sdkv=h.3.453.0&mrd=4&aab=1&itv=1&met.4=ghmsh_s.knv5uzdv~vss_tr.sh
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.453.0_en.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:4000:814::2003 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Sat, 24 Apr 2021 03:06:11 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 /
googleads.g.doubleclick.net/pagead/interaction/ Frame E5E6 42 B
64 B 41ms
16ms Image
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/interaction/?ai=CmvfdIouDYMiCGpXygAeIsLL4DezinKVixqLj3uINsJAfEAEg0pbmOGCVAqAB7smU7wLIAQWpAuia16jxS7Q-4AIAqAMBmAQAqgS0Ak_QIIhnpizi_kkN4lxPn5psPAkLeIP3QT9XzEyzrb0EnsoJWyNsX7SykDKmZ8-ZENymZaFb6MeHV_q4-qeyyQcpEkKzVR0g1fgGzs7ha4NlQtW8PQsnocZ4dOQ0jcqVQboOsNjFq2dDArthIero2SsMyaGHX3CKp3_Am8Er2neP6e_Ex3tBSOCPGly9-z6u-IGQ83NPUcWX4OXMABhDo4J-ow7W45q_MyXjuLN_UAM34khTUj2e2xSgKrlkdZNXKLD29znru2Kw-9WV2dWVNiWYvlyelnn2S11v-15WFbIDjT3iBoETQYq7PNM69QvTGpZ1t2_4e7s6sLAblz_bM4Ch0Jlffo5lURlNjd3fPdfyiE5KogxxZrtXXGsLVIloIdEWw1AKfxPKvpBWHtk1M4zhK-uwwASflePdzAPgBAGIBbju6rcvkgUGCAMQAhgBoAZUgAf6teuQAagH1ckbqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAec3BuoB-6WsQKoB6a-G6gH7NUbqAfz0RuoB-zVG6gHltgb2AcBqAgB0ggJCIDhgBAQARgd8ggbYWR4LXN1YnN5bi0xMzU2NjMyODYyMzU0NDg2mglCaHR0cHM6Ly93d3cucGhpbGlwcy5kZS9jLW0tcGUvb25lYmxhZGUtdHJpbW1lbi1zdHlsZW4tdW5kLXJhc2llcmVusQmaNczM7uQcZYAKA8gLAdALD-ALAbgMAbATyo-cC9gTAtgUAagWAQ&sigh=qOANsbb9R78&label=video_ad_loaded&acvw=&sdkv=h.3.453.0&vci=CmUIARIYcHViYWRzLmcuZG91YmxlY2xpY2submV0GgdBZFNlbnNlIAQqDDQ3MzE4MjAzMjE5ODIMNTEzODgxMzA3NzY2QLQCUh0QDyUAAKBBKAE6B3Vua25vd25CB3Vua25vd25QABgB

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 24 Apr 2021 03:06:11 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 Oy6hyfNY.js Show response
tpc.googlesyndication.com/sodar/ Frame E5E6 41 KB
15 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Oy6hyfNY.js

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.453.0_en.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3b2ea1c9f3587781b58285cf64279e67f6329a3924fb93f81529f1826e2f4d16

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 19 Apr 2021 07:19:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 416785
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15406
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 19 Apr 2022 07:19:46 GMT

GET
H3-29 200 adview
pubads.g.doubleclick.net/pagead/ Frame E5E6 0
0 62ms
55ms Image
text/html 216.58.212.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pubads.g.doubleclick.net/pagead/adview?ai=CgU5LIouDYMiCGpXygAeIsLL4DezinKVixqLj3uINsJAfEAEg0pbmOGCVAqAB7smU7wLIAQWpAuia16jxS7Q-4AIAqAMBmAQAqgS1Ak_QIIhnpizi_kkN4lxPn5psPAkLeIP3QT9XzEyzrb0EnsoJWyNsX7SykDKmZ8-ZENymZaFb6MeHV_q4-qeyyQcpEkKzVR0g1fgGzs7ha4NlQtW8PQsnocZ4dOQ0jcqVQboOsNjFq2dDArthIero2SsMyaGHX1CKaZl6nwXpAYz1BDfTd55zl9G0GlG78jqjXbpvwHtPecDn4L7NABgnpIJ-7Q3L4wn5xmYU-zM_pQJC4UjRpz5rWBSg3bqRdpFX3bMD9DnjTmFF8NWVLNRgNSWaS19rlXj2vl6b-F5W4LH2jj3i84LmQoq7yfDP9gvz77W9s24Ktr0rYkccjH0gPovz2rn_cc1MEQDJXbVI-MtyoLWFlG2DZgXe9VeWzxl3PFZ_mwTyZcPe8-yyDy8NUKt5EWAZx8AEn5Xj3cwD4AQBkgUGCBsQAhgBoAZUgAf6teuQAagH1ckbqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAec3BuoB-6WsQKoB6a-G6gH7NUb2AcB8gcFEMbZlwKoCAHSCAkIgOGAEBABGB3yCBthZHgtc3Vic3luLTEzNTY2MzI4NjIzNTQ0ODaACgPICwGwE8qPnAvCEwYY7smU7wLIE77rpQnYEwLYFAGoFgGyFxoKGAgAEhRwdWItMTkyOTYxNTY5NDM3MzEwMw&sigh=YLtVuoCzmpE&cmd=Ch1jYS12aWRlby1wdWItMTkyOTYxNTY5NDM3MzEwMxAAGAI&sdkv=h.3.453.0
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 216.58.212.162 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS: ams15s22-in-f162.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H2 200 B25168070.292863583;dc_trk_aid=486148734;dc_trk_cid=144204931;dc_dbm_token=AD1EzRQAAAA5CjIKDAgAFQAAAAAdAAAAABIMCAAVAAAAAB0AAAAAIhIIuO7qty-oAsa45wGwAvrOqAhAOxDc4OQBFaEUtIf6zlm8bk81d3zZ8w==;ord=16889...
ad.doubleclick.net/ddm/trackimp/N485604.3473192DV360_PH_DE/ Frame E5E6 42 B
118 B 79ms
70ms Image
image/gif 142.250.185.102
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ad.doubleclick.net/ddm/trackimp/N485604.3473192DV360_PH_DE/B25168070.292863583;dc_trk_aid=486148734;dc_trk_cid=144204931;dc_dbm_token=AD1EzRQAAAA5CjIKDAgAFQAAAAAdAAAAABIMCAAVAAAAAB0AAAAAIhIIuO7qty-oAsa45wGwAvrOqAhAOxDc4OQBFaEUtIf6zlm8bk81d3zZ8w==;ord=1688995047;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;dc_exteid=12165146604460352799;dc_av=536;dc_sk=1;dc_ctype=84;dc_pubid=3;dc_btype=23?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.102 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f6.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 24 Apr 2021 03:06:11 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 /
googleads.g.doubleclick.net/pagead/interaction/ Frame E5E6 42 B
64 B 26ms
18ms Image
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/interaction/?ai=CsBrnIouDYMiCGpXygAeIsLL4DezinKVixqLj3uINsJAfEAEg0pbmOGCVAqAB7smU7wLIAQWpAuia16jxS7Q-4AIAqAMBmAQAqgSxAk_QIIhnpizi_kkN4lxPn5psPAkLeIP3QT9XzEyzrb0EnsoJWyNsX7SykDKmZ8-ZENymZaFb6MeHV_q4-qeyyQcpEkKzVR0g1fgGzs7ha4NlQtW8PQsnocZ4dOQ0jcqVQboOsNjFq2dDArthIero2SsMyaGHX3CKp3_Am8Er2neP6e_Ex3tBSOCPGly9-z6u-IGQ83NPUcWX4OXMABhDo4J-ow7W45q_MyXjuLN_UAM34khTUj2e2xSgKrlkdZNXKLD29znru2Kw-9WV2dWVNiWYvlyelnn2S11v-15WFbIDjT3iBoETQYq7PNM69QvTGpZ1t2_4e7s6sLAblz_bM4Ch0Jlffo5lURlNjd3fPdfyiE5KolRwxKdfZv0fxgybl7TidWLU9jYfN5OJs6XptqX5wASflePdzAPgBAGIBbju6rcvoAZUgAf6teuQAagH1ckbqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAec3BuoB-6WsQKoB6a-G6gH7NUbqAfz0RuoB-zVG6gHltgb2AcBqAgB0ggJCIDhgBAQARgd8ggbYWR4LXN1YnN5bi0xMzU2NjMyODYyMzU0NDg2gAoDyAsBsBPKj5wL2BMC2BQBqBYB&sigh=PuhiOXBDPE0&cmd=Ch1jYS12aWRlby1wdWItMTkyOTYxNTY5NDM3MzEwMxAAGAI&label=vast_creativeview&ad_mt=0&acvw=sv%3D894%26cb%3Dj%26e%3D19%26nas%3D1%26sdk%3Dh%26p%3D974,1199,1199,1599%26tos%3D0,0,0,0,0%26mtos%3D0,0,0,0,0%26amtos%3D0,0,0,0,0%26mcvt%3D0%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26at%3D0%26as%3D0%26vpt%3D0%26gmm%3D4%26efpf%3D2%26nmt%3D1%26tcm%3D0%26bt%3D0%26pst%3D-1%26dur%3D20015%26vmtime%3D-1%26is%3D275%26cs%3D274%26c%3D1%26mc%3D1%26nc%3D1%26mv%3D0%26nv%3D0%26lte%3D1%26ces%26femt%3D916%26femvt%3D0%26emc%3D2%26emuc%3D0%26emb%3D2,0,0,0,0%26avms%3Dexc%26qi%3D832356600%26psm%3D-2147483648%26psv%3D-2147483648%26psfv%3D-2147483648%26psa%3D0%26ptlt%3D1619233570995%26pngs%3D9,14,15%26veid%3Dxdi%3A0,amp%3A0%26ssb%3D0,0,0,0,0,0,0,0,0,0,0&gv=atos%3D0,0,0,0,0%26avt%3D0%26ss%3D0.04%26t%3D1619233570761&sdkv=h.3.453.0&vci=CmgIARIYcHViYWRzLmcuZG91YmxlY2xpY2submV0GgdBZFNlbnNlIAQqDDQ3MzE4MjAzMjE5ODIMNTEzODgxMzA3NzY2QLQCUiAQDyUAAKBBKAE6B3Vua25vd25CB3Vua25vd25IqAFQABgB

