securityaffairs.co Open in urlscan Pro
2001:8d8:100f:f000::289 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://t.co/MBE9JJENv7
Effective URL:
https://securityaffairs.co/wordpress/125409/malware/moobot-botnet-hikvision.html
Submission: On December 13 via api (December 13th 2021, 2:52:06 pm UTC) from US — Scanned from DE

Summary HTTP 445 Redirects Links 20 Behaviour Indicators

Summary

This website contacted 107 IPs in 12 countries across 95 domains to perform 445 HTTP transactions. The main IP is 2001:8d8:100f:f000::289, located in Germany and belongs to IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE. The main domain is securityaffairs.co.
TLS certificate: Issued by GeoTrust TLS DV RSA Mixed SHA256 2020... on March 24th 2021. Valid for: a year.

This is the only time securityaffairs.co was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1	104.244.42.133 104.244.42.133	13414 (TWITTER) (TWITTER)
45	2001:8d8:100f... 2001:8d8:100f:f000::289	8560 (IONOS-AS ...) (IONOS-AS This is the joint network for IONOS)
1	2a00:1450:400... 2a00:1450:4001:80e::2008	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6812:acf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2600:9000:205... 2600:9000:2057:8600:3:c04e:c780:93a1	16509 (AMAZON-02) (AMAZON-02)
1	13.32.22.86 13.32.22.86	16509 (AMAZON-02) (AMAZON-02)
20	2.18.235.93 2.18.235.93	16625 (AKAMAI-AS) (AKAMAI-AS)
13	68.183.31.14 68.183.31.14	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
10	192.0.77.2 192.0.77.2	2635 (AUTOMATTIC) (AUTOMATTIC)
2	2a03:2880:f01... 2a03:2880:f01c:8012:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
3	192.0.76.3 192.0.76.3	2635 (AUTOMATTIC) (AUTOMATTIC)
3	2a00:1450:400... 2a00:1450:4001:811::200e	15169 (GOOGLE) (GOOGLE)
3	3.127.253.208 3.127.253.208	16509 (AMAZON-02) (AMAZON-02)
1	2600:9000:206... 2600:9000:206f:3800:c:abe:f440:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:803::2004	15169 (GOOGLE) (GOOGLE)
13	23.58.216.132 23.58.216.132	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2a04:fa87:fff... 2a04:fa87:fffe::c000:4902	2635 (AUTOMATTIC) (AUTOMATTIC)
1	2a03:2880:f01... 2a03:2880:f01c:800e:face:b00c:0:2	32934 (FACEBOOK) (FACEBOOK)
3	2606:4700:20:... 2606:4700:20::ac43:4671	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 2	3.120.52.200 3.120.52.200	16509 (AMAZON-02) (AMAZON-02)
1 2	2a02:2638:1::13 2a02:2638:1::13	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
2	178.250.0.157 178.250.0.157	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1 3	51.75.146.199 51.75.146.199	16276 (OVH) (OVH)
4 7	15.197.193.217 15.197.193.217	16509 (AMAZON-02) (AMAZON-02)
3 5	185.33.221.53 185.33.221.53	29990 (ASN-APPNEX) (ASN-APPNEX)
7	157.245.94.128 157.245.94.128	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
4	185.64.189.112 185.64.189.112	62713 (AS-PUBMATIC) (AS-PUBMATIC)
3 18	185.33.221.87 185.33.221.87	29990 (ASN-APPNEX) (ASN-APPNEX)
4	178.162.133.150 178.162.133.150	60781 (LEASEWEB-...) (LEASEWEB-NL-AMS-01 Netherlands)
4	35.156.230.193 35.156.230.193	16509 (AMAZON-02) (AMAZON-02)
2 10	216.52.2.30 216.52.2.30	29791 (VOXEL-DOT...) (VOXEL-DOT-NET)
8	35.244.159.8 35.244.159.8	15169 (GOOGLE) (GOOGLE)
4	2602:803:c003... 2602:803:c003:200::51	26667 (RUBICONPR...) (RUBICONPROJECT)
4	34.149.20.76 34.149.20.76	15169 (GOOGLE) (GOOGLE)
4	34.107.148.139 34.107.148.139	15169 (GOOGLE) (GOOGLE)
3	18.185.195.105 18.185.195.105	16509 (AMAZON-02) (AMAZON-02)
4	185.86.138.122 185.86.138.122	201081 (SMARTADSE...) (SMARTADSERVER)
2	18.156.195.47 18.156.195.47	16509 (AMAZON-02) (AMAZON-02)
5	34.102.149.62 34.102.149.62	15169 (GOOGLE) (GOOGLE)
1 2	5.178.65.245 5.178.65.245	50673 (SERVERIUS-AS) (SERVERIUS-AS)
32	2a00:1450:400... 2a00:1450:4001:829::2002	15169 (GOOGLE) (GOOGLE)
1 1	66.155.71.149 66.155.71.149	13768 (COGECO-PEER1) (COGECO-PEER1)
4	46.249.52.248 46.249.52.248	50673 (SERVERIUS-AS) (SERVERIUS-AS)
3	5.178.65.253 5.178.65.253	50673 (SERVERIUS-AS) (SERVERIUS-AS)
1	35.186.253.211 35.186.253.211	15169 (GOOGLE) (GOOGLE)
3 6	3.228.116.73 3.228.116.73	14618 (AMAZON-AES) (AMAZON-AES)
1 3	162.55.236.225 162.55.236.225	24940 (HETZNER-AS) (HETZNER-AS)
1 1	23.79.143.124 23.79.143.124	16625 (AKAMAI-AS) (AKAMAI-AS)
4	23.37.42.132 23.37.42.132	16625 (AKAMAI-AS) (AKAMAI-AS)
6	2.18.233.180 2.18.233.180	16625 (AKAMAI-AS) (AKAMAI-AS)
2 4	185.64.190.78 185.64.190.78	62713 (AS-PUBMATIC) (AS-PUBMATIC)
3 9	2.18.234.21 2.18.234.21	16625 (AKAMAI-AS) (AKAMAI-AS)
1	51.89.9.251 51.89.9.251	16276 (OVH) (OVH)
18	2606:4700:10:... 2606:4700:10::ac43:db6	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	69.173.144.165 69.173.144.165	26667 (RUBICONPR...) (RUBICONPROJECT)
3 4	37.157.2.238 37.157.2.238	198622 (ADFORM) (ADFORM)
2 2	213.155.156.166 213.155.156.166	1299 (TWELVE99 ...) (TWELVE99 Twelve99)
7	185.64.189.110 185.64.189.110	62713 (AS-PUBMATIC) (AS-PUBMATIC)
1	178.250.2.151 178.250.2.151	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
3 3	85.114.159.93 85.114.159.93	24961 (MYLOC-AS ...) (MYLOC-AS IP Backbone of myLoc managed IT AG)
11	185.64.190.80 185.64.190.80	62713 (AS-PUBMATIC) (AS-PUBMATIC)
3	151.101.2.49 151.101.2.49	54113 (FASTLY) (FASTLY)
4 4	52.215.67.233 52.215.67.233	16509 (AMAZON-02) (AMAZON-02)
22 39	142.250.181.226 142.250.181.226	15169 (GOOGLE) (GOOGLE)
1 1	74.214.196.131 74.214.196.131	19189 (PULSEPOINT) (PULSEPOINT)
1	185.86.139.114 185.86.139.114	201081 (SMARTADSE...) (SMARTADSERVER)
3 3	213.19.147.45 213.19.147.45	26120 (RHYTHMONE) (RHYTHMONE)
3 3	34.194.7.56 34.194.7.56	14618 (AMAZON-AES) (AMAZON-AES)
1 1	23.88.75.189 23.88.75.189	24940 (HETZNER-AS) (HETZNER-AS)
1 1	188.165.4.142 188.165.4.142	16276 (OVH) (OVH)
1	72.251.245.179 72.251.245.179	29791 (VOXEL-DOT...) (VOXEL-DOT-NET)
1	2606:4700:303... 2606:4700:3039::6815:c099	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 2	2a04:4e42:400... 2a04:4e42:400::300	54113 (FASTLY) (FASTLY)
1	151.101.65.44 151.101.65.44	54113 (FASTLY) (FASTLY)
1	195.5.165.20 195.5.165.20	44968 (IPROM-AS) (IPROM-AS)
4 4	185.29.132.245 185.29.132.245	30419 (MEDIAMATH...) (MEDIAMATH-INC)
3	198.47.127.20 198.47.127.20	3257 (GTT-BACKB...) (GTT-BACKBONE GTT)
3 3	146.59.148.16 146.59.148.16	16276 (OVH) (OVH)
4 8	34.249.68.36 34.249.68.36	16509 (AMAZON-02) (AMAZON-02)
1 2	169.50.137.184 169.50.137.184	36351 (SOFTLAYER) (SOFTLAYER)
1 2	2620:116:800d... 2620:116:800d:21:f916:5049:f87f:108e	16509 (AMAZON-02) (AMAZON-02)
2 3	18.156.0.31 18.156.0.31	16509 (AMAZON-02) (AMAZON-02)
1 2	2a05:d018:d29... 2a05:d018:d29:3605:14b1:76c0:1806:81d9	16509 (AMAZON-02) (AMAZON-02)
3 3	18.195.177.130 18.195.177.130	16509 (AMAZON-02) (AMAZON-02)
2 2	18.192.161.141 18.192.161.141	16509 (AMAZON-02) (AMAZON-02)
1 1	2001:678:cb4:... 2001:678:cb4:bbbb::11	56396 (AMOBEE) (AMOBEE)
1	2a02:fa8:8806... 2a02:fa8:8806:13::1400	41041 (VCLK-EU-SE) (VCLK-EU-SE)
1 2	66.155.71.150 66.155.71.150	13768 (COGECO-PEER1) (COGECO-PEER1)
1 1	159.65.197.210 159.65.197.210	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
1 1	34.102.253.54 34.102.253.54	15169 (GOOGLE) (GOOGLE)
1	54.228.52.99 54.228.52.99	16509 (AMAZON-02) (AMAZON-02)
3 4	35.227.248.159 35.227.248.159	15169 (GOOGLE) (GOOGLE)
1 2	37.157.2.234 37.157.2.234	198622 (ADFORM) (ADFORM)
1	2600:1f18:659... 2600:1f18:6593:f606:5126:e6b:eab6:7393	14618 (AMAZON-AES) (AMAZON-AES)
2 2	2a05:d018:24:... 2a05:d018:24:b001:be6e:d2d6:b7bf:2108	16509 (AMAZON-02) (AMAZON-02)
3 4	54.228.253.216 54.228.253.216	16509 (AMAZON-02) (AMAZON-02)
1	34.254.143.3 34.254.143.3	16509 (AMAZON-02) (AMAZON-02)
1 1	151.1.205.165 151.1.205.165	3242 (ASN-ITNET) (ASN-ITNET)
2 2	35.201.81.244 35.201.81.244	15169 (GOOGLE) (GOOGLE)
1	89.163.159.109 89.163.159.109	24961 (MYLOC-AS ...) (MYLOC-AS IP Backbone of myLoc managed IT AG)
1 1	212.82.100.182 212.82.100.182	34010 (YAHOO-IRD) (YAHOO-IRD)
1	34.98.67.61 34.98.67.61	15169 (GOOGLE) (GOOGLE)
3	52.215.164.121 52.215.164.121	16509 (AMAZON-02) (AMAZON-02)
1 1	2.18.233.201 2.18.233.201	16625 (AKAMAI-AS) (AKAMAI-AS)
1 1	52.206.55.189 52.206.55.189	14618 (AMAZON-AES) (AMAZON-AES)
1 2	54.239.37.23 54.239.37.23	16509 (AMAZON-02) (AMAZON-02)
1 1	104.111.215.191 104.111.215.191	16625 (AKAMAI-AS) (AKAMAI-AS)
1 1	52.18.61.23 52.18.61.23	16509 (AMAZON-02) (AMAZON-02)
1 2	209.54.180.144 209.54.180.144	16509 (AMAZON-02) (AMAZON-02)
1 1	193.0.160.128 193.0.160.128	54312 (ROCKETFUEL) (ROCKETFUEL)
4 7	69.173.144.139 69.173.144.139	26667 (RUBICONPR...) (RUBICONPROJECT)
1	35.244.174.68 35.244.174.68	15169 (GOOGLE) (GOOGLE)
3	142.250.185.66 142.250.185.66	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:831::2002	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:811::2002	15169 (GOOGLE) (GOOGLE)
1 8	2a00:1450:400... 2a00:1450:4001:812::2002	15169 (GOOGLE) (GOOGLE)
1	65.9.68.65 65.9.68.65	16509 (AMAZON-02) (AMAZON-02)
1	51.158.28.83 51.158.28.83	12876 (Online SAS) (Online SAS)
1	2a00:1450:400... 2a00:1450:4001:827::200a	15169 (GOOGLE) (GOOGLE)
15	2a00:1450:400... 2a00:1450:4001:82f::2001	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:82b::2002	15169 (GOOGLE) (GOOGLE)
1 5	2a00:1450:400... 2a00:1450:4001:828::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:813::2003	15169 (GOOGLE) (GOOGLE)
4	104.17.120.107 104.17.120.107	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	151.101.193.108 151.101.193.108	54113 (FASTLY) (FASTLY)
1	67.202.105.23 67.202.105.23	32748 (STEADFAST) (STEADFAST)
2	2a00:1450:400... 2a00:1450:4001:82b::2003	15169 (GOOGLE) (GOOGLE)
1 1	204.62.13.72 204.62.13.72	46636 (NATCOWEB) (NATCOWEB)
2 2	72.251.244.142 72.251.244.142	29791 (VOXEL-DOT...) (VOXEL-DOT-NET)
1 1	20.72.149.136 20.72.149.136	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
8	2a00:1450:400... 2a00:1450:4001:810::2006	15169 (GOOGLE) (GOOGLE)
2	52.57.150.20 52.57.150.20	16509 (AMAZON-02) (AMAZON-02)
1 1	2620:1ec:22::14 2620:1ec:22::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	34.96.105.8 34.96.105.8	15169 (GOOGLE) (GOOGLE)
1 1	2600:9000:211... 2600:9000:211e:f600:1b:5138:8a40:93a1	16509 (AMAZON-02) (AMAZON-02)
2	142.250.186.66 142.250.186.66	15169 (GOOGLE) (GOOGLE)
1	82.113.101.132 82.113.101.132	6805 (TDDE-ASN1) (TDDE-ASN1)
1 1	2001:678:cb4:... 2001:678:cb4:bbbb::13	56396 (AMOBEE) (AMOBEE)
445	107

1 104.244.42.133 (United States)

ASN13414 (TWITTER, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

45 2001:8d8:100f:f000::289 (Germany)

ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE)

securityaffairs.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80e::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:acf (United States)

ASN13335 (CLOUDFLARENET, US)

maxcdn.bootstrapcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2057:8600:3:c04e:c780:93a1 (United States)

ASN16509 (AMAZON-02, US)

ws.sharethis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.32.22.86 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-22-86.fra56.r.cloudfront.net

platform-api.sharethis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

20 2.18.235.93 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-235-93.deploy.static.akamaitechnologies.com

contextual.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 68.183.31.14 (North Bergen, United States)

ASN14061 (DIGITALOCEAN-ASN, US)

served-by.pixfuture.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 192.0.77.2 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)
PTR: i0.wp.com

i0.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
i1.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
i2.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f01c:8012:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 192.0.76.3 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)

stats.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:811::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 3.127.253.208 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-127-253-208.eu-central-1.compute.amazonaws.com

l.sharethis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:206f:3800:c:abe:f440:93a1 (United States)

ASN16509 (AMAZON-02, US)

buttons-config.sharethis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:803::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 23.58.216.132 (Berlin, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-58-216-132.deploy.static.akamaitechnologies.com

lg3.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:fa87:fffe::c000:4902 (Ireland)

ASN2635 (AUTOMATTIC, US)

secure.gravatar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f01c:800e:face:b00c:0:2 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

graph.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700:20::ac43:4671 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.pixfuture.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.120.52.200 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-120-52-200.eu-central-1.compute.amazonaws.com

aa.agkn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:2638:1::13 (France) 1 redirects

ASN44788 (ASN-CRITEO-EUROPE, FR)

gum.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 178.250.0.157 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

mug.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 51.75.146.199 (France) 1 redirects

ASN16276 (OVH, FR)
PTR: p12.id5-sync.com

id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 15.197.193.217 (United States) 4 redirects

ASN16509 (AMAZON-02, US)
PTR: a12b7a488abeaa9e4.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 185.33.221.53 (Amsterdam, Netherlands) 3 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 718.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 157.245.94.128 (North Bergen, United States)

ASN14061 (DIGITALOCEAN-ASN, US)

prebidserver.pixfuture.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 185.64.189.112 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)

hbopenbid.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

18 185.33.221.87 (Amsterdam, Netherlands) 3 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 723.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 178.162.133.150 (Rotterdam, Netherlands)

ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL)
PTR: ams-1-apex.go.sonobi.com

apex.go.sonobi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 35.156.230.193 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-35-156-230-193.eu-central-1.compute.amazonaws.com

hb.emxdgt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 216.52.2.30 (United States) 2 redirects

ASN29791 (VOXEL-DOT-NET, US)

ap.lijit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 35.244.159.8 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 8.159.244.35.bc.googleusercontent.com

pixfuture2-d.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2602:803:c003:200::51 (Amsterdam, Netherlands)

ASN26667 (RUBICONPROJECT, US)

fastlane.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 34.149.20.76 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 76.20.149.34.bc.googleusercontent.com

ssc.33across.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 34.107.148.139 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 139.148.107.34.bc.googleusercontent.com

prebid.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 18.185.195.105 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-185-195-105.eu-central-1.compute.amazonaws.com

btlr.sharethrough.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 185.86.138.122 (France)

ASN201081 (SMARTADSERVER, FR)

prg.smartadserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.156.195.47 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-156-195-47.eu-central-1.compute.amazonaws.com

c2shb.ssp.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 34.102.149.62 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 62.149.102.34.bc.googleusercontent.com

navvy.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 5.178.65.245 (Woerden, Netherlands) 1 redirects

ASN50673 (SERVERIUS-AS, NL)
PTR: ads.us.e-planning.net

ads.us.e-planning.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

32 2a00:1450:4001:829::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 66.155.71.149 (Portsmouth, United Kingdom) 1 redirects

ASN13768 (COGECO-PEER1, CA)

pixel.sitescout.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 46.249.52.248 (Amsterdam, Netherlands)

ASN50673 (SERVERIUS-AS, NL)
PTR: ads.us.e-planning.net

u-ams02.e-planning.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 5.178.65.253 (Woerden, Netherlands)

ASN50673 (SERVERIUS-AS, NL)
PTR: i.e-planning.net

s.e-planning.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.186.253.211 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 211.253.186.35.bc.googleusercontent.com

rtb.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 3.228.116.73 (Ashburn, United States) 3 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-228-116-73.compute-1.amazonaws.com

a.audrte.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 162.55.236.225 (Germany) 1 redirects

ASN24940 (HETZNER-AS, DE)
PTR: static.225.236.55.162.clients.your-server.de

sync.richaudience.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.79.143.124 (Frankfurt am Main, Germany) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a23-79-143-124.deploy.static.akamaitechnologies.com

secure-assets.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 23.37.42.132 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-37-42-132.deploy.static.akamaitechnologies.com

eus.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2.18.233.180 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-233-180.deploy.static.akamaitechnologies.com

ads.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 185.64.190.78 (United Kingdom) 2 redirects

ASN62713 (AS-PUBMATIC, US)

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2.18.234.21 (Frankfurt am Main, Germany) 3 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-234-21.deploy.static.akamaitechnologies.com

ssum.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ssum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 51.89.9.251 (London, United Kingdom)

ASN16276 (OVH, FR)
PTR: ip251.ip-51-89-9.eu

onetag-sys.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

18 2606:4700:10::ac43:db6 (United States)

ASN13335 (CLOUDFLARENET, US)

spl.zeotap.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
mwzeom.zeotap.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.173.144.165 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)

pixel-eu.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 37.157.2.238 (Denmark) 3 redirects

ASN198622 (ADFORM, DK)

c1.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 213.155.156.166 (Uppsala, Sweden) 2 redirects

ASN1299 (TWELVE99 Twelve99, Telia Carrier, SE)
PTR: 213-155-156-166.teliacarrier-cust.com

d5p.de17a.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 185.64.189.110 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)

image2.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.250.2.151 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

dis.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 85.114.159.93 (Germany) 3 redirects

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)
PTR: dsp.adfarm1.adition.com

dsp.adfarm1.adition.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 185.64.190.80 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)

simage2.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 151.101.2.49 (United States)

ASN54113 (FASTLY, US)

sync-tm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 52.215.67.233 (Dublin, Ireland) 4 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-215-67-233.eu-west-1.compute.amazonaws.com

match.prod.bidr.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

39 142.250.181.226 (United States) 22 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s56-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 74.214.196.131 (Sunnyvale, United States) 1 redirects

ASN19189 (PULSEPOINT, US)

bh.contextweb.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.86.139.114 (France)

ASN201081 (SMARTADSERVER, FR)

rtb-csync.smartadserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 213.19.147.45 (United Kingdom) 3 redirects

ASN26120 (RHYTHMONE, US)

sync.1rx.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
sync.targeting.unrulymedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 34.194.7.56 (Ashburn, United States) 3 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-194-7-56.compute-1.amazonaws.com

sync.srv.stackadapt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.88.75.189 (Gunzenhausen, Germany) 1 redirects

ASN24940 (HETZNER-AS, DE)
PTR: static.189.75.88.23.clients.your-server.de

csync.loopme.me	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 188.165.4.142 (France) 1 redirects

ASN16276 (OVH, FR)
PTR: ip142.ip-188-165-4.eu

green.erne.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 72.251.245.179 (Amsterdam, Netherlands)

ASN29791 (VOXEL-DOT-NET, US)

cm.adgrx.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3039::6815:c099 (United States)

ASN13335 (CLOUDFLARENET, US)

ad4m.at	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a04:4e42:400::300 (United States) 1 redirects

ASN54113 (FASTLY, US)

trc.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.65.44 (United States)

ASN54113 (FASTLY, US)

match.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 195.5.165.20 (Slovenia)

ASN44968 (IPROM-AS, SI)

core.iprom.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 185.29.132.245 (United Kingdom) 4 redirects

ASN30419 (MEDIAMATH-INC, US)

sync.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 198.47.127.20 (United States)

ASN3257 (GTT-BACKBONE GTT, US)

image4.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
simage4.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 146.59.148.16 (France) 3 redirects

ASN16276 (OVH, FR)
PTR: pikafka-2.cloudy.ovh

pixel.onaudience.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 34.249.68.36 (Dublin, Ireland) 4 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-34-249-68-36.eu-west-1.compute.amazonaws.com

sync.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
bcp.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 169.50.137.184 (United States) 1 redirects

ASN36351 (SOFTLAYER, US)
PTR: b8.89.32a9.ip4.static.sl-reverse.com

um.simpli.fi	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:116:800d:21:f916:5049:f87f:108e (United States) 1 redirects

ASN16509 (AMAZON-02, US)

pixel.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cms.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 18.156.0.31 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-156-0-31.eu-central-1.compute.amazonaws.com

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a05:d018:d29:3605:14b1:76c0:1806:81d9 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)

pr-bh.ybp.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 18.195.177.130 (Frankfurt am Main, Germany) 3 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-195-177-130.eu-central-1.compute.amazonaws.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.192.161.141 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-192-161-141.eu-central-1.compute.amazonaws.com

ads.creative-serving.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:678:cb4:bbbb::11 (United Kingdom) 1 redirects

ASN56396 (AMOBEE, GB)

ad.turn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:fa8:8806:13::1400 (Singapore)

ASN41041 (VCLK-EU-SE, US)

pubmatic-match.dotomi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 66.155.71.150 (Portsmouth, United Kingdom) 1 redirects

ASN13768 (COGECO-PEER1, CA)

pixel-sync.sitescout.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 159.65.197.210 (Amsterdam, Netherlands) 1 redirects

ASN14061 (DIGITALOCEAN-ASN, US)

match.adsby.bidtheatre.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.102.253.54 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 54.253.102.34.bc.googleusercontent.com

ads.playground.xyz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.228.52.99 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-228-52-99.eu-west-1.compute.amazonaws.com

rtb.gumgum.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 35.227.248.159 (Kansas City, United States) 3 redirects

ASN15169 (GOOGLE, US)
PTR: 159.248.227.35.bc.googleusercontent.com

pixel.tapad.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 37.157.2.234 (Denmark) 1 redirects

ASN198622 (ADFORM, DK)

dmp.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1f18:6593:f606:5126:e6b:eab6:7393 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

dmp.v.fwmrm.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a05:d018:24:b001:be6e:d2d6:b7bf:2108 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)

sync.tidaltv.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 54.228.253.216 (Dublin, Ireland) 3 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-54-228-253-216.eu-west-1.compute.amazonaws.com

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.254.143.3 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-254-143-3.eu-west-1.compute.amazonaws.com

loadeu.exelator.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.1.205.165 (Milan, Italy) 1 redirects

ASN3242 (ASN-ITNET, IT)

bn01.er.bemail.it	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.201.81.244 (Kansas City, United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: 244.81.201.35.bc.googleusercontent.com

idsync.frontend.weborama.fr	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 89.163.159.109 (Germany)

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)

dmp.theadex.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 212.82.100.182 (Dublin, Ireland) 1 redirects

ASN34010 (YAHOO-IRD, GB)
PTR: spcms.pbp.vip.ir2.yahoo.com

cms.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.98.67.61 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 61.67.98.34.bc.googleusercontent.com

odr.mookie1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 52.215.164.121 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-215-164-121.eu-west-1.compute.amazonaws.com

beacon.krxd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2.18.233.201 (Frankfurt am Main, Germany) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-233-201.deploy.static.akamaitechnologies.com

pixel.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.206.55.189 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-206-55-189.compute-1.amazonaws.com

usermatch.krxd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.239.37.23 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)

aax-eu.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.111.215.191 (Frankfurt am Main, Germany) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-215-191.deploy.static.akamaitechnologies.com

tags.bluekai.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.18.61.23 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-18-61-23.eu-west-1.compute.amazonaws.com

obgpm76tt0a0sgogzhdfe.redinuid.imrworldwide.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 209.54.180.144 (Ashburn, United States) 1 redirects

ASN16509 (AMAZON-02, US)

s.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 193.0.160.128 (United States) 1 redirects

ASN54312 (ROCKETFUEL, US)

p.rfihub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 69.173.144.139 (Frankfurt am Main, Germany) 4 redirects

ASN26667 (RUBICONPROJECT, US)

token.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.244.174.68 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 68.174.244.35.bc.googleusercontent.com

id.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 142.250.185.66 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s48-in-f2.1e100.net

partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:831::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:811::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:812::2002 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 65.9.68.65 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-65-9-68-65.fra56.r.cloudfront.net

tags.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 51.158.28.83 (Paris, France)

ASN12876 (Online SAS, FR)
PTR: 51-158-28-83.rev.poneytelecom.eu

js.cookieless-data.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:827::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 2a00:1450:4001:82f::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:828::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:813::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 104.17.120.107 (None, )

ASN13335 (CLOUDFLARENET, US)

biddr.brealtime.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 151.101.193.108 (United States)

ASN54113 (FASTLY, US)

acdn.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 67.202.105.23 (United States)

ASN32748 (STEADFAST, US)
PTR: ip23.67-202-105.static.steadfastdns.net

ssc-cms.33across.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82b::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 204.62.13.72 (Clifton, United States) 1 redirects

ASN46636 (NATCOWEB, US)

pixfuture-inv-nyc.admixer.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 72.251.244.142 (Amsterdam, Netherlands) 2 redirects

ASN29791 (VOXEL-DOT-NET, US)
PTR: tracking-failover-03.ams2.m6r.eu

tracking.m6r.eu	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 20.72.149.136 (Tappahannock, United States) 1 redirects

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

sync.inmobi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:810::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.57.150.20 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-57-150-20.eu-central-1.compute.amazonaws.com

ps.eyeota.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:22::14 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.96.105.8 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 8.105.96.34.bc.googleusercontent.com

tr.blismedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:211e:f600:1b:5138:8a40:93a1 (United States) 1 redirects

ASN16509 (AMAZON-02, US)

s.ad.smaato.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.186.66 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s05-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 82.113.101.132 (Hanau, Germany)

ASN6805 (TDDE-ASN1, DE)
PTR: portal.o2online.de

portal.o2online.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:678:cb4:bbbb::13 (United Kingdom) 1 redirects

ASN56396 (AMOBEE, GB)

d.turn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
48	doubleclick.net 23 redirects cm.g.doubleclick.net googleads.g.doubleclick.net googleads4.g.doubleclick.net	73 KB
47	googlesyndication.com pagead2.googlesyndication.com tpc.googlesyndication.com	766 KB
45	securityaffairs.co securityaffairs.co	1 MB
42	media.net contextual.media.net lg3.media.net prebid.media.net navvy.media.net	398 KB
35	pubmatic.com 2 redirects hbopenbid.pubmatic.com ads.pubmatic.com image6.pubmatic.com image2.pubmatic.com simage2.pubmatic.com image4.pubmatic.com simage4.pubmatic.com	53 KB
27	adnxs.com 6 redirects secure.adnxs.com ib.adnxs.com acdn.adnxs.com	87 KB
23	pixfuture.com served-by.pixfuture.com cdn.pixfuture.com prebidserver.pixfuture.com	232 KB
18	zeotap.com spl.zeotap.com mwzeom.zeotap.com	5 KB
17	rubiconproject.com 5 redirects fastlane.rubiconproject.com secure-assets.rubiconproject.com eus.rubiconproject.com pixel-eu.rubiconproject.com token.rubiconproject.com pixel.rubiconproject.com	28 KB
13	wp.com i0.wp.com i1.wp.com stats.wp.com i2.wp.com pixel.wp.com	281 KB
10	lijit.com 2 redirects ap.lijit.com	4 KB
9	crwdcntrl.net 4 redirects sync.crwdcntrl.net bcp.crwdcntrl.net tags.crwdcntrl.net	16 KB
9	casalemedia.com 3 redirects ssum.casalemedia.com ssum-sec.casalemedia.com dsum-sec.casalemedia.com	10 KB
9	e-planning.net 1 redirects ads.us.e-planning.net u-ams02.e-planning.net s.e-planning.net	17 KB
9	openx.net pixfuture2-d.openx.net rtb.openx.net u.openx.net	1 KB
8	2mdn.net s0.2mdn.net	253 KB
8	google.com 1 redirects adservice.google.com www.google.com	2 KB
8	yahoo.com 4 redirects c2shb.ssp.yahoo.com ups.analytics.yahoo.com pr-bh.ybp.yahoo.com cms.analytics.yahoo.com	4 KB
7	adsrvr.org 4 redirects match.adsrvr.org	3 KB
6	adform.net 4 redirects c1.adform.net dmp.adform.net	3 KB
6	audrte.com 3 redirects a.audrte.com	5 KB
6	sharethis.com ws.sharethis.com platform-api.sharethis.com l.sharethis.com buttons-config.sharethis.com	51 KB
5	mathtag.com 5 redirects sync.mathtag.com pixel.mathtag.com	3 KB
5	smartadserver.com prg.smartadserver.com rtb-csync.smartadserver.com	1 KB
5	33across.com ssc.33across.com ssc-cms.33across.com	763 B
5	criteo.com 1 redirects gum.criteo.com mug.criteo.com dis.criteo.com	2 KB
4	brealtime.com biddr.brealtime.com	5 KB
4	amazon-adsystem.com 2 redirects aax-eu.amazon-adsystem.com s.amazon-adsystem.com	3 KB
4	krxd.net 1 redirects beacon.krxd.net usermatch.krxd.net	1 KB
4	demdex.net 3 redirects dpm.demdex.net	3 KB
4	tapad.com 3 redirects pixel.tapad.com	2 KB
4	bidr.io 4 redirects match.prod.bidr.io	2 KB
4	emxdgt.com hb.emxdgt.com	637 B
4	sonobi.com apex.go.sonobi.com	3 KB
4	google-analytics.com www.google-analytics.com google-analytics.com	40 KB
3	gstatic.com www.gstatic.com fonts.gstatic.com	55 KB
3	google.de adservice.google.de	1 KB
3	googleadservices.com partner.googleadservices.com	974 B
3	bidswitch.net 3 redirects x.bidswitch.net	2 KB
3	onaudience.com 3 redirects pixel.onaudience.com	1 KB
3	taboola.com 1 redirects trc.taboola.com match.taboola.com	708 B
3	stackadapt.com 3 redirects sync.srv.stackadapt.com	1 KB
3	everesttech.net sync-tm.everesttech.net	320 B
3	adition.com 3 redirects dsp.adfarm1.adition.com	2 KB
3	richaudience.com 1 redirects sync.richaudience.com	744 B
3	sitescout.com 2 redirects pixel.sitescout.com pixel-sync.sitescout.com	816 B
3	sharethrough.com btlr.sharethrough.com	343 B
3	id5-sync.com 1 redirects id5-sync.com	3 KB
2	eyeota.net ps.eyeota.net	2 KB
2	m6r.eu 2 redirects tracking.m6r.eu	1 KB
2	googletagservices.com www.googletagservices.com	74 KB
2	weborama.fr 2 redirects idsync.frontend.weborama.fr	674 B
2	tidaltv.com 2 redirects sync.tidaltv.com	792 B
2	turn.com 2 redirects ad.turn.com d.turn.com	929 B
2	creative-serving.com 2 redirects ads.creative-serving.com	1 KB
2	quantserve.com 1 redirects pixel.quantserve.com cms.quantserve.com	907 B
2	simpli.fi 1 redirects um.simpli.fi	1 KB
2	1rx.io 2 redirects sync.1rx.io	1 KB
2	de17a.com 2 redirects d5p.de17a.com	637 B
2	agkn.com 1 redirects aa.agkn.com	566 B
2	facebook.net connect.facebook.net	83 KB
1	o2online.de portal.o2online.de	609 B
1	smaato.net 1 redirects s.ad.smaato.net	437 B
1	blismedia.com tr.blismedia.com	141 B
1	linkedin.com 1 redirects px.ads.linkedin.com	827 B
1	inmobi.com 1 redirects sync.inmobi.com	911 B
1	admixer.net 1 redirects pixfuture-inv-nyc.admixer.net	538 B
1	cookieless-data.com js.cookieless-data.com	535 B
1	rfihub.com 1 redirects p.rfihub.com	777 B
1	imrworldwide.com 1 redirects obgpm76tt0a0sgogzhdfe.redinuid.imrworldwide.com	215 B
1	bluekai.com 1 redirects tags.bluekai.com	346 B
1	mookie1.com odr.mookie1.com	324 B
1	theadex.com dmp.theadex.com	335 B
1	bemail.it 1 redirects bn01.er.bemail.it	659 B
1	exelator.com loadeu.exelator.com	324 B
1	fwmrm.net dmp.v.fwmrm.net	411 B
1	gumgum.com rtb.gumgum.com	238 B
1	playground.xyz 1 redirects ads.playground.xyz	463 B
1	bidtheatre.com 1 redirects match.adsby.bidtheatre.com	534 B
1	dotomi.com pubmatic-match.dotomi.com	104 B
1	iprom.net core.iprom.net	282 B
1	ad4m.at ad4m.at	915 B
1	adgrx.com cm.adgrx.com	408 B
1	erne.co 1 redirects green.erne.co	327 B
1	loopme.me 1 redirects csync.loopme.me	217 B
1	unrulymedia.com 1 redirects sync.targeting.unrulymedia.com	535 B
1	contextweb.com 1 redirects bh.contextweb.com	488 B
1	onetag-sys.com onetag-sys.com	814 B
1	rlcdn.com api.rlcdn.com Failed id.rlcdn.com
1	facebook.com graph.facebook.com	657 B
1	gravatar.com secure.gravatar.com	1 KB
1	googleapis.com fonts.googleapis.com Failed	1 KB
1	bootstrapcdn.com maxcdn.bootstrapcdn.com	6 KB
1	googletagmanager.com www.googletagmanager.com	36 KB
1	t.co t.co	662 B
445	95