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 24 Apr 2021 03:06:11 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 activeview
pagead2.googlesyndication.com/pcs/ Frame E5E6 42 B
108 B 2404ms
16ms Image
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsv6tbViHHuicrB6QrpKDNNskWofxeKAriub3So0va-KI_XKCT78BTj4MHQwSz9B-M8iLXIE5GCFUEI0d-Q7cFR3vuXjMEug01eh76fpmED4mkk-Jxvq2SPdYUph7A&sai=AMfl-YQ3xOVKNpCnB3dr4ed7_11yLw5WpBzPMZ9iJ03A0dRX_-lFd9Otjk81cHlNtxJ68V4ZMwMP7aSsXS0zUpiDMiV8ewHpFhTeTP44pcmO7IqXaW3uKe4ytQRhhCYx&sig=Cg0ArKJSzAZPKw86AiJrEAE&cid=CAASF-RodUEstuwSKYEf5nBMSey6rSaAixMH&id=lidarv&acvw=sv%3D894%26cb%3Dj%26e%3D15%26nas%3D1%26sdk%3Dh%26p%3D974,1199,1199,1599%26tos%3D0,0,0,0,0%26mtos%3D0,0,0,0,0%26amtos%3D0,0,0,0,0%26mcvt%3D0%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26dft%3D0%26at%3D0%26dat%3D0%26as%3D0%26vpt%3D0%26gmm%3D4%26efpf%3D2%26nmt%3D1%26tcm%3D0%26bt%3D0%26pst%3D-1%26dur%3D20015%26vmtime%3D-1%26dvs%3D0%26dfvs%3D0%26dvpt%3D0%26is%3D275%26ic%3D274%26cs%3D274%26c%3D1%26mc%3D1%26nc%3D1%26mv%3D0%26nv%3D0%26lte%3D1%26ces%26femt%3D916%26femvt%3D0%26emc%3D2%26emuc%3D0%26emb%3D2,0,0,0,0%26avms%3Dexc%26qi%3D832356600%26psm%3D-2147483648%26psv%3D-2147483648%26psfv%3D-2147483648%26psa%3D0%26ptlt%3D1619233571011%26pngs%3D9,14,15%26veid%3Dxdi%3A0,amp%3A0%26ssb%3D0,0,0,0,0,0,0,0,0,0,0&gv=atos%3D0,0,0,0,0%26avt%3D0%26davs%3D0%26dafvs%3D0%26ss%3D0.04%26t%3D1619233570761&avm=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 24 Apr 2021 03:06:13 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 activeview_ext
pagead2.googlesyndication.com/ Frame E5E6 42 B
108 B 2402ms
14ms Image
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/activeview_ext?id=lidarv&avm=1&dc_pubid=3&dc_exteid=12165146604460352799&acvw=sv%3D894%26cb%3Dj%26e%3D15%26nas%3D1%26sdk%3Dh%26p%3D974,1199,1199,1599%26tos%3D0,0,0,0,0%26mtos%3D0,0,0,0,0%26amtos%3D0,0,0,0,0%26mcvt%3D0%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26dft%3D0%26at%3D0%26dat%3D0%26as%3D0%26vpt%3D0%26gmm%3D4%26efpf%3D2%26nmt%3D1%26tcm%3D0%26bt%3D0%26pst%3D-1%26dur%3D20015%26vmtime%3D-1%26dvs%3D0%26dfvs%3D0%26dvpt%3D0%26is%3D275%26ic%3D274%26cs%3D274%26c%3D1%26mc%3D1%26nc%3D1%26mv%3D0%26nv%3D0%26lte%3D1%26ces%26femt%3D916%26femvt%3D0%26emc%3D2%26emuc%3D0%26emb%3D2,0,0,0,0%26avms%3Dexc%26qi%3D832356600%26psm%3D-2147483648%26psv%3D-2147483648%26psfv%3D-2147483648%26psa%3D0%26ptlt%3D1619233571011%26pngs%3D9,14,15%26veid%3Dxdi%3A0,amp%3A0%26ssb%3D0,0,0,0,0,0,0,0,0,0,0&gv=atos%3D0,0,0,0,0%26avt%3D0%26davs%3D0%26dafvs%3D0%26ss%3D0.04%26t%3D1619233570761?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 24 Apr 2021 03:06:13 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dc_pubid=3;dc_exteid=12165146604460352799;met=1;ecn1=1;etm1=0;eid1=200101;acvw=sv%3D894%26cb%3Dj%26e%3D15%26nas%3D1%26sdk%3Dh%26p%3D974,1199,1199,1599%26tos%3D0,0,0,0,0%26mtos%3D0,0,0,0,0%26amtos%3...
ade.googlesyndication.com/ddm/activity_ext/ Frame E5E6 42 B
498 B 252ms
123ms Image
image/gif 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ade.googlesyndication.com/ddm/activity_ext/dc_pubid=3;dc_exteid=12165146604460352799;met=1;ecn1=1;etm1=0;eid1=200101;acvw=sv%3D894%26cb%3Dj%26e%3D15%26nas%3D1%26sdk%3Dh%26p%3D974,1199,1199,1599%26tos%3D0,0,0,0,0%26mtos%3D0,0,0,0,0%26amtos%3D0,0,0,0,0%26mcvt%3D0%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26dft%3D0%26at%3D0%26dat%3D0%26as%3D0%26vpt%3D0%26gmm%3D4%26efpf%3D2%26nmt%3D1%26tcm%3D0%26bt%3D0%26pst%3D-1%26dur%3D20015%26vmtime%3D-1%26dvs%3D0%26dfvs%3D0%26dvpt%3D0%26is%3D275%26ic%3D274%26cs%3D274%26c%3D1%26mc%3D1%26nc%3D1%26mv%3D0%26nv%3D0%26lte%3D1%26ces%26femt%3D916%26femvt%3D0%26emc%3D2%26emuc%3D0%26emb%3D2,0,0,0,0%26avms%3Dexc%26qi%3D832356600%26psm%3D-2147483648%26psv%3D-2147483648%26psfv%3D-2147483648%26psa%3D0%26ptlt%3D1619233571011%26pngs%3D9,14,15%26veid%3Dxdi%3A0,amp%3A0%26ssb%3D0,0,0,0,0,0,0,0,0,0,0;gv=atos%3D0,0,0,0,0%26avt%3D0%26davs%3D0%26dafvs%3D0%26ss%3D0.04%26t%3D1619233570761?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 24 Apr 2021 03:06:11 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 /
googleads.g.doubleclick.net/pagead/interaction/ Frame E5E6 42 B
64 B 26ms
19ms Image
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/interaction/?ai=CsBrnIouDYMiCGpXygAeIsLL4DezinKVixqLj3uINsJAfEAEg0pbmOGCVAqAB7smU7wLIAQWpAuia16jxS7Q-4AIAqAMBmAQAqgSxAk_QIIhnpizi_kkN4lxPn5psPAkLeIP3QT9XzEyzrb0EnsoJWyNsX7SykDKmZ8-ZENymZaFb6MeHV_q4-qeyyQcpEkKzVR0g1fgGzs7ha4NlQtW8PQsnocZ4dOQ0jcqVQboOsNjFq2dDArthIero2SsMyaGHX3CKp3_Am8Er2neP6e_Ex3tBSOCPGly9-z6u-IGQ83NPUcWX4OXMABhDo4J-ow7W45q_MyXjuLN_UAM34khTUj2e2xSgKrlkdZNXKLD29znru2Kw-9WV2dWVNiWYvlyelnn2S11v-15WFbIDjT3iBoETQYq7PNM69QvTGpZ1t2_4e7s6sLAblz_bM4Ch0Jlffo5lURlNjd3fPdfyiE5KolRwxKdfZv0fxgybl7TidWLU9jYfN5OJs6XptqX5wASflePdzAPgBAGIBbju6rcvoAZUgAf6teuQAagH1ckbqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAec3BuoB-6WsQKoB6a-G6gH7NUbqAfz0RuoB-zVG6gHltgb2AcBqAgB0ggJCIDhgBAQARgd8ggbYWR4LXN1YnN5bi0xMzU2NjMyODYyMzU0NDg2gAoDyAsBsBPKj5wL2BMC2BQBqBYB&sigh=PuhiOXBDPE0&cmd=Ch1jYS12aWRlby1wdWItMTkyOTYxNTY5NDM3MzEwMxAAGAI&label=part2viewed&ad_mt=0&acvw=sv%3D894%26cb%3Dj%26e%3D0%26nas%3D1%26sdk%3Dh%26p%3D974,1199,1199,1599%26tos%3D0,0,0,0,0%26mtos%3D0,0,0,0,0%26amtos%3D0,0,0,0,0%26mcvt%3D0%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26dft%3D0%26at%3D0%26dat%3D0%26as%3D0%26vpt%3D0%26gmm%3D4%26efpf%3D2%26nmt%3D1%26tcm%3D0%26bt%3D0%26pst%3D-1%26dur%3D20015%26vmtime%3D-1%26dvs%3D0%26dfvs%3D0%26dvpt%3D0%26is%3D275%26i0%3D275%26ic%3D0%26cs%3D274%26c%3D1%26mc%3D1%26nc%3D1%26mv%3D0%26nv%3D0%26lte%3D1%26ces%26femt%3D916%26femvt%3D0%26emc%3D2%26emuc%3D0%26emb%3D2,0,0,0,0%26avms%3Dexc%26qi%3D832356600%26psm%3D-2147483648%26psv%3D-2147483648%26psfv%3D-2147483648%26psa%3D0%26ptlt%3D1619233571015%26pngs%3D9,14,15s%26veid%3Dxdi%3A0,amp%3A0%26ssb%3D0,0,0,0,0,0,0,0,0,0,0&gv=atos%3D0,0,0,0,0%26avt%3D0%26davs%3D0%26dafvs%3D0%26ss%3D0.04%26t%3D1619233570761&sdkv=h.3.453.0&vci=CmgIARIYcHViYWRzLmcuZG91YmxlY2xpY2submV0GgdBZFNlbnNlIAQqDDQ3MzE4MjAzMjE5ODIMNTEzODgxMzA3NzY2QLQCUiAQDyUAAKBBKAE6B3Vua25vd25CB3Vua25vd25IqAFQABgB