	Domain	Requested by
45	securityaffairs.co	t.co securityaffairs.co
39	cm.g.doubleclick.net	22 redirects ads.us.e-planning.net googleads.g.doubleclick.net bcp.crwdcntrl.net
32	pagead2.googlesyndication.com	cdn.pixfuture.com pagead2.googlesyndication.com googleads.g.doubleclick.net securityaffairs.co tpc.googlesyndication.com s0.2mdn.net www.googletagservices.com
20	contextual.media.net	securityaffairs.co contextual.media.net t.co cdn.pixfuture.com
18	ib.adnxs.com	3 redirects cdn.pixfuture.com spl.zeotap.com ssum.casalemedia.com acdn.adnxs.com googleads.g.doubleclick.net
15	tpc.googlesyndication.com	googleads.g.doubleclick.net pagead2.googlesyndication.com tpc.googlesyndication.com s0.2mdn.net
14	mwzeom.zeotap.com	ads.us.e-planning.net spl.zeotap.com
13	lg3.media.net	securityaffairs.co contextual.media.net
13	served-by.pixfuture.com	securityaffairs.co cdn.pixfuture.com pagead2.googlesyndication.com
11	simage2.pubmatic.com	ads.pubmatic.com
10	ap.lijit.com	2 redirects cdn.pixfuture.com
8	s0.2mdn.net	t.co s0.2mdn.net securityaffairs.co
7	googleads.g.doubleclick.net	1 redirects pagead2.googlesyndication.com googleads.g.doubleclick.net
7	image2.pubmatic.com	ads.pubmatic.com
7	prebidserver.pixfuture.com	cdn.pixfuture.com ads.us.e-planning.net securityaffairs.co
7	match.adsrvr.org	4 redirects cdn.pixfuture.com ssum.casalemedia.com ads.us.e-planning.net
6	dsum-sec.casalemedia.com	2 redirects ssum.casalemedia.com googleads.g.doubleclick.net
6	ads.pubmatic.com	ads.us.e-planning.net ads.pubmatic.com cdn.pixfuture.com
6	a.audrte.com	3 redirects ads.us.e-planning.net a.audrte.com securityaffairs.co
5	www.google.com	1 redirects googleads.g.doubleclick.net tpc.googlesyndication.com
5	sync.crwdcntrl.net	2 redirects bcp.crwdcntrl.net
5	navvy.media.net	contextual.media.net
5	secure.adnxs.com	3 redirects securityaffairs.co
4	acdn.adnxs.com	cdn.pixfuture.com
4	u.openx.net	cdn.pixfuture.com
4	biddr.brealtime.com	cdn.pixfuture.com
4	pixel.rubiconproject.com	1 redirects ads.us.e-planning.net
4	dpm.demdex.net	3 redirects ssum.casalemedia.com
4	pixel.tapad.com	3 redirects ads.us.e-planning.net
4	sync.mathtag.com	4 redirects
4	match.prod.bidr.io	4 redirects
4	c1.adform.net	3 redirects ads.pubmatic.com
4	spl.zeotap.com	ads.us.e-planning.net ads.pubmatic.com spl.zeotap.com
4	image6.pubmatic.com	2 redirects ads.pubmatic.com spl.zeotap.com
4	eus.rubiconproject.com	ads.us.e-planning.net eus.rubiconproject.com cdn.pixfuture.com
4	u-ams02.e-planning.net	ads.us.e-planning.net ads.pubmatic.com ssum.casalemedia.com
4	prg.smartadserver.com	cdn.pixfuture.com
4	prebid.media.net	cdn.pixfuture.com
4	ssc.33across.com	cdn.pixfuture.com
4	fastlane.rubiconproject.com	cdn.pixfuture.com
4	pixfuture2-d.openx.net	cdn.pixfuture.com
4	hb.emxdgt.com	cdn.pixfuture.com
4	apex.go.sonobi.com	cdn.pixfuture.com
4	hbopenbid.pubmatic.com	cdn.pixfuture.com
4	i1.wp.com	securityaffairs.co
4	i0.wp.com	securityaffairs.co
3	adservice.google.com	pagead2.googlesyndication.com
3	adservice.google.de	pagead2.googlesyndication.com
3	partner.googleadservices.com	pagead2.googlesyndication.com
3	token.rubiconproject.com	3 redirects
3	beacon.krxd.net	spl.zeotap.com ads.us.e-planning.net bcp.crwdcntrl.net
3	bcp.crwdcntrl.net	2 redirects tags.crwdcntrl.net
3	x.bidswitch.net	3 redirects
3	ups.analytics.yahoo.com	2 redirects ssum.casalemedia.com
3	pixel.onaudience.com	3 redirects
3	sync.srv.stackadapt.com	3 redirects
3	sync-tm.everesttech.net	ads.pubmatic.com spl.zeotap.com ads.us.e-planning.net
3	dsp.adfarm1.adition.com	3 redirects
3	sync.richaudience.com	1 redirects ads.us.e-planning.net spl.zeotap.com
3	s.e-planning.net	ads.us.e-planning.net
3	btlr.sharethrough.com	cdn.pixfuture.com
3	id5-sync.com	1 redirects cdn.pixfuture.com securityaffairs.co
3	cdn.pixfuture.com	served-by.pixfuture.com cdn.pixfuture.com securityaffairs.co
3	l.sharethis.com	ws.sharethis.com securityaffairs.co
3	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
2	googleads4.g.doubleclick.net	t.co
2	ps.eyeota.net	securityaffairs.co
2	tracking.m6r.eu	2 redirects
2	fonts.gstatic.com	fonts.googleapis.com
2	www.googletagservices.com	googleads.g.doubleclick.net
2	s.amazon-adsystem.com	1 redirects ssum.casalemedia.com
2	aax-eu.amazon-adsystem.com	1 redirects ads.us.e-planning.net
2	idsync.frontend.weborama.fr	2 redirects
2	sync.tidaltv.com	2 redirects
2	dmp.adform.net	1 redirects spl.zeotap.com
2	pixel-sync.sitescout.com	1 redirects bcp.crwdcntrl.net
2	ads.creative-serving.com	2 redirects
2	pr-bh.ybp.yahoo.com	1 redirects ads.pubmatic.com
2	um.simpli.fi	1 redirects ads.pubmatic.com
2	image4.pubmatic.com	ads.pubmatic.com
2	trc.taboola.com	1 redirects spl.zeotap.com
2	sync.1rx.io	2 redirects
2	d5p.de17a.com	2 redirects
2	ssum.casalemedia.com	1 redirects ads.us.e-planning.net
2	ads.us.e-planning.net	1 redirects cdn.pixfuture.com
2	c2shb.ssp.yahoo.com	cdn.pixfuture.com
2	mug.criteo.com	securityaffairs.co
2	gum.criteo.com	1 redirects
2	aa.agkn.com	1 redirects cdn.pixfuture.com
2	pixel.wp.com	securityaffairs.co
2	i2.wp.com	securityaffairs.co
2	connect.facebook.net	securityaffairs.co connect.facebook.net
1	d.turn.com	1 redirects
1	simage4.pubmatic.com	ads.pubmatic.com
1	portal.o2online.de	securityaffairs.co
1	s.ad.smaato.net	1 redirects
1	tr.blismedia.com	googleads.g.doubleclick.net
1	px.ads.linkedin.com	1 redirects
1	sync.inmobi.com	1 redirects
1	cms.quantserve.com	googleads.g.doubleclick.net
1	pixfuture-inv-nyc.admixer.net	1 redirects
1	ssc-cms.33across.com	cdn.pixfuture.com
1	www.gstatic.com	googleads.g.doubleclick.net
1	js.cookieless-data.com	s.e-planning.net
1	tags.crwdcntrl.net	s.e-planning.net
1	id.rlcdn.com	ads.us.e-planning.net
1	p.rfihub.com	1 redirects
1	ssum-sec.casalemedia.com	ssum.casalemedia.com
1	obgpm76tt0a0sgogzhdfe.redinuid.imrworldwide.com	1 redirects
1	tags.bluekai.com	1 redirects
1	usermatch.krxd.net	1 redirects
1	pixel.mathtag.com	1 redirects
1	odr.mookie1.com	spl.zeotap.com
1	cms.analytics.yahoo.com	1 redirects
1	dmp.theadex.com	spl.zeotap.com
1	bn01.er.bemail.it	1 redirects
1	loadeu.exelator.com	spl.zeotap.com
1	dmp.v.fwmrm.net	spl.zeotap.com
1	rtb.gumgum.com	ads.pubmatic.com
1	ads.playground.xyz	1 redirects
1	match.adsby.bidtheatre.com	1 redirects
1	pubmatic-match.dotomi.com	ads.pubmatic.com
1	ad.turn.com	1 redirects
1	pixel.quantserve.com	1 redirects
1	core.iprom.net	ads.pubmatic.com
1	match.taboola.com	ads.pubmatic.com
1	ad4m.at	ads.pubmatic.com
1	cm.adgrx.com	ads.pubmatic.com
1	green.erne.co	1 redirects
1	csync.loopme.me	1 redirects
1	sync.targeting.unrulymedia.com	1 redirects
1	rtb-csync.smartadserver.com	ads.pubmatic.com
1	bh.contextweb.com	1 redirects
1	dis.criteo.com	ads.pubmatic.com
1	pixel-eu.rubiconproject.com	eus.rubiconproject.com
1	onetag-sys.com	ads.us.e-planning.net
1	secure-assets.rubiconproject.com	1 redirects
1	rtb.openx.net	ads.us.e-planning.net
1	pixel.sitescout.com	1 redirects
1	graph.facebook.com	securityaffairs.co
1	secure.gravatar.com	securityaffairs.co
1	google-analytics.com	securityaffairs.co
1	buttons-config.sharethis.com	platform-api.sharethis.com
1	fonts.googleapis.com	securityaffairs.co googleads.g.doubleclick.net
1	stats.wp.com	securityaffairs.co
1	platform-api.sharethis.com	securityaffairs.co
1	ws.sharethis.com	securityaffairs.co
1	maxcdn.bootstrapcdn.com	securityaffairs.co
1	www.googletagmanager.com	securityaffairs.co
1	t.co
0	api.rlcdn.com Failed	cdn.pixfuture.com
445	151

This site contains links to these domains. Also see Links.

Domain
www.pixfuture.com
unit42.paloaltonetworks.com
www.hikvision.com
www.fortinet.com
i1.wp.com
i2.wp.com
twitter.com
www.facebook.com
www.linkedin.com
www.pinterest.com
plus.google.com
www.tumblr.com
www.cssii.unifi.it

Subject Issuer	Validity	Valid
t.co DigiCert TLS RSA SHA256 2020 CA1	`2021-02-05` - `2022-02-04`	a year	crt.sh
www.securityaffairs.co GeoTrust TLS DV RSA Mixed SHA256 2020 CA-1	`2021-03-24` - `2022-04-06`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-11-08` - `2022-01-31`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-03-01` - `2022-02-28`	a year	crt.sh
sharethis.com Amazon	`2021-07-19` - `2022-08-17`	a year	crt.sh
*.media.net DigiCert SHA2 Secure Server CA	`2021-04-12` - `2022-04-20`	a year	crt.sh
*.pixfuture.com Sectigo RSA Domain Validation Secure Server CA	`2021-11-30` - `2022-12-03`	a year	crt.sh
*.wp.com Sectigo RSA Domain Validation Secure Server CA	`2020-04-02` - `2022-07-05`	2 years	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2021-09-21` - `2021-12-20`	3 months	crt.sh
*.gravatar.com Sectigo RSA Domain Validation Secure Server CA	`2020-08-14` - `2022-11-16`	2 years	crt.sh
*.agkn.com RapidSSL RSA CA 2018	`2020-07-25` - `2022-09-18`	2 years	crt.sh
*.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2021-12-01` - `2022-02-26`	3 months	crt.sh
*.id5-sync.com R3	`2021-10-05` - `2022-01-03`	3 months	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2021-03-18` - `2022-04-19`	a year	crt.sh
*.pubmatic.com DigiCert Baltimore TLS RSA SHA256 2020 CA1	`2021-08-04` - `2022-09-04`	a year	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2021-03-05` - `2022-02-19`	a year	crt.sh
*.go.sonobi.com Go Daddy Secure Certificate Authority - G2	`2020-12-06` - `2022-01-07`	a year	crt.sh
*.emxdgt.com Amazon	`2021-07-02` - `2022-07-31`	a year	crt.sh
*.lijit.com Go Daddy Secure Certificate Authority - G2	`2021-03-11` - `2022-04-12`	a year	crt.sh
*.openx.net GeoTrust RSA CA 2018	`2021-07-08` - `2022-08-08`	a year	crt.sh
*.rubiconproject.com DigiCert TLS RSA SHA256 2020 CA1	`2021-03-30` - `2022-04-04`	a year	crt.sh
ssc.33across.com GTS CA 1D4	`2021-11-26` - `2022-02-24`	3 months	crt.sh
*.sharethrough.com Amazon	`2021-08-13` - `2022-09-11`	a year	crt.sh
*.smartadserver.com DigiCert ECC Secure Server CA	`2020-01-30` - `2022-02-03`	2 years	crt.sh
web.ssp.yahoo.com DigiCert SHA2 High Assurance Server CA	`2021-10-14` - `2022-04-06`	6 months	crt.sh
ads.us.e-planning.net R3	`2021-10-09` - `2022-01-07`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-11-08` - `2022-01-31`	3 months	crt.sh
*.e-planning.net R3	`2021-10-22` - `2022-01-20`	3 months	crt.sh
*.audrte.com Amazon	`2021-01-26` - `2022-02-24`	a year	crt.sh
san.casalemedia.com GeoTrust RSA CA 2018	`2021-02-05` - `2022-02-09`	a year	crt.sh
onetag-sys.com R3	`2021-11-02` - `2022-01-31`	3 months	crt.sh
track.adform.net DigiCert TLS RSA SHA256 2020 CA1	`2021-09-06` - `2022-10-07`	a year	crt.sh
*.everesttech.net GlobalSign Atlas R3 DV TLS CA 2020	`2021-03-22` - `2022-04-23`	a year	crt.sh
public1.adgear.com Sectigo RSA Domain Validation Secure Server CA	`2021-02-24` - `2022-03-26`	a year	crt.sh
*.taboola.com DigiCert TLS RSA SHA256 2020 CA1	`2021-11-28` - `2022-12-29`	a year	crt.sh
*.iprom.net R3	`2021-10-04` - `2022-01-02`	3 months	crt.sh
*.simpli.fi DigiCert TLS RSA SHA256 2020 CA1	`2021-10-27` - `2022-11-27`	a year	crt.sh
*.ybp.yahoo.com DigiCert SHA2 High Assurance Server CA	`2021-08-24` - `2022-02-16`	6 months	crt.sh
*.dotomi.com GlobalSign RSA OV SSL CA 2018	`2021-08-10` - `2022-09-11`	a year	crt.sh
*.gumgum.com Amazon	`2021-06-05` - `2022-07-04`	a year	crt.sh
*.v.fwmrm.net DigiCert TLS RSA SHA256 2020 CA1	`2021-11-29` - `2022-12-30`	a year	crt.sh
*.exelator.com DigiCert TLS RSA SHA256 2020 CA1	`2021-06-02` - `2022-06-07`	a year	crt.sh
*.theadex.com AlphaSSL CA - SHA256 - G2	`2021-10-01` - `2022-11-02`	a year	crt.sh
*.mookie1.com DigiCert TLS RSA SHA256 2020 CA1	`2021-02-22` - `2022-03-25`	a year	crt.sh
beacon.krxd.net DigiCert TLS RSA SHA256 2020 CA1	`2021-11-03` - `2022-11-02`	a year	crt.sh
*.richaudience.com RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1	`2021-03-17` - `2022-03-16`	a year	crt.sh
ups.analytics.yahoo.com DigiCert SHA2 High Assurance Server CA	`2021-08-17` - `2022-02-09`	6 months	crt.sh
*.demdex.net DigiCert TLS RSA SHA256 2020 CA1	`2021-10-19` - `2022-11-19`	a year	crt.sh
*.rlcdn.com Sectigo RSA Domain Validation Secure Server CA	`2021-02-25` - `2022-03-28`	a year	crt.sh
*.googleadservices.com GTS CA 1C3	`2021-11-08` - `2022-01-31`	3 months	crt.sh
*.google.de GTS CA 1C3	`2021-11-08` - `2022-01-31`	3 months	crt.sh
*.google.com GTS CA 1C3	`2021-11-08` - `2022-01-31`	3 months	crt.sh
*.crwdcntrl.net Go Daddy Secure Certificate Authority - G2	`2021-04-29` - `2022-05-31`	a year	crt.sh
js.cookieless-data.com R3	`2021-12-08` - `2022-03-08`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2021-11-08` - `2022-01-31`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2021-11-08` - `2022-01-31`	3 months	crt.sh
www.google.com GTS CA 1C3	`2021-11-08` - `2022-01-31`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2021-11-08` - `2022-01-31`	3 months	crt.sh
*.brealtime.com Go Daddy Secure Certificate Authority - G2	`2020-01-22` - `2022-03-22`	2 years	crt.sh
cdn.adnxs.com GlobalSign Organization Validated CA - SHA256 - G4	`2021-05-10` - `2022-06-11`	a year	crt.sh
*.33across.com Sectigo RSA Domain Validation Secure Server CA	`2021-09-23` - `2022-09-30`	a year	crt.sh
*.quantserve.com DigiCert TLS RSA SHA256 2020 CA1	`2021-09-22` - `2022-09-21`	a year	crt.sh
*.doubleclick.net GTS CA 1C3	`2021-11-08` - `2022-01-31`	3 months	crt.sh
*.eyeota.net R3	`2021-10-26` - `2022-01-24`	3 months	crt.sh
tr.blismedia.com GTS CA 1D4	`2021-10-25` - `2022-01-23`	3 months	crt.sh
*.o2online.de DigiCert TLS RSA SHA256 2020 CA1	`2021-01-19` - `2022-02-19`	a year	crt.sh
*.sitescout.com RapidSSL RSA CA 2018	`2020-01-15` - `2022-02-02`	2 years	crt.sh

This page contains 84 frames:

Primary Page: https://securityaffairs.co/wordpress/125409/malware/moobot-botnet-hikvision.html
Frame ID: 0145331DCA96FAB5E56169B667605A95
Requests: 166 HTTP requests in this frame

Frame: https://contextual.media.net/checksync.php?&gdpr=1&usp_status=0&cs=2&cv=31&cid=8CU5BD6EW&https=1&itype=CM
Frame ID: 3D7F49056CC63F900F69ABF4B7907AB5
Requests: 1 HTTP requests in this frame

Frame: https://contextual.media.net/checksync.php?&gdpr=1&usp_status=0&cs=2&cv=31&cid=8CU5BD6EW&https=1&itype=CM
Frame ID: 71811F41D98B0753E038ECFFB2D357A2
Requests: 1 HTTP requests in this frame

Frame: https://contextual.media.net/checksync.php?&gdpr=1&usp_status=0&cs=2&cv=31&cid=8CU5BD6EW&https=1&itype=CM
Frame ID: 71DF90A5EFA61264C9B0DC5AC95AE89A
Requests: 1 HTTP requests in this frame

Frame: https://contextual.media.net/checksync.php?&gdpr=1&usp_status=0&cs=2&cv=31&cid=8CU5BD6EW&https=1&itype=CM
Frame ID: 49E4061BDE3503362312F72E194BE0B8
Requests: 1 HTTP requests in this frame

Frame: https://contextual.media.net/checksync.php?&gdpr=1&usp_status=0&cs=2&cv=31&cid=8CU5BD6EW&https=1&itype=CM
Frame ID: 0501D415A6882A27DD618EF13B63BCCC
Requests: 1 HTTP requests in this frame

Frame: https://contextual.media.net/4a/nrrV2109.js
Frame ID: 92450C4D42B3209C8E53CE275A847D34
Requests: 6 HTTP requests in this frame

Frame: https://contextual.media.net/4a/nrrV2109.js
Frame ID: 0F91AFC58D0027CB9FBFDD58B7A5F120
Requests: 6 HTTP requests in this frame

Frame: https://contextual.media.net/4a/nrrV2109.js
Frame ID: B59E695D30A3AD047D2371C1C9C1638F
Requests: 6 HTTP requests in this frame

Frame: https://contextual.media.net/4a/nrrV2109.js
Frame ID: 6B0A024191BC18917F4205DFEF1AB9C3
Requests: 6 HTTP requests in this frame

Frame: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Frame ID: 5A3E89B6EEDCA77916635819BB6631E4
Requests: 13 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/show_ads.js
Frame ID: 54F0FB12A39467E98D6F219D84C29622
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/show_ads.js
Frame ID: C3B5BA76E8366F5B30069ACD37635A3A
Requests: 8 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/show_ads.js
Frame ID: E6A28D03D2AF3E6FE312E7534448D98E
Requests: 8 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?&p=12186&endpoint=eu
Frame ID: 5A611DBC4469C55819FF99B13290B470
Requests: 11 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3Dc15c691fe1cf8b15%26uid%3D
Frame ID: 4C04DE3664A45F36AC233038954DFE92
Requests: 23 HTTP requests in this frame

Frame: https://ssum.casalemedia.com/usermatch?cb=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3Dc15c691fe1cf8b15%26uid%3D&s=190243&C=1
Frame ID: 69CA21F1F58473997A306F5D3D14A053
Requests: 10 HTTP requests in this frame

Frame: https://onetag-sys.com/usync/?pubId=5927d926323dc2c
Frame ID: 1A61A12349DA18B3A9277A5FA7C44E19
Requests: 1 HTTP requests in this frame

Frame: https://spl.zeotap.com/cmp?env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=d3c45572-f3bb-45a6-4f08-50157969e3f9&reqId=1629df10-1e12-42e7-45b0-824325257fc7&zdid=1361&cmp=0
Frame ID: 888D71F04AEDD5EDE0F64E276BE1815B
Requests: 31 HTTP requests in this frame

Frame: https://contextual.media.net/4a/nrrV2109.js
Frame ID: 31863FAA4CCC1D539225FF47B2281C81
Requests: 6 HTTP requests in this frame

Frame: https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=6D69887C-9336-45AC-829A-BD8C9192CDDE
Frame ID: BDC08205E2DFD8C4622D78C1CEA5F763
Requests: 1 HTTP requests in this frame

Frame: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=8851320981600702179
Frame ID: C3ED20378643C7334882BCEADBCB2D95
Requests: 1 HTTP requests in this frame

Frame: https://dis.criteo.com/dis/usersync.aspx?r=3&p=4&cp=pubmaticUS&cu=1&&gdpr=0&gdpr_consent=&url=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCookie=uid:@@CRITEO_USERID@@
Frame ID: 333824A060B347E18E629A6AE5D8FF1B
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA=&piggybackCookie=7041199956690729112
Frame ID: 324A31B94E274A12E41ACB3CDCF6BD70
Requests: 1 HTTP requests in this frame

Frame: https://sync-tm.everesttech.net/upi/pid/b9pj45k4?redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%7D%26gdpr%3D0%26gdpr_consent%3D
Frame ID: 4BFED5CFF5D44377157DF2E22326378A
Requests: 1 HTTP requests in this frame

Frame: https://rtb-csync.smartadserver.com/redir?partnerid=127&partneruserid=AADpM07DbrwAAD2Ay7E7rw&redirurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dpm%26bee_sync_current_partner%3Dsas%26bee_sync_initiator%3Dadx%26bee_sync_hop_count%3D3%26userid%3DSMART_USER_ID
Frame ID: 63FB745C2EB27B748A80DBDEC908B18A
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=RX-02ad0771-8184-4086-b8bb-22d0c98bc07e-003
Frame ID: 976C667607DB61911B65162A53C0C385
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=K9kruCFkQVduyzWEf6gP87nVm6I
Frame ID: 08A4637459B6141F62E87681D4E02C8E
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode&gdpr_consent=null&piggybackCookie={device_id}&gdpr=0
Frame ID: D69C746DC2BA5B3E460D8C8E627D6920
Requests: 1 HTTP requests in this frame

Frame: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4ODQmdGw9MTI5NjAw&piggybackCookie=SvN2ydZyPx4U0IVwRnltX-b7
Frame ID: 3D46C2688798326DEBF91EF37305F186
Requests: 1 HTTP requests in this frame

Frame: https://cm.adgrx.com/bridge?AG_PID=pubmatic&AG_SETCOOKIE&gdpr=0&gdpr_consent=
Frame ID: AE3B57FDF36DB7D90BBA8CE9AB9F35BE
Requests: 1 HTTP requests in this frame

Frame: https://ad4m.at/ad/dpe?b=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjkmdGw9MTI5NjAw&piggybackCookie=$UID
Frame ID: 0BAA70A1E70586F308FBE8948FBCC332
Requests: 1 HTTP requests in this frame

Frame: https://match.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&tbid=1dd1433c-db56-418d-98af-cfa22feba923-tuct8b0e38e&query=taboola_hm%3D1%26redir%3Dhttps%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw%26piggybackCookie%3Duid%3A%24UID&isDirect=0
Frame ID: C2453A231AE166D9B2FCCC4F7C5B5894
Requests: 1 HTTP requests in this frame

Frame: https://core.iprom.net/cookiesync
Frame ID: E4095C4C77F991AFAEFA4A7B498412EC
Requests: 1 HTTP requests in this frame

Frame: https://u-ams02.e-planning.net/um?dc=a208d9366469aa64&fi=c15c691fe1cf8b15&uid=6D69887C-9336-45AC-829A-BD8C9192CDDE
Frame ID: DD2657DE15E9F3FA65C532AE5DA1A0BE
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=90&slotname=Internal_728x90_0.10&adk=1194620937&adf=1174745093&pi=t.ma~as.Internal_728x90_0.10&w=728&lmt=1639407119&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F125409%2Fmalware%2Fmoobot-botnet-hikvision.html&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639407118812&bpp=4&bdt=177&idt=222&shv=r20211207&mjsv=m202112060101&ptt=5&saldr=sa&correlator=430915082853&frm=21&ife=1&pv=2&ga_vid=182916415.1639407118&ga_sid=1639407119&ga_hid=752639538&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&dmc=8&adx=320&ady=520&biw=1600&bih=1200&isw=728&ish=90&ifk=3911216124&scr_x=0&scr_y=0&eid=31063793%2C31063825&oid=2&pvsid=2748366020503080&pem=700&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.n0bplkaqjacx&fsb=1&xpc=OUrJ6fbcVR&p=https%3A//securityaffairs.co&dtd=245
Frame ID: 4C945A33CEA3D1AAABA90913047E2A57
Requests: 13 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=50&slotname=Internal_320x50_0.10&adk=468307373&adf=1174745095&pi=t.ma~as.Internal_320x50_0.10&w=320&fwrn=3&lmt=1639407119&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F125409%2Fmalware%2Fmoobot-botnet-hikvision.html&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639407118787&bpp=10&bdt=232&idt=290&shv=r20211207&mjsv=m202112060101&ptt=5&saldr=sa&correlator=430915082853&frm=21&ife=1&pv=1&ga_vid=182916415.1639407118&ga_sid=1639407119&ga_hid=360791749&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=896&biw=1600&bih=1200&isw=320&ish=50&ifk=3924086883&scr_x=0&scr_y=0&eid=31063793%2C31063824%2C31063859%2C31062931&oid=2&pvsid=2903718292152668&pem=700&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.llrpd2i5fq8q&fsb=1&xpc=AMAyRXshbW&p=https%3A//securityaffairs.co&dtd=301
Frame ID: EB2072E1B602FA1950FE419F94BA061D
Requests: 1 HTTP requests in this frame

Frame: https://served-by.pixfuture.com/www/delivery/afr.php
Frame ID: 89FDB90E10DE19025EED575A4D0ADB13
Requests: 1 HTTP requests in this frame

Frame: https://s.e-planning.net/esb/4/0/1992d/bb6e7a161f794f56/sirdata_03022021.html
Frame ID: 14308A53732E7693275D79517DE022B7
Requests: 2 HTTP requests in this frame

Frame: https://prebidserver.pixfuture.com:8000/setuid?bidder=eplanning&gdpr=&gdpr_consent=&f=b&uid=AHmF3iijALiurkkB
Frame ID: A1C18909532F0EF091A9BF488F859734
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/show_ads.js
Frame ID: DF071FA009DDE55BD24ED17EB21DA77E
Requests: 8 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=50&slotname=Internal_320x50_0.10&adk=468307373&adf=1174745090&pi=t.ma~as.Internal_320x50_0.10&w=320&lmt=1639407119&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F125409%2Fmalware%2Fmoobot-botnet-hikvision.html&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639407119223&bpp=7&bdt=84&idt=101&shv=r20211207&mjsv=m202112060101&ptt=5&saldr=sa&cookie=ID%3D29f0cbdf7a8fad8f-2201eceb06cd00fa%3AT%3D1639407119%3ART%3D1639407119%3AS%3DALNI_MaGMixP8prSAyxDQ9t0TNYnfWrj5g&correlator=430915082853&frm=21&ife=1&pv=1&ga_vid=182916415.1639407118&ga_sid=1639407119&ga_hid=1980667300&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=896&biw=1600&bih=1200&isw=320&ish=50&ifk=3924086883&scr_x=0&scr_y=0&eid=31063858%2C31063866&oid=2&pvsid=4057988921220794&pem=700&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.9z5nqluhso2i&fsb=1&xpc=N2y8mezyIk&p=https%3A//securityaffairs.co&dtd=106
Frame ID: A7A303438B64DDBCBED1F420269311ED
Requests: 14 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html
Frame ID: BE89D299E34BA0FD253E1FD718EF3194
Requests: 2 HTTP requests in this frame

Frame: https://biddr.brealtime.com/check.html
Frame ID: 0A1910EDB8816B60C40B45D9246675FA
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Frame ID: 049C5B5846289546A5E247659FE9D106
Requests: 1 HTTP requests in this frame

Frame: https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUIUMTP7&prvid=2034%2C2033%2C2031%2C2030%2C273%2C233%2C2029%2C2028%2C2027%2C236%2C237%2C2025%2C238%2C117%2C97%2C99%2C55%2C3012%2C3011%2C3010%2C2040%2C3007%2C201%2C4%2C246%2C2037%2C203%2C9%2C2011%2C3022%2C3020%2C172%2C251%2C175%2C2009%2C255%2C178%2C3018%2C3017%2C3016%2C214%2C3014%2C70%2C77%2C38%2C182%2C261%2C141%2C222%2C301%2C225%2C80%2C10000%2C229%2C108&purpose1=1&gdprconsent=0&gdpr=1&usp_status=0&usp_consent=1&itype=PREBID
Frame ID: 0FBFEE2473177E450B8092AA35209AB6
Requests: 1 HTTP requests in this frame

Frame: https://ap.lijit.com/beacon?informer=13480300
Frame ID: 90277D6E7A15119ABE632DE150E6B6E0
Requests: 1 HTTP requests in this frame

Frame: https://u.openx.net/w/1.0/pd
Frame ID: A549078D525308AD91032986CBC59D6B
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Frame ID: 1EF75373A08262D57BFF09390AC02E6A
Requests: 1 HTTP requests in this frame

Frame: https://biddr.brealtime.com/check.html
Frame ID: 80303DF2DCE2820349EB2CCFD64C7DFC
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Frame ID: F3AE6B0F40B5A19BB7A9149CEDF5A3C7
Requests: 1 HTTP requests in this frame

Frame: https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUIUMTP7&prvid=2034%2C2033%2C2031%2C2030%2C273%2C233%2C2029%2C2028%2C2027%2C236%2C237%2C2025%2C238%2C117%2C97%2C99%2C55%2C3012%2C3011%2C3010%2C2040%2C3007%2C201%2C4%2C246%2C2037%2C203%2C9%2C2011%2C3022%2C3020%2C172%2C251%2C175%2C2009%2C255%2C178%2C3018%2C3017%2C3016%2C214%2C3014%2C70%2C77%2C38%2C182%2C261%2C141%2C222%2C301%2C225%2C80%2C10000%2C229%2C108&purpose1=1&gdprconsent=0&gdpr=1&usp_status=0&usp_consent=1&itype=PREBID
Frame ID: 9A410EC8ABE700A6FFC4F71E16611692
Requests: 1 HTTP requests in this frame

Frame: https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUIUMTP7&prvid=2034%2C2033%2C2031%2C2030%2C273%2C233%2C2029%2C2028%2C2027%2C236%2C237%2C2025%2C238%2C117%2C97%2C99%2C55%2C3012%2C3011%2C3010%2C2040%2C3007%2C201%2C4%2C246%2C2037%2C203%2C9%2C2011%2C3022%2C3020%2C172%2C251%2C175%2C2009%2C255%2C178%2C3018%2C3017%2C3016%2C214%2C3014%2C70%2C77%2C38%2C182%2C261%2C141%2C222%2C301%2C225%2C80%2C10000%2C229%2C108&purpose1=1&gdprconsent=0&gdpr=1&usp_status=0&usp_consent=1&itype=PREBID
Frame ID: 22D8FE02CCE116238909327629FDED8A
Requests: 1 HTTP requests in this frame

Frame: https://ap.lijit.com/beacon?informer=13480300
Frame ID: E13F2D6ED285706E41BE88730089421C
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: 39DC9122F5F24A791555237A3AA6B574
Requests: 3 HTTP requests in this frame

Frame: https://u.openx.net/w/1.0/pd
Frame ID: 7B3A8A3C1CE6D34C34DF5B29FB9E091F
Requests: 1 HTTP requests in this frame

Frame: https://u.openx.net/w/1.0/pd
Frame ID: 73772568C27B8E1A0BC87E7C265A2F14
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: 01EC06EE96E445261ACBE475ECE06B53
Requests: 3 HTTP requests in this frame

Frame: https://biddr.brealtime.com/check.html
Frame ID: 5140EDF9755AED2479E0185385505385
Requests: 1 HTTP requests in this frame

Frame: https://ssc-cms.33across.com/ps/?m=xch&rt=html&ru=deb&id=azC7qard4r6OkMaKlId8sQ&gdpr_consent=undefined&us_privacy=undefined
Frame ID: CE717377AF2D309DCB18122C07810BAE
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: EF5498F7F94636DB2D61E7F9E076B563
Requests: 3 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: 44E483DAEF3DB0F85BFA5CA5281B35E3
Requests: 3 HTTP requests in this frame

Frame: https://ap.lijit.com/beacon?informer=13480300
Frame ID: 4B53B08531817547B6DF61B4377A9B64
Requests: 1 HTTP requests in this frame

Frame: https://biddr.brealtime.com/check.html
Frame ID: 4091877EBDFC1DEA5BEAC1D1310F73A4
Requests: 1 HTTP requests in this frame

Frame: https://u.openx.net/w/1.0/pd
Frame ID: B8E85EA0AD87049471795F821BBA4E73
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Frame ID: 5BA09E05583A4388E9C130AE059C287E
Requests: 1 HTTP requests in this frame

Frame: https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUIUMTP7&prvid=2034%2C2033%2C2031%2C2030%2C273%2C233%2C2029%2C2028%2C2027%2C236%2C237%2C2025%2C238%2C117%2C97%2C99%2C55%2C3012%2C3011%2C3010%2C2040%2C3007%2C201%2C4%2C246%2C2037%2C203%2C9%2C2011%2C3022%2C3020%2C172%2C251%2C175%2C2009%2C255%2C178%2C3018%2C3017%2C3016%2C214%2C3014%2C70%2C77%2C38%2C182%2C261%2C141%2C222%2C301%2C225%2C80%2C10000%2C229%2C108&purpose1=1&gdprconsent=0&gdpr=1&usp_status=0&usp_consent=1&itype=PREBID
Frame ID: 07356C41124EDC11A288A01320522C49
Requests: 1 HTTP requests in this frame

Frame: https://ap.lijit.com/beacon?informer=13480300
Frame ID: 47C382C759A7A73C5C8E7909FC83CB77
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 1480855149058B5128181E4FAB37D1B1
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: FA017E03540C1404E59D1B4998199DA3
Requests: 9 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARi_6uioATAB&v=APEucNUfwNmNKdJVDOR1cE2ilLamcn_X50oQZ8oLD8gv-gN0NZRlDKTxjnUhfXpbgwp5u-KPkhkSQJRgtO83msQcf_Dj0Gm6Oekvxw-kiyetDR9370jw4k31cIrRR9dAJ8GmLQld1UsqbtclfOcj-n8iQnstKbM1ddw32177OQMxLF5vm8tdTyoKf003jQ1X0gQJQFjesS4tVk7x8mQkE8IxxWp1pXw-lQ
Frame ID: 1D4686A9175343B486205300AF743AD2
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 7C49AE62E6378727FEE458AC58F81BD9
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 6F1F3016A3B07E99E9569B901A7F763B
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: FC083A3AD597EF4F90FD69ABE655CE71
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: D1E1F6D83C4AFA76D6FFF2EC84632B07
Requests: 3 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/EnZy1JEvhtfL3qsMHM2VNqoz8zWnsWCdOjk5wdd4Ig4.js
Frame ID: DA28F336600B97906DA7B78EBD7263BC
Requests: 1 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/153662122784456704/320x050.html?e=69&leftOffset=0&topOffset=0&c=9Fx83NJjeA&t=1&renderingType=2
Frame ID: 25894252D5084D476F6748C3E2DCD2EB
Requests: 10 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: F7008594DF65E41431AF3D5C25D65E29
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 0278258A05EA50BEFE4F4CB29CA41C13
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 0CF0B2E4CA22A17DB82FCEEC840CE068
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 766E7C3E948819D16D058A313BCD4C77
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/EnZy1JEvhtfL3qsMHM2VNqoz8zWnsWCdOjk5wdd4Ig4.js
Frame ID: D30E23A89BAA149C08364A63CF688341
Requests: 1 HTTP requests in this frame

Frame: https://cdn.pixfuture.com/banners/300x250.png
Frame ID: D490EEC008605ABEB3F5D60ACCEC64C3
Requests: 1 HTTP requests in this frame

Frame: https://bcp.crwdcntrl.net/5/c=15238/rand=349152831/pv=y/amskip=Y/pltfrm=%23OpR%2399944%23ads.us.e-planning.net%20%3A%20Referral%20Site%20%3A%20securityaffairs.co/rt=ifr
Frame ID: D5B5F624FCF47A2D42BB0E32A6C03493
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Moobot botnet exploits CVE-2021-36260 flaw in Hikvision productsSecurity Affairs

Page URL History Show full URLs

https://t.co/MBE9JJENv7 Page URL
https://securityaffairs.co/wordpress/125409/malware/moobot-botnet-hikvision.html Page URL

Page Statistics

445
Requests

82 %
HTTPS

26 %
IPv6

95
Domains

151
Subdomains

107
IPs

12
Countries

3907 kB
Transfer

7658 kB
Size

132
Cookies

20 Outgoing links

These are links going to different origins than the main page.

URL: https://www.pixfuture.com/advertisers/?id0348293521d
Title: Powered by pixfuture

Search URL Search Domain Scan URL

URL: https://unit42.paloaltonetworks.com/mirai-variant-iot-vulnerabilities/
Title: was first documented

Search URL Search Domain Scan URL

URL: https://www.hikvision.com/en/support/download/firmware/
Title: firmware updates

Search URL Search Domain Scan URL

URL: https://www.fortinet.com/blog/threat-research/mirai-based-botnet-moobot-targets-hikvision-vulnerability
Title: analysis

Search URL Search Domain Scan URL

URL: https://i1.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2021/12/hikvision-2.png?ssl=1

Search URL Search Domain Scan URL

URL: https://i2.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2021/12/hikvision-moobot-attack-2.png?ssl=1

Search URL Search Domain Scan URL

URL: https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-notification-command-injection-vulnerability-in-some-hikvision-products/
Title: patch

Search URL Search Domain Scan URL

URL: https://twitter.com/securityaffairs
Title: @securityaffairs

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sec.affairs
Title: Facebook

Search URL Search Domain Scan URL

URL: http://www.linkedin.com/pub/pierluigi-paganini/b/742/559
Title: Pierluigi Paganini

Search URL Search Domain Scan URL

URL: http://www.facebook.com/sharer.php?u=https://securityaffairs.co/wordpress/125409/malware/moobot-botnet-hikvision.html
Title: Facebook

Search URL Search Domain Scan URL

URL: http://twitter.com/share?url=https://securityaffairs.co/wordpress/125409/malware/moobot-botnet-hikvision.html&text=Moobot%20botnet%20spreads%20by%20exploiting%20CVE-2021-36260%20flaw%20in%20Hikvision%20products%20
Title: Twitter

Search URL Search Domain Scan URL

URL: http://www.linkedin.com/shareArticle?mini=true&url=https://securityaffairs.co/wordpress/125409/malware/moobot-botnet-hikvision.html
Title: Linkedin

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F125409%2Fmalware%2Fmoobot-botnet-hikvision.html

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?original_referer=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F125409%2Fmalware%2Fmoobot-botnet-hikvision.html&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F125409%2Fmalware%2Fmoobot-botnet-hikvision.html

Search URL Search Domain Scan URL

URL: http://www.pinterest.com/pin/create/button/?url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F125409%2Fmalware%2Fmoobot-botnet-hikvision.html&media=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2Fwp-includes%2Fimages%2Fmedia%2Fdefault.png

Search URL Search Domain Scan URL

URL: https://plus.google.com/share?url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F125409%2Fmalware%2Fmoobot-botnet-hikvision.html

Search URL Search Domain Scan URL

URL: http://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F125409%2Fmalware%2Fmoobot-botnet-hikvision.html

Search URL Search Domain Scan URL

URL: http://www.tumblr.com/share/link?url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F125409%2Fmalware%2Fmoobot-botnet-hikvision.html

Search URL Search Domain Scan URL

URL: https://www.cssii.unifi.it/vp-89-il-center.html

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://t.co/MBE9JJENv7 Page URL
https://securityaffairs.co/wordpress/125409/malware/moobot-botnet-hikvision.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 104

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fsecurityaffairs.co%2F&domain=securityaffairs.co&cw=1&lsw=1 HTTP 302
https://mug.criteo.com/sid?cpp=h55zMnxCeTNldldoYWVJaW4reDhrblR3V0NUOVFvd2tWdGtTZlYyZW5PWkhqRURpMzhUdXRzRXJJQjljOVRSQ2JvMkRGNkpoZVhkcnk2TzB4UlduZGZ0YUFjK3FJVE5kNWdqc09tZXVZTW1wZFVxb0RLTzRna0kwWkRzbkJ4cmdTYi9IQW9SRHVPOG83Y0x4TVBEYjZvYWNpeFFINDBmLzduUXhsak13Y2VrQUFnWlNSOWtJYkJ5U1dFWXEyeC9TTlcvYlVqdjlzblAyMWMzM2hDakZ0QUlab1pGSUU4OFJQYUU1aS9lWnlWcnNhWWh3PXw&cppv=2

Request Chain 108

https://secure.adnxs.com/seg?add=27578926%2C27578926&t=1 HTTP 307
https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D27578926%252C27578926%26t%3D1

Request Chain 109

https://secure.adnxs.com/seg?add=27578935%2C27578935&t=1 HTTP 307
https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D27578935%252C27578935%26t%3D1

Request Chain 185

https://ads.us.e-planning.net/uspd/1/?du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID HTTP 302
https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID

Request Chain 192

https://pixel.sitescout.com/dmp/pixelSync?network=EPLANNING&rurl=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fuid%3D%7BUSER_ID%7D%26dc%3D0abbcb4eba840e59%26fi%3Dc15c691fe1cf8b15 HTTP 302
https://u-ams02.e-planning.net/um?uid=no-consent&dc=0abbcb4eba840e59&fi=c15c691fe1cf8b15

Request Chain 197

https://sync.richaudience.com/f7872c90c5d3791e2b51f7edce1a0a5d/?p=25BiP9IMgN&r=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fuid%3D[PDID]%26dc%3Dfabfd6762b833237%26fi%3Dc15c691fe1cf8b15 HTTP 302
https://sync.richaudience.com/bf7c142f4339da0278e83698a02b0854/?consentString=&referrer=https%3A%2F%2Fads.us.e-planning.net%2F

Request Chain 198

https://ib.adnxs.com/getuid?https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D8103fa85295fbe60%26fi%3Dc15c691fe1cf8b15%26uid%3D%24UID HTTP 302
https://u-ams02.e-planning.net/um?dc=8103fa85295fbe60&fi=c15c691fe1cf8b15&uid=8877751720064750958

Request Chain 199

https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?&p=12186&endpoint=eu HTTP 301
https://eus.rubiconproject.com/usync.html?&p=12186&endpoint=eu

Request Chain 202

https://ssum.casalemedia.com/usermatch?s=190243&cb=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3Dc15c691fe1cf8b15%26uid%3D HTTP 302
https://ssum.casalemedia.com/usermatch?cb=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3Dc15c691fe1cf8b15%26uid%3D&s=190243&C=1

Request Chain 213

https://c1.adform.net/serving/cookie/match?party=14&cid=6D69887C-9336-45AC-829A-BD8C9192CDDE HTTP 302
https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=6D69887C-9336-45AC-829A-BD8C9192CDDE

Request Chain 214

https://d5p.de17a.com/getuid/pubmatic?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID HTTP 302
https://d5p.de17a.com/getuid/pubmatic;c?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=8851320981600702179

Request Chain 216

https://dsp.adfarm1.adition.com/cookie/?ssp=9 HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA=&piggybackCookie=7041199956690729112

Request Chain 218

https://match.prod.bidr.io/cookie-sync/pm&gdpr=0&gdpr_consent= HTTP 303
https://match.prod.bidr.io/cookie-sync/pm&gdpr=0&gdpr_consent=?_bee_ppp=1 HTTP 303
https://cm.g.doubleclick.net/pixel?google_nid=beeswaxio&google_sc=&google_hm=QUFEcE0wN0RicndBQUQyQXk3RTdydw&bee_sync_partners=pp%2Csas%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&bee_sync_hop_count=1 HTTP 302
https://match.prod.bidr.io/cookie-sync/adx?bee_sync_partners=pp%2Csas%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&bee_sync_hop_count=1 HTTP 303
https://bh.contextweb.com/bh/rtset?do=add&pid=558502&ev=AADpM07DbrwAAD2Ay7E7rw&rurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dsas%252Cpm%26bee_sync_current_partner%3Dpp%26bee_sync_initiator%3Dadx%26bee_sync_hop_count%3D2 HTTP 302
https://match.prod.bidr.io/cookie-sync?bee_sync_partners=sas%2Cpm&bee_sync_current_partner=pp&bee_sync_initiator=adx&bee_sync_hop_count=2&ev=AADpM07DbrwAAD2Ay7E7rw&pid=558502&do=add HTTP 303
https://rtb-csync.smartadserver.com/redir?partnerid=127&partneruserid=AADpM07DbrwAAD2Ay7E7rw&redirurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dpm%26bee_sync_current_partner%3Dsas%26bee_sync_initiator%3Dadx%26bee_sync_hop_count%3D3%26userid%3DSMART_USER_ID

Request Chain 219

https://sync.1rx.io/usersync2/pubmatic&gdpr=0&gdpr_consent= HTTP 302
https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=8497520098 HTTP 302
https://sync.1rx.io/usersync/tradedesk/22653919-009f-4f9a-864e-eb4e5e5e19ca HTTP 302
https://sync.targeting.unrulymedia.com/csync/RX-02ad0771-8184-4086-b8bb-22d0c98bc07e-003?redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA%3D%26piggybackCookie%3DRX-02ad0771-8184-4086-b8bb-22d0c98bc07e-003 HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=RX-02ad0771-8184-4086-b8bb-22d0c98bc07e-003

Request Chain 220

https://sync.srv.stackadapt.com/sync?nid=11 HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=K9kruCFkQVduyzWEf6gP87nVm6I

Request Chain 221

https://csync.loopme.me/?redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzImdGw9MTI5NjAw&piggybackCookie={device_id}&gdpr=0&gdpr_consent= HTTP 307
https://simage2.pubmatic.com/AdServer/Pug?vcode&gdpr_consent=null&piggybackCookie={device_id}&gdpr=0

Request Chain 222

https://green.erne.co/pubmatic/cm HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4ODQmdGw9MTI5NjAw&piggybackCookie=SvN2ydZyPx4U0IVwRnltX-b7

Request Chain 225

https://trc.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw&piggybackCookie=uid:$UID HTTP 302
https://match.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&tbid=1dd1433c-db56-418d-98af-cfa22feba923-tuct8b0e38e&query=taboola_hm%3D1%26redir%3Dhttps%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw%26piggybackCookie%3Duid%3A%24UID&isDirect=0

Request Chain 228

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=bWmIfJM2RayCmr2MkZLN3g%3D%3D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=bWmIfJM2RayCmr2MkZLN3g%3D%3D&google_tc= HTTP 302
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=

Request Chain 229

https://sync.mathtag.com/sync/img?mt_exid=3&redir=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3FpartnerID%3D27%26partnerUID%3D%5BMM_UUID%5D HTTP 302
https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=6f4c61b7-5e0e-4000-b1c1-d9f603b3b255

Request Chain 230

https://pixel.onaudience.com/?partner=214&mapped=6D69887C-9336-45AC-829A-BD8C9192CDDE HTTP 302
https://sync.crwdcntrl.net/map/c=8587/tp=CLOD?https%3A%2F%2Fpixel.onaudience.com%2F%3Fpartner%3D104%26icm%26cver%26mapped%3D%24%7Bprofile_id%7D HTTP 302
https://sync.crwdcntrl.net/map/ct=y/c=8587/tp=CLOD?https%3A%2F%2Fpixel.onaudience.com%2F%3Fpartner%3D104%26icm%26cver%26mapped%3D%24%7Bprofile_id%7D HTTP 302
https://pixel.onaudience.com/?partner=104&icm&cver&mapped=fcc6b7d9aec90eef210a58a5bcddbe17 HTTP 302
https://match.adsrvr.org/track/cmf/generic?ttd_pid=xksw9la&ttd_tpi=1 HTTP 302
https://pixel.onaudience.com/?partner=147&mapped=22653919-009f-4f9a-864e-eb4e5e5e19ca&icm HTTP 302
https://spl.zeotap.com/?zdid=1332&zcluid=94cc348466ebafa5

Request Chain 231

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=NkQ2OTg4N0MtOTMzNi00NUFDLTgyOUEtQkQ4QzkxOTJDRERF&gdpr=0&gdpr_consent= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=NkQ2OTg4N0MtOTMzNi00NUFDLTgyOUEtQkQ4QzkxOTJDRERF&gdpr=0&gdpr_consent=&google_tc= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=

Request Chain 232

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm&google_sc&gdpr=0&gdpr_consent= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm=&google_sc=&gdpr=0&gdpr_consent=&google_tc= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEGQuGlJ061tnhyezwzzSbY8&google_cver=1

Request Chain 234

https://sync.mathtag.com/sync/img?mt_exid=3&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA%3D%3D%26piggybackCookie%3Duid%3A%5BMM_UUID%5D HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA==&piggybackCookie=uid:8b9d61b7-5e0e-4300-ba0d-feebf75e4e8e&gdpr=0&gdpr_consent=

Request Chain 235

https://match.adsrvr.org/track/cmf/generic?ttd_pid=pubmatic&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=22653919-009f-4f9a-864e-eb4e5e5e19ca

Request Chain 236

https://c1.adform.net/serving/cookie/match?party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COOKIES%20HERE]&gdpr=0&gdpr_consent= HTTP 302
https://c1.adform.net/serving/cookie/match?CC=1&party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COOKIES%20HERE]&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=686955697831082021

Request Chain 237

https://ib.adnxs.com/getuid?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=$UID&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=8877751720064750958&gdpr=0&gdpr_consent=

Request Chain 238

https://pixel.quantserve.com/pixel/p-5aWVS_roA1dVM.gif?idmatch=0&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=yQc-_MpTbK7SUmuvmlRxqMlSaPrSBT3-nlKWEt3B

Request Chain 239

https://ups.analytics.yahoo.com/ups/58292/sync?_origin=1&uid=6D69887C-9336-45AC-829A-BD8C9192CDDE&redir=true&gdpr=0&gdpr_consent= HTTP 302
https://ups.analytics.yahoo.com/ups/58292/sync?_origin=1&uid=6D69887C-9336-45AC-829A-BD8C9192CDDE&redir=true&gdpr=0&gdpr_consent=&verify=true HTTP 302
https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-yOIMZKZE2uVWLZ2dvNonKpG2oMCWnwg-~A&gdpr=0&gdpr_consent=

Request Chain 241

https://x.bidswitch.net/sync?ssp=pubmatic&gdpr=0&gdpr_consent= HTTP 302
https://x.bidswitch.net/ul_cb/sync?ssp=pubmatic&gdpr=0&gdpr_consent= HTTP 302
https://ads.creative-serving.com/bsw_sync?bidswitch_ssp_id=pubmatic&bsw_custom_parameter=1365c82b-edf6-43f3-936a-102b421a5b25 HTTP 302
https://ads.creative-serving.com/ul_cb/bsw_sync?bidswitch_ssp_id=pubmatic&bsw_custom_parameter=1365c82b-edf6-43f3-936a-102b421a5b25 HTTP 302
https://x.bidswitch.net/sync?dsp_id=4&user_id=77f58ace-0989-47ef-92bb-6c269f74c8c6&ssp=pubmatic&expires=30&user_group=5&bsw_param=1365c82b-edf6-43f3-936a-102b421a5b25 HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=1365c82b-edf6-43f3-936a-102b421a5b25&gdpr=&gdpr_consent=&gdpr_pd=

Request Chain 242

https://ad.turn.com/r/cs?pid=1&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=3405951207433908295&gdpr=0&gdpr_consent=&us_privacy=

Request Chain 244

https://pixel-sync.sitescout.com/dmp/pixelSync?nid=3&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5NjkmdGw9MjU5MjAw=&piggybackCookie=no-consent&gdpr=1&gdpr_consent=

Request Chain 245

https://match.adsby.bidtheatre.com/pubmaticmatch?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?piggybackCookie=uid:684377e9-6dec-4e6d-a5e9-7c26fc49d3c0&vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw

Request Chain 246

https://ads.playground.xyz/usersync/apn?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=$UID HTTP 302
https://secure.adnxs.com/getuid?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=$UID HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=8877751720064750958

Request Chain 251

https://cm.g.doubleclick.net/pixel?google_nid=zeotap_ddp&google_cm&zpartnerid=1&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=d3c45572-f3bb-45a6-4f08-50157969e3f9&reqId=1629df10-1e12-42e7-45b0-824325257fc7&zdid=1361 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=zeotap_ddp&google_cm=&zpartnerid=1&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=d3c45572-f3bb-45a6-4f08-50157969e3f9&reqId=1629df10-1e12-42e7-45b0-824325257fc7&zdid=1361&google_tc= HTTP 302
https://mwzeom.zeotap.com/mw?google_gid=CAESENzO5Yk83u3kC32_oRJmo7Y&google_cver=1&zpartnerid=1&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=d3c45572-f3bb-45a6-4f08-50157969e3f9&reqId=1629df10-1e12-42e7-45b0-824325257fc7&zdid=1361

Request Chain 252

https://pixel.tapad.com/idsync/ex/push?partner_url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BTA_DEVICE_ID%7D%26zpartnerid%3D5%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3Dd3c45572-f3bb-45a6-4f08-50157969e3f9%26reqId%3D1629df10-1e12-42e7-45b0-824325257fc7%26zdid%3D1361 HTTP 302
https://pixel.tapad.com/idsync/ex/push/check?partner_url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BTA_DEVICE_ID%7D%26zpartnerid%3D5%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3Dd3c45572-f3bb-45a6-4f08-50157969e3f9%26reqId%3D1629df10-1e12-42e7-45b0-824325257fc7%26zdid%3D1361 HTTP 302
https://mwzeom.zeotap.com/mw?cid=811f9729-98db-4b92-967b-02041522fad0&zpartnerid=5&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=d3c45572-f3bb-45a6-4f08-50157969e3f9&reqId=1629df10-1e12-42e7-45b0-824325257fc7&zdid=1361

Request Chain 254

https://match.adsrvr.org/track/cmf/generic?ttd_pid=2xlgrzl&ttd_tpi=1&ttd_puid=env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3Dd3c45572-f3bb-45a6-4f08-50157969e3f9%26reqId%3D1629df10-1e12-42e7-45b0-824325257fc7%26zdid%3D1361 HTTP 302
https://mwzeom.zeotap.com/mw?cid=22653919-009f-4f9a-864e-eb4e5e5e19ca&zpartnerid=6&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=d3c45572-f3bb-45a6-4f08-50157969e3f9&reqId=1629df10-1e12-42e7-45b0-824325257fc7&zdid=1361

Request Chain 258

https://sync.tidaltv.com/genericusersync.ashx?dpid=3169&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=d3c45572-f3bb-45a6-4f08-50157969e3f9&reqId=1629df10-1e12-42e7-45b0-824325257fc7&zdid=1361 HTTP 302
https://sync.tidaltv.com/genericusersync.ashx?dpid=3169&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=d3c45572-f3bb-45a6-4f08-50157969e3f9&reqId=1629df10-1e12-42e7-45b0-824325257fc7&zdid=1361&s_h=1 HTTP 302
https://mwzeom.zeotap.com/mw?cid=da823595-6cb7-4bfe-b62e-f024360f41e6&zpartnerid=317&gdpr=1&gdpr_consent=

Request Chain 259

https://dpm.demdex.net/ibs:dpid=199624&dpuuid=d3c45572-f3bb-45a6-4f08-50157969e3f9&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BDD_UUID%7D%26zpartnerid%3D314%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3Dd3c45572-f3bb-45a6-4f08-50157969e3f9%26reqId%3D1629df10-1e12-42e7-45b0-824325257fc7%26zdid%3D1361 HTTP 302
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=199624&dpuuid=d3c45572-f3bb-45a6-4f08-50157969e3f9&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BDD_UUID%7D%26zpartnerid%3D314%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3Dd3c45572-f3bb-45a6-4f08-50157969e3f9%26reqId%3D1629df10-1e12-42e7-45b0-824325257fc7%26zdid%3D1361 HTTP 302
https://mwzeom.zeotap.com/mw?cid=41422844723829990031445744553350014138&zpartnerid=314&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=d3c45572-f3bb-45a6-4f08-50157969e3f9&reqId=1629df10-1e12-42e7-45b0-824325257fc7&zdid=1361

Request Chain 261

https://bn01.er.bemail.it/zeotap.php?_bid=d3c45572-f3bb-45a6-4f08-50157969e3f9&_from=Zeotap&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=d3c45572-f3bb-45a6-4f08-50157969e3f9&reqId=1629df10-1e12-42e7-45b0-824325257fc7&zdid=1361 HTTP 302
https://mwzeom.zeotap.com/mw?cid=BE1-2021121315-56558-0.709730001639407111-10cbd0b622a0e1e36f4aa91566d585c0&zdid=533&env=mWeb

Request Chain 262

https://dsp.adfarm1.adition.com/cookie/?redirect=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%25%25COOKIE%25%25%26env%3DmWeb%26zpartnerid%3D563%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3Dd3c45572-f3bb-45a6-4f08-50157969e3f9%26reqId%3D1629df10-1e12-42e7-45b0-824325257fc7%26zdid%3D1361 HTTP 302
https://mwzeom.zeotap.com/mw?cid=7041199956690729112&env=mWeb&zpartnerid=563&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=d3c45572-f3bb-45a6-4f08-50157969e3f9&reqId=1629df10-1e12-42e7-45b0-824325257fc7&zdid=1361

Request Chain 263

https://pixel.tapad.com/idsync/ex/receive?partner_id=2885&partner_device_id=d3c45572-f3bb-45a6-4f08-50157969e3f9 HTTP 302
https://pixel.tapad.com/idsync/ex/receive/check?partner_id=2885&partner_device_id=d3c45572-f3bb-45a6-4f08-50157969e3f9

Request Chain 264

https://idsync.frontend.weborama.fr/ids?key=zeotap&value=d3c45572-f3bb-45a6-4f08-50157969e3f9&url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fwebouuid%3D%7BWEBO_CID%7D%26env%3DmWeb%26zpartnerid%3D431%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3Dd3c45572-f3bb-45a6-4f08-50157969e3f9%26reqId%3D1629df10-1e12-42e7-45b0-824325257fc7%26zdid%3D1361 HTTP 302
https://idsync.frontend.weborama.fr/ids?key=zeotap&value=d3c45572-f3bb-45a6-4f08-50157969e3f9&url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fwebouuid%3D%7BWEBO_CID%7D%26env%3DmWeb%26zpartnerid%3D431%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3Dd3c45572-f3bb-45a6-4f08-50157969e3f9%26reqId%3D1629df10-1e12-42e7-45b0-824325257fc7%26zdid%3D1361&bounce=1&random=2559819089 HTTP 302
https://mwzeom.zeotap.com/mw?webouuid=0KR94CXwjAL/AggskIq54O&env=mWeb&zpartnerid=431&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=d3c45572-f3bb-45a6-4f08-50157969e3f9&reqId=1629df10-1e12-42e7-45b0-824325257fc7&zdid=1361

Request Chain 266

https://bcp.crwdcntrl.net/map/c=13620/tp=ZEOT/tpid=d3c45572-f3bb-45a6-4f08-50157969e3f9?https://mwzeom.zeotap.com/mw?pid=${profile_id}&zpartnerid=637&env=mWeb&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=d3c45572-f3bb-45a6-4f08-50157969e3f9&reqId=1629df10-1e12-42e7-45b0-824325257fc7&zdid=1361 HTTP 302
https://bcp.crwdcntrl.net/map/ct=y/c=13620/tp=ZEOT/tpid=d3c45572-f3bb-45a6-4f08-50157969e3f9?https://mwzeom.zeotap.com/mw?pid=${profile_id}&zpartnerid=637&env=mWeb&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=d3c45572-f3bb-45a6-4f08-50157969e3f9&reqId=1629df10-1e12-42e7-45b0-824325257fc7&zdid=1361 HTTP 302
https://mwzeom.zeotap.com/mw?pid=fcc6b7d9aec90eef210a58a5bcddbe17&zpartnerid=637&env=mWeb&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=d3c45572-f3bb-45a6-4f08-50157969e3f9&reqId=1629df10-1e12-42e7-45b0-824325257fc7&zdid=1361

Request Chain 267

https://cms.analytics.yahoo.com/cms?partner_id=ZTAP HTTP 302
https://mwzeom.zeotap.com/mw?cid=y-zWAvthpE2ool6GOMIQOQCvR4IZ4npTlRqQ--~A&zpartnerid=570&env=mWeb

Request Chain 268

https://aa.agkn.com/adscores/g.pixel?sid=9212299398&zctry=DEU&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=d3c45572-f3bb-45a6-4f08-50157969e3f9&reqId=1629df10-1e12-42e7-45b0-824325257fc7&zdid=1361 HTTP 302
https://mwzeom.zeotap.com/mw?zpartnerid=660&env=mWeb&zctry=DEU&zdid=1361&cid=7%2Bfx6CegwCZmDIqWL4SO9ZaPSND78s8Q%2BS41iYitP1U%3D

Request Chain 273

https://pixel.mathtag.com/sync/img?mt_exid=10092&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%5BMM_UUID%5D%26env%3DmWeb%26zpartnerid%3D979%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3Dd3c45572-f3bb-45a6-4f08-50157969e3f9%26reqId%3D1629df10-1e12-42e7-45b0-824325257fc7%26zdid%3D1361 HTTP 302
https://mwzeom.zeotap.com/mw?cid=8b9d61b7-5e0e-4300-ba0d-feebf75e4e8e&env=mWeb&zpartnerid=979&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=d3c45572-f3bb-45a6-4f08-50157969e3f9&reqId=1629df10-1e12-42e7-45b0-824325257fc7&zdid=1361

Request Chain 274

https://usermatch.krxd.net/um/v2?partner=zeotap&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=d3c45572-f3bb-45a6-4f08-50157969e3f9&reqId=1629df10-1e12-42e7-45b0-824325257fc7&zdid=1361 HTTP 302
https://beacon.krxd.net/usermatch.gif?kuid_status=new&partner=zeotap&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=d3c45572-f3bb-45a6-4f08-50157969e3f9&reqId=1629df10-1e12-42e7-45b0-824325257fc7&zdid=1361

Request Chain 275

https://aax-eu.amazon-adsystem.com/s/dcm?pid=cda341cb-196c-4da8-897b-752ce4bb588d&id=d3c45572-f3bb-45a6-4f08-50157969e3f9&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=d3c45572-f3bb-45a6-4f08-50157969e3f9&reqId=1629df10-1e12-42e7-45b0-824325257fc7&zdid=1361 HTTP 302
https://aax-eu.amazon-adsystem.com/s/dcm?pid=cda341cb-196c-4da8-897b-752ce4bb588d&id=d3c45572-f3bb-45a6-4f08-50157969e3f9&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=d3c45572-f3bb-45a6-4f08-50157969e3f9&reqId=1629df10-1e12-42e7-45b0-824325257fc7&zdid=1361&dcc=t

Request Chain 276

https://tags.bluekai.com/site/87734?id=d3c45572-f3bb-45a6-4f08-50157969e3f9&gdpr=1&gdpr_consent=&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D1202%26env%3DmWeb%26cid%3D%24_BK_UUID%26BK_SWAP_DEST%3D87734&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=d3c45572-f3bb-45a6-4f08-50157969e3f9&reqId=1629df10-1e12-42e7-45b0-824325257fc7&zdid=1361 HTTP 302
https://mwzeom.zeotap.com/mw?zpartnerid=1202&env=mWeb&cid=$_BK_UUID&BK_SWAP_DEST=87734

Request Chain 277

https://obgpm76tt0a0sgogzhdfe.redinuid.imrworldwide.com/zeo?url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D1395%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3Dd3c45572-f3bb-45a6-4f08-50157969e3f9%26reqId%3D1629df10-1e12-42e7-45b0-824325257fc7%26zdid%3D1361 HTTP 302
https://mwzeom.zeotap.com/mw?zpartnerid=1395&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=d3c45572-f3bb-45a6-4f08-50157969e3f9&reqId=1629df10-1e12-42e7-45b0-824325257fc7&zdid=1361

Request Chain 281

https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=YbdeDr6Zg-VHPqDI-_eGlQAABJMAAAAB&gdpr_consent=&us_privacy=&gdpr=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm=&google_hm=YbdeDr6Zg-VHPqDI-_eGlQAABJMAAAAB&gdpr_consent=&us_privacy=&gdpr=1&google_tc= HTTP 302
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=1&google_gid=CAESEO5B1yGST6msGZAzUe7r7Is&google_cver=1

Request Chain 282

https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D&gdpr=1 HTTP 302
https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=YbdeDr6Zg.VHPqDI.-eGlQAA HTTP 302
https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=casale_media2_dbm&google_cm=&google_sc=&google_hm=YbdeDr6Zg.VHPqDI.-eGlQAA&google_tc= HTTP 302
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEAGO5U-k1oHdQCeW_6xOPuc&google_cver=1&gdpr=1&google_hm=2

Request Chain 283

https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YbdeDr6Zg-VHPqDI-_eGlQAABJMAAAAB HTTP 302
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YbdeDr6Zg-VHPqDI-_eGlQAABJMAAAAB&dcc=t

Request Chain 287

https://p.rfihub.com/cm?in=1&pub=2079&gdpr=1 HTTP 302
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=57&external_user_id=5142336719120101289

Request Chain 290

https://token.rubiconproject.com/token?pid=2249&pt=n HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=Y2Y0N2IyN2JlYjhhMGM4NmMxMTlmMTA1NDczYTU2MjlmMGQwNWFlNg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=Y2Y0N2IyN2JlYjhhMGM4NmMxMTlmMTA1NDczYTU2MjlmMGQwNWFlNg&google_tc=

Request Chain 291

https://token.rubiconproject.com/token?pid=25470 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1g0U080RTUtMjItTDZNRg== HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1g0U080RTUtMjItTDZNRg==&google_tc=

Request Chain 294

https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm&google_sc HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm=&google_sc=&google_tc= HTTP 302
https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEN0fgGMv3k0WVXZa4nrvhZU&google_cver=1

Request Chain 295

https://sync.mathtag.com/sync/img?mt_exid=9&redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D4222%26nid%3D1512%26put%3D%5BMM_UUID%5D HTTP 302
https://pixel.rubiconproject.com/tap.php?v=4222&nid=1512&put=8b9d61b7-5e0e-4300-ba0d-feebf75e4e8e&expires=28

Request Chain 297

https://token.rubiconproject.com/token?pid=2974&pt=n&a=1 HTTP 302
https://pr-bh.ybp.yahoo.com/sync/rubicon/ocdlAD0y8FEbJ4Hviv1khMn5EUdSAgOZEtemQ7w0kco?csrc= HTTP 302
https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=7765981465656487839

Request Chain 309

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=250&slotname=Internal_300x250_0.10&adk=1639670682&adf=1174745092&pi=t.ma~as.Internal_300x250_0._&w=300&fwrn=3&lmt=1639407119&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F125409%2Fmalware%2Fmoobot-botnet-hikvision.html&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639407118848&bpp=4&bdt=232&idt=248&shv=r20211207&mjsv=m202112060101&ptt=5&saldr=sa&correlator=430915082853&frm=21&ife=1&pv=1&ga_vid=182916415.1639407118&ga_sid=1639407119&ga_hid=1876468440&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=3222&biw=1600&bih=1200&isw=300&ish=250&ifk=3515594697&scr_x=0&scr_y=0&eid=31063793%2C31063246%2C31062931&oid=2&pvsid=3563385897914018&pem=700&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C250&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.lhhzhtowcjxd&btvi=1&fsb=1&xpc=hNBDY37V4l&p=https%3A//securityaffairs.co&dtd=256 HTTP 302
https://served-by.pixfuture.com/www/delivery/afr.php

Request Chain 378

https://pixfuture-inv-nyc.admixer.net/adxcm.aspx?gdpr=&gdpr_consent=&us_privacy=&redir=1&rurl=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Dadmixeropenrtb%26gdpr%3D%26gdpr_consent%3D%26f%3Di%26uid%3D%24%24visitor_cookie%24%24 HTTP 302
https://prebidserver.pixfuture.com:8000/setuid?bidder=admixeropenrtb&gdpr=&gdpr_consent=&f=i&uid=7e215b60286842349376b570ea57da0d

Request Chain 380

https://dsp.adfarm1.adition.com/cookie/?ssp=2&google_gid=CAESEBX1_-BAVI0wt_EPW7Aeg0c&google_cver=1&google_push=AYg5qPKywRWpmZqIA8B60S4s3pCyMbCPaTONdkMoEYDng3wPH8haxMoJ6zENTto7qNbOvG1LiWdOnWpwMOa0nRtuHrWsDAqro-_BZg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzA0MTE5OTk1NjY5MDcyOTExMg%3D%3D&google_push=AYg5qPKywRWpmZqIA8B60S4s3pCyMbCPaTONdkMoEYDng3wPH8haxMoJ6zENTto7qNbOvG1LiWdOnWpwMOa0nRtuHrWsDAqro-_BZg

Request Chain 381

https://tracking.m6r.eu/sync/adxRedirect?gdprFallback=true&google_gid=&google_gid=CAESEPaRYL4sK96l-ki26SYxMpw&google_cver=1&google_push=AYg5qPK5pAo2eLE_6syZYYCEmCwb3a6dn4KIlw_shrsVbeA3F0uDn3ATCOQoTq-Qf9VNpZ2kyHrigxMZMCsF4X888qZ_uE9ysPlrtA HTTP 302
https://tracking.m6r.eu/sync/adxRedirect?gdprFallback=true&google_gid=&google_gid=CAESEPaRYL4sK96l-ki26SYxMpw&google_cver=1&google_push=AYg5qPK5pAo2eLE_6syZYYCEmCwb3a6dn4KIlw_shrsVbeA3F0uDn3ATCOQoTq-Qf9VNpZ2kyHrigxMZMCsF4X888qZ_uE9ysPlrtA&checkcookies=true HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=m6r&google_ula=158217889&google_hm=cJLLszGq1ob5gbhX8s_iMg&google_push=AYg5qPK5pAo2eLE_6syZYYCEmCwb3a6dn4KIlw_shrsVbeA3F0uDn3ATCOQoTq-Qf9VNpZ2kyHrigxMZMCsF4X888qZ_uE9ysPlrtA

Request Chain 382

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEErhmlgPqXYoxW4FRk4ApuY&google_cver=1&google_push=AYg5qPKsi7uou0y7VfLnEYB9IjJ-o5VP81xE62OqgKV6pV0W8LpRy7FXwawgm14ZTHxtNaKOwc5bgQgIS6XvERgR3lq8DQ_ZWjCZGA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=bWmIfJM2RayCmr2MkZLN3g%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPKsi7uou0y7VfLnEYB9IjJ-o5VP81xE62OqgKV6pV0W8LpRy7FXwawgm14ZTHxtNaKOwc5bgQgIS6XvERgR3lq8DQ_ZWjCZGA

Request Chain 383

https://sync.srv.stackadapt.com/sync?nid=154&google_gid=CAESEEXw4Qb8BJSD8_cn9O79i14&google_cver=1&google_push=AYg5qPKNFLtGeFj1F7hVi19i71iXS0Eop1c2m5ajOhgMS_Y-QuDAXjfgJwKFULmM7HuAPiTmxsYNqJz0RIDE4_ipSyu1ugUo1OXt HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=stackadapt_usd&google_hm=K9kruCFkQVduyzWEf6gP87nVm6I&google_push=AYg5qPKNFLtGeFj1F7hVi19i71iXS0Eop1c2m5ajOhgMS_Y-QuDAXjfgJwKFULmM7HuAPiTmxsYNqJz0RIDE4_ipSyu1ugUo1OXt

Request Chain 384

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEHt3q0YJNVqxTYCSXXfkUOE&google_cver=1&google_push=AYg5qPJUT83xyenRBT5XMe5WROyWgQ5nvj2LapnNSpHeLmxtimBIigF0Sne-xqOEILS65MfoHp4Cre_un7JmvlPpHNUombTmja-nGQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1g0U080RTUtMjItTDZNRg==&google_push=AYg5qPJUT83xyenRBT5XMe5WROyWgQ5nvj2LapnNSpHeLmxtimBIigF0Sne-xqOEILS65MfoHp4Cre_un7JmvlPpHNUombTmja-nGQ

Request Chain 385

https://sync.inmobi.com/gob?google_gid=CAESEAZoeKdH-hTKTejVCokPM-A&google_cver=1&google_push=AYg5qPKKxLA3m1blqcpbZRmcUuX3X68Z3TfImk-YfcboW9g467YMYFGX7Zk1vWPZE9EALyFlJqSqhVl_Sry1zcAruejf7XRKaUepTVE HTTP 302
https://id5-sync.com/i/495/0.gif?callback=https%3A%2F%2Fsync.inmobi.com%2FgobRedirectFromId5%3Fid%3D%7BID5UID%7D%26gdpr_consent%3D%26gdpr%3D&gdpr_consent=&gdpr= HTTP 302
https://id5-sync.com/c/495/0/0/1.gif?gdpr=1&gdpr_consent=

Request Chain 387

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 388

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENaIhVBelTsSWf61r3bGTf8&google_cver=1

Request Chain 389

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YbdeDr6Zg.VHPqDI.-eGlQAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENaIhVBelTsSWf61r3bGTf8&google_cver=1&google_hm=2

Request Chain 390

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESECelUDk-EL8H9V0RTpZOx88&google_cver=1

Request Chain 391

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODg3Nzc1MTcyMDA2NDc1MDk1OA%3D%3D

Request Chain 396

https://dmp.adform.net/serving/cookie/match/?party=1003&gdpr=0&gdpr_consent= HTTP 302
https://a.audrte.com/a?adform_uid=686955697831082021 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=ar101281&google_cm&red=eyJ1IjoiaHR0cHM6Ly9hLmF1ZHJ0ZS5jb206NDQzL3AiLCJkIjpbeyJuYW1lIjoiZXllb3RhIn1dfQ%3D%3D&gdpr=0&gdpr_consent= HTTP 302
https://a.audrte.com/g?red=eyJ1IjoiaHR0cHM6Ly9hLmF1ZHJ0ZS5jb206NDQzL3AiLCJkIjpbeyJuYW1lIjoiZXllb3RhIn1dfQ%3D%3D&gdpr=0&gdpr_consent=&google_gid=CAESEFUsCklILvDj4eQX0EPGVH8&google_cver=1 HTTP 302
https://ps.eyeota.net/match?bid=kh51m51&uid=c2hPhaoFXkyQbG-mHz7ZBzgWQ&gdpr=0&gdpr_consent=

Request Chain 398

https://cm.g.doubleclick.net/pixel?google_nid=ar101281&google_cm&red=eyJ1IjoiaHR0cHM6Ly9hLmF1ZHJ0ZS5jb206NDQzL3AiLCJkIjpbXX0%3D&ar_id=c2hPhaoFXkyQbG-mHz7ZBzgWQ&gdpr=0&gdpr_consent= HTTP 302
https://a.audrte.com/g?red=eyJ1IjoiaHR0cHM6Ly9hLmF1ZHJ0ZS5jb206NDQzL3AiLCJkIjpbXX0%3D&ar_id=c2hPhaoFXkyQbG-mHz7ZBzgWQ&gdpr=0&gdpr_consent=&google_gid=CAESEFUsCklILvDj4eQX0EPGVH8&google_cver=1 HTTP 302
https://a.audrte.com/p

Request Chain 405

https://um.simpli.fi/gp_match?google_gid=CAESEIa0u0wTgOsj0aW5P2rILlg&google_cver=1&google_push=AYg5qPIm85TgIJ7sVrwXt5YgkuJzRifj49Hx6B5d-h2tUoHJNxxe7rsbk4WQKhCuWdAgSHj2trZad_yf3YndPawXBsZL8zemtw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=DFF88AA1811B4641851BEAA2ED49BFE9&google_push=AYg5qPIm85TgIJ7sVrwXt5YgkuJzRifj49Hx6B5d-h2tUoHJNxxe7rsbk4WQKhCuWdAgSHj2trZad_yf3YndPawXBsZL8zemtw

Request Chain 406

https://px.ads.linkedin.com/setuid?partner=googleadxdb&google_gid=CAESEEbDOjsaM9IVe6Audfx02vk&google_cver=1&google_push=AYg5qPK5-39IHsipK9Lfys44soV7xpXuWk2_2VWIwqR_2Yzagfg1-j0cc4S1LFTeSr5ooEFfGfAEOUMuKbHDnuadqMzTMEs5eaE HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=linkedin&google_push=AYg5qPK5-39IHsipK9Lfys44soV7xpXuWk2_2VWIwqR_2Yzagfg1-j0cc4S1LFTeSr5ooEFfGfAEOUMuKbHDnuadqMzTMEs5eaE

Request Chain 408

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEAm6GYDtN33nlKFl7OVsaIQ&google_cver=1&google_push=AYg5qPKSaAMP7acpEcRlSJOdF8O6wtt5NFX_jzDM0d8D4WbU7lN_6YkWCu-lnmrxCo9bUdbRlyp-k4qE1j8cE_HxOMSGLBWQQyU HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=bWmIfJM2RayCmr2MkZLN3g%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPKSaAMP7acpEcRlSJOdF8O6wtt5NFX_jzDM0d8D4WbU7lN_6YkWCu-lnmrxCo9bUdbRlyp-k4qE1j8cE_HxOMSGLBWQQyU

Request Chain 409

https://sync.srv.stackadapt.com/sync?nid=154&google_gid=CAESENDzbUD4s6-_-Y7jBD12KH8&google_cver=1&google_push=AYg5qPKR4yIqvh6QsN8zCKOtTtmEK4P49JHDfX1T8vFlTeX5zId7SXf2lzOOJynfXr4snKWf0etGquI7zX5kSBRyOu9YE0EGeXc HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=stackadapt_usd&google_hm=K9kruCFkQVduyzWEf6gP87nVm6I&google_push=AYg5qPKR4yIqvh6QsN8zCKOtTtmEK4P49JHDfX1T8vFlTeX5zId7SXf2lzOOJynfXr4snKWf0etGquI7zX5kSBRyOu9YE0EGeXc

Request Chain 410

https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEFth3YF3lohK6gcMpyNUKrI&google_cver=1&google_push=AYg5qPLXUI6Na8fCr8-xhk9CBku51ULp4Gf45yfRR-wehivxMltkZIf6XmJX97uHTz_i_qofv2eB_AVg1wg-yKX6jawx7tiaNwE HTTP 307
https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEFth3YF3lohK6gcMpyNUKrI&google_cver=1&google_push=AYg5qPLXUI6Na8fCr8-xhk9CBku51ULp4Gf45yfRR-wehivxMltkZIf6XmJX97uHTz_i_qofv2eB_AVg1wg-yKX6jawx7tiaNwE&sovrn_retry=true HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AYg5qPLXUI6Na8fCr8-xhk9CBku51ULp4Gf45yfRR-wehivxMltkZIf6XmJX97uHTz_i_qofv2eB_AVg1wg-yKX6jawx7tiaNwE&google_hm=91ea6ffaf83d7a3368eb33d4

Request Chain 411

https://s.ad.smaato.net/c/n///-?adNetInit=g&google_gid=CAESEPFjGKfP9qoeIBu44sXuBDw&google_cver=1&google_push=AYg5qPJHlfZl_cUw7VdU0tY2tEyZQ7_X9u1Bk5X01i5texaJI27bqbrgEZnktO6GN_Am9POmWoLxJDudCiQo7-EnpUGyGGNNpQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=AYg5qPJHlfZl_cUw7VdU0tY2tEyZQ7_X9u1Bk5X01i5texaJI27bqbrgEZnktO6GN_Am9POmWoLxJDudCiQo7-EnpUGyGGNNpQ

Request Chain 456

https://dpm.demdex.net/ibs:dpid=121998&dpuuid=fcc6b7d9aec90eef210a58a5bcddbe17&redir=https%3A%2F%2Fsync.crwdcntrl.net%2Fmap%2Fc%3D9828%2Ftp%3DADBE%2Ftpid%3D%24%7BDD_UUID%7D HTTP 302
https://sync.crwdcntrl.net/map/c=9828/tp=ADBE/tpid=41422844723829990031445744553350014138

Request Chain 459

https://sync.mathtag.com/sync/img?sync=auto&mt_exid=10040&redir=https%3A%2F%2Fsync.crwdcntrl.net%2Fqmap%3Fc%3D4735%26tp%3DMDMA%26tpid%3D%5BMM_UUID%5D HTTP 302
https://sync.crwdcntrl.net/qmap?c=4735&tp=MDMA&tpid=8b9d61b7-5e0e-4300-ba0d-feebf75e4e8e

Request Chain 461

https://d.turn.com/r/dd/id/L2NzaWQvMS9jaWQvMzQ4ODM4MC90LzI/dpuid/fcc6b7d9aec90eef210a58a5bcddbe17/url/https://sync.crwdcntrl.net/map/c=10915/tp=TRNN/tpid=$!%7BTURN_UUID%7D HTTP 302
https://sync.crwdcntrl.net/map/c=10915/tp=TRNN/tpid=3405951207433908295

445 HTTP transactions
18 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 MBE9JJENv7
t.co/ 398 B
662 B 148ms
132ms Document
text/html 104.244.42.133
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://t.co/MBE9JJENv7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.133 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=0
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

date: Mon, 13 Dec 2021 14:51:54 GMT
vary: Origin
server: tsa_o
expires: Mon, 13 Dec 2021 14:56:55 GMT
content-type: text/html; charset=utf-8
cache-control: private,max-age=300
content-length: 227
content-encoding: gzip
x-xss-protection: 0
strict-transport-security: max-age=0
x-response-time: 125
x-connection-hash: fb20a20a0071d709bf6bc0e9ee7e494e8f71edd6ebe46743ed02a24c4c2a9fb2