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 24 Apr 2021 03:06:11 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dc_pubid=3;dc_exteid=12165146604460352799;met=1;ecn1=1;etm1=0;eid1=11;acvw=sv%3D894%26cb%3Dj%26e%3D0%26nas%3D1%26sdk%3Dh%26p%3D974,1199,1199,1599%26tos%3D0,0,0,0,0%26mtos%3D0,0,0,0,0%26amtos%3D0,0,...
ade.googlesyndication.com/ddm/activity_ext/ Frame E5E6 42 B
107 B 372ms
245ms Image
image/gif 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ade.googlesyndication.com/ddm/activity_ext/dc_pubid=3;dc_exteid=12165146604460352799;met=1;ecn1=1;etm1=0;eid1=11;acvw=sv%3D894%26cb%3Dj%26e%3D0%26nas%3D1%26sdk%3Dh%26p%3D974,1199,1199,1599%26tos%3D0,0,0,0,0%26mtos%3D0,0,0,0,0%26amtos%3D0,0,0,0,0%26mcvt%3D0%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26dft%3D0%26at%3D0%26dat%3D0%26as%3D0%26vpt%3D0%26gmm%3D4%26efpf%3D2%26nmt%3D1%26tcm%3D0%26bt%3D0%26pst%3D-1%26dur%3D20015%26vmtime%3D-1%26dvs%3D0%26dfvs%3D0%26dvpt%3D0%26is%3D275%26i0%3D275%26ic%3D0%26cs%3D274%26c%3D1%26mc%3D1%26nc%3D1%26mv%3D0%26nv%3D0%26lte%3D1%26ces%26femt%3D916%26femvt%3D0%26emc%3D2%26emuc%3D0%26emb%3D2,0,0,0,0%26avms%3Dexc%26qi%3D832356600%26psm%3D-2147483648%26psv%3D-2147483648%26psfv%3D-2147483648%26psa%3D0%26ptlt%3D1619233571015%26pngs%3D9,14,15s%26veid%3Dxdi%3A0,amp%3A0%26ssb%3D0,0,0,0,0,0,0,0,0,0,0;gv=atos%3D0,0,0,0,0%26avt%3D0%26davs%3D0%26dafvs%3D0%26ss%3D0.04%26t%3D1619233570761?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 24 Apr 2021 03:06:11 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 /
googleads.g.doubleclick.net/pagead/interaction/ Frame E5E6 42 B
64 B 22ms
18ms Image
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/interaction/?ai=CsBrnIouDYMiCGpXygAeIsLL4DezinKVixqLj3uINsJAfEAEg0pbmOGCVAqAB7smU7wLIAQWpAuia16jxS7Q-4AIAqAMBmAQAqgSxAk_QIIhnpizi_kkN4lxPn5psPAkLeIP3QT9XzEyzrb0EnsoJWyNsX7SykDKmZ8-ZENymZaFb6MeHV_q4-qeyyQcpEkKzVR0g1fgGzs7ha4NlQtW8PQsnocZ4dOQ0jcqVQboOsNjFq2dDArthIero2SsMyaGHX3CKp3_Am8Er2neP6e_Ex3tBSOCPGly9-z6u-IGQ83NPUcWX4OXMABhDo4J-ow7W45q_MyXjuLN_UAM34khTUj2e2xSgKrlkdZNXKLD29znru2Kw-9WV2dWVNiWYvlyelnn2S11v-15WFbIDjT3iBoETQYq7PNM69QvTGpZ1t2_4e7s6sLAblz_bM4Ch0Jlffo5lURlNjd3fPdfyiE5KolRwxKdfZv0fxgybl7TidWLU9jYfN5OJs6XptqX5wASflePdzAPgBAGIBbju6rcvoAZUgAf6teuQAagH1ckbqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAec3BuoB-6WsQKoB6a-G6gH7NUbqAfz0RuoB-zVG6gHltgb2AcBqAgB0ggJCIDhgBAQARgd8ggbYWR4LXN1YnN5bi0xMzU2NjMyODYyMzU0NDg2gAoDyAsBsBPKj5wL2BMC2BQBqBYB&sigh=PuhiOXBDPE0&cmd=Ch1jYS12aWRlby1wdWItMTkyOTYxNTY5NDM3MzEwMxAAGAI&label=admute&ad_mt=0&acvw=sv%3D894%26cb%3Dj%26e%3D10%26nas%3D1%26sdk%3Dh%26p%3D974,1199,1199,1599%26tos%3D52,0,0,0,0%26mtos%3D52,52,52,52,52%26amtos%3D0,0,0,0,0%26mcvt%3D52%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26dft%3D0%26at%3D0%26dat%3D0%26as%3D0%26vpt%3D52%26gmm%3D4%26efpf%3D2%26nmt%3D1%26tcm%3D0%26bt%3D52%26pst%3D-1%26dur%3D20015%26vmtime%3D-1%26dvs%3D52%26dfvs%3D52%26dvpt%3D52%26is%3D275%26i0%3D275%26ic%3D4096%26cs%3D4370%26c%3D1%26mc%3D1%26nc%3D1%26mv%3D0%26nv%3D0%26lte%3D1%26ces%26femt%3D916%26femvt%3D0%26emc%3D2%26emuc%3D0%26emb%3D2,0,0,0,0%26avms%3Dexc%26qi%3D832356600%26psm%3D-2147483648%26psv%3D-2147483648%26psfv%3D-2147483648%26psa%3D0%26ptlt%3D1619233571035%26pngs%3D9,14,15s%26veid%3Dxdi%3A0,amp%3A0%26ssb%3D0,0,0,0,0,0,0,0,0,0,52&gv=atos%3D0,0,0,0,0%26avt%3D0%26davs%3D0%26dafvs%3D0%26ss%3D0.04%26t%3D1619233570761&sdkv=h.3.453.0&vci=CmgIARIYcHViYWRzLmcuZG91YmxlY2xpY2submV0GgdBZFNlbnNlIAQqDDQ3MzE4MjAzMjE5ODIMNTEzODgxMzA3NzY2QLQCUiAQDyUAAKBBKAE6B3Vua25vd25CB3Vua25vd25IqAFQABgB

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 24 Apr 2021 03:06:11 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dc_pubid=3;dc_exteid=12165146604460352799;met=1;ecn1=1;etm1=0;eid1=16;acvw=sv%3D894%26cb%3Dj%26e%3D10%26nas%3D1%26sdk%3Dh%26p%3D974,1199,1199,1599%26tos%3D52,0,0,0,0%26mtos%3D52,52,52,52,52%26amtos...
ade.googlesyndication.com/ddm/activity_ext/ Frame E5E6 42 B
107 B 371ms
246ms Image
image/gif 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ade.googlesyndication.com/ddm/activity_ext/dc_pubid=3;dc_exteid=12165146604460352799;met=1;ecn1=1;etm1=0;eid1=16;acvw=sv%3D894%26cb%3Dj%26e%3D10%26nas%3D1%26sdk%3Dh%26p%3D974,1199,1199,1599%26tos%3D52,0,0,0,0%26mtos%3D52,52,52,52,52%26amtos%3D0,0,0,0,0%26mcvt%3D52%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26dft%3D0%26at%3D0%26dat%3D0%26as%3D0%26vpt%3D52%26gmm%3D4%26efpf%3D2%26nmt%3D1%26tcm%3D0%26bt%3D52%26pst%3D-1%26dur%3D20015%26vmtime%3D-1%26dvs%3D52%26dfvs%3D52%26dvpt%3D52%26is%3D275%26i0%3D275%26ic%3D4096%26cs%3D4370%26c%3D1%26mc%3D1%26nc%3D1%26mv%3D0%26nv%3D0%26lte%3D1%26ces%26femt%3D916%26femvt%3D0%26emc%3D2%26emuc%3D0%26emb%3D2,0,0,0,0%26avms%3Dexc%26qi%3D832356600%26psm%3D-2147483648%26psv%3D-2147483648%26psfv%3D-2147483648%26psa%3D0%26ptlt%3D1619233571035%26pngs%3D9,14,15s%26veid%3Dxdi%3A0,amp%3A0%26ssb%3D0,0,0,0,0,0,0,0,0,0,52;gv=atos%3D0,0,0,0,0%26avt%3D0%26davs%3D0%26dafvs%3D0%26ss%3D0.04%26t%3D1619233570761?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 24 Apr 2021 03:06:11 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H/1.1 200
OK ai Show response
capi.connatix.com/tr/ Frame EDDB 0
295 B 344ms
143ms XHR
multipart/form-data 3.136.53.133
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://capi.connatix.com/tr/ai?v=114866
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.136.53.133 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-136-53-133.us-east-2.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: multipart/form-data

Response headers

Date: Sat, 24 Apr 2021 03:06:11 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Type: multipart/form-data
Access-Control-Allow-Origin: https://threatpost.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 20

GET
H2 200 1_th.jpg
img.connatix.com/60764267-557e-410f-85cb-f102d92ee134/f4f66138-624a-4b49-9ed2-4179c64c3dec/ 8 KB
8 KB 62ms
61ms Image
image/jpeg 151.101.14.137
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.connatix.com/60764267-557e-410f-85cb-f102d92ee134/f4f66138-624a-4b49-9ed2-4179c64c3dec/1_th.jpg?crop=400:225,smart&width=400&height=225&format=jpeg&quality=60&fit=crop
Requested by: Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.14.137 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 4acda90e0e320a5ca3fb7146151c98339708a86deae2d6c04aa542eb06c6033b

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 24 Apr 2021 03:06:11 GMT
age: 51606
etag: "iUvBA6WrI/w28Nq8NsP50ik93VECEUHfu3ivB9i+Gm0"
access-control-max-age: 86400
fastly-io-info: ifsz=98311 idim=2560x1440 ifmt=jpeg ofsz=8023 odim=400x225 ofmt=jpeg
access-control-allow-origin: *
cache-control: max-age=31557600
fastly-stats: io=1
accept-ranges: bytes
content-type: image/jpeg
content-length: 8023

GET
H3-29 200 hhrtBw21.html Show response
tpc.googlesyndication.com/sodar/ Frame 8281 23 KB
9 KB 21ms
13ms Document
text/html 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/hhrtBw21.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Oy6hyfNY.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

861aed070db50ce0da9928455deff784c115b44540b09450f225ff7cff0c7429

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/hhrtBw21.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://imasdk.googleapis.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://imasdk.googleapis.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 8727
date: Mon, 19 Apr 2021 18:12:19 GMT
expires: Tue, 19 Apr 2022 18:12:19 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 377632
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 04GNmuDwX4NjTp5JBnlTI2cBXBmJ_FOcmcCRO2VtSUE.js Show response
pagead2.googlesyndication.com/bg/ Frame 8281 14 KB
6 KB 2228ms
7ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/04GNmuDwX4NjTp5JBnlTI2cBXBmJ_FOcmcCRO2VtSUE.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/hhrtBw21.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d3818d9ae0f05f83634e9e490679532367015c1989fc539c99c0913b656d4941

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 23 Apr 2021 18:26:21 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Thu, 08 Apr 2021 09:18:00 GMT
server: sffe
age: 31192
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5636
x-xss-protection: 0
expires: Sat, 23 Apr 2022 18:26:21 GMT

GET
H2 204 playback
s.youtube.com/api/stats/ Frame BC14 0
0 50ms
16ms Image
text/html 2a00:1450:400c:c07::8a
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.youtube.com/api/stats/playback?ns=yt&fexp=44738437%2C44739826&el=adunit&cpn=YxBUPOmm-hLPYKeo&docid=AR7jBzqhGL0&ver=2&cmt=0.169&fmt=18&rt=0.000&adformat=2_2_1&euri=https%3A%2F%2Fthreatpost.com%2F&len=20.016&vtype=gvp&c=web_gvp_ads&cver=h.0.0.0&cbr=Chrome&cbrver=89.0.4389.72&cos=Linux%20x86_64&cosver=537.36&cplatform=desktop&mos=1&volume=0&delay=18&rtn=10
Requested by: Host: blank
URL: about:blank
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400c:c07::8a Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

POST
H/1.1 200
OK av Show response
capi.connatix.com/tr/ Frame EDDB 0
295 B 141ms
141ms XHR
multipart/form-data 3.136.53.133
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://capi.connatix.com/tr/av?v=114866
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.136.53.133 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-136-53-133.us-east-2.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: multipart/form-data

Response headers

Date: Sat, 24 Apr 2021 03:06:13 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Type: multipart/form-data
Access-Control-Allow-Origin: https://threatpost.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 20

GET
H2 200 activeview
pagead2.googlesyndication.com/pcs/ Frame E5E6 42 B
108 B 22ms
21ms Image
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsv6tbViHHuicrB6QrpKDNNskWofxeKAriub3So0va-KI_XKCT78BTj4MHQwSz9B-M8iLXIE5GCFUEI0d-Q7cFR3vuXjMEug01eh76fpmED4mkk-Jxvq2SPdYUph7A&sai=AMfl-YQ3xOVKNpCnB3dr4ed7_11yLw5WpBzPMZ9iJ03A0dRX_-lFd9Otjk81cHlNtxJ68V4ZMwMP7aSsXS0zUpiDMiV8ewHpFhTeTP44pcmO7IqXaW3uKe4ytQRhhCYx&sig=Cg0ArKJSzAZPKw86AiJrEAE&cid=CAASF-RodUEstuwSKYEf5nBMSey6rSaAixMH&id=lidarv&acvw=sv%3D894%26cb%3Dj%26e%3D9%26nas%3D1%26sdk%3Dh%26p%3D974,1199,1199,1599%26tos%3D2077,0,0,0,0%26mtos%3D2077,2077,2077,2077,2077%26amtos%3D0,0,0,0,0%26mcvt%3D2077%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26dft%3D0%26at%3D0%26dat%3D0%26as%3D0%26vpt%3D2077%26gmm%3D4%26efpf%3D2%26nmt%3D1%26tcm%3D0%26bt%3D505%26pst%3D271%26dur%3D20015%26vmtime%3D1918%26dtos%3D2077%26dtoss%3D1%26dvs%3D2025%26dfvs%3D2025%26dvpt%3D2025%26is%3D275%26i0%3D275%26ic%3D16777217%26cs%3D16781587%26c%3D1%26mc%3D1%26nc%3D1%26mv%3D0%26nv%3D0%26lte%3D1%26ces%26femt%3D916%26femvt%3D0%26emc%3D12%26emuc%3D0%26emb%3D12,0,0,0,0%26avms%3Dexc%26qi%3D832356600%26psm%3D-2147483645%26psv%3D-2147483645%26psfv%3D-2147483645%26psa%3D0%26ptlt%3D1619233573060%26pngs%3D9,14,15s%26veid%3Dxdi%3A0,amp%3A0%26ssb%3D0,0,0,0,0,0,0,0,0,0,2077&gv=atos%3D0,0,0,0,0%26avt%3D0%26davs%3D0%26dafvs%3D0%26dav%3D0%26ss%3D0.04%26t%3D1619233570761