GET
H2 200 Primary Request moobot-botnet-hikvision.html Show response
securityaffairs.co/wordpress/125409/malware/ 95 KB
25 KB 1038ms
999ms Document
text/html 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/125409/malware/moobot-botnet-hikvision.html
Requested by: Host: t.co
URL: https://t.co/MBE9JJENv7
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: c792a063064d4372ce9947d49d3d4012fe7e703b5ae2382990094ab5c233c0ba

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://t.co/

Response headers

content-type: text/html; charset=UTF-8
date: Mon, 13 Dec 2021 14:51:55 GMT
server: Apache
x-pingback: https://securityaffairs.co/wordpress/xmlrpc.php
link: <https://securityaffairs.co/wordpress/wp-json/>; rel="https://api.w.org/", <https://securityaffairs.co/wordpress/wp-json/wp/v2/posts/125409>; rel="alternate"; type="application/json", <https://securityaffairs.co/wordpress/?p=125409>; rel=shortlink
content-encoding: gzip

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 90 KB
36 KB 163ms
78ms Script
application/javascript 2a00:1450:4001:80e::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-59069958-1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/125409/malware/moobot-botnet-hikvision.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

923013054eef1a122e7223144f5989bb905afc34fd55de7100c4b203bba226ed

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 14:51:56 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36248
x-xss-protection: 0
last-modified: Mon, 13 Dec 2021 12:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 13 Dec 2021 14:51:56 GMT

GET
H2 200 style.css
securityaffairs.co/wordpress/wp-includes/css/dist/block-library/ 91 KB
91 KB 33ms
32ms Stylesheet
text/css 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-includes/css/dist/block-library/style.css?ver=a28b0e9b2cdbb1f5240bb81b525eda0e
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/125409/malware/moobot-botnet-hikvision.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 175437ab2d5703d39c01d0f479b19f9b1569bfb2cf43dca8cbf30ff962f0f48b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/wordpress/125409/malware/moobot-botnet-hikvision.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 14:51:56 GMT
last-modified: Fri, 23 Jul 2021 22:11:52 GMT
server: Apache
accept-ranges: bytes
etag: "16cb1-5c7d1b0db415e"
content-length: 93361
content-type: text/css

GET
H2 200 mediaelementplayer-legacy.min.css
securityaffairs.co/wordpress/wp-includes/js/mediaelement/ 11 KB
11 KB 30ms
28ms Stylesheet
text/css 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css?ver=4.2.16
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/125409/malware/moobot-botnet-hikvision.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: b7908a015a567ec2363011df2475368dbff34360e9da3fdff50604d6395fb646

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/wordpress/125409/malware/moobot-botnet-hikvision.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 14:51:56 GMT
last-modified: Wed, 09 Dec 2020 23:31:00 GMT
server: Apache
accept-ranges: bytes
etag: "2bf8-5b61073af996a"
content-length: 11256
content-type: text/css

GET
H2 200 wp-mediaelement.css
securityaffairs.co/wordpress/wp-includes/js/mediaelement/ 5 KB
5 KB 34ms
30ms Stylesheet
text/css 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-includes/js/mediaelement/wp-mediaelement.css?ver=a28b0e9b2cdbb1f5240bb81b525eda0e
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/125409/malware/moobot-botnet-hikvision.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 6d9f061cba81145d9bab0964192d66cb2e13a71591482cdfaf5b718341171da1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/wordpress/125409/malware/moobot-botnet-hikvision.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 14:51:56 GMT
last-modified: Wed, 13 Nov 2019 23:52:08 GMT
server: Apache
accept-ranges: bytes
etag: "1360-597430d7ee92b"
content-length: 4960
content-type: text/css

GET
H2 200 cookie-law-info-public.css
securityaffairs.co/wordpress/wp-content/plugins/cookie-law-info/public/css/ 3 KB
3 KB 51ms
47ms Stylesheet
text/css 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/plugins/cookie-law-info/public/css/cookie-law-info-public.css?ver=2.0.6
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/125409/malware/moobot-botnet-hikvision.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: b8fa20af264fcdd99621fc4e3a770927452b0fe382599e0d890a3bfa31152f80

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/wordpress/125409/malware/moobot-botnet-hikvision.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 14:51:56 GMT
last-modified: Wed, 29 Sep 2021 22:16:12 GMT
server: Apache
accept-ranges: bytes
etag: "c25-5cd29ad8a380c"
content-length: 3109
content-type: text/css

GET
H2 200 cookie-law-info-gdpr.css
securityaffairs.co/wordpress/wp-content/plugins/cookie-law-info/public/css/ 28 KB
28 KB 54ms
50ms Stylesheet
text/css 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/plugins/cookie-law-info/public/css/cookie-law-info-gdpr.css?ver=2.0.6
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/125409/malware/moobot-botnet-hikvision.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 1523ddaa632d195a1240668fb5c6870519e3cdfeabd5a346141bcbb03222e2e7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/wordpress/125409/malware/moobot-botnet-hikvision.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 14:51:56 GMT
last-modified: Wed, 29 Sep 2021 22:16:12 GMT
server: Apache
accept-ranges: bytes
etag: "7045-5cd29ad8a380c"
content-length: 28741
content-type: text/css

GET
H2 200 font-awesome.min.css
maxcdn.bootstrapcdn.com/font-awesome/4.3.0/css/ 23 KB
6 KB 43ms
23ms Stylesheet
text/css 2606:4700::6812:acf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://maxcdn.bootstrapcdn.com/font-awesome/4.3.0/css/font-awesome.min.css?ver=a28b0e9b2cdbb1f5240bb81b525eda0e

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/125409/malware/moobot-botnet-hikvision.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:acf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

541ac58217a8ade1a5e292a65a0661dc9db7a49ae13654943817a4fbc6761afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 14:51:56 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
cdn-edgestorageid: 632, 617, 617
age: 2826113
cdn-cachedat: 2021-06-08 21:08:57
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
timing-allow-origin: *
access-control-allow-origin: *
last-modified: Mon, 25 Jan 2021 22:04:54 GMT
server: cloudflare
cdn-requestpullcode: 200
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
cdn-cache: HIT
vary: Accept-Encoding
cache-control: public, max-age=31919000
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestid: e3e393e411938bd4fa9f5d397d6fefc4
cf-ray: 6bd0036f3cba42c9-FRA
cdn-requestcountrycode: DE
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 custom.css
securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/jqueryui/ 19 KB
20 KB 32ms
28ms Stylesheet
text/css 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/jqueryui/custom.css?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/125409/malware/moobot-botnet-hikvision.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: e89bbc7723c5114f9cf138c6019bbca4e4f5e13f6b9febaa38c92c4c3584a964

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/wordpress/125409/malware/moobot-botnet-hikvision.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 14:51:56 GMT
last-modified: Wed, 16 Dec 2015 13:54:59 GMT
server: Apache
accept-ranges: bytes
etag: "4d92-52704407f72c0"
content-length: 19858
content-type: text/css

GET
H2 200 tipsy.css
securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/ 539 B
683 B 32ms
29ms Stylesheet
text/css 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/tipsy.css?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/125409/malware/moobot-botnet-hikvision.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 8d732b3483eb44546a848a82cc9d6a584c81860aae7255f7ac589dcb3f130535

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/wordpress/125409/malware/moobot-botnet-hikvision.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 14:51:56 GMT
last-modified: Wed, 16 Dec 2015 06:58:04 GMT
server: Apache
accept-ranges: bytes
etag: "21b-526fe6d7cd700"
content-length: 539
content-type: text/css

GET
H2 200 flexslider.css
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/flexslider/ 6 KB
6 KB 54ms
50ms Stylesheet
text/css 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/flexslider/flexslider.css?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/125409/malware/moobot-botnet-hikvision.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 759949fb0ffaa47eb3755d704adfee7be3ab4fd3d3fa2f37381ca6ea8b9506b1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/wordpress/125409/malware/moobot-botnet-hikvision.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 14:51:56 GMT
last-modified: Wed, 16 Dec 2015 13:55:09 GMT
server: Apache
accept-ranges: bytes
etag: "1851-5270441180940"
content-length: 6225
content-type: text/css

GET
H2 200 animation.css
securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/ 2 KB
2 KB 54ms
24ms Stylesheet
text/css 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/animation.css?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/125409/malware/moobot-botnet-hikvision.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 2333802e4a0c86b4cc4c71b376fc0aedc3b03039bfc777d96105f82231215732

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/wordpress/125409/malware/moobot-botnet-hikvision.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 14:51:56 GMT
last-modified: Wed, 16 Dec 2015 06:58:02 GMT
server: Apache
accept-ranges: bytes
etag: "6b4-526fe6d5e5280"
content-length: 1716
content-type: text/css

GET
H2 200 font-awesome.min.css
securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/ 17 KB
18 KB 89ms
55ms Stylesheet
text/css 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/font-awesome.min.css?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/125409/malware/moobot-botnet-hikvision.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: b12c1cd811f54d11bfdcb5e235e73934a8b8a7a85eafb8529117f9a5bb64ccf8

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/wordpress/125409/malware/moobot-botnet-hikvision.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 14:51:56 GMT
last-modified: Wed, 16 Dec 2015 06:58:02 GMT
server: Apache
accept-ranges: bytes
etag: "4574-526fe6d5e5280"
content-length: 17780
content-type: text/css

GET
H2 200 swipebox.css
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/ 4 KB
5 KB 90ms
56ms Stylesheet
text/css 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/swipebox.css?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/125409/malware/moobot-botnet-hikvision.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 9a47abcc220084cd32dd51bd76f84ff7839e2dbf1a132fb970e8a1437f03726b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/wordpress/125409/malware/moobot-botnet-hikvision.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 14:51:56 GMT
last-modified: Wed, 16 Dec 2015 06:58:18 GMT
server: Apache
accept-ranges: bytes
etag: "118d-526fe6e527680"
content-length: 4493
content-type: text/css

GET
H2 200 jquery.circliful.css
securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/ 334 B
478 B 98ms
65ms Stylesheet
text/css 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/jquery.circliful.css?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/125409/malware/moobot-botnet-hikvision.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 7478123ab457a28ecf9df78f2832fbdbefc205eaef0930b4f6666903e756be46

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/wordpress/125409/malware/moobot-botnet-hikvision.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 14:51:56 GMT
last-modified: Wed, 16 Dec 2015 06:58:02 GMT
server: Apache
accept-ranges: bytes
etag: "14e-526fe6d5e5280"
content-length: 334
content-type: text/css

GET
H2 200 screen.css
securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/ 110 KB
110 KB 98ms
44ms Stylesheet
text/css 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/screen.css?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/125409/malware/moobot-botnet-hikvision.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 13b61826fde5b78966364a0bfe1f2309da1f0ccd75923528a5014978b7276742

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/wordpress/125409/malware/moobot-botnet-hikvision.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 14:51:56 GMT
last-modified: Wed, 16 Dec 2015 06:58:04 GMT
server: Apache
accept-ranges: bytes
etag: "1b844-526fe6d7cd700"
content-length: 112708
content-type: text/css

GET
H2 200 custom-css.php
securityaffairs.co/wordpress/wp-content/themes/rigel_old/templates/ 12 KB
12 KB 127ms
73ms Stylesheet
text/css 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/templates/custom-css.php?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/125409/malware/moobot-botnet-hikvision.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 18d61b5ee68a57bd7a4733f776f9f8aa5c353e7f35a420881523b6edbf7c6b19

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/wordpress/125409/malware/moobot-botnet-hikvision.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 14:51:56 GMT
content-type: text/css; charset: UTF-8;charset=UTF-8
server: Apache

GET
H2 200 grid.css
securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/ 49 KB
50 KB 93ms
39ms Stylesheet
text/css 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/grid.css?ver=a28b0e9b2cdbb1f5240bb81b525eda0e
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/125409/malware/moobot-botnet-hikvision.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 00d534b6d1d7adf2faa7861ce9557403c3c08304e2791fd4301029b0e142c286

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/wordpress/125409/malware/moobot-botnet-hikvision.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 14:51:56 GMT
last-modified: Wed, 16 Dec 2015 06:58:03 GMT
server: Apache
accept-ranges: bytes
etag: "c5f2-526fe6d6d94c0"
content-length: 50674
content-type: text/css

GET
H2 200 sharing.css
securityaffairs.co/wordpress/wp-content/plugins/jetpack/modules/sharedaddy/ 19 KB
19 KB 91ms
41ms Stylesheet
text/css 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/plugins/jetpack/modules/sharedaddy/sharing.css?ver=10.3
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/125409/malware/moobot-botnet-hikvision.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 8e6479cd4913a87170eb62978960f57a2966a67fe1ce10ece3cbf9ee4097aa70

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/wordpress/125409/malware/moobot-botnet-hikvision.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 14:51:56 GMT
last-modified: Tue, 02 Nov 2021 22:42:56 GMT
server: Apache
accept-ranges: bytes
etag: "4cb9-5cfd603c190ea"
content-length: 19641
content-type: text/css

GET
H2 200 social-logos.css
securityaffairs.co/wordpress/wp-content/plugins/jetpack/_inc/social-logos/ 12 KB
12 KB 112ms
62ms Stylesheet
text/css 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/plugins/jetpack/_inc/social-logos/social-logos.css?ver=10.3
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/125409/malware/moobot-botnet-hikvision.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 4cdecc62f5b2c8e9f7cf7b14b9fd42e0c4787d912c1b71426cdfbe0144cede46

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/wordpress/125409/malware/moobot-botnet-hikvision.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 14:51:56 GMT
last-modified: Tue, 02 Nov 2021 22:42:55 GMT
server: Apache
accept-ranges: bytes
etag: "312f-5cfd603af31d5"
content-length: 12591
content-type: text/css

GET
H2 200 frontend-gtag.js Show response
securityaffairs.co/wordpress/wp-content/plugins/google-analytics-dashboard-for-wp/assets/js/ 28 KB
28 KB 124ms
32ms Script
application/javascript 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/plugins/google-analytics-dashboard-for-wp/assets/js/frontend-gtag.js?ver=1639407116
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/125409/malware/moobot-botnet-hikvision.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: b0534210815c3c9ee7e1df828e0916d2997bf39db55466c2cb7353e423db4499

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/wordpress/125409/malware/moobot-botnet-hikvision.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 14:51:56 GMT
last-modified: Fri, 12 Nov 2021 22:49:08 GMT
server: Apache
accept-ranges: bytes
etag: "6ffc-5d09f44505588"
content-length: 28668
content-type: application/javascript

GET
H2 200 jquery.js Show response
securityaffairs.co/wordpress/wp-includes/js/jquery/ 282 KB
282 KB 126ms
28ms Script
application/javascript 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-includes/js/jquery/jquery.js?ver=3.6.0
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/125409/malware/moobot-botnet-hikvision.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 8c3010509fc7480b59413a90d69e9fafcb3d5aa202faf7862466f6bb8be1a335

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/wordpress/125409/malware/moobot-botnet-hikvision.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 14:51:56 GMT
last-modified: Fri, 23 Jul 2021 22:11:53 GMT
server: Apache
accept-ranges: bytes
etag: "46758-5c7d1b0e12d00"
content-length: 288600
content-type: application/javascript

GET
H2 200 jquery-migrate.js Show response
securityaffairs.co/wordpress/wp-includes/js/jquery/ 25 KB
25 KB 142ms
45ms Script
application/javascript 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-includes/js/jquery/jquery-migrate.js?ver=3.3.2
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/125409/malware/moobot-botnet-hikvision.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 9c062d10663416484b5a59bb47a0308526bec56cc69e9f3499fa087d8eae5c7a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/wordpress/125409/malware/moobot-botnet-hikvision.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 14:51:56 GMT
last-modified: Wed, 09 Dec 2020 23:31:00 GMT
server: Apache
accept-ranges: bytes
etag: "62d4-5b61073af5aea"
content-length: 25300
content-type: application/javascript

GET
H2 200 cookie-law-info-public.js Show response
securityaffairs.co/wordpress/wp-content/plugins/cookie-law-info/public/js/ 34 KB
35 KB 118ms
31ms Script
application/javascript 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/plugins/cookie-law-info/public/js/cookie-law-info-public.js?ver=2.0.6
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/125409/malware/moobot-botnet-hikvision.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 7739eefcdee8afcb00fbe9a35cc795fff0cff7092b10d56c4190484d42892433

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/wordpress/125409/malware/moobot-botnet-hikvision.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 14:51:56 GMT
last-modified: Wed, 29 Sep 2021 22:16:12 GMT
server: Apache
accept-ranges: bytes
etag: "8960-5cd29ad8a47ac"
content-length: 35168
content-type: application/javascript

GET
H2 200 medianetAdInjector.js Show response
securityaffairs.co/wordpress/wp-content/plugins/media-net-ads-manager/js/ 562 B
716 B 121ms
33ms Script
application/javascript 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/plugins/media-net-ads-manager/js/medianetAdInjector.js?ver=2.10.13
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/125409/malware/moobot-botnet-hikvision.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 37d925559381e9d5388c4a096fe1383570546b7b11548d7d6a7e560adcc24e5d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/wordpress/125409/malware/moobot-botnet-hikvision.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 14:51:56 GMT
last-modified: Sat, 08 May 2021 23:27:41 GMT
server: Apache
accept-ranges: bytes
etag: "232-5c1d9e407bb22"
content-length: 562
content-type: application/javascript

GET
H2 200 st_insights.js Show response
ws.sharethis.com/button/ 26 KB
8 KB 53ms
8ms Script
application/javascript 2600:9000:2057:8600:3:c04e:c780:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://ws.sharethis.com/button/st_insights.js?publisher=4d48b7c5-0ae3-43d4-bfbe-3ff8c17a8ae6&product=simpleshare

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/125409/malware/moobot-botnet-hikvision.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2057:8600:3:c04e:c780:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx/1.20.1 /

Resource Hash

149bccf7e467541fc83e870e967ac322b26065e5d6797169c8a677a67db07e60

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Sun, 12 Dec 2021 23:58:35 GMT
content-encoding: gzip
vary: Accept-Encoding
age: 53601
x-cache: Hit from cloudfront
content-length: 7654
server: nginx/1.20.1
etag: W/"6179dc14-6746"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript
via: 1.1 df86e917220bc08caa68b0eb8ddabe91.cloudfront.net (CloudFront)
cache-control: max-age=259200
x-amz-cf-pop: FRA6-C1
x-robots-tag: noindex, nofollow
x-amz-cf-id: 5mVB-_9YV9i07kxhtdjBI4PZq4TCbsDpfIPm7yEqmeKcApClvPy1Uw==
expires: Wed, 15 Dec 2021 23:58:35 GMT

GET
H2 200 sharethis.js Show response
platform-api.sharethis.com/js/ 184 KB
41 KB 36ms
8ms Script
text/javascript 13.32.22.86
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://platform-api.sharethis.com/js/sharethis.js

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/125409/malware/moobot-botnet-hikvision.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.22.86 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-22-86.fra56.r.cloudfront.net

Software

Resource Hash

444ee2a405e57ede9ef10e17bb58c0351c39e9d21203f242b55a77fd07d30784

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 14:47:48 GMT
content-encoding: gzip
vary: Accept-Encoding
age: 248
etag: W/"2df1b-sQ5Sn/JpfKxrQLYebTQ3d0yXV0s"
x-frame-options: SAMEORIGIN
x-cache: Hit from cloudfront
content-type: text/javascript; charset=utf-8
via: 1.1 aff6ac5c98fa897349204752e5877c81.cloudfront.net (CloudFront)
edge-control: cache-maxage=60m,downstream-ttl=60m
cache-control: max-age=600, public
x-amz-cf-pop: FRA56-C2
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-id: MKHZPgd5-PKkIKmZX2A9TqGqOUTn1qfAIEVaSTYusXxXFy6F91Mkww==

GET
H2 200 dmedianet.js Show response
contextual.media.net/ 159 KB
54 KB 55ms
37ms Script
text/javascript 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/dmedianet.js?cid=8CU5BD6EW

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/125409/malware/moobot-botnet-hikvision.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

8d53fc6d842c71696890e115d4f2564114d9fa535d50b1849a6e7bc05b2b15bc

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-mnt-h: 8-32
content-encoding: gzip
server: Apache
etag: "a9e4a340767106ce6170027d44456533"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
cache-control: max-age=300
date: Mon, 13 Dec 2021 14:51:57 GMT
strict-transport-security: max-age=604800
x-mnt-w: 8-33
expires: Mon, 13 Dec 2021 14:56:57 GMT

GET
H2 200 logo_SecurityAffairs.png
securityaffairs.co/wordpress/wp-content/uploads/2015/12/ 44 KB
44 KB 24ms
24ms Image
image/png 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securityaffairs.co/wordpress/wp-content/uploads/2015/12/logo_SecurityAffairs.png
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/125409/malware/moobot-botnet-hikvision.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 00f28fdb987ce0f9edc935ffe381123a2e1f79fcc0f55759a7bb4a83b4a88584

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/wordpress/125409/malware/moobot-botnet-hikvision.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 14:51:57 GMT
last-modified: Wed, 16 Dec 2015 17:30:42 GMT
server: Apache
accept-ranges: bytes
etag: "b0e9-5270743f5f480"
content-length: 45289
content-type: image/png

GET
H2 200 headerbid.js Show response
served-by.pixfuture.com/www/delivery/ 973 B
1 KB 293ms
95ms Script
application/javascript 68.183.31.14
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://served-by.pixfuture.com/www/delivery/headerbid.js
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/125409/malware/moobot-botnet-hikvision.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.10.3 (Ubuntu) /
Resource Hash: d490f2efc64637640a21c5282a89dd22344e58974641bc7bbbfa4c7e4dc8648e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 14:51:57 GMT
last-modified: Tue, 02 Mar 2021 20:36:48 GMT
server: nginx/1.10.3 (Ubuntu)
etag: "603ea1e0-3cd"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=172800, public, no-transform
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 973
expires: Wed, 15 Dec 2021 14:51:57 GMT

GET
H2 200 facebook.png
i0.wp.com/securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/ 830 B
1 KB 23ms
6ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/facebook.png?ssl=1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/125409/malware/moobot-botnet-hikvision.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i0.wp.com

Software

nginx /

Resource Hash

4c6b4ef22f4c5dd8fd6e17ab6706d8c55d236824c20b3d8dcd310f7de744def6

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Mon, 13 Dec 2021 14:51:57 GMT
x-content-type-options: nosniff
last-modified: Wed, 10 Jun 2020 20:34:29 GMT
server: nginx
etag: "509a053c355d6394"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <https://securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/facebook.png>; rel="canonical"
content-length: 830
expires: Sat, 11 Jun 2022 08:34:29 GMT

GET
H2 200 twitter.png
i1.wp.com/securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/ 1 KB
1 KB 12ms
9ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i1.wp.com/securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/twitter.png?ssl=1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/125409/malware/moobot-botnet-hikvision.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i0.wp.com

Software

nginx /

Resource Hash

650868ebc4c00b2ea4ea72747f655f8a0552ba53c9b5b55defd9457be75f1aa9

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-nc: HIT hhn 4
date: Mon, 13 Dec 2021 14:51:57 GMT
x-content-type-options: nosniff
last-modified: Thu, 05 Nov 2020 08:12:40 GMT
server: nginx
etag: "fbafb4fa36d9fc66"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <https://securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/twitter.png>; rel="canonical"
content-length: 1082
expires: Sat, 05 Nov 2022 20:12:40 GMT

GET
H2 200 linkedin.png
i1.wp.com/securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/ 1 KB
1 KB 9ms
7ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i1.wp.com/securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/linkedin.png?ssl=1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/125409/malware/moobot-botnet-hikvision.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i0.wp.com

Software

nginx /

Resource Hash

b97d80b9eedfeb29936f0d7f89afbdd425ef8d930d09fa1f98030ceb8b26cabd

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-nc: HIT hhn 4
date: Mon, 13 Dec 2021 14:51:57 GMT
x-content-type-options: nosniff
last-modified: Thu, 05 Nov 2020 08:12:40 GMT
server: nginx
etag: "8daaaf021369fdba"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <https://securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/linkedin.png>; rel="canonical"
content-length: 1184
expires: Sat, 05 Nov 2022 20:12:40 GMT

GET
H2 200 sdk.js Show response
connect.facebook.net/en_US/ 3 KB
2 KB 37ms
19ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/sdk.js

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/125409/malware/moobot-botnet-hikvision.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

63969f17db234aba40cccf5e4831784bdce911b186dfacec10efa6242daaedbd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: gIB1dfBmBBh0TuRv2M91+w==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length: 1685
x-fb-rlafr: 0
x-fb-debug: oEE5fPCHxfiz/l5rDTS1yUneS+rrDhVBwoUubgwDVQ4Ta2Lq+jGe4X2tQ8Jatb7UP+etyaHQXCCiw+yws9cPgQ==
x-fb-trip-id: 686109401
x-fb-content-md5: 93c93039dd37a9e9e4d335a50c6a551d
x-frame-options: DENY
date: Mon, 13 Dec 2021 14:51:57 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=1200,stale-while-revalidate=3600
etag: "a78f8491d06d8062e72b69dead93ebf2"
timing-allow-origin: *
priority: u=3,i
expires: Mon, 13 Dec 2021 15:11:22 GMT

GET
H2 200 Apache-Log4j2-RCE.jpg
securityaffairs.co/wordpress/wp-content/uploads/2021/12/ 50 KB
50 KB 33ms
31ms Image
image/jpeg 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securityaffairs.co/wordpress/wp-content/uploads/2021/12/Apache-Log4j2-RCE.jpg
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/125409/malware/moobot-botnet-hikvision.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 2918a99471679fcc2d5e894bd19ba00291cc8a0aef8bfd017db1090b1b7a6b2d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/wordpress/125409/malware/moobot-botnet-hikvision.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 14:51:57 GMT
last-modified: Fri, 10 Dec 2021 15:16:49 GMT
server: Apache
accept-ranges: bytes
etag: "c6fd-5d2cc364fc255"
content-length: 50941
content-type: image/jpeg

GET
H2 200 Microsoft-autodesk.png
i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2020/04/ 5 KB
5 KB 10ms
8ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2020/04/Microsoft-autodesk.png?resize=300%2C300&ssl=1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/125409/malware/moobot-botnet-hikvision.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i0.wp.com

Software

nginx /

Resource Hash

668cad8c2067b00d8e27dcad6732e05bebc63ec0b230775dc4395da722615b40

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Mon, 13 Dec 2021 14:51:57 GMT
x-content-type-options: nosniff
last-modified: Thu, 02 Dec 2021 12:42:33 GMT
server: nginx
etag: "b7268c8a321077c3"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <https://securityaffairs.co/wordpress/wp-content/uploads/2020/04/Microsoft-autodesk.png>; rel="canonical"
content-length: 5246
expires: Sun, 03 Dec 2023 00:42:33 GMT

GET
H2 200 ssba.css
securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/css/ 156 KB
157 KB 23ms
23ms Stylesheet
text/css 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/css/ssba.css?ver=a28b0e9b2cdbb1f5240bb81b525eda0e
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/125409/malware/moobot-botnet-hikvision.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 1cc4f4c92b087dcaf73fae7b25faeb55c5b3399e5ccf1d8ac5dbc01231fdb61a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/wordpress/125409/malware/moobot-botnet-hikvision.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 14:51:56 GMT
last-modified: Fri, 12 Nov 2021 22:49:14 GMT
server: Apache
accept-ranges: bytes
etag: "2719b-5d09f44b38318"
content-length: 160155
content-type: text/css

GET
H2 200 photon.js Show response
securityaffairs.co/wordpress/wp-content/plugins/jetpack/modules/photon/ 2 KB
2 KB 21ms
21ms Script
application/javascript 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/plugins/jetpack/modules/photon/photon.js?ver=20191001
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/125409/malware/moobot-botnet-hikvision.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: e2dc35b0dbaa16b45d96eb3691927df48e091f4983ed2cc079568b789f9559da

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/wordpress/125409/malware/moobot-botnet-hikvision.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 14:51:56 GMT
last-modified: Tue, 02 Nov 2021 22:42:56 GMT
server: Apache
accept-ranges: bytes
etag: "6e0-5cfd603be358c"
content-length: 1760
content-type: application/javascript

GET
H2 200 jquery.adrotate.clicktracker.js Show response
securityaffairs.co/wordpress/wp-content/plugins/adrotate/library/ 365 B
519 B 20ms
20ms Script
application/javascript 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/plugins/adrotate/library/jquery.adrotate.clicktracker.js
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/125409/malware/moobot-botnet-hikvision.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 65cfa6801a0886fab249b224e8a6982b4740fe7879fce99ff13ddaac9aaca01a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/wordpress/125409/malware/moobot-botnet-hikvision.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 14:51:56 GMT
last-modified: Sun, 05 Sep 2021 22:22:00 GMT
server: Apache
accept-ranges: bytes
etag: "16d-5cb46f619b099"
content-length: 365
content-type: application/javascript

GET
H2 200 ssba.js Show response
securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/js/ 2 KB
2 KB 23ms
23ms Script
application/javascript 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/js/ssba.js?ver=a28b0e9b2cdbb1f5240bb81b525eda0e
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/125409/malware/moobot-botnet-hikvision.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 76a18f5f0637e0d73ce1afece898ce8b0fa75bb6b1c1990ae4a7ac6b083045ce

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/wordpress/125409/malware/moobot-botnet-hikvision.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 14:51:56 GMT
last-modified: Fri, 12 Nov 2021 22:49:14 GMT
server: Apache
accept-ranges: bytes
etag: "792-5d09f44b509b3"
content-length: 1938
content-type: application/javascript

GET
H2 200 hint.js Show response
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/ 987 B
1 KB 24ms
24ms Script
application/javascript 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/hint.js?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/125409/malware/moobot-botnet-hikvision.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: d99ea9db1da8549489666d36c9e3fb717842550eed1554e96860af8d30c3b008

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/wordpress/125409/malware/moobot-botnet-hikvision.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 14:51:56 GMT
last-modified: Wed, 16 Dec 2015 06:58:17 GMT
server: Apache
accept-ranges: bytes
etag: "3db-526fe6e433440"
content-length: 987
content-type: application/javascript

GET
H2 200 jquery.tipsy.js Show response
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/ 4 KB
4 KB 23ms
23ms Script
application/javascript 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/jquery.tipsy.js?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/125409/malware/moobot-botnet-hikvision.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 0e53466218d7ff174e0a083ecce89b1c090c67ccbe55775eddca03e930ff9e35

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/wordpress/125409/malware/moobot-botnet-hikvision.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 14:51:57 GMT
last-modified: Wed, 16 Dec 2015 06:58:17 GMT
server: Apache
accept-ranges: bytes
etag: "1113-526fe6e433440"
content-length: 4371
content-type: application/javascript

GET
H2 200 jquery.easing.js Show response
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/ 8 KB
8 KB 23ms
23ms Script
application/javascript 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/jquery.easing.js?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/125409/malware/moobot-botnet-hikvision.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 0757f7ff6e5f6a581922a5e2d42c5e0cf7475d880885a9802e8bdd5e4188dd34

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/wordpress/125409/malware/moobot-botnet-hikvision.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 14:51:57 GMT
last-modified: Wed, 16 Dec 2015 06:58:17 GMT
server: Apache
accept-ranges: bytes
etag: "1fa1-526fe6e433440"
content-length: 8097
content-type: application/javascript

GET
H2 200 browser.js Show response
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/ 3 KB
3 KB 23ms
23ms Script
application/javascript 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/browser.js?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/125409/malware/moobot-botnet-hikvision.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 1aaab3c3d6f974416ae34893cebe3a544aea17931439b2449ec392061d11ec82

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/wordpress/125409/malware/moobot-botnet-hikvision.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 14:51:57 GMT
last-modified: Wed, 16 Dec 2015 06:58:16 GMT
server: Apache
accept-ranges: bytes
etag: "a36-526fe6e33f200"
content-length: 2614
content-type: application/javascript

GET
H2 200 jquery.flexslider-min.js Show response
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/flexslider/ 21 KB
21 KB 21ms
21ms Script
application/javascript 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/flexslider/jquery.flexslider-min.js?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/125409/malware/moobot-botnet-hikvision.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 45185c8f6cd2f9b42e3a02b78af40edc7d61328fac3167a0490c9c69bbecaaa6

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/wordpress/125409/malware/moobot-botnet-hikvision.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 14:51:57 GMT
last-modified: Wed, 16 Dec 2015 13:55:10 GMT
server: Apache
accept-ranges: bytes
etag: "53ae-5270441274b80"
content-length: 21422
content-type: application/javascript

GET
H2 200 waypoints.min.js Show response
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/ 8 KB
8 KB 25ms
25ms Script
application/javascript 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/waypoints.min.js?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/125409/malware/moobot-botnet-hikvision.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: a0fded691aed767f851011cd3185b928619298a21a0fbdad4808a9e88b490833

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/wordpress/125409/malware/moobot-botnet-hikvision.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 14:51:57 GMT
last-modified: Wed, 16 Dec 2015 06:58:18 GMT
server: Apache
accept-ranges: bytes
etag: "1f6c-526fe6e527680"
content-length: 8044
content-type: application/javascript

GET
H2 200 mediaelement-and-player.min.js Show response
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/mediaelement/ 69 KB
70 KB 23ms
23ms Script
application/javascript 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/mediaelement/mediaelement-and-player.min.js?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/125409/malware/moobot-botnet-hikvision.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: f0c6d2d27de284102b03e30cd74be808801ec53ca49f30b4d15620ee84ea39f5

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/wordpress/125409/malware/moobot-botnet-hikvision.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 14:51:57 GMT
last-modified: Wed, 16 Dec 2015 13:55:14 GMT
server: Apache
accept-ranges: bytes
etag: "11571-5270441645480"
content-length: 71025
content-type: application/javascript

GET
H2 200 jquery.swipebox.min.js Show response
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/ 11 KB
11 KB 24ms
24ms Script
application/javascript 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/jquery.swipebox.min.js?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/125409/malware/moobot-botnet-hikvision.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 2199990352edbb7ec586e01d26e2f6a7010a2fce1517711019b614dcec353ba3

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/wordpress/125409/malware/moobot-botnet-hikvision.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 14:51:57 GMT
last-modified: Wed, 16 Dec 2015 06:58:17 GMT
server: Apache
accept-ranges: bytes
etag: "2a67-526fe6e433440"
content-length: 10855
content-type: application/javascript

GET
H2 200 jquery.circliful.min.js Show response
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/ 3 KB
3 KB 24ms
24ms Script
application/javascript 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/jquery.circliful.min.js?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/125409/malware/moobot-botnet-hikvision.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 1832a6ee34745b08b1fcae42c24468086358b43071d7679a738951aa7dc243ea

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/wordpress/125409/malware/moobot-botnet-hikvision.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 14:51:57 GMT
last-modified: Wed, 16 Dec 2015 06:58:17 GMT
server: Apache
accept-ranges: bytes
etag: "c18-526fe6e433440"
content-length: 3096
content-type: application/javascript

GET
H2 200 jquery.smarticker.min.js Show response
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/ 13 KB
13 KB 22ms
21ms Script
application/javascript 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/jquery.smarticker.min.js?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/125409/malware/moobot-botnet-hikvision.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 5525d57ced576560de8777ea78e4bc0c9d55396c0b668a7563b354de9c165aee

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/wordpress/125409/malware/moobot-botnet-hikvision.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 14:51:57 GMT
last-modified: Wed, 16 Dec 2015 06:58:17 GMT
server: Apache
accept-ranges: bytes
etag: "3225-526fe6e433440"
content-length: 12837
content-type: application/javascript

GET
H2 200 custom.js Show response
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/ 12 KB
13 KB 24ms
24ms Script
application/javascript 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/custom.js?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/125409/malware/moobot-botnet-hikvision.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 0c27a9c1aee9eacb73655f930a6bbf9ec721006695e5c38405296081cdbcb878

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/wordpress/125409/malware/moobot-botnet-hikvision.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 14:51:57 GMT
last-modified: Wed, 16 Dec 2015 06:58:16 GMT
server: Apache
accept-ranges: bytes
etag: "31d4-526fe6e33f200"
content-length: 12756
content-type: application/javascript

GET
H2 200 wp-embed.js Show response
securityaffairs.co/wordpress/wp-includes/js/ 3 KB
3 KB 25ms
25ms Script
application/javascript 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-includes/js/wp-embed.js?ver=a28b0e9b2cdbb1f5240bb81b525eda0e
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/125409/malware/moobot-botnet-hikvision.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: d931ba2089021a1357761939c18bcc09aa856d39be2a707ea450333f5b3443c4

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/wordpress/125409/malware/moobot-botnet-hikvision.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 14:51:57 GMT
last-modified: Thu, 21 Feb 2019 22:56:38 GMT
server: Apache
accept-ranges: bytes
etag: "c8e-5826f6315ef61"
content-length: 3214
content-type: application/javascript

GET
H2 200 sharing.js Show response
securityaffairs.co/wordpress/wp-content/plugins/jetpack/modules/sharedaddy/ 23 KB
23 KB 23ms
23ms Script
application/javascript 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/plugins/jetpack/modules/sharedaddy/sharing.js?ver=10.3
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/125409/malware/moobot-botnet-hikvision.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: bc29c34d0738c5cb3f96585219667566799d9e142699e982f9406d5b04fa9794

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/wordpress/125409/malware/moobot-botnet-hikvision.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 14:51:57 GMT
last-modified: Tue, 02 Nov 2021 22:42:56 GMT
server: Apache
accept-ranges: bytes
etag: "5a9e-5cfd603c190ea"
content-length: 23198
content-type: application/javascript

GET
H2 200 e-202150.js Show response
stats.wp.com/ 9 KB
3 KB 36ms
17ms Script
application/javascript 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.wp.com/e-202150.js
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/125409/malware/moobot-botnet-hikvision.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 82d0aae1e7b8cfc0574d6548d1f35096f5e4310321aa964ff3fdb46c4d12e302

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-nc: HIT hhn
date: Mon, 13 Dec 2021 14:51:57 GMT
content-encoding: br
server: nginx
etag: W/"6197c5cf-3508"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
expires: Sun, 04 Dec 2022 22:02:47 GMT

GET
H2 200 twemoji.js Show response
securityaffairs.co/wordpress/wp-includes/js/ 31 KB
31 KB 30ms
28ms Script
application/javascript 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-includes/js/twemoji.js?ver=a28b0e9b2cdbb1f5240bb81b525eda0e
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/125409/malware/moobot-botnet-hikvision.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: f9fae20d30474c95bf8745df26cfa5c62803462a9ee57dd710c8266d7ece3f3e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/wordpress/125409/malware/moobot-botnet-hikvision.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 14:51:57 GMT
last-modified: Fri, 23 Jul 2021 22:11:53 GMT
server: Apache
accept-ranges: bytes
etag: "7cdc-5c7d1b0e301c1"
content-length: 31964
content-type: application/javascript

GET
H2 200 wp-emoji.js Show response
securityaffairs.co/wordpress/wp-includes/js/ 9 KB
9 KB 23ms
21ms Script
application/javascript 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-includes/js/wp-emoji.js?ver=a28b0e9b2cdbb1f5240bb81b525eda0e
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/125409/malware/moobot-botnet-hikvision.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: e503c59c36fc19803b2e9572b10e7c06236bda692aebd97f29e2a5a96f9aa5b6

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/wordpress/125409/malware/moobot-botnet-hikvision.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 14:51:57 GMT
last-modified: Tue, 31 Mar 2020 22:49:14 GMT
server: Apache
accept-ranges: bytes
etag: "231d-5a22e608152f1"
content-length: 8989
content-type: application/javascript

GET css
fonts.googleapis.com/ 0
0

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 127ms
39ms Script
text/javascript 2a00:1450:4001:811::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-59069958-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 02 Nov 2021 17:39:06 GMT
server: Golfe2
age: 4623
date: Mon, 13 Dec 2021 13:34:54 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Mon, 13 Dec 2021 15:34:54 GMT