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 24 Apr 2021 03:06:13 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 activeview_ext
pagead2.googlesyndication.com/ Frame E5E6 42 B
176 B 16ms
15ms Image
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/activeview_ext?id=lidarv&dc_pubid=3&dc_exteid=12165146604460352799&acvw=sv%3D894%26cb%3Dj%26e%3D9%26nas%3D1%26sdk%3Dh%26p%3D974,1199,1199,1599%26tos%3D2077,0,0,0,0%26mtos%3D2077,2077,2077,2077,2077%26amtos%3D0,0,0,0,0%26mcvt%3D2077%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26dft%3D0%26at%3D0%26dat%3D0%26as%3D0%26vpt%3D2077%26gmm%3D4%26efpf%3D2%26nmt%3D1%26tcm%3D0%26bt%3D505%26pst%3D271%26dur%3D20015%26vmtime%3D1918%26dtos%3D2077%26dtoss%3D1%26dvs%3D2025%26dfvs%3D2025%26dvpt%3D2025%26is%3D275%26i0%3D275%26ic%3D16777217%26cs%3D16781587%26c%3D1%26mc%3D1%26nc%3D1%26mv%3D0%26nv%3D0%26lte%3D1%26ces%26femt%3D916%26femvt%3D0%26emc%3D12%26emuc%3D0%26emb%3D12,0,0,0,0%26avms%3Dexc%26qi%3D832356600%26psm%3D-2147483645%26psv%3D-2147483645%26psfv%3D-2147483645%26psa%3D0%26ptlt%3D1619233573060%26pngs%3D9,14,15s%26veid%3Dxdi%3A0,amp%3A0%26ssb%3D0,0,0,0,0,0,0,0,0,0,2077&gv=atos%3D0,0,0,0,0%26avt%3D0%26davs%3D0%26dafvs%3D0%26dav%3D0%26ss%3D0.04%26t%3D1619233570761?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 24 Apr 2021 03:06:13 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dc_pubid=3;dc_exteid=12165146604460352799;met=1;ecn1=1;etm1=0;eid1=200000;acvw=sv%3D894%26cb%3Dj%26e%3D9%26nas%3D1%26sdk%3Dh%26p%3D974,1199,1199,1599%26tos%3D2077,0,0,0,0%26mtos%3D2077,2077,2077,20...
ade.googlesyndication.com/ddm/activity_ext/ Frame E5E6 42 B
107 B 86ms
85ms Image
image/gif 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ade.googlesyndication.com/ddm/activity_ext/dc_pubid=3;dc_exteid=12165146604460352799;met=1;ecn1=1;etm1=0;eid1=200000;acvw=sv%3D894%26cb%3Dj%26e%3D9%26nas%3D1%26sdk%3Dh%26p%3D974,1199,1199,1599%26tos%3D2077,0,0,0,0%26mtos%3D2077,2077,2077,2077,2077%26amtos%3D0,0,0,0,0%26mcvt%3D2077%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26dft%3D0%26at%3D0%26dat%3D0%26as%3D0%26vpt%3D2077%26gmm%3D4%26efpf%3D2%26nmt%3D1%26tcm%3D0%26bt%3D505%26pst%3D271%26dur%3D20015%26vmtime%3D1918%26dtos%3D2077%26dtoss%3D1%26dvs%3D2025%26dfvs%3D2025%26dvpt%3D2025%26is%3D275%26i0%3D275%26ic%3D16777217%26cs%3D16781587%26c%3D1%26mc%3D1%26nc%3D1%26mv%3D0%26nv%3D0%26lte%3D1%26ces%26femt%3D916%26femvt%3D0%26emc%3D12%26emuc%3D0%26emb%3D12,0,0,0,0%26avms%3Dexc%26qi%3D832356600%26psm%3D-2147483645%26psv%3D-2147483645%26psfv%3D-2147483645%26psa%3D0%26ptlt%3D1619233573060%26pngs%3D9,14,15s%26veid%3Dxdi%3A0,amp%3A0%26ssb%3D0,0,0,0,0,0,0,0,0,0,2077;gv=atos%3D0,0,0,0,0%26avt%3D0%26davs%3D0%26dafvs%3D0%26dav%3D0%26ss%3D0.04%26t%3D1619233570761?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 24 Apr 2021 03:06:13 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 8281 0
20 B 15ms
15ms Image
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=36&t=2&li=v_h.3.453.0&bgai=BKHdvIouDYMiCGpXygAeIsLL4DQAAAAA4AboFEwjw1ZaO85XwAhWk0hEIHUvWApI&bg=!SUqlSg7NAAZUuIlwVLg7ACkAdvg8WmcJiDjBGzcNdi4wsyEBhkFwWAuItiSOPbuIYAV3LTA1S38SBwIAAABtUgAAAA1oAQcKAK0evTcx8GIUPEM7dBA5LKRkB5xsFM3umZ7taNWHNhyfpllUEdjRbIA3oNe7PiGsmERMZDmgAJIZvh6z1dT2TxxRL4vJNFK8oBBretRdq2tiBfkVTTOcLHcxw7snCy3pxywWhIgwOxzbgQbUUuqxNqZL1lFgzTp1ai8129Oj7zRNphAXDg4Sg_Vj68htuQO_zADfgscgz3ric0fURy4xHfoUJRz8F0VmVkf9S3_PgJkB884s8lGqITfNw-kPXawcIAXyuA7AP4ADuhmdof7W0EPmYbOayhNdkSCRjrR-ck8Mvh1QqzIh8nqKQ42tSdEIc09TsDBIw9F0k5QvHpdARUnR_qBUQAWX-SCq7i7upgjKfHK_R861wyyJ3rrbFNT6fbZEIi8jHX4b2za71HmXACHnZ6a3t1TT1a9M2-7K21i_8R9lbAEiRpplgTIQrNK1bTotOQmzJrDmMucBJscjAfCvjbnbzLqjg5HqUiO9mkxnSy8y7EEC0nNw5cVh36HAJlrHCu_0BJBC9idLr-vOLs06oFURVWbbgIR13IWASRnrcReim0q-IVhAZcm8mnwlOTWGUT0pHTCKWf-2Z_1NDJyEkmgQZUOQ9Ipse1YJzkil3XcSXM0xmTLdE2tFLp8SR8fSOZ4QoL4JfcqYg76XgnSFawTAuD0D8x9whz1TCjXjRqypCZ7GHYp8tC0SEm6ylN68eRNVabDCvEydw_40rw0ztOsZTcGAmMTgdBttteuqFjKVUczYTHkH7rXT4IGWr3F0MGLTNX1S7rUrW02O7F6MbLu6bElCp9IJq3bNGqFYqj5vwFTNc8ezWBjrFmr0bNj1ugBdJ18mzBUA9C0MWuLCaMnSALzr9we1YkP9nX1VZtfCoUaJHFYAH2D7yOPspzqX17I

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 24 Apr 2021 03:06:13 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H/1.1 200
OK abt Show response
capi.connatix.com/tr/ Frame EDDB 0
295 B 142ms
141ms XHR
multipart/form-data 3.136.53.133
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://capi.connatix.com/tr/abt?v=114866
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.136.53.133 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-136-53-133.us-east-2.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: multipart/form-data

Response headers

Date: Sat, 24 Apr 2021 03:06:14 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Type: multipart/form-data
Access-Control-Allow-Origin: https://threatpost.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 20

GET
H2 200 /
googleads.g.doubleclick.net/pagead/interaction/ Frame E5E6 42 B
212 B 17ms
16ms Image
image/gif 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/interaction/?ai=CsBrnIouDYMiCGpXygAeIsLL4DezinKVixqLj3uINsJAfEAEg0pbmOGCVAqAB7smU7wLIAQWpAuia16jxS7Q-4AIAqAMBmAQAqgSxAk_QIIhnpizi_kkN4lxPn5psPAkLeIP3QT9XzEyzrb0EnsoJWyNsX7SykDKmZ8-ZENymZaFb6MeHV_q4-qeyyQcpEkKzVR0g1fgGzs7ha4NlQtW8PQsnocZ4dOQ0jcqVQboOsNjFq2dDArthIero2SsMyaGHX3CKp3_Am8Er2neP6e_Ex3tBSOCPGly9-z6u-IGQ83NPUcWX4OXMABhDo4J-ow7W45q_MyXjuLN_UAM34khTUj2e2xSgKrlkdZNXKLD29znru2Kw-9WV2dWVNiWYvlyelnn2S11v-15WFbIDjT3iBoETQYq7PNM69QvTGpZ1t2_4e7s6sLAblz_bM4Ch0Jlffo5lURlNjd3fPdfyiE5KolRwxKdfZv0fxgybl7TidWLU9jYfN5OJs6XptqX5wASflePdzAPgBAGIBbju6rcvoAZUgAf6teuQAagH1ckbqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAec3BuoB-6WsQKoB6a-G6gH7NUbqAfz0RuoB-zVG6gHltgb2AcBqAgB0ggJCIDhgBAQARgd8ggbYWR4LXN1YnN5bi0xMzU2NjMyODYyMzU0NDg2gAoDyAsBsBPKj5wL2BMC2BQBqBYB&sigh=PuhiOXBDPE0&cmd=Ch1jYS12aWRlby1wdWItMTkyOTYxNTY5NDM3MzEwMxAAGAI&label=videoplaytime25&ad_mt=5169&acvw=sv%3D894%26cb%3Dj%26e%3D1%26nas%3D1%26sdk%3Dh%26p%3D974,1199,1199,1599%26tos%3D5239,0,0,0,0%26mtos%3D5239,5239,5239,5239,5239%26amtos%3D0,0,0,0,0%26mcvt%3D5239%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26dft%3D0%26at%3D0%26dat%3D0%26as%3D0%26vpt%3D5239%26gmm%3D4%26efpf%3D2%26nmt%3D1%26tcm%3D0%26bt%3D1111%26pst%3D271%26dur%3D20015%26vmtime%3D5168%26dtos%3D3162%26dtoss%3D2%26dvs%3D3162%26dfvs%3D3162%26dvpt%3D3162%26is%3D275%26i0%3D275%26i1%3D275%26ic%3D0%26cs%3D16781587%26c%3D1%26mc%3D1%26nc%3D1%26mv%3D0%26nv%3D0%26qmt%3D5239,5239,5239,5239,5239%26qnc%3D1%26qmv%3D0%26qnv%3D0%26lte%3D1%26ces%26femt%3D916%26femvt%3D0%26emc%3D28%26emuc%3D0%26emb%3D28,0,0,0,0%26avms%3Dexc%26qi%3D832356600%26psm%3D-2147483585%26psv%3D-2147483585%26psfv%3D-2147483585%26psa%3D0%26ptlt%3D1619233576221%26pngs%3D9s,14,15s%26veid%3Dxdi%3A0,amp%3A0%26ssb%3D0,0,0,0,0,0,0,0,0,0,5239&gv=atos%3D0,0,0,0,0%26avt%3D0%26davs%3D0%26dafvs%3D0%26dav%3D0%26ss%3D0.04%26t%3D1619233570761&sdkv=h.3.453.0&vci=CmgIARIYcHViYWRzLmcuZG91YmxlY2xpY2submV0GgdBZFNlbnNlIAQqDDQ3MzE4MjAzMjE5ODIMNTEzODgxMzA3NzY2QLQCUiAQDyUAAKBBKAE6B3Vua25vd25CB3Vua25vd25IqAFQABgB