GET
H/1.1 204
No Content pview Show response
l.sharethis.com/ 0
405 B 57ms
11ms XHR
text/plain 3.127.253.208
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: ws.sharethis.com
URL: https://ws.sharethis.com/button/st_insights.js?publisher=4d48b7c5-0ae3-43d4-bfbe-3ff8c17a8ae6&product=simpleshare

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.127.253.208 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-127-253-208.eu-central-1.compute.amazonaws.com

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Mon, 13 Dec 2021 14:51:57 GMT
Strict-Transport-Security: max-age=63072000; includeSubDomains;
Access-Control-Allow-Origin: https://securityaffairs.co
Access-Control-Expose-Headers: stid
Cache-Control: no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials: true
Access-Control-Max-Age: 1728000
Connection: keep-alive
Access-Control-Allow-Headers: *

GET
H/1.1 204
No Content log
l.sharethis.com/ 0
380 B 48ms
11ms Image
text/plain 3.127.253.208
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://l.sharethis.com/log?event=ibl&url=https://t.co/&description=Moobot%20is%20a%20Mirai-based%20botnet%20that%20is%20leveraging%20a%20critical%20command%20injection%20vulnerability%20in%20the%20webserver%20of%20some%20Hikvision%20products.%20The%20Mirai-based%20Moobot%20botnet%20is%20rapidly%20spreading%20by%20exploiting%20a%20critical%20command%20injection%20flaw%2C%20tracked%20as%20CVE-2021-36260%2C%20in%20the%20webserver%20of%20several%20Hikvision%20products.%20The%20Moobot%20was%20first%20documented%20by%20Palo%20Alto%20Unit%2042%20researchers%20%5B%E2%80%A6%5D&img_pview=true

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/125409/malware/moobot-botnet-hikvision.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.127.253.208 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-127-253-208.eu-central-1.compute.amazonaws.com

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Mon, 13 Dec 2021 14:51:57 GMT
Strict-Transport-Security: max-age=63072000; includeSubDomains;
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: stid
Cache-Control: no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials: true
Access-Control-Max-Age: 1728000
Connection: keep-alive
Access-Control-Allow-Headers: *

GET
H2 200 5b71b64b04b9a500117b1015.js Show response
buttons-config.sharethis.com/js/ 30 B
421 B 52ms
13ms Script
text/javascript 2600:9000:206f:3800:c:abe:f440:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://buttons-config.sharethis.com/js/5b71b64b04b9a500117b1015.js

Requested by

Host: platform-api.sharethis.com
URL: https://platform-api.sharethis.com/js/sharethis.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:206f:3800:c:abe:f440:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

2c29defe29114d0e8b948e78d50ebb281035df53a9167089deb1e77e801bbd2f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 14:51:57 GMT
via: 1.1 6165dcc1fdf84ac65e8204c05709f1cb.cloudfront.net (CloudFront)
last-modified: Mon, 13 Aug 2018 16:48:12 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-C1
etag: "e6e1643313740711175f51662a65b42f"
strict-transport-security: max-age=31536000; includeSubDomains
x-cache: Hit from cloudfront
content-type: text/javascript
cache-control: max-age=60,public
accept-ranges: bytes
content-length: 30
x-amz-cf-id: hj5Z0qUS1SQfHefvb0qt6i1PHyYnUqQyYhHxzWfRL34MwLrTc_IIMw==

GET
H2 200 analytics.js Show response
google-analytics.com/ 49 KB
20 KB 144ms
37ms Script
text/javascript 2a00:1450:4001:803::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://google-analytics.com/analytics.js

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/125409/malware/moobot-botnet-hikvision.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 02 Nov 2021 17:39:06 GMT
server: Golfe2
age: 6927
date: Mon, 13 Dec 2021 12:56:30 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Mon, 13 Dec 2021 14:56:30 GMT

GET
H2 200 fontawesome-webfont.woff
securityaffairs.co/wordpress/wp-content/themes/rigel_old/fonts/ 43 KB
44 KB 21ms
21ms Font
application/font-woff 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/fonts/fontawesome-webfont.woff?v=4.0.3
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/font-awesome.min.css?ver=1.4.1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 0fd28fece9ebd606b8b071460ebd3fc2ed7bc7a66ef91c8834f11dfacab4a849

Request headers

Referer: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/font-awesome.min.css?ver=1.4.1
Origin: https://securityaffairs.co
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 14:51:57 GMT
last-modified: Wed, 16 Dec 2015 06:58:09 GMT
server: Apache
accept-ranges: bytes
etag: "ad90-526fe6dc92240"
content-length: 44432
content-type: application/font-woff

GET
H/1.1 204
No Content pview
l.sharethis.com/ 0
380 B 14ms
14ms Image
text/plain 3.127.253.208
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://l.sharethis.com/pview?event=pview&version=st_insights.js&lang=en&sessionID=1639407117467.90845&hostname=securityaffairs.co&location=%2Fwordpress%2F125409%2Fmalware%2Fmoobot-botnet-hikvision.html&product=simpleshare&fcmp=false&fcmpv2=false&publisher=4d48b7c5-0ae3-43d4-bfbe-3ff8c17a8ae6&refDomain=t.co&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F125409%2Fmalware%2Fmoobot-botnet-hikvision.html&title=Moobot%20botnet%20exploits%20CVE-2021-36260%20flaw%20in%20Hikvision%20productsSecurity%20Affairs&sop=false&description=Moobot%20is%20a%20Mirai-based%20botnet%20that%20is%20leveraging%20a%20critical%20command%20injection%20vulnerability%20in%20the%20webserver%20of%20some%20Hikvision%20products.%20The%20Mirai-based%20Moobot%20botnet%20is%20rapidly%20spreading%20by%20exploiting%20a%20critical%20command%20injection%20flaw%2C%20tracked%20as%20CVE-2021-36260%2C%20in%20the%20webserver%20of%20several%20Hikvision%20products.%20The%20Moobot%20was%20first%20documented%20by%20Palo%20Alto%20Unit%2042%20researchers%20%5B%E2%80%A6%5D&description=Moobot%20is%20a%20Mirai-based%20botnet%20that%20is%20leveraging%20a%20critical%20command%20injection%20vulnerability%20in%20the%20webserver%20of%20some%20Hikvision%20products.%20The%20Mirai-based%20Moobot%20botnet%20is%20rapidly%20spreading%20by%20exploiting%20a%20critical%20command%20injection%20flaw%2C%20tracked%20as%20CVE-2021-36260%2C%20in%20the%20webserver%20of%20several%20Hikvision%20products.%20The%20Moobot%20was%20first%20documented%20by%20Palo%20Alto%20Unit%2042%20researchers%20%5B%E2%80%A6%5D&img_pview=true

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/125409/malware/moobot-botnet-hikvision.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.127.253.208 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-127-253-208.eu-central-1.compute.amazonaws.com

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Mon, 13 Dec 2021 14:51:57 GMT
Strict-Transport-Security: max-age=63072000; includeSubDomains;
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: stid
Cache-Control: no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials: true
Access-Control-Max-Age: 1728000
Connection: keep-alive
Access-Control-Allow-Headers: *

GET
H2 200 hikvision-2.png
i1.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2021/12/ 149 KB
149 KB 9ms
9ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i1.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2021/12/hikvision-2.png?resize=768%2C269&ssl=1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/125409/malware/moobot-botnet-hikvision.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i0.wp.com

Software

nginx /

Resource Hash

08118b89683f56e1195a7fdd320bf6413aed7b73e2eeb8ccbacd59fcbdbd8108

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Mon, 13 Dec 2021 14:51:57 GMT
x-content-type-options: nosniff
last-modified: Thu, 09 Dec 2021 08:02:25 GMT
server: nginx
etag: "0d84b08f312147fe"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <https://securityaffairs.co/wordpress/wp-content/uploads/2021/12/hikvision-2.png>; rel="canonical"
content-length: 152232
expires: Sat, 09 Dec 2023 20:02:25 GMT

GET
H2 200 hikvision-moobot-attack-2.png
i2.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2021/12/ 89 KB
89 KB 18ms
17ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i2.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2021/12/hikvision-moobot-attack-2.png?resize=768%2C397&ssl=1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/125409/malware/moobot-botnet-hikvision.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i0.wp.com

Software

nginx /

Resource Hash

3d01dd12e98951af78127f89c1a9e2d7d39d892e1eeb57ec307bf15bf7ff998c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-nc: HIT hhn 4
date: Mon, 13 Dec 2021 14:51:57 GMT
x-content-type-options: nosniff
last-modified: Thu, 09 Dec 2021 08:02:25 GMT
server: nginx
etag: "326ae25879606b6b"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <https://securityaffairs.co/wordpress/wp-content/uploads/2021/12/hikvision-moobot-attack-2.png>; rel="canonical"
content-length: 91334
expires: Sat, 09 Dec 2023 20:02:25 GMT

GET
H2 200 fcmain.js Show response
contextual.media.net/1017354394/ 81 KB
25 KB 749ms
749ms Script
text/javascript 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/1017354394/fcmain.js?cb=window._mNDetails.initAd&&gdpr=1&cid=8CU5BD6EW&cpcd=RlAcVccC-RdUYIl-LjF9ag%3D%3D&crid=816788371&size=300x250&cc=DE&https=1&vif=1&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F125409%2Fmalware%2Fmoobot-botnet-hikvision.html&kwrf=https%3A%2F%2Ft.co&nse=5&vi=1639407117452963125&lw=1&ugd=4&nb=1

Requested by

Host: contextual.media.net
URL: https://contextual.media.net/dmedianet.js?cid=8CU5BD6EW

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

ccf05a4e434715de9af5ef3a4478dee4bafb5e6cda332370afbe0197b2244c8c

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=604800
content-encoding: gzip
server: Apache
x-mnt-hl2: 10-9
vary: Accept-Encoding
content-type: text/javascript
cache-control: max-age=0, no-cache, no-store
date: Mon, 13 Dec 2021 14:51:58 GMT
x-mnt-w: 21-qgr4, 21-7m8s
content-length: 25595
expires: Mon, 13 Dec 2021 14:51:58 GMT

GET
H2 200 checksync.php Show response
contextual.media.net/ Frame 3D7F 15 KB
6 KB 97ms
97ms Document
text/html 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/checksync.php?&gdpr=1&usp_status=0&cs=2&cv=31&cid=8CU5BD6EW&https=1&itype=CM

Requested by

Host: t.co
URL: https://t.co/MBE9JJENv7

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

7f08cbc20ce8865c8bd7e4c5a59151895d51d21bc574c5b30d0a5eb235301b39

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/

Response headers

server: Apache
content-type: text/html; charset=UTF-8
x-mnet-hl2: E
strict-transport-security: max-age=604800
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=87601
expires: Tue, 14 Dec 2021 15:11:58 GMT
date: Mon, 13 Dec 2021 14:51:57 GMT
content-length: 5717

GET
H/1.1 200
OK bping.php
lg3.media.net/ 35 B
322 B 192ms
16ms Image
image/gif 23.58.216.132
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lg3.media.net/bping.php?&gdpr=1&prid=8PRHGG6T9&cid=8CU5BD6EW&crid=816788371&vi=1639407117452963125&ugd=4&lf=6&kwrf=https%3A%2F%2Ft.co&cc=DE&sc=HE&lper=100&wsip=2886994110&r=1639407117565&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F125409%2Fmalware%2Fmoobot-botnet-hikvision.html&vgd_l2type=setting&vgd_sbSup=1&vgd_is_amp=0&vgd_asn=39351&vgd_rakh=1639407117172961648&vgd_l1rhst=contextual.media.net&vgd_rpth=%2Fdmedianet.js&vgd_pgid=p0787618973t202112131451&vgd_pgids=1&vgd_uspa=0&hvsid=00001639407117561031177838086517&gdpr=1&vgd_end=1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/125409/malware/moobot-botnet-hikvision.html

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.58.216.132 Berlin, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-58-216-132.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

0915fad60bc9b61b6dcd82d05da7ec4bc0232a647e75b8507c3cba6d4d6602f9

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Strict-Transport-Security: max-age=21600
Server: Apache
Date: Mon, 13 Dec 2021 14:51:57 GMT
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 35
Expires: Mon, 13 Dec 2021 14:51:57 GMT

GET
H2 200 fcmain.js Show response
contextual.media.net/1017354394/ 80 KB
25 KB 755ms
754ms Script
text/javascript 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: contextual.media.net
URL: https://contextual.media.net/dmedianet.js?cid=8CU5BD6EW

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

6c1d535ae1eb172a8869b52e56802d4f3661cd6a17b32416cceb7382819b7194

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=604800
content-encoding: gzip
server: Apache
x-mnt-hl2: 10-9
vary: Accept-Encoding
content-type: text/javascript
cache-control: max-age=0, no-cache, no-store
date: Mon, 13 Dec 2021 14:51:58 GMT
x-mnt-w: 21-wpld, 21-084c
content-length: 25540
expires: Mon, 13 Dec 2021 14:51:58 GMT

GET
H2 200 checksync.php Show response
contextual.media.net/ Frame 7181 15 KB
6 KB 87ms
86ms Document
text/html 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/checksync.php?&gdpr=1&usp_status=0&cs=2&cv=31&cid=8CU5BD6EW&https=1&itype=CM

Requested by

Host: t.co
URL: https://t.co/MBE9JJENv7

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

7f08cbc20ce8865c8bd7e4c5a59151895d51d21bc574c5b30d0a5eb235301b39

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/

Response headers

server: Apache
content-type: text/html; charset=UTF-8
x-mnet-hl2: E
strict-transport-security: max-age=604800
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=87601
expires: Tue, 14 Dec 2021 15:11:58 GMT
date: Mon, 13 Dec 2021 14:51:57 GMT
content-length: 5717

GET
H/1.1 200
OK bping.php
lg3.media.net/ 35 B
322 B 181ms
15ms Image
image/gif 23.58.216.132
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lg3.media.net/bping.php?&gdpr=1&prid=8PRHGG6T9&cid=8CU5BD6EW&crid=816788371&vi=1639407117972539389&ugd=4&lf=6&kwrf=https%3A%2F%2Ft.co&cc=DE&sc=HE&lper=100&wsip=2886994110&r=1639407117582&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F125409%2Fmalware%2Fmoobot-botnet-hikvision.html&vgd_l2type=setting&vgd_sbSup=1&vgd_is_amp=0&vgd_asn=39351&vgd_rakh=1639407117172961648&vgd_l1rhst=contextual.media.net&vgd_rpth=%2Fdmedianet.js&vgd_pgid=p0787618973t202112131451&vgd_pgids=2&vgd_uspa=0&hvsid=00001639407117561031177838086517&gdpr=1&vgd_end=1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/125409/malware/moobot-botnet-hikvision.html

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.58.216.132 Berlin, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-58-216-132.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

0915fad60bc9b61b6dcd82d05da7ec4bc0232a647e75b8507c3cba6d4d6602f9

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Strict-Transport-Security: max-age=21600
Server: Apache
Date: Mon, 13 Dec 2021 14:51:57 GMT
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 35
Expires: Mon, 13 Dec 2021 14:51:57 GMT

GET
DATA 200
OK truncated
/ 7 KB
7 KB Font
application/font-woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: cdf3f88beb166e98d2656e957b247c886d1702027559a290e74a02d58d950c8c

Request headers

Referer
Origin: https://securityaffairs.co
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type: application/font-woff;charset=utf-8

GET
H2 200 f00db26378ef7df7c440a8ee60ead62b
secure.gravatar.com/avatar/ 1 KB
1 KB 149ms
6ms Image
image/jpeg 2a04:fa87:fffe::c000:4902
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure.gravatar.com/avatar/f00db26378ef7df7c440a8ee60ead62b?s=60&d=mm&r=g
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/125409/malware/moobot-botnet-hikvision.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:fa87:fffe::c000:4902 , Ireland, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 5cbf31f01d7d1ce4853bcd6cc64dbfd103d412ec14d8bcc4ebca3b35dc3f3b74

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Mon, 13 Dec 2021 14:51:57 GMT
last-modified: Wed, 11 Jan 1984 08:00:00 GMT
server: nginx
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=300
content-disposition: inline; filename="f00db26378ef7df7c440a8ee60ead62b.png"
accept-ranges: bytes
link: <https://www.gravatar.com/avatar/f00db26378ef7df7c440a8ee60ead62b?s=60&d=mm&r=g>; rel="canonical"
content-length: 1186
expires: Mon, 13 Dec 2021 14:56:57 GMT

GET
H2 200 fcmain.js Show response
contextual.media.net/1017354394/ 80 KB
25 KB 731ms
731ms Script
text/javascript 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/1017354394/fcmain.js?cb=window._mNDetails.initAd&&gdpr=1&cid=8CU5BD6EW&cpcd=RlAcVccC-RdUYIl-LjF9ag%3D%3D&crid=184323154&size=300x250&cc=DE&https=1&vif=1&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F125409%2Fmalware%2Fmoobot-botnet-hikvision.html&kwrf=https%3A%2F%2Ft.co&nse=5&vi=1639407117533436158&lw=1&ugd=4&nb=1

Requested by

Host: contextual.media.net
URL: https://contextual.media.net/dmedianet.js?cid=8CU5BD6EW

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

27137d511f74cacf93119bcbd75466a75edeb9589f56f18c3a660ec66c920078

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=604800
content-encoding: gzip
server: Apache
x-mnt-hl2: 10-9
vary: Accept-Encoding
content-type: text/javascript
cache-control: max-age=0, no-cache, no-store
date: Mon, 13 Dec 2021 14:51:58 GMT
x-mnt-w: 21-xsdf, 21-27rj
content-length: 25528
expires: Mon, 13 Dec 2021 14:51:58 GMT

GET
H2 200 checksync.php Show response
contextual.media.net/ Frame 71DF 15 KB
6 KB 30ms
29ms Document
text/html 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/checksync.php?&gdpr=1&usp_status=0&cs=2&cv=31&cid=8CU5BD6EW&https=1&itype=CM

Requested by

Host: t.co
URL: https://t.co/MBE9JJENv7

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

7f08cbc20ce8865c8bd7e4c5a59151895d51d21bc574c5b30d0a5eb235301b39

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/

Response headers

server: Apache
content-type: text/html; charset=UTF-8
x-mnet-hl2: E
strict-transport-security: max-age=604800
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=87601
expires: Tue, 14 Dec 2021 15:11:58 GMT
date: Mon, 13 Dec 2021 14:51:57 GMT
content-length: 5717

GET
H/1.1 200
OK bping.php
lg3.media.net/ 35 B
322 B 144ms
14ms Image
image/gif 23.58.216.132
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lg3.media.net/bping.php?&gdpr=1&prid=8PRHGG6T9&cid=8CU5BD6EW&crid=184323154&vi=1639407117533436158&ugd=4&lf=6&kwrf=https%3A%2F%2Ft.co&cc=DE&sc=HE&wsip=2886994110&r=1639407117619&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F125409%2Fmalware%2Fmoobot-botnet-hikvision.html&vgd_l2type=setting&vgd_sbSup=1&vgd_is_amp=0&vgd_asn=39351&vgd_rakh=1639407117172961648&vgd_l1rhst=contextual.media.net&vgd_rpth=%2Fdmedianet.js&vgd_pgid=p0787618973t202112131451&vgd_pgids=2&vgd_uspa=0&hvsid=00001639407117616031177838085349&gdpr=1&vgd_end=1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/125409/malware/moobot-botnet-hikvision.html

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.58.216.132 Berlin, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-58-216-132.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

0915fad60bc9b61b6dcd82d05da7ec4bc0232a647e75b8507c3cba6d4d6602f9

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Strict-Transport-Security: max-age=21600
Server: Apache
Date: Mon, 13 Dec 2021 14:51:57 GMT
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 35
Expires: Mon, 13 Dec 2021 14:51:57 GMT

GET
H2 200 fcmain.js Show response
contextual.media.net/1017354394/ 80 KB
25 KB 1135ms
1135ms Script
text/javascript 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/1017354394/fcmain.js?cb=window._mNDetails.initAd&&gdpr=1&cid=8CU5BD6EW&cpcd=RlAcVccC-RdUYIl-LjF9ag%3D%3D&crid=647633027&size=300x250&cc=DE&https=1&vif=1&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F125409%2Fmalware%2Fmoobot-botnet-hikvision.html&kwrf=https%3A%2F%2Ft.co&nse=5&vi=1639407117677767426&lw=1&ugd=4&nb=1

Requested by

Host: contextual.media.net
URL: https://contextual.media.net/dmedianet.js?cid=8CU5BD6EW

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

cffd4611075122372141b45312bd25709da53032409b6e3c61137494a9b43331

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=604800
content-encoding: gzip
server: Apache
x-mnt-hl2: 10-9
vary: Accept-Encoding
content-type: text/javascript
cache-control: max-age=0, no-cache, no-store
date: Mon, 13 Dec 2021 14:51:58 GMT
x-mnt-w: 21-21ql, 21-wpld
content-length: 25523
expires: Mon, 13 Dec 2021 14:51:58 GMT

GET
H2 200 checksync.php Show response
contextual.media.net/ Frame 49E4 15 KB
6 KB 33ms
33ms Document
text/html 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/checksync.php?&gdpr=1&usp_status=0&cs=2&cv=31&cid=8CU5BD6EW&https=1&itype=CM

Requested by

Host: t.co
URL: https://t.co/MBE9JJENv7

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

7f08cbc20ce8865c8bd7e4c5a59151895d51d21bc574c5b30d0a5eb235301b39

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/

Response headers

server: Apache
content-type: text/html; charset=UTF-8
x-mnet-hl2: E
strict-transport-security: max-age=604800
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=87601
expires: Tue, 14 Dec 2021 15:11:58 GMT
date: Mon, 13 Dec 2021 14:51:57 GMT
content-length: 5717

GET
H/1.1 200
OK bping.php
lg3.media.net/ 35 B
322 B 138ms
16ms Image
image/gif 23.58.216.132
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lg3.media.net/bping.php?&gdpr=1&prid=8PRHGG6T9&cid=8CU5BD6EW&crid=647633027&vi=1639407117677767426&ugd=4&lf=6&kwrf=https%3A%2F%2Ft.co&cc=DE&sc=HE&lper=100&wsip=2886994110&r=1639407117627&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F125409%2Fmalware%2Fmoobot-botnet-hikvision.html&vgd_l2type=setting&vgd_sbSup=1&vgd_is_amp=0&vgd_asn=39351&vgd_rakh=1639407117172961648&vgd_l1rhst=contextual.media.net&vgd_rpth=%2Fdmedianet.js&vgd_pgid=p0787618973t202112131451&vgd_pgids=2&vgd_uspa=0&hvsid=00001639407117626031177838089905&gdpr=1&vgd_end=1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/125409/malware/moobot-botnet-hikvision.html

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.58.216.132 Berlin, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-58-216-132.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

0915fad60bc9b61b6dcd82d05da7ec4bc0232a647e75b8507c3cba6d4d6602f9

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Strict-Transport-Security: max-age=21600
Server: Apache
Date: Mon, 13 Dec 2021 14:51:57 GMT
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 35
Expires: Mon, 13 Dec 2021 14:51:57 GMT

GET
H2 200 fcmain.js Show response
contextual.media.net/1017354394/ 80 KB
25 KB 606ms
606ms Script
text/javascript 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: contextual.media.net
URL: https://contextual.media.net/dmedianet.js?cid=8CU5BD6EW

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

b0c86edaa4a291e472d482d607ca5f16e8d4d55a02c9cace06854f1cd8097b76

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=604800
content-encoding: gzip
server: Apache
x-mnt-hl2: 10-9
vary: Accept-Encoding
content-type: text/javascript
cache-control: max-age=0, no-cache, no-store
date: Mon, 13 Dec 2021 14:51:58 GMT
x-mnt-w: 10-9, 10-8
content-length: 25630
expires: Mon, 13 Dec 2021 14:51:58 GMT

GET
H2 200 checksync.php Show response
contextual.media.net/ Frame 0501 15 KB
6 KB 33ms
33ms Document
text/html 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/checksync.php?&gdpr=1&usp_status=0&cs=2&cv=31&cid=8CU5BD6EW&https=1&itype=CM

Requested by

Host: t.co
URL: https://t.co/MBE9JJENv7

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

7f08cbc20ce8865c8bd7e4c5a59151895d51d21bc574c5b30d0a5eb235301b39

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/

Response headers

server: Apache
content-type: text/html; charset=UTF-8
x-mnet-hl2: E
strict-transport-security: max-age=604800
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=87601
expires: Tue, 14 Dec 2021 15:11:58 GMT
date: Mon, 13 Dec 2021 14:51:57 GMT
content-length: 5717

GET
H/1.1 200
OK bping.php
lg3.media.net/ 35 B
322 B 129ms
15ms Image
image/gif 23.58.216.132
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lg3.media.net/bping.php?&gdpr=1&prid=8PRHGG6T9&cid=8CU5BD6EW&crid=647633027&vi=1639407117712333202&ugd=4&lf=6&kwrf=https%3A%2F%2Ft.co&cc=DE&sc=HE&lper=100&wsip=2886994110&r=1639407117635&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F125409%2Fmalware%2Fmoobot-botnet-hikvision.html&vgd_l2type=setting&vgd_sbSup=1&vgd_is_amp=0&vgd_asn=39351&vgd_rakh=1639407117172961648&vgd_l1rhst=contextual.media.net&vgd_rpth=%2Fdmedianet.js&vgd_pgid=p0787618973t202112131451&vgd_pgids=2&vgd_uspa=0&hvsid=00001639407117626031177838089905&gdpr=1&vgd_end=1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/125409/malware/moobot-botnet-hikvision.html

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.58.216.132 Berlin, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-58-216-132.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

0915fad60bc9b61b6dcd82d05da7ec4bc0232a647e75b8507c3cba6d4d6602f9

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Strict-Transport-Security: max-age=21600
Server: Apache
Date: Mon, 13 Dec 2021 14:51:57 GMT
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 35
Expires: Mon, 13 Dec 2021 14:51:57 GMT

GET
H2 200 Digging-The-Deep-Web.png
i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2018/03/ 6 KB
6 KB 8ms
7ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2018/03/Digging-The-Deep-Web.png?resize=236%2C300&ssl=1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/125409/malware/moobot-botnet-hikvision.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i0.wp.com

Software

nginx /

Resource Hash

ba716187f8cc8c54806f5b9de46d1d94bec574ddf31c82f68532cd181e242b7f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-nc: HIT hhn 3
date: Mon, 13 Dec 2021 14:51:57 GMT
x-content-type-options: nosniff
last-modified: Thu, 05 Nov 2020 08:12:40 GMT
server: nginx
etag: "156244085faab7d3"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <https://securityaffairs.co/wordpress/wp-content/uploads/2018/03/Digging-The-Deep-Web.png>; rel="canonical"
content-length: 6414
expires: Sat, 05 Nov 2022 20:12:40 GMT

GET
H2 200 logo-center-for-cybersecurity.jpg
i1.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2020/10/ 7 KB
7 KB 8ms
7ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i1.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2020/10/logo-center-for-cybersecurity.jpg?resize=290%2C300&ssl=1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/125409/malware/moobot-botnet-hikvision.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i0.wp.com

Software

nginx /

Resource Hash

73cadf4725483d9a9290b8ea3ad87fe2afc746de5f70e89f088a3df9996bd8dd

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Mon, 13 Dec 2021 14:51:57 GMT
x-content-type-options: nosniff
last-modified: Thu, 05 Nov 2020 08:12:40 GMT
server: nginx
etag: "312ff21e46f29f3d"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <https://securityaffairs.co/wordpress/wp-content/uploads/2020/10/logo-center-for-cybersecurity.jpg>; rel="canonical"
content-length: 7482
expires: Sat, 05 Nov 2022 20:12:40 GMT

GET
H2 200 newsletter.png
i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2015/03/ 6 KB
6 KB 8ms
8ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2015/03/newsletter.png?resize=300%2C207&ssl=1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/125409/malware/moobot-botnet-hikvision.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i0.wp.com

Software

nginx /

Resource Hash

40bc46248d8f8d5fbea7678bd0c0031327e206daaf99f3bf6723b9a70f665f7f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-nc: HIT hhn 4
date: Mon, 13 Dec 2021 14:51:57 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Dec 2020 07:29:12 GMT
server: nginx
etag: "a6fb49f7a00a0498"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <https://securityaffairs.co/wordpress/wp-content/uploads/2015/03/newsletter.png>; rel="canonical"
content-length: 6336
expires: Thu, 15 Dec 2022 19:29:12 GMT

GET
H2 200 securityaffairs-best-european-blog2.png
i2.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2020/06/ 10 KB
10 KB 9ms
9ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i2.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2020/06/securityaffairs-best-european-blog2.png?resize=300%2C217&ssl=1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/125409/malware/moobot-botnet-hikvision.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i0.wp.com

Software

nginx /

Resource Hash

e8caad51a19c5667e4fc7ae6a3b9bf8a23559bb64b09b0c6e90cad6d24083ea6

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 14:51:57 GMT
x-content-type-options: nosniff
x-bytes-saved: 103276
content-length: 10314
x-nc: HIT hhn 2
last-modified: Tue, 02 Jun 2020 21:29:55 GMT
server: nginx
etag: "c8c3d7b06b174426"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <https://securityaffairs.co/wordpress/wp-content/uploads/2020/06/securityaffairs-best-european-blog2.png>; rel="canonical"
expires: Fri, 03 Jun 2022 09:29:55 GMT

GET
H2 200 g.gif
pixel.wp.com/ 50 B
93 B 7ms
7ms Image
image/gif 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.wp.com/g.gif?v=ext&j=1%3A10.3&blog=29506073&post=125409&tz=0&srv=securityaffairs.co&host=securityaffairs.co&ref=https%3A%2F%2Ft.co%2F&fcp=1937&rand=0.37991829565268276
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/125409/malware/moobot-botnet-hikvision.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

access-control-allow-origin: *
date: Mon, 13 Dec 2021 14:51:57 GMT
cache-control: no-cache
server: nginx
content-length: 50
content-type: image/gif

GET
H2 200 / Show response
graph.facebook.com/ 244 B
657 B 122ms
39ms Script
text/javascript 2a03:2880:f01c:800e:face:b00c:0:2
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://graph.facebook.com/?callback=WPCOMSharing.update_facebook_count&ids=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F125409%2Fmalware%2Fmoobot-botnet-hikvision.html

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/wp-content/plugins/jetpack/modules/sharedaddy/sharing.js?ver=10.3

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:800e:face:b00c:0:2 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

887f4b4bdb8139f091d1ac2fcfb817704b78aa62793a9837b92d7550383d6de9

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security: max-age=15552000; preload
content-encoding: br
www-authenticate: OAuth "Facebook Platform" "invalid_request" "(#2) Service temporarily unavailable"
x-fb-rev: 1004853336
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 181
x-fb-rlafr: 0
pragma: no-cache
x-fb-debug: jig3pVHaicbXpUGL0u7/jH6Je48zVw87T9D2JeOyUrHjWXSx4gi+jH/9BJqQDmX5zFYZuXQ/npcU6kWaN/2IvA==
x-fb-trace-id: BgOhgvXtfbT
date: Mon, 13 Dec 2021 14:51:57 GMT
vary: Origin, Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
x-fb-request-id: AyUyU_zrAD9rlkLtjTUSWwp
cache-control: no-store
facebook-api-version: v5.0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 g.gif
pixel.wp.com/ 50 B
75 B 8ms
8ms Image
image/gif 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.wp.com/g.gif?v=wpcom-no-pv&x_sharing-count-request=facebook&r=0.12960046371556477
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/125409/malware/moobot-botnet-hikvision.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

access-control-allow-origin: *
date: Mon, 13 Dec 2021 14:51:57 GMT
cache-control: no-cache
server: nginx
content-length: 50
content-type: image/gif

GET
H3 200 sdk.js Show response
connect.facebook.net/en_US/ 286 KB
81 KB 18ms
7ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/sdk.js?hash=4f24a446bdebdec98ae97e101d0c7232

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e30e8422e04f3611a397ff94dc8763985e9a8cab1778d524c00e5c12113e009f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://securityaffairs.co/
Origin: https://securityaffairs.co
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: dQKT/zQ9FS+7wk0hrGM9YQ==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length: 82696
x-fb-rlafr: 0
x-fb-debug: 2MiZCeWyyiClGg/pUmRnffBgA0liYt4Kj9Bq7xCBxHDx4N3HwnT2N/UU2yDODXRzGHvAJYH3Ijzn4JDf8JQEXA==
x-fb-content-md5: 9c9cb081c4d6c37777dc44559fcb0e39
x-frame-options: DENY
date: Mon, 13 Dec 2021 14:51:57 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
etag: "9c1f1a901db5c05c2cf1c23e2e927dbd"
timing-allow-origin: *
priority: u=3,i
expires: Tue, 13 Dec 2022 13:10:11 GMT

POST
H3 200 collect Show response
www.google-analytics.com/j/ 1 B
21 B 89ms
44ms XHR
text/plain 2a00:1450:4001:811::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&a=1535742399&t=pageview&_s=1&dl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F125409%2Fmalware%2Fmoobot-botnet-hikvision.html&dr=https%3A%2F%2Ft.co%2F&ul=en-us&de=UTF-8&dt=Moobot%20botnet%20exploits%20CVE-2021-36260%20flaw%20in%20Hikvision%20productsSecurity%20Affairs&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAUABAAAAAC~&jid=301898641&gjid=1356678709&cid=182916415.1639407118&tid=UA-59069958-1&_gid=247276548.1639407118&_r=1&gtm=2ouc10&did=dNDMyYj&gdid=dNDMyYj&z=143090396

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 13 Dec 2021 14:51:57 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://securityaffairs.co
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 86ms
45ms XHR
text/plain 2a00:1450:4001:811::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&a=1535742399&t=pageview&_s=1&dl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F125409%2Fmalware%2Fmoobot-botnet-hikvision.html&dr=https%3A%2F%2Ft.co%2F&ul=en-us&de=UTF-8&dt=Moobot%20botnet%20exploits%20CVE-2021-36260%20flaw%20in%20Hikvision%20productsSecurity%20Affairs&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEDAAUABAAAAAC~&jid=2072683857&gjid=1890613819&cid=182916415.1639407118&tid=UA-59069958-1&_gid=247276548.1639407118&_r=1&_slc=1&z=1625067091

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 13 Dec 2021 14:51:57 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://securityaffairs.co
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 hb_v2.js Show response
cdn.pixfuture.com/ 33 KB
9 KB 61ms
28ms Script
application/javascript 2606:4700:20::ac43:4671
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.pixfuture.com/hb_v2.js
Requested by: Host: served-by.pixfuture.com
URL: https://served-by.pixfuture.com/www/delivery/headerbid.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4671 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 45df10c585e01c07a3602ed16c1c6842d2572d6b15bceff9cb1f58256d330e31

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 14:51:57 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Tue, 28 Sep 2021 15:09:43 GMT
server: cloudflare
age: 172582
etag: W/"61533037-84f5"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YmfJF1p5Ynw5WH40Hnrnbvyus%2B9E5BYGnFIzZCPA4cIGT4nFrYl3Pm0lhG9tt5t%2FutXtW4HTdHcXSkJowygLTUbBjouf9HX6n5e3suhRF%2B7UfPlh0K9ymaG9hJ7gm261o0zk8qW8RUghoq4Vd75o"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=2678400, no-transform
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6bd00375fe7b4ab6-FRA
expires: Mon, 13 Dec 2021 14:55:35 GMT

GET
H2 200 pbix.js Show response
cdn.pixfuture.com/ 423 KB
130 KB 27ms
27ms Script
application/javascript 2606:4700:20::ac43:4671
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.pixfuture.com/pbix.js
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4671 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b0b015ea0baa3a87937815ea6ba5b35f9cca8b4a0aeaa71974892b290d3eb0da

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 14:51:57 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Mon, 23 Aug 2021 13:19:22 GMT
server: cloudflare
age: 172579
etag: W/"6123a05a-69c72"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rBvF8icUjejfha%2FRluongJnTJ8IoaTXeTpl3Hu5sN0jHnfbA%2BkoLXXgQ7n7fNhora0VEIGKXC%2BTZkS4cvjCkSIHVyUeucPACjaqlCPoHgYK6FQuYsqterS32nP1PPJlMfUmQoPAmTFFR%2FUKKY11%2F"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=2678400, no-transform
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6bd003764f504ab6-FRA
expires: Mon, 13 Dec 2021 14:55:35 GMT

GET
H2 200 r.js Show response
aa.agkn.com/adscores/ 0
185 B 29ms
11ms Script
application/javascript 3.120.52.200
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://aa.agkn.com/adscores/r.js?sid=9112309848
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.120.52.200 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-120-52-200.eu-central-1.compute.amazonaws.com
Software: AAWebServer /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 13 Dec 2021 14:51:57 GMT
server: AAWebServer
p3p: policyref="https://www.agkn.com/p3p/p3p.xml",CP="NOI NID"
cache-control: no-cache, no-store, must-revalidate
content-type: application/javascript
content-length: 0
expires: 0

GET
H2 200 hb_v2.php Show response
served-by.pixfuture.com/www/delivery/ 11 KB
12 KB 383ms
191ms XHR
text/javascript 68.183.31.14
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://served-by.pixfuture.com/www/delivery/hb_v2.php?dat=24274x728x90x4142x_ADSLOT1&keywords=moobot,botnet,exploits,cve202136260,flaw,hikvision,productssecurity,affairs&refUrl=https://t.co/&refresh=false&innerWidth=1600
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.10.3 (Ubuntu) /
Resource Hash: 9360299eebce7c61288e49c12d38b8ba6e35a81e71af64d313a8d88525feb664

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 13 Dec 2021 14:51:58 GMT
server: nginx/1.10.3 (Ubuntu)
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=172800, public, no-transform
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
expires: Wed, 15 Dec 2021 14:51:58 GMT

GET
H2 200 hb_v2.php Show response
served-by.pixfuture.com/www/delivery/ 9 KB
9 KB 396ms
205ms XHR
text/javascript 68.183.31.14
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://served-by.pixfuture.com/www/delivery/hb_v2.php?dat=24272x320x50x4142x_ADSLOT1&keywords=moobot,botnet,exploits,cve202136260,flaw,hikvision,productssecurity,affairs&refUrl=https://t.co/&refresh=false&innerWidth=1600
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.10.3 (Ubuntu) /
Resource Hash: 5a71333a93fd57712bf26341e5189f64e322905aa97d1bb6cba938e70f3d5e40

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 13 Dec 2021 14:51:58 GMT
server: nginx/1.10.3 (Ubuntu)
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=172800, public, no-transform
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
expires: Wed, 15 Dec 2021 14:51:58 GMT

GET
H2 200 hb_v2.php Show response
served-by.pixfuture.com/www/delivery/ 9 KB
9 KB 488ms
297ms XHR
text/javascript 68.183.31.14
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://served-by.pixfuture.com/www/delivery/hb_v2.php?dat=24270x300x250x4142x_ADSLOT1&keywords=moobot,botnet,exploits,cve202136260,flaw,hikvision,productssecurity,affairs&refUrl=https://t.co/&refresh=false&innerWidth=1600
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.10.3 (Ubuntu) /
Resource Hash: d990aff2383d76371c4ad3d4a1aa39d36d2ea4cad513a9026958bc0a80047470

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 13 Dec 2021 14:51:58 GMT
server: nginx/1.10.3 (Ubuntu)
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=172800, public, no-transform
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
expires: Wed, 15 Dec 2021 14:51:58 GMT

GET
H2 200 hb_v2.php Show response
served-by.pixfuture.com/www/delivery/ 9 KB
9 KB 397ms
206ms XHR
text/javascript 68.183.31.14
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://served-by.pixfuture.com/www/delivery/hb_v2.php?dat=24272x320x50x4142x_ADSLOT1&keywords=moobot,botnet,exploits,cve202136260,flaw,hikvision,productssecurity,affairs&refUrl=https://t.co/&refresh=false&innerWidth=1600
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.10.3 (Ubuntu) /
Resource Hash: 5a71333a93fd57712bf26341e5189f64e322905aa97d1bb6cba938e70f3d5e40

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 13 Dec 2021 14:51:58 GMT
server: nginx/1.10.3 (Ubuntu)
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=172800, public, no-transform
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
expires: Wed, 15 Dec 2021 14:51:58 GMT

OPTIONS
H2 200 json
gum.criteo.com/sid/ Frame 0
0 46ms
15ms Preflight
application/json 2a02:2638:1::13
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fsecurityaffairs.co%2F&domain=securityaffairs.co&cw=1&lsw=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::13 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400; preload;

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Origin: https://securityaffairs.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
content-type: application/json; charset=utf-8
expires: 0
access-control-allow-origin: https://securityaffairs.co
access-control-allow-headers: content-type
access-control-allow-credentials: true
access-control-allow-methods: GET
server-processing-duration-in-ticks: 1386
date: Mon, 13 Dec 2021 14:51:57 GMT
strict-transport-security: max-age=86400; preload;
content-encoding: gzip
vary: Accept-Encoding

GET
H2

200

sid Show response
mug.criteo.com/
Redirect Chain

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fsecurityaffairs.co%2F&domain=securityaffairs.co&cw=1&lsw=1
https://mug.criteo.com/sid?cpp=h55zMnxCeTNldldoYWVJaW4reDhrblR3V0NUOVFvd2tWdGtTZlYyZW5PWkhqRURpMzhUdXRzRXJJQjljOVRSQ2JvMkRGNkpoZVhkcnk2TzB4UlduZGZ0YUFjK3FJVE5kNWdqc09tZXVZTW1wZFVxb0RLTzRna0kwWkRzbk...

345 B
609 B

52ms
18ms

XHR
application/json

178.250.0.157
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://mug.criteo.com/sid?cpp=h55zMnxCeTNldldoYWVJaW4reDhrblR3V0NUOVFvd2tWdGtTZlYyZW5PWkhqRURpMzhUdXRzRXJJQjljOVRSQ2JvMkRGNkpoZVhkcnk2TzB4UlduZGZ0YUFjK3FJVE5kNWdqc09tZXVZTW1wZFVxb0RLTzRna0kwWkRzbkJ4cmdTYi9IQW9SRHVPOG83Y0x4TVBEYjZvYWNpeFFINDBmLzduUXhsak13Y2VrQUFnWlNSOWtJYkJ5U1dFWXEyeC9TTlcvYlVqdjlzblAyMWMzM2hDakZ0QUlab1pGSUU4OFJQYUU1aS9lWnlWcnNhWWh3PXw&cppv=2

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/125409/malware/moobot-botnet-hikvision.html

Protocol

Server

178.250.0.157 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

37cfec1b7d26d6960ccf8965cad6f3c1e90d5edfe258b4d33ffad59b2c0bb319

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 13 Dec 2021 14:51:58 GMT
content-encoding: gzip
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: null
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 2630
strict-transport-security: max-age=86400; preload;
expires: 0

Redirect headers

pragma: no-cache
date: Mon, 13 Dec 2021 14:51:57 GMT
location: https://mug.criteo.com/sid?cpp=h55zMnxCeTNldldoYWVJaW4reDhrblR3V0NUOVFvd2tWdGtTZlYyZW5PWkhqRURpMzhUdXRzRXJJQjljOVRSQ2JvMkRGNkpoZVhkcnk2TzB4UlduZGZ0YUFjK3FJVE5kNWdqc09tZXVZTW1wZFVxb0RLTzRna0kwWkRzbkJ4cmdTYi9IQW9SRHVPOG83Y0x4TVBEYjZvYWNpeFFINDBmLzduUXhsak13Y2VrQUFnWlNSOWtJYkJ5U1dFWXEyeC9TTlcvYlVqdjlzblAyMWMzM2hDakZ0QUlab1pGSUU4OFJQYUU1aS9lWnlWcnNhWWh3PXw&cppv=2
strict-transport-security: max-age=86400; preload;
access-control-allow-methods: GET
content-type: text/html; charset=utf-8
access-control-allow-origin: https://securityaffairs.co
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 1961
content-length: 482
expires: 0

POST
H/1.1 200 529.json Show response
id5-sync.com/g/v2/ 213 B
536 B 40ms
8ms XHR
application/json 51.75.146.199
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://id5-sync.com/g/v2/529.json

Requested by

Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

51.75.146.199 , France, ASN16276 (OVH, FR),

Reverse DNS

p12.id5-sync.com

Software

Resource Hash

48d363cb5d3e8636be4ebf1fc9e00668fb6c156d32f128b894c9f46fdefe47e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: https://securityaffairs.co
Date: Mon, 13 Dec 2021 14:51:50 GMT
Access-Control-Allow-Credentials: true
Vary: Origin
Transfer-Encoding: chunked
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
Content-Type: application/json;charset=UTF-8

GET envelope
api.rlcdn.com/api/identity/ 0
0

GET
H2 200 rid Show response
match.adsrvr.org/track/ 109 B
544 B 115ms
47ms XHR
application/json 15.197.193.217
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://match.adsrvr.org/track/rid?ttd_pid=yoni5uv&fmt=json
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 15.197.193.217 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a12b7a488abeaa9e4.awsglobalaccelerator.com
Software: /
Resource Hash: 290cdfc5405554e88883ba29d0b9b34d30340e68b6b8c1bb57a917907039bd5e

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 13 Dec 2021 14:51:58 GMT
x-aspnet-version: 4.0.30319
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://securityaffairs.co
cache-control: private
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Content-Length, Content-Encoding, Vary, Cache-Control, Accept
content-length: 109
expires: Wed, 12 Jan 2022 14:51:58 GMT

GET
H/1.1

200
OK

bounce Show response
secure.adnxs.com/
Redirect Chain

https://secure.adnxs.com/seg?add=27578926%2C27578926&t=1
https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D27578926%252C27578926%26t%3D1

0
1009 B

24ms
24ms

Script
application/javascript

185.33.221.53
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D27578926%252C27578926%26t%3D1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/125409/malware/moobot-botnet-hikvision.html

Protocol

HTTP/1.1

Server

185.33.221.53 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

718.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 13 Dec 2021 14:51:58 GMT
X-Proxy-Origin: 185.213.155.162; 185.213.155.162; 718.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 4185cee6-aa17-4752-b880-112981e5ffd5
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/javascript; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Mon, 13 Dec 2021 14:51:58 GMT
X-Proxy-Origin: 185.213.155.162; 185.213.155.162; 718.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 8078d691-62b0-41ef-9f82-01788859156f
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D27578926%252C27578926%26t%3D1
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200
OK

bounce Show response
secure.adnxs.com/
Redirect Chain

https://secure.adnxs.com/seg?add=27578935%2C27578935&t=1
https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D27578935%252C27578935%26t%3D1

0
1009 B

34ms
23ms

Script
application/javascript

185.33.221.53
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D27578935%252C27578935%26t%3D1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/125409/malware/moobot-botnet-hikvision.html

Protocol

HTTP/1.1

Server

185.33.221.53 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

718.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 13 Dec 2021 14:51:58 GMT
X-Proxy-Origin: 185.213.155.162; 185.213.155.162; 718.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 6ab1d10d-d53e-4aed-bdd1-27ddd99756b8
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/javascript; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Mon, 13 Dec 2021 14:51:58 GMT
X-Proxy-Origin: 185.213.155.162; 185.213.155.162; 718.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: a4f670e2-2d1a-49c7-b0f6-ff0ed8d910bd
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D27578935%252C27578935%26t%3D1
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H/1.1 200
OK cookie_sync Show response
prebidserver.pixfuture.com/ 620 B
992 B 322ms
101ms XHR
application/json 157.245.94.128
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://prebidserver.pixfuture.com/cookie_sync
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 157.245.94.128 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: 119f16a48ee60048587f6148ccd7b4d166b5f77d22ac11c87d665f5dee82fc78

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Mon, 13 Dec 2021 14:51:58 GMT
Server: nginx/1.14.0 (Ubuntu)
Vary: Origin
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://securityaffairs.co
Cache-Control: no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 620
Expires: 0

POST
H/1.1 200
OK auction Show response
prebidserver.pixfuture.com/openrtb2/ 173 B
530 B 335ms
116ms XHR
application/json 157.245.94.128
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://prebidserver.pixfuture.com/openrtb2/auction
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 157.245.94.128 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: 4eb13ed31317bbf2e5369a19414370e17a8bd90862c504657eec6b7fcdd734b5

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Mon, 13 Dec 2021 14:51:58 GMT
Server: nginx/1.14.0 (Ubuntu)
Vary: Origin
Content-Type: application/json
Access-Control-Allow-Origin: https://securityaffairs.co
Cache-Control: no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 173
Expires: 0

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ 0
61 B 117ms
70ms XHR
text/plain 185.64.189.112
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://securityaffairs.co
date: Mon, 13 Dec 2021 14:51:58 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 138 B
824 B 52ms
15ms XHR
application/json 185.33.221.87
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.87 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

723.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

9c9f3ab5e47f28e9a7f6aa1c6a3f234ff179acb8a7d3bb1459ba834e55d27c51

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Mon, 13 Dec 2021 14:51:58 GMT
X-Proxy-Origin: 185.213.155.162; 185.213.155.162; 723.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: e2570763-4dc4-49f4-af91-a19fb6061742
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://securityaffairs.co
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 138
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK trinity.json Show response
apex.go.sonobi.com/ 95 B
737 B 116ms
46ms XHR
application/json 178.162.133.150
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL

https://apex.go.sonobi.com/trinity.json?key_maker=%7B%221047628945dbb2b%22%3A%22277a716b3c3b01668abf%7C320x50%7Cf%3D0.3%22%7D&ref=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F125409%2Fmalware%2Fmoobot-botnet-hikvision.html&s=0ee8972d-bfee-44f3-93a6-7ead3cd8cf50&pv=de8948b3-4b1b-43b1-a63d-d727011d619e&vp=desktop&lib_name=prebid&lib_v=5.9.0-pre&us=0&ius=1&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22pixfuture.com%22%2C%22sid%22%3A%224142%22%2C%22hp%22%3A1%7D%5D%7D&kw=moobot%2Cbotnet%2Cexploits%2Ccve202136260%2Cflaw%2Chikvision%2Cproductssecurity%2Caffairs&coppa=0

Requested by

Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.150 Rotterdam, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

ams-1-apex.go.sonobi.com

Software

sonobi-go /

Resource Hash

31e970ace5ddc76018ee488a5d09b1dfa427356cda4f6d45d5ecdd234e3d671d

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Mon, 13 Dec 2021 14:51:58 GMT
Content-Encoding: gzip
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: apex-ams-1-6-132
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin: https://securityaffairs.co
Cache-Control: no-cache, no-store, private
Access-Control-Allow-Credentials: true
Tcn: Choice
Content-Type: application/json
Content-Length: 120
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

POST
H2 204 / Show response
hb.emxdgt.com/ 0
160 B 68ms
26ms XHR
text/plain 35.156.230.193
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://hb.emxdgt.com/?t=3000&ts=1639407118220&src=pbjs
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.156.230.193 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-156-230-193.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://securityaffairs.co
date: Mon, 13 Dec 2021 14:51:58 GMT
cache-control: no-cache
access-control-allow-credentials: true
access-control-allow-headers: security, Content-Type

POST
H/1.1 200
OK bid Show response
ap.lijit.com/rtb/ 94 B
748 B 141ms
56ms XHR
application/json 216.52.2.30
VOXEL-DOT-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://ap.lijit.com/rtb/bid?src=prebid_prebid_5.9.0-pre
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.30 , United States, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software: /
Resource Hash: 16a4590dcac18c2fefbc631cf48a2b8f8321e33062100bb3f52b2194b9e86999

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

Date: Mon, 13 Dec 2021 14:51:58 GMT
Content-Encoding: gzip
Vary: Accept-Encoding, User-Agent
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Content-Type: application/json
Access-Control-Allow-Origin: https://securityaffairs.co
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap6ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 98

GET
H2 200 arj Show response
pixfuture2-d.openx.net/w/1.0/ 73 B
381 B 81ms
40ms XHR
application/json 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://pixfuture2-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F125409%2Fmalware%2Fmoobot-botnet-hikvision.html&ch=UTF-8&res=1600x1200x24&ifr=false&tz=0&tws=1600x1200&be=1&bc=hb_pb_3.0.3&dddid=3039b0d9-a646-418a-b4ea-d669119e8cac&nocache=1639407118222&pubcid=f1d4e06d-11bd-4299-b39f-3c45c3be187f&schain=1.0%2C1!pixfuture.com%2C4142%2C1%2C%2C%2C&aus=320x50&divids=24272x320x50x4142x_ADSLOT1&aucs=&auid=540580841&tps=bXlrZXl3b3JkPW1vb2JvdCxib3RuZXQsZXhwbG9pdHMsY3ZlMjAyMTM2MjYwLGZsYXcsaGlrdmlzaW9uLHByb2R1Y3Rzc2VjdXJpdHksYWZmYWlycyZteW90aGVya2V5d29yZD1tb29ib3QsYm90bmV0LGV4cGxvaXRzLGN2ZTIwMjEzNjI2MCxmbGF3LGhpa3Zpc2lvbixwcm9kdWN0c3NlY3VyaXR5LGFmZmFpcnM%3D
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/16.221.0 /
Resource Hash: ca94692f3312412f1b35e13613f61580664f10160e5be7b7290e7fd451f333c3

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 13 Dec 2021 14:51:58 GMT
content-encoding: gzip
server: OXGW/16.221.0
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: https://securityaffairs.co
cache-control: private, max-age=0, no-cache
access-control-allow-credentials: true
content-type: application/json
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 79
via: 1.1 google
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 241 B
1 KB 111ms
62ms XHR
application/json 2602:803:c003:200::51
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=23564&site_id=378734&zone_id=2094440&size_id=43&p_pos=atf&rp_schain=1.0,1!pixfuture.com,4142,1,,,&rf=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F125409%2Fmalware%2Fmoobot-botnet-hikvision.html&tk_flint=pbjs_lite_v5.9.0-pre&x_source.tid=3039b0d9-a646-418a-b4ea-d669119e8cac&p_screen_res=1600x1200&rp_floor=0.1&rp_secure=1&rp_maxbids=1&slots=1&rand=0.5728931790264118
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 2602:803:c003:200::51 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.16.0 /
Resource Hash: 07950a09fba7925fd19fb57100b63b44f631f034eacd0226ce5477e34ef0ca28

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Mon, 13 Dec 2021 14:51:58 GMT
Server: nginx/1.16.0
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://securityaffairs.co
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Content-Length: 241
Expires: Wed, 17 Sep 1975 21:32:10 GMT

POST
H2 200 hb Show response
ssc.33across.com/api/v1/ 66 B
158 B 161ms
116ms XHR
application/json 34.149.20.76
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://ssc.33across.com/api/v1/hb?guid=azC7qard4r6OkMaKlId8sQ
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.149.20.76 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 76.20.149.34.bc.googleusercontent.com
Software: / 33Across
Resource Hash: 908309ab4bce3ff50d0c47be6a9bc5484ea294b118247eb906dd1ae4d4c394f9

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 13 Dec 2021 14:51:58 GMT
content-encoding: gzip
status: 200 OK
x-powered-by: 33Across
vary: Accept-Encoding, Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://securityaffairs.co
access-control-allow-credentials: true
alt-svc: clear
via: 1.1 google

POST
H2 200 prebid Show response
prebid.media.net/rtb/ 1 KB
751 B 107ms
64ms XHR
application/json 34.107.148.139
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.media.net/rtb/prebid?cid=8CUIUMTP7
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.107.148.139 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 139.148.107.34.bc.googleusercontent.com
Software: nginx /
Resource Hash: d528cc8b301bb63e722aff31e4f02abe2ac17c8ffc021cd1aeb8d6d2ffb48f3d

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 13 Dec 2021 14:51:58 GMT
content-encoding: gzip
server: nginx
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://securityaffairs.co
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
alt-svc: clear
via: 1.1 google

POST
H2 204 v1 Show response
btlr.sharethrough.com/WYu2BXv1/ 0
114 B 128ms
92ms XHR
text/plain 18.185.195.105
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/WYu2BXv1/v1
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.185.195.105 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-185-195-105.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://securityaffairs.co
date: Mon, 13 Dec 2021 14:51:58 GMT
access-control-allow-credentials: true
vary: Origin

POST
H/1.1 200
OK v1 Show response
prg.smartadserver.com/prebid/ 0
326 B 120ms
19ms XHR
application/json 185.86.138.122
SMARTADSERVER

General

Check archive.org

Show headers Download Go to

Full URL: https://prg.smartadserver.com/prebid/v1
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.138.122 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 13 Dec 2021 14:51:58 GMT
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
access-control-allow-origin: https://securityaffairs.co
cache-control: no-cache,no-store
access-control-allow-credentials: true
content-type: application/json; charset=UTF-8
content-length: 0

POST
H/1.1 200
OK auction Show response
prebidserver.pixfuture.com/openrtb2/ 172 B
529 B 337ms
119ms XHR
application/json 157.245.94.128
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://prebidserver.pixfuture.com/openrtb2/auction
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 157.245.94.128 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: 3f6b03eb8e21a3a28aba3faee92d4dace9ed7a9c9bc408ee25e17a21ab4ae96f

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Mon, 13 Dec 2021 14:51:58 GMT
Server: nginx/1.14.0 (Ubuntu)
Vary: Origin
Content-Type: application/json
Access-Control-Allow-Origin: https://securityaffairs.co
Cache-Control: no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 172
Expires: 0

POST
H/1.1 200
OK v1 Show response
prg.smartadserver.com/prebid/ 0
326 B 116ms
19ms XHR
application/json 185.86.138.122
SMARTADSERVER

General

Check archive.org

Show headers Download Go to

Full URL: https://prg.smartadserver.com/prebid/v1
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.138.122 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 13 Dec 2021 14:51:58 GMT
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
access-control-allow-origin: https://securityaffairs.co
cache-control: no-cache,no-store
access-control-allow-credentials: true
content-type: application/json; charset=UTF-8
content-length: 0

POST
H2 200 hb Show response
ssc.33across.com/api/v1/ 65 B
298 B 149ms
111ms XHR
application/json 34.149.20.76
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://ssc.33across.com/api/v1/hb?guid=azC7qard4r6OkMaKlId8sQ
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.149.20.76 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 76.20.149.34.bc.googleusercontent.com
Software: / 33Across
Resource Hash: 4d1fcf90268b2a4492c24ceac97deb003669751451c534e83f5a1aa57826fe9a

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 13 Dec 2021 14:51:58 GMT
content-encoding: gzip
status: 200 OK
x-powered-by: 33Across
vary: Accept-Encoding, Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://securityaffairs.co
access-control-allow-credentials: true
alt-svc: clear
via: 1.1 google

POST
H2 204 v1 Show response
btlr.sharethrough.com/WYu2BXv1/ 0
115 B 100ms
70ms XHR
text/plain 18.185.195.105
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/WYu2BXv1/v1
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.185.195.105 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-185-195-105.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://securityaffairs.co
date: Mon, 13 Dec 2021 14:51:58 GMT
access-control-allow-credentials: true
vary: Origin

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 241 B
1 KB 140ms
82ms XHR
application/json 2602:803:c003:200::51
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=23564&site_id=378734&zone_id=2094440&size_id=43&p_pos=atf&rp_schain=1.0,1!pixfuture.com,4142,1,,,&rf=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F125409%2Fmalware%2Fmoobot-botnet-hikvision.html&tk_flint=pbjs_lite_v5.9.0-pre&x_source.tid=c606bcc4-b46c-4040-bfce-779eeb9ffcbe&p_screen_res=1600x1200&rp_floor=0.1&rp_secure=1&rp_maxbids=1&slots=1&rand=0.39903422941058064
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 2602:803:c003:200::51 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.16.0 /
Resource Hash: 5c77f9eb87844fb0b30f369eaa4de51577ca88936a85426353a9082224010d82

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Mon, 13 Dec 2021 14:51:58 GMT
Server: nginx/1.16.0
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://securityaffairs.co
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Content-Length: 241
Expires: Wed, 17 Sep 1975 21:32:10 GMT

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ 0
117 B 75ms
47ms XHR
text/plain 185.64.189.112
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://securityaffairs.co
date: Mon, 13 Dec 2021 14:51:56 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true

GET
H/1.1 200
OK trinity.json Show response
apex.go.sonobi.com/ 95 B
733 B 102ms
48ms XHR
application/json 178.162.133.150
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL

https://apex.go.sonobi.com/trinity.json?key_maker=%7B%2243cf435a84e5292%22%3A%22277a716b3c3b01668abf%7C320x50%7Cf%3D0.3%22%7D&ref=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F125409%2Fmalware%2Fmoobot-botnet-hikvision.html&s=87237d54-cd34-4b31-8464-b3e6f134c1e0&pv=de8948b3-4b1b-43b1-a63d-d727011d619e&vp=desktop&lib_name=prebid&lib_v=5.9.0-pre&us=0&ius=1&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22pixfuture.com%22%2C%22sid%22%3A%224142%22%2C%22hp%22%3A1%7D%5D%7D&kw=moobot%2Cbotnet%2Cexploits%2Ccve202136260%2Cflaw%2Chikvision%2Cproductssecurity%2Caffairs&coppa=0

Requested by

Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.150 Rotterdam, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

ams-1-apex.go.sonobi.com

Software

sonobi-go /

Resource Hash

edd780d5731b7dc634109f357152c24775faf80a035ea701691e2320541acfe5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Mon, 13 Dec 2021 14:51:58 GMT
Content-Encoding: gzip
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: apex-ams-1-6-8
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin: https://securityaffairs.co
Cache-Control: no-cache, no-store, private
Access-Control-Allow-Credentials: true
Tcn: Choice
Content-Type: application/json
Content-Length: 120
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

GET
H2 200 arj Show response
pixfuture2-d.openx.net/w/1.0/ 73 B
145 B 67ms
41ms XHR
application/json 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://pixfuture2-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F125409%2Fmalware%2Fmoobot-botnet-hikvision.html&ch=UTF-8&res=1600x1200x24&ifr=false&tz=0&tws=1600x1200&be=1&bc=hb_pb_3.0.3&dddid=c606bcc4-b46c-4040-bfce-779eeb9ffcbe&nocache=1639407118235&pubcid=f1d4e06d-11bd-4299-b39f-3c45c3be187f&schain=1.0%2C1!pixfuture.com%2C4142%2C1%2C%2C%2C&aus=320x50&divids=24272x320x50x4142x_ADSLOT1&aucs=&auid=540580841&tps=bXlrZXl3b3JkPW1vb2JvdCxib3RuZXQsZXhwbG9pdHMsY3ZlMjAyMTM2MjYwLGZsYXcsaGlrdmlzaW9uLHByb2R1Y3Rzc2VjdXJpdHksYWZmYWlycyZteW90aGVya2V5d29yZD1tb29ib3QsYm90bmV0LGV4cGxvaXRzLGN2ZTIwMjEzNjI2MCxmbGF3LGhpa3Zpc2lvbixwcm9kdWN0c3NlY3VyaXR5LGFmZmFpcnM%3D
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/16.221.0 /
Resource Hash: 6d20d8e0c791ee4484bbdbdf04cac495925861496ea0c2727aeed52784c8f6d8

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 13 Dec 2021 14:51:58 GMT
content-encoding: gzip
server: OXGW/16.221.0
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: https://securityaffairs.co
cache-control: private, max-age=0, no-cache
access-control-allow-credentials: true
content-type: application/json
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 79
via: 1.1 google
expires: Mon, 26 Jul 1997 05:00:00 GMT

POST
H/1.1 200
OK bid Show response
ap.lijit.com/rtb/ 94 B
748 B 172ms
98ms XHR
application/json 216.52.2.30
VOXEL-DOT-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://ap.lijit.com/rtb/bid?src=prebid_prebid_5.9.0-pre
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.30 , United States, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software: /
Resource Hash: da649570efe6e0f30e895ffb94119084b91bdb08e9da5c0836ccbe771f800f2d

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

Date: Mon, 13 Dec 2021 14:51:58 GMT
Content-Encoding: gzip
Vary: Accept-Encoding, User-Agent
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Content-Type: application/json
Access-Control-Allow-Origin: https://securityaffairs.co
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap6ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 98

POST
H2 204 / Show response
hb.emxdgt.com/ 0
159 B 895ms
870ms XHR
text/plain 35.156.230.193
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://hb.emxdgt.com/?t=3000&ts=1639407118236&src=pbjs
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.156.230.193 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-156-230-193.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://securityaffairs.co
date: Mon, 13 Dec 2021 14:51:59 GMT
cache-control: no-cache
access-control-allow-credentials: true
access-control-allow-headers: security, Content-Type

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 139 B
825 B 55ms
29ms XHR
application/json 185.33.221.87
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.87 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

723.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

3bcdac4948fc1b805aa0097d6f8f195fbe6f6a96298da66bf6ad6c71dd98d65e

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Mon, 13 Dec 2021 14:51:58 GMT
X-Proxy-Origin: 185.213.155.162; 185.213.155.162; 723.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 70f68031-2caa-4824-92f1-98c3d368d464
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://securityaffairs.co
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 139
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 200 prebid Show response
prebid.media.net/rtb/ 1 KB
890 B 93ms
61ms XHR
application/json 34.107.148.139
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.media.net/rtb/prebid?cid=8CUIUMTP7
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.107.148.139 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 139.148.107.34.bc.googleusercontent.com
Software: nginx /
Resource Hash: 516591b389f99284a8a3cf2c85501080246966a2cb51bdbd87a8e26a717c0640

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 13 Dec 2021 14:51:58 GMT
content-encoding: gzip
server: nginx
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://securityaffairs.co
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
alt-svc: clear
via: 1.1 google

GET
H2 200 nrrV2109.js Show response
contextual.media.net/4a/ Frame 9245 92 KB
30 KB 35ms
34ms Script
text/javascript 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/4a/nrrV2109.js

Requested by

Host: contextual.media.net
URL: https://contextual.media.net/dmedianet.js?cid=8CU5BD6EW

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

b1c4793c00c6995f2393a7bd1e0a6666f6883a10efd9aabefb82495862c1164c

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: max-age=2592000
strict-transport-security: max-age=604800
content-encoding: gzip
server: Apache
etag: "05546b0e38ab9175cd905eebcc6ebb76"
vary: Accept-Encoding
x-mnet-h: 8-13
content-type: text/javascript; charset=utf-8
cache-control: max-age=1209600
date: Mon, 13 Dec 2021 14:51:58 GMT
content-length: 30276
expires: Mon, 27 Dec 2021 14:51:58 GMT

GET
DATA 200
OK truncated
/ Frame 9245 107 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: dfa1028a74436c56e0ee1367812c0ee599d6814ec4a3079ca9b9afffba949e26

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 9245 4 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 326c32d7ffbd04762a10cf5bb37441d418397959381d3893c9e9a48217aa5347

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 9245 2 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b00af338864761a37a208806e2e8815b46327a5e7e47bf141f4fbdf6d1fd3bcc

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type: image/png

POST
H/1.1 200
OK auction Show response
prebidserver.pixfuture.com/openrtb2/ 172 B
529 B 307ms
112ms XHR
application/json 157.245.94.128
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://prebidserver.pixfuture.com/openrtb2/auction
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 157.245.94.128 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: 0fbca756035a8bff7e839d7451867f1aae73d64b865b0f42b93940e41c0aafed

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Mon, 13 Dec 2021 14:51:58 GMT
Server: nginx/1.14.0 (Ubuntu)
Vary: Origin
Content-Type: application/json
Access-Control-Allow-Origin: https://securityaffairs.co
Cache-Control: no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 172
Expires: 0

POST
H/1.1 200
OK bid Show response
ap.lijit.com/rtb/ 94 B
748 B 181ms
110ms XHR
application/json 216.52.2.30
VOXEL-DOT-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://ap.lijit.com/rtb/bid?src=prebid_prebid_5.9.0-pre
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.30 , United States, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software: /
Resource Hash: 3c02dc9ea15a979bde47f9fbe57900e338b047b697f85a9c566be50e10514d57

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

Date: Mon, 13 Dec 2021 14:51:58 GMT
Content-Encoding: gzip
Vary: Accept-Encoding, User-Agent
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Content-Type: application/json
Access-Control-Allow-Origin: https://securityaffairs.co
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap6ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 98

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 139 B
980 B 27ms
27ms XHR
application/json 185.33.221.87
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.87 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

723.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

2167552439fde13b52404300959bbd25373d8cb01a7c746f0cbf2e3643ac3ba7

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Mon, 13 Dec 2021 14:51:58 GMT
X-Proxy-Origin: 185.213.155.162; 185.213.155.162; 723.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 078354d2-4906-4fe2-8efd-7a2129760bbb
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://securityaffairs.co
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 139
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 200 hb Show response
ssc.33across.com/api/v1/ 66 B
149 B 106ms
106ms XHR
application/json 34.149.20.76
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://ssc.33across.com/api/v1/hb?guid=azC7qard4r6OkMaKlId8sQ
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.149.20.76 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 76.20.149.34.bc.googleusercontent.com
Software: / 33Across
Resource Hash: 292ef2c34596f8931fcda3e68d2ab7daa70fce96be880ca888b0a4d62cc58ec3

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 13 Dec 2021 14:51:58 GMT
content-encoding: gzip
status: 200 OK
x-powered-by: 33Across
vary: Accept-Encoding, Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://securityaffairs.co
access-control-allow-credentials: true
alt-svc: clear
via: 1.1 google

POST
H2 204 / Show response
hb.emxdgt.com/ 0
159 B 30ms
30ms XHR
text/plain 35.156.230.193
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://hb.emxdgt.com/?t=3000&ts=1639407118308&src=pbjs
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.156.230.193 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-156-230-193.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://securityaffairs.co
date: Mon, 13 Dec 2021 14:51:58 GMT
cache-control: no-cache
access-control-allow-credentials: true
access-control-allow-headers: security, Content-Type

POST
H/1.1 200
OK v1 Show response
prg.smartadserver.com/prebid/ 0
326 B 79ms
23ms XHR
application/json 185.86.138.122
SMARTADSERVER

General

Check archive.org

Show headers Download Go to

Full URL: https://prg.smartadserver.com/prebid/v1
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.138.122 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 13 Dec 2021 14:51:57 GMT
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
access-control-allow-origin: https://securityaffairs.co
cache-control: no-cache,no-store
access-control-allow-credentials: true
content-type: application/json; charset=UTF-8
content-length: 0

POST
H2 204 v1 Show response
btlr.sharethrough.com/WYu2BXv1/ 0
114 B 26ms
26ms XHR
text/plain 18.185.195.105
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/WYu2BXv1/v1
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.185.195.105 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-185-195-105.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://securityaffairs.co
date: Mon, 13 Dec 2021 14:51:58 GMT
access-control-allow-credentials: true
vary: Origin

GET
H2 200 bidRequest Show response
c2shb.ssp.yahoo.com/ 62 B
293 B 188ms
105ms XHR
application/json 18.156.195.47
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a969105017575db4f32dc2eda5c0067&pos=pixfuture_network_news_300x250&cmd=bid&eidid5-sync.com=0&secure=1
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.156.195.47 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-156-195-47.eu-central-1.compute.amazonaws.com
Software: ATS/9.1.0.33 /
Resource Hash: 305586eed15677a63571112dd94407c1661f5274d0713bcfae9a47e09c2cedc3

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 13 Dec 2021 14:51:58 GMT
server: ATS/9.1.0.33
age: 0
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods: POST,GET,HEAD,OPTIONS
content-type: application/json;charset=utf-8
access-control-allow-origin: https://securityaffairs.co
access-control-allow-credentials: true
content-length: 62

GET
H3 200 arj Show response
pixfuture2-d.openx.net/w/1.0/ 73 B
101 B 79ms
47ms XHR
application/json 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://pixfuture2-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F125409%2Fmalware%2Fmoobot-botnet-hikvision.html&ch=UTF-8&res=1600x1200x24&ifr=false&tz=0&tws=1600x1200&be=1&bc=hb_pb_3.0.3&dddid=d13a1e0b-4bf3-4bb2-99c7-7c840a0e13d1&nocache=1639407118310&id5id=0&pubcid=f1d4e06d-11bd-4299-b39f-3c45c3be187f&schain=1.0%2C1!pixfuture.com%2C4142%2C1%2C%2C%2C&aus=300x250&divids=24270x300x250x4142x_ADSLOT1&aucs=&auid=540580840&tps=bXlrZXl3b3JkPW1vb2JvdCxib3RuZXQsZXhwbG9pdHMsY3ZlMjAyMTM2MjYwLGZsYXcsaGlrdmlzaW9uLHByb2R1Y3Rzc2VjdXJpdHksYWZmYWlycyZteW90aGVya2V5d29yZD1tb29ib3QsYm90bmV0LGV4cGxvaXRzLGN2ZTIwMjEzNjI2MCxmbGF3LGhpa3Zpc2lvbixwcm9kdWN0c3NlY3VyaXR5LGFmZmFpcnM%3D
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/16.221.0 /
Resource Hash: ab407127b6212a0af9b8f9f834f466e1608e0404bf09420b5026813827289edf

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 13 Dec 2021 14:51:58 GMT
content-encoding: gzip
server: OXGW/16.221.0
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: https://securityaffairs.co
cache-control: private, max-age=0, no-cache
access-control-allow-credentials: true
content-type: application/json
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 79
via: 1.1 google
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 241 B
1 KB 148ms
106ms XHR
application/json 2602:803:c003:200::51
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=23564&site_id=378734&zone_id=2094440&size_id=15&p_pos=atf&rp_schain=1.0,1!pixfuture.com,4142,1,,,&eid_id5-sync.com=0%5E1%5E&rf=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F125409%2Fmalware%2Fmoobot-botnet-hikvision.html&tk_flint=pbjs_lite_v5.9.0-pre&x_source.tid=d13a1e0b-4bf3-4bb2-99c7-7c840a0e13d1&p_screen_res=1600x1200&rp_floor=0.1&rp_secure=1&rp_maxbids=1&slots=1&rand=0.0052856537116081626
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 2602:803:c003:200::51 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.16.0 /
Resource Hash: efb8c15457d131f3cc9d6e392d26780d5a23eb1edd33c387c46afee03f146857

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Mon, 13 Dec 2021 14:51:58 GMT
Server: nginx/1.16.0
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://securityaffairs.co
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Content-Length: 241
Expires: Wed, 17 Sep 1975 21:32:10 GMT

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ 0
61 B 131ms
131ms XHR
text/plain 185.64.189.112
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://securityaffairs.co
date: Mon, 13 Dec 2021 14:51:58 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true

POST
H2 200 prebid Show response
prebid.media.net/rtb/ 1 KB
752 B 193ms
193ms XHR
application/json 34.107.148.139
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.media.net/rtb/prebid?cid=8CUIUMTP7
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.107.148.139 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 139.148.107.34.bc.googleusercontent.com
Software: nginx /
Resource Hash: 24f2b9883093f19992b2e40b1b0c4cde2250ae4e5f3b4052030b59f0c22a84fe

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 13 Dec 2021 14:51:58 GMT
content-encoding: gzip
server: nginx
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://securityaffairs.co
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
alt-svc: clear
via: 1.1 google

GET
H/1.1 200
OK trinity.json Show response
apex.go.sonobi.com/ 94 B
732 B 78ms
35ms XHR
application/json 178.162.133.150
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL

https://apex.go.sonobi.com/trinity.json?key_maker=%7B%2282b602f6fc8f0b%22%3A%22833199e4bd4003904bc3%7C300x250%7Cf%3D0.3%22%7D&ref=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F125409%2Fmalware%2Fmoobot-botnet-hikvision.html&s=8c01f2a7-9371-4b6a-a1a5-5175a8ad8419&pv=de8948b3-4b1b-43b1-a63d-d727011d619e&vp=desktop&lib_name=prebid&lib_v=5.9.0-pre&us=0&ius=1&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22pixfuture.com%22%2C%22sid%22%3A%224142%22%2C%22hp%22%3A1%7D%5D%7D&userid=%7B%22id5id%22%3A%220%22%7D&eids=%5B%7B%22source%22%3A%22id5-sync.com%22%2C%22uids%22%3A%5B%7B%22id%22%3A%220%22%2C%22atype%22%3A1%2C%22ext%22%3A%7B%22linkType%22%3A0%7D%7D%5D%7D%5D&kw=moobot%2Cbotnet%2Cexploits%2Ccve202136260%2Cflaw%2Chikvision%2Cproductssecurity%2Caffairs&coppa=0

Requested by

Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.150 Rotterdam, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

ams-1-apex.go.sonobi.com

Software

sonobi-go /

Resource Hash

e772aa4a48d9aa880d51ca1ff7496eda4cc2e9dd8995441af74e7081e5b94ef2

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Mon, 13 Dec 2021 14:51:58 GMT
Content-Encoding: gzip
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: apex-ams-1-6-9
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin: https://securityaffairs.co
Cache-Control: no-cache, no-store, private
Access-Control-Allow-Credentials: true
Tcn: Choice
Content-Type: application/json
Content-Length: 119
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

POST
H/1.1 200
OK auction Show response
prebidserver.pixfuture.com/openrtb2/ 172 B
529 B 309ms
109ms XHR
application/json 157.245.94.128
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://prebidserver.pixfuture.com/openrtb2/auction
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 157.245.94.128 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: 374b3f4b68b062d5f9c7780b6cb07c727eade5b469826bf400526e1dd5487edc

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Mon, 13 Dec 2021 14:51:58 GMT
Server: nginx/1.14.0 (Ubuntu)
Vary: Origin
Content-Type: application/json
Access-Control-Allow-Origin: https://securityaffairs.co
Cache-Control: no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 172
Expires: 0

POST
H2 200 prebid Show response
prebid.media.net/rtb/ 1 KB
752 B 78ms
61ms XHR
application/json 34.107.148.139
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.media.net/rtb/prebid?cid=8CUIUMTP7
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.107.148.139 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 139.148.107.34.bc.googleusercontent.com
Software: nginx /
Resource Hash: 7ac3f3e3b19e3548f01c98e8baca37d59e1e8ea27f1335f8b153081b36fec423

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 13 Dec 2021 14:51:58 GMT
content-encoding: gzip
server: nginx
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://securityaffairs.co
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
alt-svc: clear
via: 1.1 google

GET
H2 200 bidRequest Show response
c2shb.ssp.yahoo.com/ 62 B
92 B 214ms
148ms XHR
application/json 18.156.195.47
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a969105017575db4f32dc2eda5c0067&pos=pixfuture_network_news_728x90&cmd=bid&eidid5-sync.com=0&secure=1
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.156.195.47 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-156-195-47.eu-central-1.compute.amazonaws.com
Software: ATS/9.1.0.33 /
Resource Hash: cdada3f4920654a4d75f1546e78c49e2870da8ce2824a379ef06e7b9e799a18d

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 13 Dec 2021 14:51:58 GMT
server: ATS/9.1.0.33
age: 0
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods: POST,GET,HEAD,OPTIONS
content-type: application/json;charset=utf-8
access-control-allow-origin: https://securityaffairs.co
access-control-allow-credentials: true
content-length: 62

POST
H2 204 / Show response
hb.emxdgt.com/ 0
159 B 37ms
20ms XHR
text/plain 35.156.230.193
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://hb.emxdgt.com/?t=3000&ts=1639407118320&src=pbjs
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.156.230.193 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-156-230-193.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://securityaffairs.co
date: Mon, 13 Dec 2021 14:51:58 GMT
cache-control: no-cache
access-control-allow-credentials: true
access-control-allow-headers: security, Content-Type

POST
H2 200 hb Show response
ssc.33across.com/api/v1/ 66 B
158 B 180ms
163ms XHR
application/json 34.149.20.76
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://ssc.33across.com/api/v1/hb?guid=azC7qard4r6OkMaKlId8sQ
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.149.20.76 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 76.20.149.34.bc.googleusercontent.com
Software: / 33Across
Resource Hash: 4068311a5be67615c4d37b625ca8e478035238d3a51d1aa3f74bd2119c1b2e37