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 24 Apr 2021 03:06:16 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dc_pubid=3;dc_exteid=12165146604460352799;met=1;ecn1=1;etm1=0;eid1=960584;acvw=sv%3D894%26cb%3Dj%26e%3D1%26nas%3D1%26sdk%3Dh%26p%3D974,1199,1199,1599%26tos%3D5239,0,0,0,0%26mtos%3D5239,5239,5239,52...
ade.googlesyndication.com/ddm/activity_ext/ Frame E5E6 42 B
107 B 86ms
85ms Image
image/gif 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ade.googlesyndication.com/ddm/activity_ext/dc_pubid=3;dc_exteid=12165146604460352799;met=1;ecn1=1;etm1=0;eid1=960584;acvw=sv%3D894%26cb%3Dj%26e%3D1%26nas%3D1%26sdk%3Dh%26p%3D974,1199,1199,1599%26tos%3D5239,0,0,0,0%26mtos%3D5239,5239,5239,5239,5239%26amtos%3D0,0,0,0,0%26mcvt%3D5239%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26dft%3D0%26at%3D0%26dat%3D0%26as%3D0%26vpt%3D5239%26gmm%3D4%26efpf%3D2%26nmt%3D1%26tcm%3D0%26bt%3D1111%26pst%3D271%26dur%3D20015%26vmtime%3D5168%26dtos%3D3162%26dtoss%3D2%26dvs%3D3162%26dfvs%3D3162%26dvpt%3D3162%26is%3D275%26i0%3D275%26i1%3D275%26ic%3D0%26cs%3D16781587%26c%3D1%26mc%3D1%26nc%3D1%26mv%3D0%26nv%3D0%26qmt%3D5239,5239,5239,5239,5239%26qnc%3D1%26qmv%3D0%26qnv%3D0%26lte%3D1%26ces%26femt%3D916%26femvt%3D0%26emc%3D28%26emuc%3D0%26emb%3D28,0,0,0,0%26avms%3Dexc%26qi%3D832356600%26psm%3D-2147483585%26psv%3D-2147483585%26psfv%3D-2147483585%26psa%3D0%26ptlt%3D1619233576221%26pngs%3D9s,14,15s%26veid%3Dxdi%3A0,amp%3A0%26ssb%3D0,0,0,0,0,0,0,0,0,0,5239;gv=atos%3D0,0,0,0,0%26avt%3D0%26davs%3D0%26dafvs%3D0%26dav%3D0%26ss%3D0.04%26t%3D1619233570761?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 24 Apr 2021 03:06:16 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
googleads.g.doubleclick.net/pagead/interaction/ Frame E5E6 42 B
210 B 17ms
17ms Image
image/gif 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/interaction/?ai=CsBrnIouDYMiCGpXygAeIsLL4DezinKVixqLj3uINsJAfEAEg0pbmOGCVAqAB7smU7wLIAQWpAuia16jxS7Q-4AIAqAMBmAQAqgSxAk_QIIhnpizi_kkN4lxPn5psPAkLeIP3QT9XzEyzrb0EnsoJWyNsX7SykDKmZ8-ZENymZaFb6MeHV_q4-qeyyQcpEkKzVR0g1fgGzs7ha4NlQtW8PQsnocZ4dOQ0jcqVQboOsNjFq2dDArthIero2SsMyaGHX3CKp3_Am8Er2neP6e_Ex3tBSOCPGly9-z6u-IGQ83NPUcWX4OXMABhDo4J-ow7W45q_MyXjuLN_UAM34khTUj2e2xSgKrlkdZNXKLD29znru2Kw-9WV2dWVNiWYvlyelnn2S11v-15WFbIDjT3iBoETQYq7PNM69QvTGpZ1t2_4e7s6sLAblz_bM4Ch0Jlffo5lURlNjd3fPdfyiE5KolRwxKdfZv0fxgybl7TidWLU9jYfN5OJs6XptqX5wASflePdzAPgBAGIBbju6rcvoAZUgAf6teuQAagH1ckbqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAec3BuoB-6WsQKoB6a-G6gH7NUbqAfz0RuoB-zVG6gHltgb2AcBqAgB0ggJCIDhgBAQARgd8ggbYWR4LXN1YnN5bi0xMzU2NjMyODYyMzU0NDg2gAoDyAsBsBPKj5wL2BMC2BQBqBYB&sigh=PuhiOXBDPE0&cmd=Ch1jYS12aWRlby1wdWItMTkyOTYxNTY5NDM3MzEwMxAAGAI&label=video_skip_shown&ad_mt=5169&acvw=sv%3D894%26cb%3Dj%26nas%3D1%26sdk%3Dh%26p%3D974,1199,1199,1599%26p0%3D974,1199,1199,1599%26p1%3D974,1199,1199,1599%26tos%3D5242,0,0,0,0%26mtos%3D5242,5242,5242,5242,5242%26amtos%3D0,0,0,0,0%26mtos1%3D5239,0,0%26mcvt%3D5242%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26a0%3D0%26a1%3D0%26ft%3D0%26at%3D0%26as%3D0%26vpt%3D5242%26gmm%3D4%26efpf%3D2%26nmt%3D1%26tcm%3D0%26bt%3D1114%26pst%3D271%26dur%3D20015%26vmtime%3D5168%26is%3D275%26i0%3D275%26i1%3D275%26cs%3D16781587%26c%3D1%26c0%3D1%26c1%3D1%26mc%3D1%26nc%3D1%26mv%3D0%26nv%3D0%26qmt%3D3,3,3,3,3%26qnc%3D1%26qmv%3D0%26qnv%3D0%26lte%3D1%26ces%26femt%3D916%26femvt%3D0%26emc%3D28%26emuc%3D0%26emb%3D28,0,0,0,0%26avms%3Dexc%26qi%3D832356600%26psm%3D-2147483585%26psv%3D-2147483585%26psfv%3D-2147483585%26psa%3D0%26ptlt%3D1619233576224%26pngs%3D9s,14,15s%26veid%3Dxdi%3A0,amp%3A0%26ssb%3D0,0,0,0,0,0,0,0,0,0,5242%26ss0%3D0.04%26ss1%3D0.04&gv=atos%3D0,0,0,0,0%26avt%3D0%26ss%3D0.04%26t%3D1619233570761&sdkv=h.3.453.0&vci=CmgIARIYcHViYWRzLmcuZG91YmxlY2xpY2submV0GgdBZFNlbnNlIAQqDDQ3MzE4MjAzMjE5ODIMNTEzODgxMzA3NzY2QLQCUiAQDyUAAKBBKAE6B3Vua25vd25CB3Vua25vd25IqAFQABgB

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 24 Apr 2021 03:06:16 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H/1.1 200
OK aq Show response
capi.connatix.com/tr/ Frame EDDB 0
295 B 142ms
141ms XHR
multipart/form-data 3.136.53.133
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://capi.connatix.com/tr/aq?v=114866
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.136.53.133 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-136-53-133.us-east-2.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: multipart/form-data

Response headers

Date: Sat, 24 Apr 2021 03:06:16 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Type: multipart/form-data
Access-Control-Allow-Origin: https://threatpost.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 20

POST
H/1.1 200
OK st Show response
capi.connatix.com/tr/ Frame EDDB 0
295 B 142ms
141ms XHR
multipart/form-data 3.136.53.133
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://capi.connatix.com/tr/st?v=114866
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.136.53.133 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-136-53-133.us-east-2.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: multipart/form-data

Response headers

Date: Sat, 24 Apr 2021 03:06:18 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Type: multipart/form-data
Access-Control-Allow-Origin: https://threatpost.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 20

GET
H3-29 200 /
googleads.g.doubleclick.net/pagead/interaction/ Frame E5E6 42 B
66 B 17ms
16ms Image
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/interaction/?ai=CsBrnIouDYMiCGpXygAeIsLL4DezinKVixqLj3uINsJAfEAEg0pbmOGCVAqAB7smU7wLIAQWpAuia16jxS7Q-4AIAqAMBmAQAqgSxAk_QIIhnpizi_kkN4lxPn5psPAkLeIP3QT9XzEyzrb0EnsoJWyNsX7SykDKmZ8-ZENymZaFb6MeHV_q4-qeyyQcpEkKzVR0g1fgGzs7ha4NlQtW8PQsnocZ4dOQ0jcqVQboOsNjFq2dDArthIero2SsMyaGHX3CKp3_Am8Er2neP6e_Ex3tBSOCPGly9-z6u-IGQ83NPUcWX4OXMABhDo4J-ow7W45q_MyXjuLN_UAM34khTUj2e2xSgKrlkdZNXKLD29znru2Kw-9WV2dWVNiWYvlyelnn2S11v-15WFbIDjT3iBoETQYq7PNM69QvTGpZ1t2_4e7s6sLAblz_bM4Ch0Jlffo5lURlNjd3fPdfyiE5KolRwxKdfZv0fxgybl7TidWLU9jYfN5OJs6XptqX5wASflePdzAPgBAGIBbju6rcvoAZUgAf6teuQAagH1ckbqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAec3BuoB-6WsQKoB6a-G6gH7NUbqAfz0RuoB-zVG6gHltgb2AcBqAgB0ggJCIDhgBAQARgd8ggbYWR4LXN1YnN5bi0xMzU2NjMyODYyMzU0NDg2gAoDyAsBsBPKj5wL2BMC2BQBqBYB&sigh=PuhiOXBDPE0&cmd=Ch1jYS12aWRlby1wdWItMTkyOTYxNTY5NDM3MzEwMxAAGAI&label=videoplaytime50&ad_mt=10169&acvw=sv%3D894%26cb%3Dj%26e%3D2%26nas%3D1%26sdk%3Dh%26p%3D974,1199,1199,1599%26tos%3D10239,0,0,0,0%26mtos%3D10239,10239,10239,10239,10239%26amtos%3D0,0,0,0,0%26mcvt%3D10239%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26dft%3D0%26at%3D0%26dat%3D0%26as%3D0%26vpt%3D10239%26gmm%3D4%26efpf%3D2%26nmt%3D1%26tcm%3D0%26bt%3D2116%26pst%3D271%26dur%3D20015%26vmtime%3D10168%26dtos%3D5000%26dtoss%3D3%26dvs%3D5000%26dfvs%3D5000%26dvpt%3D5000%26is%3D275%26i0%3D275%26i1%3D275%26i2%3D275%26ic%3D512%26cs%3D16782099%26c%3D1%26mc%3D1%26nc%3D1%26mv%3D0%26nv%3D0%26qmt%3D5000,5000,5000,5000,5000%26qnc%3D1%26qmv%3D0%26qnv%3D0%26lte%3D1%26ces%26femt%3D916%26femvt%3D0%26emc%3D53%26emuc%3D0%26emb%3D53,0,0,0,0%26avms%3Dexc%26qi%3D832356600%26psm%3D-2147481601%26psv%3D-2147481601%26psfv%3D-2147481601%26psa%3D0%26ptlt%3D1619233581222%26pngs%3D9s,14,15s%26veid%3Dxdi%3A0,amp%3A0%26ssb%3D0,0,0,0,0,0,0,0,0,0,10239&gv=atos%3D0,0,0,0,0%26avt%3D0%26davs%3D0%26dafvs%3D0%26dav%3D0%26ss%3D0.04%26t%3D1619233570761&sdkv=h.3.453.0&vci=CmgIARIYcHViYWRzLmcuZG91YmxlY2xpY2submV0GgdBZFNlbnNlIAQqDDQ3MzE4MjAzMjE5ODIMNTEzODgxMzA3NzY2QLQCUiAQDyUAAKBBKAE6B3Vua25vd25CB3Vua25vd25IqAFQABgB