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 13 Dec 2021 14:51:58 GMT
content-encoding: gzip
status: 200 OK
x-powered-by: 33Across
vary: Accept-Encoding, Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://securityaffairs.co
access-control-allow-credentials: true
alt-svc: clear
via: 1.1 google

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 240 B
1 KB 258ms
199ms XHR
application/json 2602:803:c003:200::51
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=23564&site_id=378734&zone_id=2094440&size_id=2&p_pos=atf&rp_schain=1.0,1!pixfuture.com,4142,1,,,&eid_id5-sync.com=0%5E1%5E&rf=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F125409%2Fmalware%2Fmoobot-botnet-hikvision.html&tk_flint=pbjs_lite_v5.9.0-pre&x_source.tid=b20a9fce-0661-480b-9508-a2909eaabe0c&p_screen_res=1600x1200&rp_floor=0.1&rp_secure=1&rp_maxbids=1&slots=1&rand=0.749797455958545
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 2602:803:c003:200::51 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.16.0 /
Resource Hash: 506b662b288239dbf6fe294b75eb30cdd8717b4ea53af6503d60bbf010bb11a8

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Mon, 13 Dec 2021 14:51:58 GMT
Server: nginx/1.16.0
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://securityaffairs.co
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Content-Length: 240
Expires: Wed, 17 Sep 1975 21:32:10 GMT

POST
H/1.1 200
OK v1 Show response
prg.smartadserver.com/prebid/ 0
326 B 61ms
22ms XHR
application/json 185.86.138.122
SMARTADSERVER

General

Check archive.org

Show headers Download Go to

Full URL: https://prg.smartadserver.com/prebid/v1
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.138.122 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 13 Dec 2021 14:51:58 GMT
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
access-control-allow-origin: https://securityaffairs.co
cache-control: no-cache,no-store
access-control-allow-credentials: true
content-type: application/json; charset=UTF-8
content-length: 0

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ 0
61 B 53ms
37ms XHR
text/plain 185.64.189.112
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://securityaffairs.co
date: Mon, 13 Dec 2021 14:51:58 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 139 B
980 B 32ms
23ms XHR
application/json 185.33.221.87
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.87 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

723.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

6bde25c28ea0240eed31263ee4dbf26feae769e2ab1df92a06aa83608b0c41bd

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Mon, 13 Dec 2021 14:51:58 GMT
X-Proxy-Origin: 185.213.155.162; 185.213.155.162; 723.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 50b72319-3eeb-4539-84b2-545f34dac6d9
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://securityaffairs.co
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 139
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H/1.1 200
OK bid Show response
ap.lijit.com/rtb/ 95 B
749 B 183ms
128ms XHR
application/json 216.52.2.30
VOXEL-DOT-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://ap.lijit.com/rtb/bid?src=prebid_prebid_5.9.0-pre
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.30 , United States, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software: /
Resource Hash: 58f70af4fa4e149b0eac1d708737f8d500f60c901f57aa37ea38ed58c3e5d1d9

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

Date: Mon, 13 Dec 2021 14:51:58 GMT
Content-Encoding: gzip
Vary: Accept-Encoding, User-Agent
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Content-Type: application/json
Access-Control-Allow-Origin: https://securityaffairs.co
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap6ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 99

GET
H3 200 arj Show response
pixfuture2-d.openx.net/w/1.0/ 73 B
101 B 50ms
37ms XHR
application/json 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://pixfuture2-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F125409%2Fmalware%2Fmoobot-botnet-hikvision.html&ch=UTF-8&res=1600x1200x24&ifr=false&tz=0&tws=1600x1200&be=1&bc=hb_pb_3.0.3&dddid=b20a9fce-0661-480b-9508-a2909eaabe0c&nocache=1639407118326&id5id=0&pubcid=f1d4e06d-11bd-4299-b39f-3c45c3be187f&schain=1.0%2C1!pixfuture.com%2C4142%2C1%2C%2C%2C&aus=728x90&divids=24274x728x90x4142x_ADSLOT1&aucs=&auid=540580842&tps=bXlrZXl3b3JkPW1vb2JvdCxib3RuZXQsZXhwbG9pdHMsY3ZlMjAyMTM2MjYwLGZsYXcsaGlrdmlzaW9uLHByb2R1Y3Rzc2VjdXJpdHksYWZmYWlycyZteW90aGVya2V5d29yZD1tb29ib3QsYm90bmV0LGV4cGxvaXRzLGN2ZTIwMjEzNjI2MCxmbGF3LGhpa3Zpc2lvbixwcm9kdWN0c3NlY3VyaXR5LGFmZmFpcnM%3D
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/16.221.0 /
Resource Hash: ff7ca5dd273fd26d8e0e001f3d5da345e8ba0ded91494a7ec2dead5b8b2c1ee6

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 13 Dec 2021 14:51:58 GMT
content-encoding: gzip
server: OXGW/16.221.0
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: https://securityaffairs.co
cache-control: private, max-age=0, no-cache
access-control-allow-credentials: true
content-type: application/json
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 79
via: 1.1 google
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H/1.1 200
OK trinity.json Show response
apex.go.sonobi.com/ 96 B
650 B 55ms
34ms XHR
application/json 178.162.133.150
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL

https://apex.go.sonobi.com/trinity.json?key_maker=%7B%22109b5c48f72fde45%22%3A%22951d83dd852c9348161e%7C728x90%7Cf%3D0.3%22%7D&ref=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F125409%2Fmalware%2Fmoobot-botnet-hikvision.html&s=beeca237-3c21-4159-a68d-7a1c8ac0500f&pv=de8948b3-4b1b-43b1-a63d-d727011d619e&vp=desktop&lib_name=prebid&lib_v=5.9.0-pre&us=0&ius=1&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22pixfuture.com%22%2C%22sid%22%3A%224142%22%2C%22hp%22%3A1%7D%5D%7D&userid=%7B%22id5id%22%3A%220%22%7D&eids=%5B%7B%22source%22%3A%22id5-sync.com%22%2C%22uids%22%3A%5B%7B%22id%22%3A%220%22%2C%22atype%22%3A1%2C%22ext%22%3A%7B%22linkType%22%3A0%7D%7D%5D%7D%5D&kw=moobot%2Cbotnet%2Cexploits%2Ccve202136260%2Cflaw%2Chikvision%2Cproductssecurity%2Caffairs&coppa=0

Requested by

Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.150 Rotterdam, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

ams-1-apex.go.sonobi.com

Software

sonobi-go /

Resource Hash

306077799e243fed89309d0dc36e1916630d54ca941cc5c7645eed34b39136d8

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Mon, 13 Dec 2021 14:51:58 GMT
Content-Encoding: gzip
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: apex-ams-1-6-132
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin: https://securityaffairs.co
Cache-Control: no-cache, no-store, private
Access-Control-Allow-Credentials: true
Tcn: Choice
Content-Type: application/json
Content-Length: 121
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

OPTIONS
H2 200 sid
mug.criteo.com/ Frame 0
0 85ms
17ms Preflight
application/json 178.250.0.157
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.157 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400; preload;

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Origin: null
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
content-type: application/json; charset=utf-8
expires: 0
access-control-allow-origin: null
access-control-allow-headers: content-type
access-control-allow-credentials: true
access-control-allow-methods: GET
server-processing-duration-in-ticks: 1109
date: Mon, 13 Dec 2021 14:51:57 GMT
strict-transport-security: max-age=86400; preload;
content-encoding: gzip
vary: Accept-Encoding

GET
H/1.1 200
OK bql.php Show response
lg3.media.net/ Frame 9245 15 B
397 B 33ms
16ms Script
text/javascript 23.58.216.132
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://lg3.media.net/bql.php?&vgd_l2type=setting&v=1&gdpr=1&hvsid=00001639407117626031177838089905&geo=50.12|8.68&dlper=25&lper=100&fp=EIMN-ehR7Pps_CSyS_Yzo-2i1OixKc5bcJvKkD7oNWATQGXYvCMCRP14dGZsAg3hAaPmCoVvhpaWkPinnH9qKORQ6gd9yKypbKiSqiI5sf6oSi4O5k1SYLPAK3bsnZC_-WmW0jSRoo0%3D&lpid=&tsid=1&q=&prv=&type=&ps=&cme=kMiBrX4urhH86FdqC2bu3qoYqqur-lBdiiC9CZSbGnES9B-uwsrMvYUX2Y5E71aASsvvH6q7bQQWPpfPS2nMytnXOSTo6KXeWi4WBLC8iJcNNjCu6tNkBEGyAeCkdgxYbDD76BV8lqxxIzYt8ZZkPa34f4tx5vTYm8zlRI7AqqjyTmkojVITL8_WsY1kqJwF6Fy4njP13BezscsOZJykHZoqox-A_re2%7C%7CNDHRnZ9Gz3KXlI-i9OnZqQ%3D%3D%7C5gDUJdTGiJzedmq9hanWYg%3D%3D%7Cy2SqoJcE0s-9IUO1sSido6Y3VR48iOc4%7CcMzb_KsVZc09A0KvyT3TfszVCgrhB3BXcLRbpdpd8vDu3TTt_Vw53y8_yDIgkf8xNWz8BVsgon4fqe9DP1pTeY_hzfltDpe8AWXgOOwjgXg%3D%7CN7fu2vKt8_s%3D%7CQtZ2xRQGHbI_GBZA5zL2Gmw93bXYXi49QAIANiS2fD2Cb8bEOBrNt8QI89V0SpkbUhwD_hmy6XddYFvAKYG9LqW7K2F7KpoSTWJ7oEJH-Q1tkOAZuopxo5imuSJfCfCit7iVaLWS3lxbDTKMcSfm_tMwPfhAtbiOV9eieH-zSh_h34-5w6EvyG3DUbJpHM6CLYte8CuuR3xwbqAaNIJVXDsEy2mgsDtIHY3JZ0nWmdw%3D%7C&hint=&td=&cc=DE&wsip=2887305235&bca=0&ugd=4&vgd_chost=contextual.media.net&vgd_fcic=1&vgde_kbbh=u9oNu9&vgde_setid=Nu9&&rc=0&ksu=207&oref=https%3A%2F%2Ft.co&fdkt=267&kwd[]=Vulnerability%20Assessment%20Scanner&kwt[]=267&kbc[]=139812&kwp[]=1&kid[]=30219595&kbc2[]=rps%3D1.05%7C%7Cps%3D0.562%7C%7Crpc%3D0.45%7C%7Clvl%3D1.64&ktd[]=274894815488&kwd[]=Best%20Ransomware%20Protection%20Tools&kwt[]=244&kbc[]=1204776014&kwp[]=2&kid[]=330029440&kbc2[]=rps%3D3.02%7C%7Cps%3D0.551%7C%7Crpc%3D0.61%7C%7Clvl%3D1.29&ktd[]=274894815488&kwd[]=Cyber%20Security%20Risks&kwt[]=267&kbc[]=139812&kwp[]=3&kid[]=68172917&kbc2[]=rps%3D0.59%7C%7Cps%3D0.562%7C%7Crpc%3D0.91%7C%7Clvl%3D1.00&ktd[]=274894815488&kwd[]=Firewall%20Internet%20Security&kwt[]=244&kbc[]=1204776014&kwp[]=4&kid[]=10910457&kbc2[]=rps%3D2.31%7C%7Cps%3D0.551%7C%7Crpc%3D0.88%7C%7Clvl%3D1.00&ktd[]=274894815488&kwd[]=IT%20Security%20Audit&kwt[]=267&kbc[]=139812&kwp[]=5&kid[]=15501232&kbc2[]=rps%3D0.46%7C%7Cps%3D0.562%7C%7Crpc%3D0.59%7C%7Clvl%3D1.17&ktd[]=824650629376&rand=1639407118342&cid=8CU5BD6EW&vwid=1639407117712333202&vi=1639407117712333202&l3ch=0&slnkp=no&tdAdd[]=ib=0&vgd_uspa=0&vgd_sc=HE&vgd_l1rakh=1639407117172961648&vgd_l1rhst=contextual.media.net&vgd_lhl=967&tdAdd[]=%7C%40%7Csde%3D1%7C%40%7Cadepth%3D2%7C%40%7Cddepth%3D1%7C%40%7Cfsap%3D0&vgd_ifrmode=00&sttm=1639407117633&upk=1639407118.22680&hvsid=00001639407117626031177838089905&verid=3121199&kbbq=%26sde%3D1%26adepth%3D2%26ddepth%3D1%26asn%3D39351&vgd_isiolc=1&npgv=1&pid=8PO9OT5EW&katen=1&pc=100&vgd_pgid=p0787618973t202112131451&matm=1639407118348&vgd_ltime=717&vgd_ltimesrc=2&abpl=2&tdAdd[]=nw%3DNone&tdAdd[]=nwType%3DNone&tdAdd[]=asnum%3D39351&tdAdd[]=proxy%3DNone&tdAdd[]=comp%3DNone&vgd_l3_sc=HE&vgd_l1ch=1&vgd_refdomain=t.co&vgd_katbid=-2&vgd_kals=base%7C%7Cpc%3D100%7C%7Cfat%3D0&vgd_kasts=tstype%3D-10401%7C%7Cgbid%3D-2&vgd_altbql=sb&vgd_pdtid=1&vgd_implt=3&vgd_sbSup=1&vgd_l2wsip=2887305234&vgd_nrrsf=nrr&vgd_nrrv=2109&vgd_nrrs=2109&vgd_nrrmf=4a&vgd_cntrdt=AS%7CDIV-647633027%7CDIV&vgd_x_pos=980&vgd_y_pos=467&vgd_ren_page_h=4546&vgd_cty=FRANKFURT&vgd_l1hcsd=A32%7C8179&vgd_sethcsd=N9%7C8204&vgd_cfud=210701&vgd_is_amp=0&vgd_icat=599&vgd_spcat=-1&vgd_optout=0&vgd_l2ch=0&vgd_ect=4g&vgd_rensize=300_250&vgd_scr_h=1200&vgd_scr_w=1600&vgd_mbr=1&vgd_l1rpth=%2Fdmedianet.js&vgd_pgids=2&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F125409%2Fmalware%2Fmoobot-botnet-hikvision.html&oRurl=http%3A%2F%2Fcdn3e%2Fmediamain.html%3F%26nb%3D1%26settings%3D1%26%26cc%3DDE%26isOffice%3D0%26fvips%3D0%26vi%3D1639407117712333202%26lw%3D1%26esi%3D1%26size%3D300x250%26crid%3D647633027%26vpf%3D000%26kwrf%3Dhttps%253a%252f%252ft.co%26cid%3D8CU5BD6EW%26ugd%3D4%26chost%3Dcontextual.media.net%26vif%3D1%26blacpfl%3D1%26https%3D1%26blapd%3D0%26nse%3D5%26baeFlag%3D1%26cpcd%3DRlAcVccC-RdUYIl-LjF9ag%253d%253d%26nb%3D1%26cb%3Dwindow._mNDetails.initAd%26gdpr%3D1%26pid%3D8PO9OT5EW%26requrl%3Dhttps%253a%252f%252fsecurityaffairs.co%252fwordpress%252f125409%252fmalware%252fmoobot-botnet-hikvision.html%26%26katen%3D1%26katbid%3D-2&tdAdd[]=uiparams%3D%3Brend_w%3A300%3Brend_h%3A250%3Bwin_w%3A1600%3Bwin_h%3A1200%3Bkwd_scnt%3A5&vgd_crefurl=https://t.co/&vgd_end=1

Requested by

Host: contextual.media.net
URL: https://contextual.media.net/4a/nrrV2109.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.58.216.132 Berlin, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-58-216-132.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

c787e9dd6dc8ea3c935f5f0f30e3b9e4a3e066b4619bb244f569883f8e318a24

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Strict-Transport-Security: max-age=21600
Server: Apache
Date: Mon, 13 Dec 2021 14:51:58 GMT
ntCoent-Length: 15
Vary: Accept-Encoding
Content-Type: text/javascript;charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 15
Expires: Mon, 13 Dec 2021 14:51:58 GMT

POST
H2 200 log
navvy.media.net/ Frame 9245 35 B
207 B 224ms
172ms Ping
image/gif 34.102.149.62
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://navvy.media.net/log
Requested by: Host: contextual.media.net
URL: https://contextual.media.net/4a/nrrV2109.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.102.149.62 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 62.149.102.34.bc.googleusercontent.com
Software: Jetty(9.4.7.v20170914) /
Resource Hash: 796c46ec10bc9105545f6f90d51593921b69956bd9087eb72bee83f40ad86f90

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Mon, 13 Dec 2021 14:51:58 GMT
via: 1.1 google
server: Jetty(9.4.7.v20170914)
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=0, no-cache,no-store
alt-svc: clear
content-length: 35
expires: Mon, 13 Dec 2021 14:51:58 GMT

GET
H2 200 nrrV2109.js Show response
contextual.media.net/4a/ Frame 0F91 92 KB
30 KB 25ms
19ms Script
text/javascript 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/4a/nrrV2109.js

Requested by

Host: contextual.media.net
URL: https://contextual.media.net/dmedianet.js?cid=8CU5BD6EW

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

b1c4793c00c6995f2393a7bd1e0a6666f6883a10efd9aabefb82495862c1164c

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: max-age=2592000
strict-transport-security: max-age=604800
content-encoding: gzip
server: Apache
etag: "05546b0e38ab9175cd905eebcc6ebb76"
vary: Accept-Encoding
x-mnet-h: 8-13
content-type: text/javascript; charset=utf-8
cache-control: max-age=1209600
date: Mon, 13 Dec 2021 14:51:58 GMT
content-length: 30276
expires: Mon, 27 Dec 2021 14:51:58 GMT

GET
DATA 200
OK truncated
/ Frame 0F91 107 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: dfa1028a74436c56e0ee1367812c0ee599d6814ec4a3079ca9b9afffba949e26

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 0F91 4 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 326c32d7ffbd04762a10cf5bb37441d418397959381d3893c9e9a48217aa5347

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 0F91 2 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b00af338864761a37a208806e2e8815b46327a5e7e47bf141f4fbdf6d1fd3bcc

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 nrrV2109.js Show response
contextual.media.net/4a/ Frame B59E 92 KB
30 KB 24ms
22ms Script
text/javascript 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/4a/nrrV2109.js

Requested by

Host: contextual.media.net
URL: https://contextual.media.net/dmedianet.js?cid=8CU5BD6EW

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

b1c4793c00c6995f2393a7bd1e0a6666f6883a10efd9aabefb82495862c1164c

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: max-age=2592000
strict-transport-security: max-age=604800
content-encoding: gzip
server: Apache
etag: "05546b0e38ab9175cd905eebcc6ebb76"
vary: Accept-Encoding
x-mnet-h: 8-13
content-type: text/javascript; charset=utf-8
cache-control: max-age=1209600
date: Mon, 13 Dec 2021 14:51:58 GMT
content-length: 30276
expires: Mon, 27 Dec 2021 14:51:58 GMT

GET
H2 200 nrrV2109.js Show response
contextual.media.net/4a/ Frame 6B0A 92 KB
30 KB 22ms
22ms Script
text/javascript 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/4a/nrrV2109.js

Requested by

Host: contextual.media.net
URL: https://contextual.media.net/dmedianet.js?cid=8CU5BD6EW

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

b1c4793c00c6995f2393a7bd1e0a6666f6883a10efd9aabefb82495862c1164c

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: max-age=2592000
strict-transport-security: max-age=604800
content-encoding: gzip
server: Apache
etag: "05546b0e38ab9175cd905eebcc6ebb76"
vary: Accept-Encoding
x-mnet-h: 8-13
content-type: text/javascript; charset=utf-8
cache-control: max-age=1209600
date: Mon, 13 Dec 2021 14:51:58 GMT
content-length: 30276
expires: Mon, 27 Dec 2021 14:51:58 GMT

GET
DATA 200
OK truncated
/ Frame B59E 107 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: dfa1028a74436c56e0ee1367812c0ee599d6814ec4a3079ca9b9afffba949e26

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame B59E 4 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 326c32d7ffbd04762a10cf5bb37441d418397959381d3893c9e9a48217aa5347

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame B59E 2 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b00af338864761a37a208806e2e8815b46327a5e7e47bf141f4fbdf6d1fd3bcc

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 6B0A 107 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: dfa1028a74436c56e0ee1367812c0ee599d6814ec4a3079ca9b9afffba949e26

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 6B0A 4 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 326c32d7ffbd04762a10cf5bb37441d418397959381d3893c9e9a48217aa5347

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 6B0A 2 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b00af338864761a37a208806e2e8815b46327a5e7e47bf141f4fbdf6d1fd3bcc

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type: image/png

GET
H/1.1 200
OK bql.php Show response
lg3.media.net/ Frame 0F91 15 B
397 B 16ms
16ms Script
text/javascript 23.58.216.132
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://lg3.media.net/bql.php?&vgd_l2type=setting&v=1&gdpr=1&hvsid=00001639407117561031177838086517&geo=50.12|8.68&dlper=25&lper=100&fp=EIMN-ehR7Pps_CSyS_Yzo-2i1OixKc5bcJvKkD7oNWATQGXYvCMCRP14dGZsAg3hAaPmCoVvhpaWkPinnH9qKORQ6gd9yKypbKiSqiI5sf4cFv0c0MDHOOPT_PN0NrGphU-io8-c0ng%3D&lpid=&tsid=1&q=&prv=&type=&ps=&cme=RwN3UoBfwxYvN5miG-OjvWlihrZ4GaDYgs_gvcOgyV9ENoc_h-rGh0UpsCMcY_FBIWzvIyUirzO_7gGl0zBipnsmPVZZmCsnI8XA8027eKry_51uK9Bn9yFWhdxsV8Fv3re6K4-JaHhFEO8ZGAExW3IRFKf6udEx5VeeOY12kEN472hkG7vUdbxPNe9cj3hkc9Gq-b2CDVrM0HP_iwHWm9IHT2l0IwSaQyN_pmdsG-g%3D%7C%7CNDHRnZ9Gz3KXlI-i9OnZqQ%3D%3D%7C5gDUJdTGiJzedmq9hanWYg%3D%3D%7Cy2SqoJcE0s-9IUO1sSido6Y3VR48iOc4%7CcMzb_KsVZc09A0KvyT3TfszVCgrhB3BXcLRbpdpd8vDu3TTt_Vw53y8_yDIgkf8xNWz8BVsgon4fqe9DP1pTeY_hzfltDpe8AWXgOOwjgXg%3D%7CN7fu2vKt8_s%3D%7CpVu6LaRFuVwTUsHnt8o2AcnwTPpn3_L0j8W7uti8btv4LGEc9unGOLP8spLQJREHSUXQlxwAIAmxIDl_YwXX-4ip7NL6L-DUaluAel2vVhflrl0hVZA0I3DU8SdgngRiedRQvclyjb3Twf--GhknHNBrxVe6PGxVnBVmCO9pfHoJSPnu8e4ww1AVp6qVTNwu5C7hpjFe4BDjDOqUoTcvnwvNfy-uvJ5Z%7C&hint=&td=&cc=DE&wsip=170721407&bca=0&ugd=4&vgd_chost=contextual.media.net&vgd_fcic=1&vgde_kbbh=fuoyxQBuG&vgde_setid=Nfu&&rc=0&ksu=207&oref=https%3A%2F%2Ft.co&fdkt=267&kwd[]=Cyber%20Security%20Risks&kwt[]=267&kbc[]=139812&kwp[]=1&kid[]=68172917&kbc2[]=ps%3D0.562%7C%7Crpc%3D0.91%7C%7Clvl%3D1.00&ktd[]=274894815488&kwd[]=Firewall%20Internet%20Security&kwt[]=244&kbc[]=1204776014&kwp[]=2&kid[]=10910457&kbc2[]=ps%3D0.551%7C%7Crpc%3D0.88%7C%7Clvl%3D1.00&ktd[]=274894815488&kwd[]=Vulnerability%20Assessment%20Scanner&kwt[]=244&kbc[]=1204776014&kwp[]=3&kid[]=30219595&kbc2[]=ps%3D0.551%7C%7Crpc%3D0.45%7C%7Clvl%3D1.64&ktd[]=274894815488&kwd[]=Antivirus%20for%20Windows%2010&kwt[]=240&kbc[]=b929ad6d4b2dae39694d8837c0866b17.d2s&kwp[]=4&kid[]=324855848&kbc2[]=101%7C%7Cps%3D0.546%7C%7Crpc%3D0.24%7C%7Clvl%3D1.89&ktd[]=274911854848&kwd[]=Best%20Windows%20Antivirus%202021&kwt[]=240&kbc[]=b929ad6d4b2dae39694d8837c0866b17.d2s&kwp[]=5&kid[]=329945038&kbc2[]=101%7C%7Cps%3D0.546%7C%7Crpc%3D1.71%7C%7Clvl%3D1.00&ktd[]=274895077632&rand=1639407118441&cid=8CU5BD6EW&vwid=1639407117452963125&vi=1639407117452963125&l3ch=0&slnkp=no&tdAdd[]=ib=0&vgd_uspa=0&vgd_sc=HE&vgd_l1rakh=1639407117172961648&vgd_l1rhst=contextual.media.net&vgd_lhl=959&tdAdd[]=%7C%40%7Csde%3D1%7C%40%7Cadepth%3D1%7C%40%7Cddepth%3D1%7C%40%7Cfsap%3D0&vgd_ifrmode=00&sttm=1639407117561&upk=1639407118.22680&hvsid=00001639407117561031177838086517&verid=4121199&kbbq=%26sde%3D1%26adepth%3D1%26ddepth%3D1%26asn%3D39351&vgd_isiolc=1&pid=8PO9OT5EW&katen=1&pc=100&vgd_pgid=p0787618973t202112131451&matm=1639407118443&vgd_ltime=893&vgd_ltimesrc=2&abpl=2&tdAdd[]=nw%3DNone&tdAdd[]=nwType%3DNone&tdAdd[]=asnum%3D39351&tdAdd[]=proxy%3DNone&tdAdd[]=comp%3DNone&vgd_l3_sc=HE&vgd_l1ch=1&vgd_refdomain=t.co&vgd_katbid=-2&vgd_kals=base%7C%7Cpc%3D100%7C%7Cfat%3D0&vgd_kasts=tstype%3D-10401%7C%7Cgbid%3D-2&vgd_altbql=sb&vgd_pdtid=1&vgd_implt=3&vgd_sbSup=1&vgd_l2wsip=170721616&vgd_nrrsf=nrr&vgd_nrrv=2109&vgd_nrrs=2109&vgd_nrrmf=4a&vgd_cntrdt=AS%7CDIV-816788371%7CDIV&vgd_x_pos=325&vgd_y_pos=2607&vgd_ren_page_h=5061&vgd_cty=FRANKFURT&vgd_l1hcsd=A32%7C8179&vgd_sethcsd=N9%7C8204&vgd_cfud=210701&vgd_is_amp=0&vgd_icat=599&vgd_spcat=-1&vgd_optout=0&vgd_l2ch=0&vgd_ect=4g&vgd_rensize=610_250&vgd_scr_h=1200&vgd_scr_w=1600&vgd_mbr=1&vgd_l1rpth=%2Fdmedianet.js&vgd_pgids=1&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F125409%2Fmalware%2Fmoobot-botnet-hikvision.html&oRurl=http%3A%2F%2Fcdn3gor%2Fmediamain.html%3F%26nb%3D1%26settings%3D1%26%26cc%3DDE%26isOffice%3D0%26fvips%3D0%26vi%3D1639407117452963125%26lw%3D1%26esi%3D1%26size%3D300x250%26crid%3D816788371%26vpf%3D000%26kwrf%3Dhttps%253a%252f%252ft.co%26cid%3D8CU5BD6EW%26ugd%3D4%26chost%3Dcontextual.media.net%26vif%3D1%26blacpfl%3D1%26https%3D1%26blapd%3D0%26nse%3D5%26baeFlag%3D1%26cpcd%3DRlAcVccC-RdUYIl-LjF9ag%253d%253d%26nb%3D1%26cb%3Dwindow._mNDetails.initAd%26gdpr%3D1%26pid%3D8PO9OT5EW%26requrl%3Dhttps%253a%252f%252fsecurityaffairs.co%252fwordpress%252f125409%252fmalware%252fmoobot-botnet-hikvision.html%26%26katen%3D1%26katbid%3D-2&tdAdd[]=uiparams%3D%3Brend_w%3A610%3Brend_h%3A250%3Bwin_w%3A1600%3Bwin_h%3A1200%3Bkwd_scnt%3A5&vgd_crefurl=https://t.co/&vgd_end=1

Requested by

Host: contextual.media.net
URL: https://contextual.media.net/4a/nrrV2109.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.58.216.132 Berlin, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-58-216-132.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

c787e9dd6dc8ea3c935f5f0f30e3b9e4a3e066b4619bb244f569883f8e318a24

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Strict-Transport-Security: max-age=21600
Server: Apache
Date: Mon, 13 Dec 2021 14:51:58 GMT
ntCoent-Length: 15
Vary: Accept-Encoding
Content-Type: text/javascript;charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 15
Expires: Mon, 13 Dec 2021 14:51:58 GMT

POST
H2 200 log
navvy.media.net/ Frame 0F91 35 B
97 B 157ms
156ms Ping
image/gif 34.102.149.62
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://navvy.media.net/log
Requested by: Host: contextual.media.net
URL: https://contextual.media.net/4a/nrrV2109.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.102.149.62 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 62.149.102.34.bc.googleusercontent.com
Software: Jetty(9.4.7.v20170914) /
Resource Hash: 796c46ec10bc9105545f6f90d51593921b69956bd9087eb72bee83f40ad86f90

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Mon, 13 Dec 2021 14:51:58 GMT
via: 1.1 google
server: Jetty(9.4.7.v20170914)
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=0, no-cache,no-store
alt-svc: clear
content-length: 35
expires: Mon, 13 Dec 2021 14:51:58 GMT

GET
H/1.1 200
OK bql.php Show response
lg3.media.net/ Frame B59E 15 B
397 B 16ms
15ms Script
text/javascript 23.58.216.132
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://lg3.media.net/bql.php?&vgd_l2type=setting&v=1&gdpr=1&hvsid=00001639407117561031177838086517&geo=50.12|8.68&dlper=25&lper=100&fp=EIMN-ehR7Pps_CSyS_Yzo-2i1OixKc5bcJvKkD7oNWATQGXYvCMCRP14dGZsAg3hAaPmCoVvhpaWkPinnH9qKORQ6gd9yKypbKiSqiI5sf4cFv0c0MDHOOPT_PN0NrGphU-io8-c0ng%3D&lpid=&tsid=1&q=&prv=&type=&ps=&cme=wGwlv6HPxP9lx_hSlTzJrRFt-W3ZuJY12jyCPTH2VWQ6tjr4CcnXc8nwUOWjetf4cny1yQYcwnn2I8ZxGfBJMqwBv9zKZRs94bBoO4PELsYS4YRrTYKf_HEPo3MqIf69-_8De_i9Xfm3-VO5RyS8DX6oUCz3egFBJikHidhczAMO6S83Lk5q0DJ3I2JU-vDwidtkfWWxPnBTLF_JLixX5kD1v-1nxihWVzkYPBxt1AQ%3D%7C%7CNDHRnZ9Gz3KXlI-i9OnZqQ%3D%3D%7C5gDUJdTGiJzedmq9hanWYg%3D%3D%7Cy2SqoJcE0s-9IUO1sSido6Y3VR48iOc4%7CcMzb_KsVZc09A0KvyT3TfszVCgrhB3BXcLRbpdpd8vDu3TTt_Vw53y8_yDIgkf8xNWz8BVsgon4fqe9DP1pTeY_hzfltDpe8AWXgOOwjgXg%3D%7CN7fu2vKt8_s%3D%7CtIKbZ7swo16JgyaYjp20TmgHzzIC3WpjEACgIVMrvBnLsGNbIMKCNfJbUjm3D0iFyKqLWJZGgdbZSyqLJm2Dbuoa0DGYNb8D3yL-4YugqqGbKcVdzx0xt9HM2IOuocHKFVSJzZsN5UBOCn_T4p8sHUqlNxTlby-qC7P1IgBrAYbPT0MYJ02hniw8dqDtxCEoRK5vKLuKO7o7AKmZjqtNt4kTeUX2VTIy%7C&hint=&td=&cc=DE&wsip=170721634&bca=0&ugd=4&vgd_chost=contextual.media.net&vgd_fcic=1&vgde_kbbh=fuoyxQBuG&vgde_setid=Nfu&&rc=0&ksu=207&oref=https%3A%2F%2Ft.co&fdkt=244&kwd[]=Firewall%20Internet%20Security&kwt[]=244&kbc[]=1204776014&kwp[]=1&kid[]=10910457&kbc2[]=ps%3D0.551%7C%7Crpc%3D0.88%7C%7Clvl%3D1.00&ktd[]=274894815488&kwd[]=Vulnerability%20Assessment%20Scanner&kwt[]=244&kbc[]=1204776014&kwp[]=2&kid[]=30219595&kbc2[]=ps%3D0.551%7C%7Crpc%3D0.45%7C%7Clvl%3D1.64&ktd[]=274894815488&kwd[]=How%20To%20Replace%20A%20SS%20Card&kwt[]=267&kbc[]=139812&kwp[]=3&kid[]=301980159&kbc2[]=139812%7C%7C%7C%7Cps%3D0.562%7C%7Crpc%3D0.17%7C%7Clvl%3D1.00&ktd[]=274895016192&kwd[]=Best%20Social%20Security%20Lawyers&kwt[]=267&kbc[]=139812&kwp[]=4&kid[]=329863451&kbc2[]=139812%7C%7C%7C%7Cps%3D0.562%7C%7Crpc%3D0.87%7C%7Clvl%3D1.00&ktd[]=274895016192&kwd[]=Security%20Vulnerability%20Assessment&kwt[]=267&kbc[]=139812&kwp[]=5&kid[]=25586745&kbc2[]=139812%7C%7C%7C%7Cps%3D0.562%7C%7Crpc%3D0.77%7C%7Clvl%3D1.44&ktd[]=824667607296&rand=1639407118452&cid=8CU5BD6EW&vwid=1639407117972539389&vi=1639407117972539389&l3ch=0&slnkp=no&tdAdd[]=ib=0&vgd_uspa=0&vgd_sc=HE&vgd_l1rakh=1639407117172961648&vgd_l1rhst=contextual.media.net&vgd_lhl=966&tdAdd[]=%7C%40%7Csde%3D1%7C%40%7Cadepth%3D2%7C%40%7Cddepth%3D1%7C%40%7Cfsap%3D0&vgd_ifrmode=00&sttm=1639407117580&upk=1639407118.22680&hvsid=00001639407117561031177838086517&verid=4121199&kbbq=%26sde%3D1%26adepth%3D2%26ddepth%3D1%26asn%3D39351&vgd_isiolc=1&npgv=1&pid=8PO9OT5EW&katen=1&pc=100&vgd_pgid=p0787618973t202112131451&matm=1639407118454&vgd_ltime=877&vgd_ltimesrc=2&abpl=2&tdAdd[]=nw%3DNone&tdAdd[]=nwType%3DNone&tdAdd[]=asnum%3D39351&tdAdd[]=proxy%3DNone&tdAdd[]=comp%3DNone&vgd_l3_sc=HE&vgd_l1ch=1&vgd_refdomain=t.co&vgd_katbid=-2&vgd_kals=base%7C%7Cpc%3D100%7C%7Cfat%3D0&vgd_kasts=tstype%3D-10401%7C%7Cgbid%3D-2&vgd_altbql=sb&vgd_pdtid=1&vgd_implt=3&vgd_sbSup=1&vgd_l2wsip=170721337&vgd_nrrsf=nrr&vgd_nrrv=2109&vgd_nrrs=2109&vgd_nrrmf=4a&vgd_cntrdt=AS%7CDIV-816788371%7CDIV&vgd_x_pos=325&vgd_y_pos=2864&vgd_ren_page_h=5061&vgd_cty=FRANKFURT&vgd_l1hcsd=A32%7C8179&vgd_sethcsd=N9%7C8204&vgd_cfud=210701&vgd_is_amp=0&vgd_icat=599&vgd_spcat=-1&vgd_optout=0&vgd_l2ch=0&vgd_ect=4g&vgd_rensize=610_250&vgd_scr_h=1200&vgd_scr_w=1600&vgd_mbr=1&vgd_l1rpth=%2Fdmedianet.js&vgd_pgids=2&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F125409%2Fmalware%2Fmoobot-botnet-hikvision.html&oRurl=http%3A%2F%2Fcdn3gor%2Fmediamain.html%3F%26nb%3D1%26settings%3D1%26%26cc%3DDE%26isOffice%3D0%26fvips%3D0%26vi%3D1639407117972539389%26lw%3D1%26esi%3D1%26size%3D300x250%26crid%3D816788371%26vpf%3D000%26kwrf%3Dhttps%253a%252f%252ft.co%26cid%3D8CU5BD6EW%26ugd%3D4%26chost%3Dcontextual.media.net%26vif%3D1%26blacpfl%3D1%26https%3D1%26blapd%3D0%26nse%3D5%26baeFlag%3D1%26cpcd%3DRlAcVccC-RdUYIl-LjF9ag%253d%253d%26nb%3D1%26cb%3Dwindow._mNDetails.initAd%26gdpr%3D1%26pid%3D8PO9OT5EW%26requrl%3Dhttps%253a%252f%252fsecurityaffairs.co%252fwordpress%252f125409%252fmalware%252fmoobot-botnet-hikvision.html%26%26katen%3D1%26katbid%3D-2&tdAdd[]=uiparams%3D%3Brend_w%3A610%3Brend_h%3A250%3Bwin_w%3A1600%3Bwin_h%3A1200%3Bkwd_scnt%3A5&vgd_crefurl=https://t.co/&vgd_end=1

Requested by

Host: contextual.media.net
URL: https://contextual.media.net/4a/nrrV2109.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.58.216.132 Berlin, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-58-216-132.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

c787e9dd6dc8ea3c935f5f0f30e3b9e4a3e066b4619bb244f569883f8e318a24

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Strict-Transport-Security: max-age=21600
Server: Apache
Date: Mon, 13 Dec 2021 14:51:58 GMT
ntCoent-Length: 15
Vary: Accept-Encoding
Content-Type: text/javascript;charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 15
Expires: Mon, 13 Dec 2021 14:51:58 GMT

POST
H2 200 log
navvy.media.net/ Frame B59E 35 B
97 B 166ms
166ms Ping
image/gif 34.102.149.62
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://navvy.media.net/log
Requested by: Host: contextual.media.net
URL: https://contextual.media.net/4a/nrrV2109.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.102.149.62 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 62.149.102.34.bc.googleusercontent.com
Software: Jetty(9.4.7.v20170914) /
Resource Hash: 796c46ec10bc9105545f6f90d51593921b69956bd9087eb72bee83f40ad86f90

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Mon, 13 Dec 2021 14:51:58 GMT
via: 1.1 google
server: Jetty(9.4.7.v20170914)
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=0, no-cache,no-store
alt-svc: clear
content-length: 35
expires: Mon, 13 Dec 2021 14:51:58 GMT