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 24 Apr 2021 03:06:21 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dc_pubid=3;dc_exteid=12165146604460352799;met=1;ecn1=1;etm1=0;eid1=18;acvw=sv%3D894%26cb%3Dj%26e%3D2%26nas%3D1%26sdk%3Dh%26p%3D974,1199,1199,1599%26tos%3D10239,0,0,0,0%26mtos%3D10239,10239,10239,10...
ade.googlesyndication.com/ddm/activity_ext/ Frame E5E6 42 B
107 B 392ms
90ms Image
image/gif 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ade.googlesyndication.com/ddm/activity_ext/dc_pubid=3;dc_exteid=12165146604460352799;met=1;ecn1=1;etm1=0;eid1=18;acvw=sv%3D894%26cb%3Dj%26e%3D2%26nas%3D1%26sdk%3Dh%26p%3D974,1199,1199,1599%26tos%3D10239,0,0,0,0%26mtos%3D10239,10239,10239,10239,10239%26amtos%3D0,0,0,0,0%26mcvt%3D10239%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26dft%3D0%26at%3D0%26dat%3D0%26as%3D0%26vpt%3D10239%26gmm%3D4%26efpf%3D2%26nmt%3D1%26tcm%3D0%26bt%3D2116%26pst%3D271%26dur%3D20015%26vmtime%3D10168%26dtos%3D5000%26dtoss%3D3%26dvs%3D5000%26dfvs%3D5000%26dvpt%3D5000%26is%3D275%26i0%3D275%26i1%3D275%26i2%3D275%26ic%3D512%26cs%3D16782099%26c%3D1%26mc%3D1%26nc%3D1%26mv%3D0%26nv%3D0%26qmt%3D5000,5000,5000,5000,5000%26qnc%3D1%26qmv%3D0%26qnv%3D0%26lte%3D1%26ces%26femt%3D916%26femvt%3D0%26emc%3D53%26emuc%3D0%26emb%3D53,0,0,0,0%26avms%3Dexc%26qi%3D832356600%26psm%3D-2147481601%26psv%3D-2147481601%26psfv%3D-2147481601%26psa%3D0%26ptlt%3D1619233581222%26pngs%3D9s,14,15s%26veid%3Dxdi%3A0,amp%3A0%26ssb%3D0,0,0,0,0,0,0,0,0,0,10239;gv=atos%3D0,0,0,0,0%26avt%3D0%26davs%3D0%26dafvs%3D0%26dav%3D0%26ss%3D0.04%26t%3D1619233570761?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 24 Apr 2021 03:06:21 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

204

aclk
www.googleadservices.com/pagead/ Frame E5E6
Redirect Chain

https://googleads.g.doubleclick.net/aclk?sa=l&ai=CmvfdIouDYMiCGpXygAeIsLL4DezinKVixqLj3uINsJAfEAEg0pbmOGCVAqAB7smU7wLIAQWpAuia16jxS7Q-4AIAqAMBmAQAqgS0Ak_QIIhnpizi_kkN4lxPn5psPAkLeIP3QT9XzEyzrb0Enso...
https://www.googleadservices.com/pagead/aclk?sa=L&ai=CJo4wIouDYMiCGpXygAeIsLL4DezinKVixqLj3uINsJAfEAEg0pbmOGCVAqAB7smU7wLIAQWpAuia16jxS7Q-4AIAqAMBmAQAqgS0Ak_QIIhnpizi_kkN4lxPn5psPAkLeIP3QT9XzEyzrb0...

0
0

62ms
62ms

Image
text/html

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.googleadservices.com/pagead/aclk?sa=L&ai=CJo4wIouDYMiCGpXygAeIsLL4DezinKVixqLj3uINsJAfEAEg0pbmOGCVAqAB7smU7wLIAQWpAuia16jxS7Q-4AIAqAMBmAQAqgS0Ak_QIIhnpizi_kkN4lxPn5psPAkLeIP3QT9XzEyzrb0EnsoJWyNsX7SykDKmZ8-ZENymZaFb6MeHV_q4-qeyyQcpEkKzVR0g1fgGzs7ha4NlQtW8PQsnocZ4dOQ0jcqVQboOsNjFq2dDArthIero2SsMyaGHX3CKp3_Am8Er2neP6e_Ex3tBSOCPGly9-z6u-IGQ83NPUcWX4OXMABhDo4J-ow7W45q_MyXjuLN_UAM34khTUj2e2xSgKrlkdZNXKLD29znru2Kw-9WV2dWVNiWYvlyelnn2S11v-15WFbIDjT3iBoETQYq7PNM69QvTGpZ1t2_4e7s6sLAblz_bM4Ch0Jlffo5lURlNjd3fPdfyiE5KogxxZrtXXGsLVIloIdEWw1AKfxPKvpBWHtk1M4zhK-uwwASflePdzAPgBAGIBbju6rcvkgUGCAMQAhgBwAVuoAZUgAf6teuQAagH1ckbqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAec3BuoB-6WsQKoB6a-G6gH7NUbqAfz0RuoB-zVG6gHltgb2AcBqAgB0ggJCIDhgBAQARgd8ggbYWR4LXN1YnN5bi0xMzU2NjMyODYyMzU0NDg2mglCaHR0cHM6Ly93d3cucGhpbGlwcy5kZS9jLW0tcGUvb25lYmxhZGUtdHJpbW1lbi1zdHlsZW4tdW5kLXJhc2llcmVusQmaNczM7uQcZYAKA8gLAdALD-ALAbgMAbATyo-cC9gTAtgUAagWAQ&num=1&client=ca-pub-7379978810940306&ctype=110&label=video_10s_engaged_view&ad_mt=10169&acvw=sv%3D894%26cb%3Dj%26nas%3D1%26sdk%3Dh%26p%3D974,1199,1199,1599%26p0%3D974,1199,1199,1599%26p1%3D974,1199,1199,1599%26p2%3D974,1199,1199,1599%26tos%3D10242,0,0,0,0%26mtos%3D10242,10242,10242,10242,10242%26amtos%3D0,0,0,0,0%26mtos1%3D5239,0,0%26mtos2%3D5000,0,0%26mcvt%3D10242%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26a0%3D0%26a1%3D0%26a2%3D0%26ft%3D0%26at%3D0%26as%3D0%26vpt%3D10242%26gmm%3D4%26efpf%3D2%26nmt%3D1%26tcm%3D0%26bt%3D2119%26pst%3D271%26dur%3D20015%26vmtime%3D10168%26is%3D275%26i0%3D275%26i1%3D275%26i2%3D275%26cs%3D16782099%26c%3D1%26c0%3D1%26c1%3D1%26c2%3D1%26mc%3D1%26nc%3D1%26mv%3D0%26nv%3D0%26qmt%3D3,3,3,3,3%26qnc%3D1%26qmv%3D0%26qnv%3D0%26lte%3D1%26ces%26femt%3D916%26femvt%3D0%26emc%3D53%26emuc%3D0%26emb%3D53,0,0,0,0%26avms%3Dexc%26qi%3D832356600%26psm%3D-2147481601%26psv%3D-2147481601%26psfv%3D-2147481601%26psa%3D0%26ptlt%3D1619233581224%26pngs%3D9s,14,15s%26veid%3Dxdi:0,amp:0%26ssb%3D0,0,0,0,0,0,0,0,0,0,10242%26ss0%3D0.04%26ss1%3D0.04%26ss2%3D0.04&gv=atos%3D0,0,0,0,0%26avt%3D0%26ss%3D0.04%26t%3D1619233570761&cid=CAQSKQCNIrLMeTrl6dqPtECLlgyPD8kesuIdsua6B3Rl2SFL81XBM4ZZzuqb&dblrd=1&val=ChAyMjBiZWMwM2VkYzcwMGVmEK2WjoQGGgi4BnhA4PPRMyABKAE&sig=AOD64_055RnN9ZPVN_0pCITcTvAH2oBzzg&adurl=https://ad.doubleclick.net/ddm/trackclk/N485604.3473192DV360_PH_DE/B25168070.292863583%3Bdc_trk_aid%3D486148734%3Bdc_trk_cid%3D144204931%3Bdc_lat%3D%3Bdc_rdid%3D%3Btag_for_child_directed_treatment%3D%3Btfua%3D%3Bgdpr%3D%24%7BGDPR%7D%3Bgdpr_consent%3D%24%7BGDPR_CONSENT_755%7D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 142.250.186.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra24s06-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Redirect headers

pragma: no-cache
date: Sat, 24 Apr 2021 03:06:21 GMT
x-content-type-options: nosniff
server: adclick_server
p3p: policyref="http://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
location: https://www.googleadservices.com/pagead/aclk?sa=L&ai=CJo4wIouDYMiCGpXygAeIsLL4DezinKVixqLj3uINsJAfEAEg0pbmOGCVAqAB7smU7wLIAQWpAuia16jxS7Q-4AIAqAMBmAQAqgS0Ak_QIIhnpizi_kkN4lxPn5psPAkLeIP3QT9XzEyzrb0EnsoJWyNsX7SykDKmZ8-ZENymZaFb6MeHV_q4-qeyyQcpEkKzVR0g1fgGzs7ha4NlQtW8PQsnocZ4dOQ0jcqVQboOsNjFq2dDArthIero2SsMyaGHX3CKp3_Am8Er2neP6e_Ex3tBSOCPGly9-z6u-IGQ83NPUcWX4OXMABhDo4J-ow7W45q_MyXjuLN_UAM34khTUj2e2xSgKrlkdZNXKLD29znru2Kw-9WV2dWVNiWYvlyelnn2S11v-15WFbIDjT3iBoETQYq7PNM69QvTGpZ1t2_4e7s6sLAblz_bM4Ch0Jlffo5lURlNjd3fPdfyiE5KogxxZrtXXGsLVIloIdEWw1AKfxPKvpBWHtk1M4zhK-uwwASflePdzAPgBAGIBbju6rcvkgUGCAMQAhgBwAVuoAZUgAf6teuQAagH1ckbqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAec3BuoB-6WsQKoB6a-G6gH7NUbqAfz0RuoB-zVG6gHltgb2AcBqAgB0ggJCIDhgBAQARgd8ggbYWR4LXN1YnN5bi0xMzU2NjMyODYyMzU0NDg2mglCaHR0cHM6Ly93d3cucGhpbGlwcy5kZS9jLW0tcGUvb25lYmxhZGUtdHJpbW1lbi1zdHlsZW4tdW5kLXJhc2llcmVusQmaNczM7uQcZYAKA8gLAdALD-ALAbgMAbATyo-cC9gTAtgUAagWAQ&num=1&client=ca-pub-7379978810940306&ctype=110&label=video_10s_engaged_view&ad_mt=10169&acvw=sv%3D894%26cb%3Dj%26nas%3D1%26sdk%3Dh%26p%3D974,1199,1199,1599%26p0%3D974,1199,1199,1599%26p1%3D974,1199,1199,1599%26p2%3D974,1199,1199,1599%26tos%3D10242,0,0,0,0%26mtos%3D10242,10242,10242,10242,10242%26amtos%3D0,0,0,0,0%26mtos1%3D5239,0,0%26mtos2%3D5000,0,0%26mcvt%3D10242%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26a0%3D0%26a1%3D0%26a2%3D0%26ft%3D0%26at%3D0%26as%3D0%26vpt%3D10242%26gmm%3D4%26efpf%3D2%26nmt%3D1%26tcm%3D0%26bt%3D2119%26pst%3D271%26dur%3D20015%26vmtime%3D10168%26is%3D275%26i0%3D275%26i1%3D275%26i2%3D275%26cs%3D16782099%26c%3D1%26c0%3D1%26c1%3D1%26c2%3D1%26mc%3D1%26nc%3D1%26mv%3D0%26nv%3D0%26qmt%3D3,3,3,3,3%26qnc%3D1%26qmv%3D0%26qnv%3D0%26lte%3D1%26ces%26femt%3D916%26femvt%3D0%26emc%3D53%26emuc%3D0%26emb%3D53,0,0,0,0%26avms%3Dexc%26qi%3D832356600%26psm%3D-2147481601%26psv%3D-2147481601%26psfv%3D-2147481601%26psa%3D0%26ptlt%3D1619233581224%26pngs%3D9s,14,15s%26veid%3Dxdi:0,amp:0%26ssb%3D0,0,0,0,0,0,0,0,0,0,10242%26ss0%3D0.04%26ss1%3D0.04%26ss2%3D0.04&gv=atos%3D0,0,0,0,0%26avt%3D0%26ss%3D0.04%26t%3D1619233570761&cid=CAQSKQCNIrLMeTrl6dqPtECLlgyPD8kesuIdsua6B3Rl2SFL81XBM4ZZzuqb&dblrd=1&val=ChAyMjBiZWMwM2VkYzcwMGVmEK2WjoQGGgi4BnhA4PPRMyABKAE&sig=AOD64_055RnN9ZPVN_0pCITcTvAH2oBzzg&adurl=https://ad.doubleclick.net/ddm/trackclk/N485604.3473192DV360_PH_DE/B25168070.292863583%3Bdc_trk_aid%3D486148734%3Bdc_trk_cid%3D144204931%3Bdc_lat%3D%3Bdc_rdid%3D%3Btag_for_child_directed_treatment%3D%3Btfua%3D%3Bgdpr%3D%24%7BGDPR%7D%3Bgdpr_consent%3D%24%7BGDPR_CONSENT_755%7D
cache-control: no-cache, must-revalidate
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H/1.1 200
OK aq Show response
capi.connatix.com/tr/ Frame EDDB 0
295 B 141ms
141ms XHR
multipart/form-data 3.136.53.133
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://capi.connatix.com/tr/aq?v=114866
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.136.53.133 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-136-53-133.us-east-2.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: multipart/form-data

Response headers

Date: Sat, 24 Apr 2021 03:06:21 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Type: multipart/form-data
Access-Control-Allow-Origin: https://threatpost.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 20

GET
H2 204 watchtime
s.youtube.com/api/stats/ Frame C84A 0
0 15ms
15ms Image
text/html 2a00:1450:400c:c07::8a
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.youtube.com/api/stats/watchtime?rti=10&st=0.000&et=10.169&rtn=20.000&ns=yt&fexp=44738437%2C44739826&el=adunit&cpn=YxBUPOmm-hLPYKeo&docid=AR7jBzqhGL0&ver=2&cmt=10.169&fmt=18&rt=10.000&adformat=2_2_1&euri=https%3A%2F%2Fthreatpost.com%2F&len=20.016&vtype=gvp&c=web_gvp_ads&cver=h.0.0.0&cbr=Chrome&cbrver=89.0.4389.72&cos=Linux%20x86_64&cosver=537.36&cplatform=desktop
Requested by: Host: blank
URL: about:blank
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400c:c07::8a Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: quantcount.com
URL: https://quantcount.com/log/error?msg=%5BUSPAPI%5D%20unsuccessful:%20TypeError:%20Cannot%20read%20property%20%27getItem%27%20of%20null

Verdicts & Comments Add Verdict or Comment

278 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.pubmatic.com/	1970-01-19 18:30:25	Name: PugT Value: 1619233568
.pubmatic.com/	1970-01-19 19:56:49	Name: KRTBCOOKIE_466 Value: 16530-882492ba-7d3f-42bd-b6cd-8f6e1be7172d
.pubmatic.com/	1970-01-19 19:56:49	Name: PUBMDCID Value: 3

737 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/ros-layout.js(Line 399) Message: gBrowserWidth =1600
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/ros-layout.js(Line 424) Message: OpenX Slot defined for /21707124336/ThreatPost-970x250-ATF div-gpt-ad-6794670-2
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/ros-layout.js(Line 424) Message: OpenX Slot defined for /21707124336/ThreatPost-300x250-ATF div-gpt-ad-6794670-3
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/ros-layout.js(Line 424) Message: OpenX Slot defined for /21707124336/ThreatPost-300x600-ATF div-gpt-ad-6794670-5
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/ros-layout.js(Line 424) Message: OpenX Slot defined for /21707124336/ThreatPost-2x2-Skin div-gpt-ad-6794670-1
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/cmp.js(Line 27) Message: %cCMP: Startup v270 color: #555599
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/uspcmp.js(Line 8) Message: uspapi: uspapi_init() - v0.105
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/uspcmp.js(Line 8) Message: USP: Locale=en-us gdpr= false
console-api	warning	URL: https://qd.admetricspro.com/js/threatpost/prebid.js(Line 4) Message: fun-hooks: referenced 'registerAdserver' but it was never created
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: ENGINE: gAMPidentityLinkID not present, prebid configured without identyLink
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: ENGINE: gSChainNodes found, prebid configured with 1 supply chain object(s)
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: ENGINE: final pbjs config
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: [object Object]
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: ENGINE: gAMPidentityLinkID not present, prebid configured without ATS Analytics
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: Initial Ad Load
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/cmp.js(Line 27) Message: %cCMP: GVL version is 45 color: #555599
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/cmp.js(Line 27) Message: __uspLaunch begin
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://secure.quantserve.com/quant.js(Line 2) Message: ERROR Sat Apr 24 2021 05:06:03 GMT+0200 (Central European Summer Time) [USPAPI] unsuccessful: TypeError: Cannot read property 'getItem' of null
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	(Line 7) Message: CNX-ad-imp
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

aax-eu.amazon-adsystem.com
ad.doubleclick.net
ad.turn.com
ade.googlesyndication.com
ads.playground.xyz
ads.pubmatic.com
adservice.google.com
amazon-tam-match.dotomi.com
analytics.twitter.com
assets.threatpost.com
aud.pubmatic.com
beacon.lynx.cognitivlabs.com
bttrack.com
c.amazon-adsystem.com
c1.adform.net
capi.connatix.com
cd.connatix.com
cds.connatix.com
cm.ctnsnet.com
cm.g.doubleclick.net
csi.gstatic.com
d.adroll.com
d5p.de17a.com
dis.criteo.com
dsp.adfarm1.adition.com
dsum-sec.casalemedia.com
eb2.3lift.com
eus.rubiconproject.com
googleads.g.doubleclick.net
graph.facebook.com
ib.adnxs.com
id.rlcdn.com
image2.pubmatic.com
image4.pubmatic.com
image6.pubmatic.com
imasdk.googleapis.com
img.connatix.com
kasperskycontenthub.com
lit.connatix.com
match.adsby.bidtheatre.com
match.adsrvr.org
match.prod.bidr.io
media.threatpost.com
mwzeom.zeotap.com
pagead2.googlesyndication.com
pixel-eu.rubiconproject.com
pixel-sync.sitescout.com
pixel.quantserve.com
pixel.rubiconproject.com
pr-bh.ybp.yahoo.com
pubads.g.doubleclick.net
pubmatic-match.dotomi.com
qd.admetricspro.com
quantcount.com
r.scoota.co
r2---sn-4g5e6ne6.googlevideo.com
rules.quantcount.com
s.amazon-adsystem.com
s.youtube.com
s0.2mdn.net
secure.adnxs.com
secure.quantserve.com
securepubads.g.doubleclick.net
simage2.pubmatic.com
ssum-sec.casalemedia.com
static.ads-twitter.com
stats.g.doubleclick.net
sync-tm.everesttech.net
sync.mathtag.com
t.co
tagan.adlightning.com
threatpost.com
token.rubiconproject.com
tpc.googlesyndication.com
uipglob.semasio.net
um.simpli.fi
ups.analytics.yahoo.com
vid.connatix.com
visitor.fiftyt.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
www.linkedin.com
www.reddit.com
x.bidswitch.net
yt3.ggpht.com
quantcount.com
104.111.230.142
104.244.42.5
104.244.42.67
13.33.139.65
142.250.185.102
142.250.186.130
142.250.186.98
142.250.74.194
143.204.247.127
151.101.113.140
151.101.114.137
151.101.114.49
151.101.14.137
159.253.128.183
159.65.196.12
178.250.0.163
18.156.0.31
185.29.135.227
185.33.220.241
185.33.221.50
185.64.189.249
185.64.190.78
185.64.190.80
185.64.190.81
192.132.33.46
199.232.136.157
2.18.233.180
2.18.234.21
2001:678:cb4:bbbb::11
213.155.156.166
216.58.212.162
2600:9000:206f:600:0:5c46:4f40:93a1
2600:9000:215d:e200:6:44e3:f8c0:93a1
2600:9000:215d:f800:2:9275:3d40:93a1
2606:4700:10::6816:1957
2606:4700:3037::6815:fad
2607:f8b0:4000:814::2003
2620:116:800d:21:8c6e:cf2c:8d6:9fb5
2620:1ec:21::14
2a00:1288:110:c305::8000
2a00:1450:4001:2a::8
2a00:1450:4001:800::2003
2a00:1450:4001:80e::2006
2a00:1450:4001:810::2002
2a00:1450:4001:811::2002
2a00:1450:4001:811::2004
2a00:1450:4001:811::2008
2a00:1450:4001:811::200e
2a00:1450:4001:813::2001
2a00:1450:4001:813::2002
2a00:1450:4001:827::200e
2a00:1450:4001:828::2002
2a00:1450:4001:828::200a
2a00:1450:4001:82a::2001
2a00:1450:4001:82b::2003
2a00:1450:4001:82b::2004
2a00:1450:400c:c07::8a
2a00:1450:400c:c0d::9c
2a02:fa8:8806:16::1370
2a03:2880:f03d:12:face:b00c:0:2
3.121.70.57
3.136.53.133
3.91.110.183
34.98.107.212
35.173.160.135
35.186.193.173
35.201.96.126
35.244.174.68
37.157.4.24
52.209.246.140
52.30.186.230
52.57.230.211
52.95.124.165
54.154.113.1
54.74.23.153
66.155.71.25
69.173.144.139
69.173.144.165
72.21.206.140
77.243.60.138
85.114.159.118
01864580e1f385dc4512aed0de4b324cc1a04812709e7020e857612fc0ce9f4c
03fa924099182c607c33fb7877f50e7de0ae3522e1bcff8f7247ae5e88a2b25b
05a58707d25ec9885faf81f026410f37d3757c0689d56b7ec1fc8b2f9cffb9d1
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844
06fc565587b8b700936a1677218cb269a6cc31ca5f701eb45461e86a3d54d5c7
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0e2cf736811fb42637e5a38f944244e93de5d0715ad0249716b6222d19d17dae
0e4d3f3445e3a29793cfea20a36e8b23a8f56b88c05a50d1c83ae410fb72fced
0f214157c74585a6a07c2d7beaaa318068b4e5a4697bcb9952c5a9b4b54e1520
121759a5685d646154007f118926d313bf782423aeab37ffd16de5c183c0d6d0
1638f274e5791d3814ad4ba4e1c229015d6023e0e9b6d7c0ec906cbb3358a5d9
172314ff74044b918766ed4763279b5e8798622087c0a2930f59c9d44662213d
178f058426830d14a05750625b5f6750efc3cb905e25899209cde01fcd4877af
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002
19812f977bcab06dbfb2598bcb172cd919e1ba52cae8a6f60b33968fbd50b3d6
19d350a23f46ee2c61e56905e3f24c9c829204c49e2052554358330f7970b6bb
19f9f1d89394148453c31fa1b22c55b46687eb6dcb47ac01a5f7e7656aa43f6c
1a4aff293b2e8e1bddee4ae19e065a4ba43dc1f40bc6851b6501d76aba3b102e
1ae61ed61290f9bf2619f52667aafa622c805072c75765025f0b61a23862005f
1d77f1857d13f4f1ba3f5af594e669146b07c8cddfb9e8ebd66c217f62d50b19
204f07f3fdb4b724f817614f493ede02272a0621eed615f1cd3556fc78d5f88d
23371b5319a53a0a2d3c59d738d679c384822c244ea4e791ef87a4110b8a291e
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
2cb09c7b3e19bfc41743ca3624ef81c3258d56525647feac76aa757e0292627a
2de77164bb9924542e1dea4ee4a0ff27d40b51a3d7939dac7db11a95045c9b7d
3097d0444becd9d089b52b7074072f19201525de874d0775012572fb375b7838
3143145c4a165c8481f6c7c3b7488069c45fead97d7b6cc8f2f5187d9ff0dc38
39af7c1116fb967a330e8770f775e6b5ee871add01ed45c98a1634911cebfb0a
3b232d2d8db1494df82982150951c2c27488d8cba66f1dd0a11f99034117dce3
3b2ea1c9f3587781b58285cf64279e67f6329a3924fb93f81529f1826e2f4d16
3bb2621a4c0c710f6e78404473aebff8e115a28f8d53f44339b867c63ad93b26
3ca8d7a9f4ff5f8b4fbdc361a9a62b7e59518751f332a65ed290ef5c86d62f82
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
3f8a0180f1faf6374a1d4fa3cb72d63d223fa6e139d1d854eb0b250be56dbfe7
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390
41f3222c29889fb48f5dca1d481858e5339a759655510c256ef4edf56c80f7f5
420508fc523520f35de5c851905543294123d7676b5a5668744691f2abe9e730
45ddc09b0ad6ab916bd9a0282070b161045e186fc025303f4aa1aa821fc45ac7
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
492abbc30ace41332a8f68b7f34f56333a037aebac34e0bc9b9cedb0d1c3b032
4acda90e0e320a5ca3fb7146151c98339708a86deae2d6c04aa542eb06c6033b
4cf52cc73734aa71f26f6a10be9aeec89602af45bf0f9abd5c8445a076c1ae1a
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4edf4e4d19fa8ec8abf42e728012fb704a7d8e49a25bbf778b77abd20d90b8ce
4ef414f947bc802bea88d18ae69ca7d56939d81d7df79a7266688a8e1c14b190
506d565f94cecbb486394c545a96e8459217f8d045496b511e8c815142abfc70
59c35f54d601301c5ad4ac4d92d0d60f8c09e264cafe2e61a756c059889b6da9
5a7ed822968963e31d88424c96387ad9f4fd4f4b5a5b581a33f65e3784d162cf
5be614bce53f767993a5f5f14a6badd6aae6bf3af7cbdbf4d31520de49e27991
5d25942b7da85bc7cdb258cdb436227b1de7e3a2b50c61f7d7050eff911f88f1
5d77edb71e1031ff06541a7a2bd05cd3dbc3bfd5434711bae081fc06f8791558
612516365fd01d2eab054b01f74bf049689482adf689d60332447e670ca3d8d5
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6c01eb186b97a4eb31c83dd37dea284d5aa0fba9498409dc0335cd0c792f6923
6cdc57f82f4b0d09e5b4e584ca4736cd3871f20563d4ce25120b057d8ffb4eb2
6fb22a39cc3607d5e14d89ffc077285e091c70cbdb71bc20bf1b1797be9a0906
72eaaf36ecf9e2e0757d5154ce285d44296ee79b32ea122953df2a1133c6f2fb
73339d824e344121a3039b2e0e9c9353fb8132e005bb6d53249814c213520d5d
739ab1cbd5fc795c806cfbc012e937834a1d566f02ed72ff02af2700c0629eb4
7a13adfcd0d4d1ad9751711847c4875c38549debf944bb85b34dd3c09ab47bc8
7f5a24dcfe7dcebdd7a0528b9b472e9ed77a94720bac3cc6a3ee91bb4441e2d6
8000d797097e74bfff377d2f3fca7e046ee4490ea4edb70c2c0b189575847629
814221921d936293a6dcceebe84bea01d2a40a18be1072d4b216914014532e2a
81ab472b1dce1d9c9963902ee0077de0a2e13d75c8e82a6f38da84e6718ced7d
82f1fbe95dbd4e1128a973db542bf50ab7ac8fbf35bfefca2e782b0a0572e564
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
83c6bdb6c54b2fb90a204cf0279e2d868513572d0963ec534083902c1307844b
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
859faa9b9ed0990288b2f393a102b1fe2668ac79088b113b6f0beaee521221eb
861aed070db50ce0da9928455deff784c115b44540b09450f225ff7cff0c7429
89ce08431545cd3c6d42419d99ee0152027a68c1d0c7c82838cc9a51d9d52451
8cd629187427fdb93787d7156be7a32c391bb2a8da471bbaa274e806e48b36e7
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
911ab7e37e6c5f99c9abd4681ce46812477ec1cda52e235ad3c6b297c2681422
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
9e5a3984c873d9f7009795b85f0d9bfa38e8f9dddc2309d83556aea4d7ee41a0
a11f37584d425c821f06a42bb6a20546c9ceaf34bbf5d4d776afbaef40148e6e
a11f48b87a3c4be2196d0b13aca9e2517746dc847d0531d4e4fa6e8545a3eab0
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a9d2b2df99c1a115d5394c70a898d8801092208dc582f8bd6fb01b35c30d6b22
aa64fa30a3263fa3105736228a6feaaa4f7d32d8ef96b12e56f6fb95511b66a7
aabef6fdf6754720952bba161391163f9b54dcd8302f64c85746a92c5aa8bae7
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
acccc501aa6afa3cfac15e8ddccf1561deed2ed08c2f7d652abbdbe9aa71609a
ad309904b3882d0bc665ba54e6fc9a708e89a6155fdce036c73ab386c80086c1
ae00ae9c862bc8b8923efd1d9a18befa912678a869d4dd01179a59ed3de731be
ae28c06365d595f3ebaa60c0955647fd8410dca74a6530e482e8a06b4fbf0a8a
b0209d39595432d762f6ba2a81dc0bffa6a6e1ed9021ba24ffa06c3c7e4bcb02
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b38a921c451be2d94cab9e5d58a914197ed2a00c4a1c2ba421e3e5b34755200d
b563b359f3e9603a430426bfc3a0ce01463c44f0b93b5eb357f157b51393b57f
b5b714db37b15f12751494535f3b0010aa0bcaa9db892dafaba7ae356e86187c
bbc688ea0af0051ff5a2e638a07cc36980f10deef3e1d0bdd069811768c6fe30
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
c5dec046e34be07896b049576ab815e325858284addd14fb16f61f7b1c119378
c92fded78b78e33ed04f2afa01045ef08f5b7bee1d4e22420faf621b1111a5b3
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d0bffc7261df1454c5e05475cda7d9e6647318dc6c3936767e1252bfe8849c54
d36998265578b1657d38d960ab7940b23e0e4c79ecb4709132768f1e14f61e73
d3818d9ae0f05f83634e9e490679532367015c1989fc539c99c0913b656d4941
d62a7b7ec5313469ebff5c006b9068dc44d6d1c122cf787ffa29a10113b34060
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
ded1460ee944d899efb0142c9acf24aadb4633a3085d4355a769b93393796947
df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf
e3999ebe18f28ba6a3e1156095d2f0fea666be5c573424025f3ef573ce890d05
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4058d4ee9da1ceaddfa91ddb63650ba67285f1bbfee487d9dfe648bced669a0
e413a831d66905df2d4938796ae271fd0c172709e20a50199d927eb4b7aad97e
e47eca73d4f42cce27c15cbff1e6b28a6716616c71f893d912ae941b37460998
ec95a631650981cd2ff2eecd07118042dee23fc0a3fd6ed70926fa3d94e4e5d3
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f028005ddb70b89e43a3f9256aaf0d47bd4565fb5099a53211941b87bedb0d10
f0c7a618175b47f314a02a2b8a2858d200a95ad088527eed5ec0090fd03e075c
f1c022aff023cba27a95c593e440595dfb6f16413a18483866e74a56e2563db5
f48a8c7ae378de608399b5c6874dd10eda599ea4bb8e53dcc667381a04e24e93
f4f2c0a4763f01ee2b13b4f8189e6fd5f32bd704d71fed8d0f11883de9724198
f75166e3f70100b65a6ce1d4128bc15286e92b19a546fa7709f739e9bcfe52c6
f8a2b5b62eb722c3379b30cf0cc58d3176ee6be48036d6ad2aa838d2029c4189
fdf13c893d73c393034346f4a66e77e1880ba5d99264b63a1a3a048e43c6327c
ffdbea2a5a9959ea5f9809139a0178c725fa9474a88f1cfe10f702bdb35c3cc0

threatpost.com Open in urlscan Pro 35.173.160.135 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

222 Requests

100 %HTTPS

37 %IPv6

58 Domains

90 Subdomains

64 IPs

9 Countries

6295 kBTransfer

11977 kBSize

3 Cookies

12 Outgoing links

Redirected requests

222 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

threatpost.com Open in urlscan Pro
35.173.160.135 Public Scan

Screenshot
Live screenshot

Full Image

222
Requests

100 %
HTTPS

37 %
IPv6

58
Domains

90
Subdomains

64
IPs

9
Countries

6295 kB
Transfer

11977 kB
Size

3
Cookies

222 HTTP transactions
0 data transactions