GET
H/1.1 200
OK bql.php Show response
lg3.media.net/ Frame 6B0A 15 B
397 B 17ms
16ms Script
text/javascript 23.58.216.132
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://lg3.media.net/bql.php?&vgd_l2type=setting&v=1&gdpr=1&hvsid=00001639407117616031177838085349&geo=50.12|8.68&dlper=25&lper=100&fp=EIMN-ehR7Pps_CSyS_Yzo-2i1OixKc5bcJvKkD7oNWATQGXYvCMCRP14dGZsAg3hEW7ot1CMnJ_fJbF3jnfXUmVKv3dZcneg4hOiU0Ml7YLJW5wom_kcSa6a4n5yfhvyCfsc6L_3KvE%3D&lpid=&tsid=1&q=&prv=&type=&ps=&cme=wGwlv6HPxP_s0TgKeNOw0K0cs4utmYP60PhCkLzExH_S7dD7jNQtmNyjK9GwS6qGqwnJHuVhpSLbNpBNyuin4aVauMZnSyPLKaAn0rkLWL3fEjJKI8yZ0p7uvO_djmP91uJe9IGIkF0USpmoEztpFNjQ3Z2zjNBOqBiyTQVwr0RPUcTFYeD0j-INelcJE9wiSd4pY9REQ7J2iKgiESfb_jfaUqOA2SdJd5DzBb5louc%3D%7C%7CNDHRnZ9Gz3KXlI-i9OnZqQ%3D%3D%7C5gDUJdTGiJzedmq9hanWYg%3D%3D%7Cy2SqoJcE0s-9IUO1sSido6Y3VR48iOc4%7CcMzb_KsVZc09A0KvyT3TfszVCgrhB3BXcLRbpdpd8vDu3TTt_Vw53y8_yDIgkf8xNWz8BVsgon4fqe9DP1pTeY_hzfltDpe8AWXgOOwjgXg%3D%7CN7fu2vKt8_s%3D%7CTYQWD74_LH7JGJu1fgBMwDYZsovQZhjxjSeaA_f56dTB55hMghd-HS6mku5U6HchmpL1Ttw9e-MtyN_4Zaba-8YfOXp6GWP_hv7a1ai6WGu2wQet0i3oXDTpoBI0Ej0RmeUn-RIntOTbpTy8xTA821H68H61xkayHCKjdQ6kWvBiX-phtrClUAa97kVn_DKszrkiI8dPDhKxHRmR96ctWZ009J2tYTvx%7C&hint=&td=&cc=DE&wsip=170721396&bca=0&ugd=4&vgd_chost=contextual.media.net&vgd_fcic=1&vgde_kbbh=fuoyxQBuG&vgde_setid=Nfu&&rc=0&ksu=207&oref=https%3A%2F%2Ft.co&fdkt=267&kwd[]=Cyber%20Security%20Risks&kwt[]=267&kbc[]=139812&kwp[]=1&kid[]=68172917&kbc2[]=ps%3D0.562%7C%7Crpc%3D0.91%7C%7Clvl%3D1.00&ktd[]=274894815488&kwd[]=Firewall%20Internet%20Security&kwt[]=244&kbc[]=1204776014&kwp[]=2&kid[]=10910457&kbc2[]=ps%3D0.551%7C%7Crpc%3D0.88%7C%7Clvl%3D1.00&ktd[]=274894815488&kwd[]=Vulnerability%20Assessment%20Scanner&kwt[]=244&kbc[]=1204776014&kwp[]=3&kid[]=30219595&kbc2[]=ps%3D0.551%7C%7Crpc%3D0.45%7C%7Clvl%3D1.64&ktd[]=274894815488&kwd[]=Antivirus%20for%20Windows%2010&kwt[]=240&kbc[]=b929ad6d4b2dae39694d8837c0866b17.d2s&kwp[]=4&kid[]=324855848&kbc2[]=101%7C%7Cps%3D0.546%7C%7Crpc%3D0.24%7C%7Clvl%3D1.89&ktd[]=274911854848&kwd[]=Best%20Windows%20Antivirus%202021&kwt[]=240&kbc[]=b929ad6d4b2dae39694d8837c0866b17.d2s&kwp[]=5&kid[]=329945038&kbc2[]=101%7C%7Cps%3D0.546%7C%7Crpc%3D1.71%7C%7Clvl%3D1.00&ktd[]=274895077632&rand=1639407118463&cid=8CU5BD6EW&vwid=1639407117533436158&vi=1639407117533436158&l3ch=0&slnkp=no&tdAdd[]=ib=0&vgd_uspa=0&vgd_sc=HE&vgd_l1rakh=1639407117172961648&vgd_l1rhst=contextual.media.net&vgd_lhl=966&tdAdd[]=%7C%40%7Csde%3D1%7C%40%7Cadepth%3D1%7C%40%7Cddepth%3D1%7C%40%7Cfsap%3D0&vgd_ifrmode=00&sttm=1639407117616&upk=1639407118.22680&hvsid=00001639407117616031177838085349&verid=3121199&kbbq=%26sde%3D1%26adepth%3D1%26ddepth%3D1%26asn%3D39351&vgd_isiolc=1&npgv=1&pid=8PO9OT5EW&katen=1&pc=100&vgd_pgid=p0787618973t202112131451&matm=1639407118467&vgd_ltime=852&vgd_ltimesrc=2&abpl=2&tdAdd[]=nw%3DNone&tdAdd[]=nwType%3DNone&tdAdd[]=asnum%3D39351&tdAdd[]=proxy%3DNone&tdAdd[]=comp%3DNone&vgd_l3_sc=HE&vgd_l1ch=1&vgd_refdomain=t.co&vgd_katbid=-2&vgd_kals=base%7C%7Cpc%3D100%7C%7Cfat%3D0&vgd_kasts=tstype%3D-10401%7C%7Cgbid%3D-2&vgd_altbql=sb&vgd_pdtid=1&vgd_implt=3&vgd_sbSup=1&vgd_l2wsip=170721339&vgd_nrrsf=nrr&vgd_nrrv=2109&vgd_nrrs=2109&vgd_nrrmf=4a&vgd_cntrdt=AS%7CDIV-184323154%7CDIV&vgd_x_pos=980&vgd_y_pos=414&vgd_ren_page_h=5061&vgd_cty=FRANKFURT&vgd_l1hcsd=A32%7C8179&vgd_sethcsd=N9%7C8204&vgd_cfud=210701&vgd_is_amp=0&vgd_icat=599&vgd_spcat=-1&vgd_optout=0&vgd_l2ch=0&vgd_ect=4g&vgd_rensize=300_250&vgd_scr_h=1200&vgd_scr_w=1600&vgd_mbr=1&vgd_l1rpth=%2Fdmedianet.js&vgd_pgids=2&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F125409%2Fmalware%2Fmoobot-botnet-hikvision.html&oRurl=http%3A%2F%2Fcdn3gor%2Fmediamain.html%3F%26nb%3D1%26settings%3D1%26%26cc%3DDE%26isOffice%3D0%26fvips%3D0%26vi%3D1639407117533436158%26lw%3D1%26esi%3D1%26size%3D300x250%26crid%3D184323154%26vpf%3D000%26kwrf%3Dhttps%253a%252f%252ft.co%26cid%3D8CU5BD6EW%26ugd%3D4%26chost%3Dcontextual.media.net%26vif%3D1%26blacpfl%3D1%26https%3D1%26blapd%3D0%26nse%3D5%26baeFlag%3D1%26cpcd%3DRlAcVccC-RdUYIl-LjF9ag%253d%253d%26nb%3D1%26cb%3Dwindow._mNDetails.initAd%26gdpr%3D1%26pid%3D8PO9OT5EW%26requrl%3Dhttps%253a%252f%252fsecurityaffairs.co%252fwordpress%252f125409%252fmalware%252fmoobot-botnet-hikvision.html%26%26katen%3D1%26katbid%3D-2&tdAdd[]=uiparams%3D%3Brend_w%3A300%3Brend_h%3A250%3Bwin_w%3A1600%3Bwin_h%3A1200%3Bkwd_scnt%3A5&vgd_crefurl=https://t.co/&vgd_end=1

Requested by

Host: contextual.media.net
URL: https://contextual.media.net/4a/nrrV2109.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.58.216.132 Berlin, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-58-216-132.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

c787e9dd6dc8ea3c935f5f0f30e3b9e4a3e066b4619bb244f569883f8e318a24

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Strict-Transport-Security: max-age=21600
Server: Apache
Date: Mon, 13 Dec 2021 14:51:58 GMT
ntCoent-Length: 15
Vary: Accept-Encoding
Content-Type: text/javascript;charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 15
Expires: Mon, 13 Dec 2021 14:51:58 GMT

POST
H2 200 log
navvy.media.net/ Frame 6B0A 35 B
97 B 146ms
146ms Ping
image/gif 34.102.149.62
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://navvy.media.net/log
Requested by: Host: contextual.media.net
URL: https://contextual.media.net/4a/nrrV2109.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.102.149.62 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 62.149.102.34.bc.googleusercontent.com
Software: Jetty(9.4.7.v20170914) /
Resource Hash: 796c46ec10bc9105545f6f90d51593921b69956bd9087eb72bee83f40ad86f90

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Mon, 13 Dec 2021 14:51:58 GMT
via: 1.1 google
server: Jetty(9.4.7.v20170914)
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=0, no-cache,no-store
alt-svc: clear
content-length: 35
expires: Mon, 13 Dec 2021 14:51:58 GMT

GET
H2

200

/ Show response
ads.us.e-planning.net/uspd/1/ Frame 5A3E
Redirect Chain

https://ads.us.e-planning.net/uspd/1/?du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID

2 KB
1 KB

27ms
26ms

Document
text/html

5.178.65.245
SERVERIUS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 5.178.65.245 Woerden, Netherlands, ASN50673 (SERVERIUS-AS, NL),
Reverse DNS: ads.us.e-planning.net
Software: openresty /
Resource Hash: d0aa7ece8e8b2683e65aa5a2c3aaedbf5219081e35ac8b35d0340d3a6dad7302

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/

Response headers

server: openresty
date: Mon, 13 Dec 2021 14:51:58 GMT
content-type: text/html
cache-control: max-age=0, no-cache
p3p: policyref="http://ads.us.e-planning.net/p3p/eplanning.p3p", CP="NOI DSP COR NID CURa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV"
expires: Mon, 13 Dec 2021 14:51:58 GMT
x-sid: AMS-605
content-encoding: gzip

Redirect headers

server: openresty
date: Mon, 13 Dec 2021 14:51:58 GMT
content-type: text/html; charset=iso-8859-1
p3p: policyref="http://ads.us.e-planning.net/p3p/eplanning.p3p", CP="NOI DSP COR NID CURa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV"
location: /uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
x-sid: AMS-605

GET
H2 200 show_ads.js Show response
pagead2.googlesyndication.com/pagead/ Frame 54F0 112 KB
40 KB 161ms
63ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/show_ads.js

Requested by

Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d90858c97f7ef3de60307392e3630e672e72a035900a90a3ab3b4c67f3fa85d8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 14:51:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 40319
x-xss-protection: 0
server: cafe
etag: 10764621412826571936
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Mon, 13 Dec 2021 14:51:58 GMT

POST
H2 204 tracking.php Show response
served-by.pixfuture.com/www/headerbid/library/tracking/ 0
309 B 93ms
93ms XHR
text/plain 68.183.31.14
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://served-by.pixfuture.com/www/headerbid/library/tracking/tracking.php
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.10.3 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

pragma: no-cache
date: Mon, 13 Dec 2021 14:51:58 GMT
server: nginx/1.10.3 (Ubuntu)
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: max-age=172800
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
expires: Wed, 15 Dec 2021 14:51:58 GMT

GET
H2 200 show_ads.js Show response
pagead2.googlesyndication.com/pagead/ Frame C3B5 112 KB
39 KB 182ms
143ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/show_ads.js

Requested by

Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d90858c97f7ef3de60307392e3630e672e72a035900a90a3ab3b4c67f3fa85d8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 14:51:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 40319
x-xss-protection: 0
server: cafe
etag: 10764621412826571936
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Mon, 13 Dec 2021 14:51:58 GMT

POST
H2 204 tracking.php Show response
served-by.pixfuture.com/www/headerbid/library/tracking/ 0
309 B 99ms
99ms XHR
text/plain 68.183.31.14
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://served-by.pixfuture.com/www/headerbid/library/tracking/tracking.php
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.10.3 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

pragma: no-cache
date: Mon, 13 Dec 2021 14:51:58 GMT
server: nginx/1.10.3 (Ubuntu)
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: max-age=172800
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
expires: Wed, 15 Dec 2021 14:51:58 GMT

GET
H2 200 show_ads.js Show response
pagead2.googlesyndication.com/pagead/ Frame E6A2 112 KB
39 KB 134ms
112ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/show_ads.js

Requested by

Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d90858c97f7ef3de60307392e3630e672e72a035900a90a3ab3b4c67f3fa85d8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 14:51:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 40319
x-xss-protection: 0
server: cafe
etag: 10764621412826571936
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Mon, 13 Dec 2021 14:51:58 GMT

POST
H2 204 tracking.php Show response
served-by.pixfuture.com/www/headerbid/library/tracking/ 0
309 B 94ms
94ms XHR
text/plain 68.183.31.14
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://served-by.pixfuture.com/www/headerbid/library/tracking/tracking.php
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.10.3 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

pragma: no-cache
date: Mon, 13 Dec 2021 14:51:58 GMT
server: nginx/1.10.3 (Ubuntu)
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: max-age=172800
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
expires: Wed, 15 Dec 2021 14:51:58 GMT

GET
H2

200

um
u-ams02.e-planning.net/ Frame 5A3E
Redirect Chain

https://pixel.sitescout.com/dmp/pixelSync?network=EPLANNING&rurl=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fuid%3D%7BUSER_ID%7D%26dc%3D0abbcb4eba840e59%26fi%3Dc15c691fe1cf8b15
https://u-ams02.e-planning.net/um?uid=no-consent&dc=0abbcb4eba840e59&fi=c15c691fe1cf8b15

42 B
103 B

20ms
19ms

Image
image/gif

46.249.52.248
SERVERIUS-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://u-ams02.e-planning.net/um?uid=no-consent&dc=0abbcb4eba840e59&fi=c15c691fe1cf8b15
Requested by: Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol: H2
Server: 46.249.52.248 Amsterdam, Netherlands, ASN50673 (SERVERIUS-AS, NL),
Reverse DNS: ads.us.e-planning.net
Software: openresty /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.us.e-planning.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 14:51:58 GMT
server: openresty
content-type: image/gif

Redirect headers

pragma: no-cache
date: Mon, 13 Dec 2021 14:51:58 GMT
server: AC1.1
p3p: CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
location: https://u-ams02.e-planning.net/um?uid=no-consent&dc=0abbcb4eba840e59&fi=c15c691fe1cf8b15
cache-control: max-age=0,no-cache,no-store
content-length: 0
expires: Tue, 11 Oct 1977 12:34:56 GMT

GET
H2 200 dataxpand_28122020.js Show response
s.e-planning.net/esb/4/1/3fb8/8a4272ba9ae263fe/ Frame 5A3E 39 KB
14 KB 63ms
19ms Script
application/x-javascript 5.178.65.253
SERVERIUS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://s.e-planning.net/esb/4/1/3fb8/8a4272ba9ae263fe/dataxpand_28122020.js
Requested by: Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 5.178.65.253 Woerden, Netherlands, ASN50673 (SERVERIUS-AS, NL),
Reverse DNS: i.e-planning.net
Software: openresty /
Resource Hash: 792e8d90eda8320b9bad0aa1aa9b98cb609ac3a72a642e6d370f40131c88ebe4

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.us.e-planning.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 14:51:58 GMT
content-encoding: gzip
last-modified: Mon, 28 Dec 2020 16:45:03 GMT
server: openresty
etag: W/"5fea0b8f-9a72"
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: max-age=157680000
expires: Sat, 12 Dec 2026 14:51:58 GMT

GET
H2 200 prebid
rtb.openx.net/sync/ Frame 5A3E 43 B
351 B 70ms
28ms Image
image/gif 35.186.253.211
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.openx.net/sync/prebid?r=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Dff96d1aa62deeebd%26fi%3Dc15c691fe1cf8b15%26uid%3D%24%7BUID%7D
Requested by: Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.186.253.211 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 211.253.186.35.bc.googleusercontent.com
Software: Cowboy /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.us.e-planning.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 13 Dec 2021 14:51:57 GMT
via: 1.1 google
server: Cowboy
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: null
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
x-request-id: 9k03eidhluumvtfi49n9uv03h6vqe5ct

GET
H/1.1 200 ptag Show response
a.audrte.com/ Frame 5A3E 5 KB
2 KB 414ms
102ms Script
text/plain 3.228.116.73
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://a.audrte.com/ptag?p=M1353665098
Requested by: Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.228.116.73 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-228-116-73.compute-1.amazonaws.com
Software: nginx/1.18.0 /
Resource Hash: 3959ef50f058794429dbb475c8988f630f9df1a2098e55dc997915bda6500f43

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.us.e-planning.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Mon, 13 Dec 2021 14:51:59 GMT
Content-Encoding: gzip
Server: nginx/1.18.0
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Methods: POST, GET, OPTIONS
Content-Type: text/plain;charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: no-transform, public, max-age=3600
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 1683

GET
H2 200 lotame.js Show response
s.e-planning.net/esb/4/1/3fb8/69b1486c74a3b7dc/ Frame 5A3E 266 B
415 B 80ms
36ms Script
application/x-javascript 5.178.65.253
SERVERIUS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://s.e-planning.net/esb/4/1/3fb8/69b1486c74a3b7dc/lotame.js
Requested by: Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 5.178.65.253 Woerden, Netherlands, ASN50673 (SERVERIUS-AS, NL),
Reverse DNS: i.e-planning.net
Software: openresty /
Resource Hash: 76d1da9e9902ccf3d2983b706151d7c4f1a910c86b757fae4302ccf989c630a7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.us.e-planning.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 14:51:58 GMT
content-encoding: gzip
last-modified: Thu, 19 Nov 2020 16:18:03 GMT
server: openresty
etag: W/"5fb69abb-10a"
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: max-age=157680000
expires: Sat, 12 Dec 2026 14:51:58 GMT

GET
H2

200

/
sync.richaudience.com/bf7c142f4339da0278e83698a02b0854/ Frame 5A3E
Redirect Chain

https://sync.richaudience.com/f7872c90c5d3791e2b51f7edce1a0a5d/?p=25BiP9IMgN&r=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fuid%3D[PDID]%26dc%3Dfabfd6762b833237%26fi%3Dc15c691fe1cf8b15
https://sync.richaudience.com/bf7c142f4339da0278e83698a02b0854/?consentString=&referrer=https%3A%2F%2Fads.us.e-planning.net%2F

95 B
222 B

22ms
21ms

Image
image/png

162.55.236.225
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.richaudience.com/bf7c142f4339da0278e83698a02b0854/?consentString=&referrer=https%3A%2F%2Fads.us.e-planning.net%2F
Requested by: Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol: H2
Server: 162.55.236.225 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.225.236.55.162.clients.your-server.de
Software: nginx/1.14.2 /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.us.e-planning.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 14:51:58 GMT
server: nginx/1.14.2
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
content-type: image/png

Redirect headers

location: https://sync.richaudience.com/bf7c142f4339da0278e83698a02b0854/?consentString=&referrer=https%3A%2F%2Fads.us.e-planning.net%2F
date: Mon, 13 Dec 2021 14:51:58 GMT
server: nginx/1.14.2
content-type: text/html; charset=UTF-8

GET
H2

200

um
u-ams02.e-planning.net/ Frame 5A3E
Redirect Chain

https://ib.adnxs.com/getuid?https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D8103fa85295fbe60%26fi%3Dc15c691fe1cf8b15%26uid%3D%24UID
https://u-ams02.e-planning.net/um?dc=8103fa85295fbe60&fi=c15c691fe1cf8b15&uid=8877751720064750958

42 B
104 B

87ms
19ms

Image
image/gif

46.249.52.248
SERVERIUS-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://u-ams02.e-planning.net/um?dc=8103fa85295fbe60&fi=c15c691fe1cf8b15&uid=8877751720064750958
Requested by: Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol: H2
Server: 46.249.52.248 Amsterdam, Netherlands, ASN50673 (SERVERIUS-AS, NL),
Reverse DNS: ads.us.e-planning.net
Software: openresty /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.us.e-planning.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 14:51:58 GMT
server: openresty
content-type: image/gif

Redirect headers

Pragma: no-cache
Date: Mon, 13 Dec 2021 14:51:58 GMT
X-Proxy-Origin: 185.213.155.162; 185.213.155.162; 723.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 2e28846b-bddc-4e8e-918b-081fb17f1c26
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://u-ams02.e-planning.net/um?dc=8103fa85295fbe60&fi=c15c691fe1cf8b15&uid=8877751720064750958
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200
OK

usync.html Show response
eus.rubiconproject.com/ Frame 5A61
Redirect Chain

https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?&p=12186&endpoint=eu
https://eus.rubiconproject.com/usync.html?&p=12186&endpoint=eu

281 B
554 B

52ms
10ms

Document
text/html

23.37.42.132
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html?&p=12186&endpoint=eu
Requested by: Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.37.42.132 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-37-42-132.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ads.us.e-planning.net/

Response headers

Server: Apache/2.2.15 (CentOS)
Last-Modified: Tue, 26 Oct 2021 17:01:05 GMT
ETag: "40019-119-5cf446c48f640"
Accept-Ranges: bytes
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Mon, 13 Dec 2021 14:51:58 GMT
Connection: keep-alive
Vary: Accept-Encoding

Redirect headers

Server: AkamaiGHost
Content-Length: 0
Location: https://eus.rubiconproject.com/usync.html?&p=12186&endpoint=eu
Date: Mon, 13 Dec 2021 14:51:58 GMT
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame 4C04 14 KB
5 KB 32ms
8ms Document
text/html 2.18.233.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3Dc15c691fe1cf8b15%26uid%3D
Requested by: Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 2295c7a89c8ac4a19e2641283109be472d8f58bd78e42a38a0d16e34203e4bba

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ads.us.e-planning.net/

Response headers

last-modified: Tue, 15 Jun 2021 06:08:03 GMT
etag: "1300708-3945-5c4c7cc02bd56"
server: Apache/2.2.15 (CentOS)
accept-ranges: bytes
content-encoding: gzip
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 5054
content-type: text/html; charset=UTF-8
cache-control: max-age=81866
expires: Tue, 14 Dec 2021 13:36:24 GMT
date: Mon, 13 Dec 2021 14:51:58 GMT
vary: Accept-Encoding

GET
H2 200 PugMaster Show response
image6.pubmatic.com/AdServer/ Frame 4C04 5 KB
6 KB 83ms
16ms Script
text/html 185.64.190.78
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=56905246&p=156631&s=0&a=0&ptask=ALL&np=0&fp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3Dc15c691fe1cf8b15%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.78 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: a3c0d6a1ec21864cd81859c59b3bda8520398d0292e3864348808d51bae8400c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 14:51:58 GMT
content-type: text/html; charset=UTF-8
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

GET
H/1.1

200
OK

usermatch Show response
ssum.casalemedia.com/ Frame 69CA
Redirect Chain

https://ssum.casalemedia.com/usermatch?s=190243&cb=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3Dc15c691fe1cf8b15%26uid%3D
https://ssum.casalemedia.com/usermatch?cb=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3Dc15c691fe1cf8b15%26uid%3D&s=190243&C=1

2 KB
3 KB

20ms
20ms

Document
text/html

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ssum.casalemedia.com/usermatch?cb=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3Dc15c691fe1cf8b15%26uid%3D&s=190243&C=1
Requested by: Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 0423a953637d6aa05ef764fe54a49a387fc61b5d50c65c488815f1dcaf88d803

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ads.us.e-planning.net/

Response headers

Server: Apache
Content-Type: text/html
Dropped-Udsids: 39|230|45|241|206|190|218|57
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Vary: Is-Traffic-Usersync
Content-Length: 1733
Expires: Mon, 13 Dec 2021 14:51:58 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 13 Dec 2021 14:51:58 GMT
Connection: keep-alive

Redirect headers

Server: Apache
Content-Length: 345
Content-Type: text/html; charset=iso-8859-1
Location: https://ssum.casalemedia.com/usermatch?cb=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3Dc15c691fe1cf8b15%26uid%3D&s=190243&C=1
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Expires: Mon, 13 Dec 2021 14:51:58 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 13 Dec 2021 14:51:58 GMT
Connection: keep-alive

GET
H2 200 / Show response
onetag-sys.com/usync/ Frame 1A61 2 KB
814 B 33ms
8ms Document
text/html 51.89.9.251
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://onetag-sys.com/usync/?pubId=5927d926323dc2c

Requested by

Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.89.9.251 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip251.ip-51-89-9.eu

Software

Resource Hash

37a31642af0a7fe695ed0fd68a06a55af44e854d083dc7f5d0e70535f0189ae0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ads.us.e-planning.net/

Response headers

content-type: text/html
cache-control: no-transform, no-cache
content-encoding: gzip
content-length: 731
strict-transport-security: max-age=15552000

GET
H2 200 / Show response
spl.zeotap.com/ Frame 888D 8 KB
2 KB 47ms
24ms Document
text/html 2606:4700:10::ac43:db6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Requested by: Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:db6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: dc5831dbb36d6ccae8d0cb573b8ac633557744716b7210c462e64678074358fd

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ads.us.e-planning.net/

Response headers

date: Mon, 13 Dec 2021 14:51:58 GMT
content-type: text/html
access-control-allow-credentials: true
access-control-allow-headers: *
access-control-allow-origin: https://ads.us.e-planning.net
vary: Origin
via: 1.1 google
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 6bd0037c3dc6693a-FRA
content-encoding: br

GET
H/1.1 200
OK usync.js Show response
eus.rubiconproject.com/ Frame 5A61 32 KB
10 KB 10ms
9ms Script
text/html 23.37.42.132
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?&p=12186&endpoint=eu
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.37.42.132 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-37-42-132.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: 5a25de0ee0917c2a760c0d03028e629863026404aa44422f08a98bb63e349378

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/usync.html?&p=12186&endpoint=eu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Mon, 13 Dec 2021 14:51:58 GMT
Content-Encoding: gzip
Last-Modified: Mon, 06 Dec 2021 17:06:23 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control: max-age=78215
Connection: keep-alive
Content-Type: text/html; charset=UTF-8
Content-Length: 9507
Expires: Tue, 14 Dec 2021 12:35:33 GMT

GET
H2 200 nrrV2109.js Show response
contextual.media.net/4a/ Frame 3186 92 KB
30 KB 26ms
25ms Script
text/javascript 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/4a/nrrV2109.js

Requested by

Host: contextual.media.net
URL: https://contextual.media.net/dmedianet.js?cid=8CU5BD6EW

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

b1c4793c00c6995f2393a7bd1e0a6666f6883a10efd9aabefb82495862c1164c

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: max-age=2592000
strict-transport-security: max-age=604800
content-encoding: gzip
server: Apache
etag: "05546b0e38ab9175cd905eebcc6ebb76"
vary: Accept-Encoding
x-mnet-h: 8-13
content-type: text/javascript; charset=utf-8
cache-control: max-age=1209600
date: Mon, 13 Dec 2021 14:51:58 GMT
content-length: 30276
expires: Mon, 27 Dec 2021 14:51:58 GMT

GET
H3 200 show_ads_impl_with_ama_fy2019.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202112060101/ Frame 54F0 276 KB
99 KB 144ms
95ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202112060101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1575911585432548&plah=securityaffairs.co

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/show_ads.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

00db1163ca6054f2a8496a8613addd64991e27eedc8a136ca3e1f9dc04e894f8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 14:51:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 101734
x-xss-protection: 0
server: cafe
etag: 4507154694380913909
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Mon, 13 Dec 2021 14:51:58 GMT

GET
DATA 200
OK truncated
/ Frame 3186 107 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: dfa1028a74436c56e0ee1367812c0ee599d6814ec4a3079ca9b9afffba949e26

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 3186 4 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 326c32d7ffbd04762a10cf5bb37441d418397959381d3893c9e9a48217aa5347

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 3186 2 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b00af338864761a37a208806e2e8815b46327a5e7e47bf141f4fbdf6d1fd3bcc

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type: image/png

GET
H/1.1 204
No Content sync.php
pixel-eu.rubiconproject.com/exchange/ Frame 5A61 0
239 B 57ms
10ms Image
image/gif 69.173.144.165
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel-eu.rubiconproject.com/exchange/sync.php?p=12186
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?&p=12186&endpoint=eu
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 69.173.144.165 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: de8527bfa1ccfd6c1590da0d3b6cff52
Content-Type: image/gif

GET
H3 200 show_ads_impl_with_ama_fy2019.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202112060101/ Frame E6A2 276 KB
99 KB 92ms
64ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202112060101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1575911585432548&plah=securityaffairs.co

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/show_ads.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

00db1163ca6054f2a8496a8613addd64991e27eedc8a136ca3e1f9dc04e894f8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 14:51:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 101734
x-xss-protection: 0
server: cafe
etag: 4507154694380913909
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Mon, 13 Dec 2021 14:51:58 GMT

GET
H2

200

match Show response
c1.adform.net/serving/cookie/ Frame BDC0
Redirect Chain

https://c1.adform.net/serving/cookie/match?party=14&cid=6D69887C-9336-45AC-829A-BD8C9192CDDE
https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=6D69887C-9336-45AC-829A-BD8C9192CDDE

35 B
477 B

19ms
19ms

Document
image/gif

37.157.2.238
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=6D69887C-9336-45AC-829A-BD8C9192CDDE

Requested by

Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3Dc15c691fe1cf8b15%26uid%3D

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.2.238 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/

Response headers

server: nginx
date: Mon, 13 Dec 2021 14:51:58 GMT
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate, no-transform
pragma: no-cache
expires: -1
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
access-control-allow-methods: GET
access-control-allow-origin: *
access-control-max-age: 86400
strict-transport-security: max-age=31536000; includeSubDomains

Redirect headers

server: nginx
date: Mon, 13 Dec 2021 14:51:58 GMT
content-length: 0
location: https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=6D69887C-9336-45AC-829A-BD8C9192CDDE
cache-control: no-cache, no-store, must-revalidate, no-transform
pragma: no-cache
expires: -1
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
access-control-allow-methods: GET
access-control-allow-origin: *
access-control-max-age: 86400
strict-transport-security: max-age=31536000; includeSubDomains

GET
H2

200

Pug Show response
image2.pubmatic.com/AdServer/ Frame C3ED
Redirect Chain

https://d5p.de17a.com/getuid/pubmatic?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID
https://d5p.de17a.com/getuid/pubmatic;c?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=8851320981600702179

42 B
209 B

15ms
14ms

Document
image/gif

185.64.189.110
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=8851320981600702179
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3Dc15c691fe1cf8b15%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/

Response headers

server: nginx
date: Mon, 13 Dec 2021 14:51:58 GMT
content-type: image/gif; charset=utf-8
content-length: 42
x-lat: amspug005:0:440
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: no-store, no-cache, private

Redirect headers

location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=8851320981600702179
content-length: 0
p3p: CP=NON CURa ADMa DEVa TAIa OUR STP IND UNI COM NAV

GET
H2 200 usersync.aspx Show response
dis.criteo.com/dis/ Frame 3338 43 B
334 B 58ms
14ms Document
image/gif 178.250.2.151
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://dis.criteo.com/dis/usersync.aspx?r=3&p=4&cp=pubmaticUS&cu=1&&gdpr=0&gdpr_consent=&url=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCookie=uid:@@CRITEO_USERID@@
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3Dc15c691fe1cf8b15%26uid%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.2.151 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: Kestrel /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/

Response headers

date: Mon, 13 Dec 2021 14:51:58 GMT
content-type: image/gif
server: Kestrel
cache-control: no-cache
pragma: no-cache
expires: Mon, 13 Dec 2021 00:00:00 GMT
x-errorlevel: 0
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 521348

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame 324A
Redirect Chain

https://dsp.adfarm1.adition.com/cookie/?ssp=9
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA=&piggybackCookie=7041199956690729112

42 B
210 B

69ms
17ms

Document
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA=&piggybackCookie=7041199956690729112
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3Dc15c691fe1cf8b15%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/

Response headers

server: nginx
date: Mon, 13 Dec 2021 14:51:58 GMT
content-type: image/gif; charset=utf-8
content-length: 42
x-lat: lhrpug019:0:407
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: no-store, no-cache, private

Redirect headers

Server: nginx
Date: Mon, 13 Dec 2021 14:51:58 GMT
Transfer-Encoding: chunked
Connection: keep-alive
p3p: policyref="http://imagesrv.adition.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"
Location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA=&piggybackCookie=7041199956690729112

GET
H2 503 b9pj45k4 Show response
sync-tm.everesttech.net/upi/pid/ Frame 4BFE 0
177 B 38ms
9ms Document
text/plain 151.101.2.49
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://sync-tm.everesttech.net/upi/pid/b9pj45k4?redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%7D%26gdpr%3D0%26gdpr_consent%3D
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3Dc15c691fe1cf8b15%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.2.49 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: Varnish /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/

Response headers

server: Varnish
retry-after: 0
accept-ranges: bytes
date: Mon, 13 Dec 2021 14:51:58 GMT
via: 1.1 varnish
x-served-by: cache-hhn4059-HHN
x-cache: MISS
x-cache-hits: 0
x-timer: S1639407119.856859,VS0,VE0
cache-control: no-cache
pragma: no-cache
content-length: 0

GET
H/1.1

200
OK

redir Show response
rtb-csync.smartadserver.com/ Frame 63FB
Redirect Chain

https://match.prod.bidr.io/cookie-sync/pm&gdpr=0&gdpr_consent=
https://match.prod.bidr.io/cookie-sync/pm&gdpr=0&gdpr_consent=?_bee_ppp=1
https://cm.g.doubleclick.net/pixel?google_nid=beeswaxio&google_sc=&google_hm=QUFEcE0wN0RicndBQUQyQXk3RTdydw&bee_sync_partners=pp%2Csas%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&bee_sy...
https://match.prod.bidr.io/cookie-sync/adx?bee_sync_partners=pp%2Csas%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&bee_sync_hop_count=1
https://bh.contextweb.com/bh/rtset?do=add&pid=558502&ev=AADpM07DbrwAAD2Ay7E7rw&rurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dsas%252Cpm%26bee_sync_current_partner%3Dpp%2...
https://match.prod.bidr.io/cookie-sync?bee_sync_partners=sas%2Cpm&bee_sync_current_partner=pp&bee_sync_initiator=adx&bee_sync_hop_count=2&ev=AADpM07DbrwAAD2Ay7E7rw&pid=558502&do=add
https://rtb-csync.smartadserver.com/redir?partnerid=127&partneruserid=AADpM07DbrwAAD2Ay7E7rw&redirurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dpm%26bee_sync_current_part...

43 B
163 B

71ms
17ms

Document
image/gif

185.86.139.114
SMARTADSERVER

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb-csync.smartadserver.com/redir?partnerid=127&partneruserid=AADpM07DbrwAAD2Ay7E7rw&redirurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dpm%26bee_sync_current_partner%3Dsas%26bee_sync_initiator%3Dadx%26bee_sync_hop_count%3D3%26userid%3DSMART_USER_ID
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3Dc15c691fe1cf8b15%26uid%3D
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.139.114 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: 89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/

Response headers

date: Mon, 13 Dec 2021 14:51:59 GMT
content-type: image/gif
transfer-encoding: chunked

Redirect headers

Date: Mon, 13 Dec 2021 14:51:59 GMT
location: https://rtb-csync.smartadserver.com/redir?partnerid=127&partneruserid=AADpM07DbrwAAD2Ay7E7rw&redirurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dpm%26bee_sync_current_partner%3Dsas%26bee_sync_initiator%3Dadx%26bee_sync_hop_count%3D3%26userid%3DSMART_USER_ID
Server: nginx
strict-transport-security: max-age=2592000; includeSubDomains
Content-Length: 0
Connection: keep-alive

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame 976C
Redirect Chain

https://sync.1rx.io/usersync2/pubmatic&gdpr=0&gdpr_consent=
https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=8497520098
https://sync.1rx.io/usersync/tradedesk/22653919-009f-4f9a-864e-eb4e5e5e19ca
https://sync.targeting.unrulymedia.com/csync/RX-02ad0771-8184-4086-b8bb-22d0c98bc07e-003?redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA%...
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=RX-02ad0771-8184-4086-b8bb-22d0c98bc07e-003

42 B
384 B

16ms
16ms

Document
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=RX-02ad0771-8184-4086-b8bb-22d0c98bc07e-003
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3Dc15c691fe1cf8b15%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/

Response headers

server: nginx
date: Mon, 13 Dec 2021 14:51:59 GMT
content-type: image/gif; charset=utf-8
content-length: 42
x-lat: lhrpug024:0:448
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: no-store, no-cache, private

Redirect headers

server: Tengine
date: Mon, 13 Dec 2021 14:51:59 GMT
content-type: text/html
p3p: CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=RX-02ad0771-8184-4086-b8bb-22d0c98bc07e-003
etag: RX02ad077181844086b8bb22d0c98bc07e003

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame 08A4
Redirect Chain

https://sync.srv.stackadapt.com/sync?nid=11
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=K9kruCFkQVduyzWEf6gP87nVm6I

42 B
219 B

18ms
18ms

Document
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=K9kruCFkQVduyzWEf6gP87nVm6I
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3Dc15c691fe1cf8b15%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/

Response headers

server: nginx
date: Mon, 13 Dec 2021 14:51:59 GMT
content-type: image/gif; charset=utf-8
content-length: 42
x-lat: lhrpug018:0:409
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: no-store, no-cache, private

Redirect headers

Content-Type: text/html; charset=utf-8
Date: Mon, 13 Dec 2021 14:51:59 GMT
Location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=K9kruCFkQVduyzWEf6gP87nVm6I
Content-Length: 159
Connection: keep-alive

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame D69C
Redirect Chain

https://csync.loopme.me/?redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzImdGw9MTI5NjAw&piggybackCookie={device_id}&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?vcode&gdpr_consent=null&piggybackCookie={device_id}&gdpr=0

0
107 B

53ms
17ms

Document
text/html

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode&gdpr_consent=null&piggybackCookie={device_id}&gdpr=0
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3Dc15c691fe1cf8b15%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/

Response headers

server: nginx
date: Mon, 13 Dec 2021 14:51:58 GMT
content-type: text/html; charset=utf-8
x-lat: lhrpug013:2:311
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: no-store, no-cache, private
content-encoding: gzip

Redirect headers

location: https://simage2.pubmatic.com/AdServer/Pug?vcode&gdpr_consent=null&piggybackCookie={device_id}&gdpr=0
content-length: 0
date: Mon, 13 Dec 2021 14:51:58 GMT
server: _

GET
H2

200

Pug Show response
image2.pubmatic.com/AdServer/ Frame 3D46
Redirect Chain

https://green.erne.co/pubmatic/cm?
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4ODQmdGw9MTI5NjAw&piggybackCookie=SvN2ydZyPx4U0IVwRnltX-b7

42 B
216 B

17ms
13ms

Document
image/gif

185.64.189.110
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4ODQmdGw9MTI5NjAw&piggybackCookie=SvN2ydZyPx4U0IVwRnltX-b7
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3Dc15c691fe1cf8b15%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/

Response headers

server: nginx
date: Mon, 13 Dec 2021 14:51:58 GMT
content-type: image/gif; charset=utf-8
content-length: 42
x-lat: amspug014:0:519
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: no-store, no-cache, private

Redirect headers

server: openresty
date: Mon, 13 Dec 2021 14:51:58 GMT
content-length: 0
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4ODQmdGw9MTI5NjAw&piggybackCookie=SvN2ydZyPx4U0IVwRnltX-b7
strict-transport-security: max-age=0; includeSubDomains;

GET
H/1.1 200
OK bridge Show response
cm.adgrx.com/ Frame AE3B 43 B
408 B 108ms
18ms Document
image/gif 72.251.245.179
VOXEL-DOT-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://cm.adgrx.com/bridge?AG_PID=pubmatic&AG_SETCOOKIE&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3Dc15c691fe1cf8b15%26uid%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 72.251.245.179 Amsterdam, Netherlands, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software: Cowboy /
Resource Hash: 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/

Response headers

Date: Mon, 13 Dec 2021 14:51:58 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
server: Cowboy
X-RealServer-NX: ams-delivery-7
Cache-Control: no-cache, no-store, must-revalidate, proxy-revalidate
Pragma: no-cache
Expires: Thu, 23 Sep 2004 17:42:04 GMT
P3P: CP="NOI OTC OTP OUR NOR"
Access-Control-Allow-Origin: *

GET
H2 404 dpe Show response
ad4m.at/ad/ Frame 0BAA 15 B
915 B 170ms
123ms Document
text/plain 2606:4700:3039::6815:c099
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ad4m.at/ad/dpe?b=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjkmdGw9MTI5NjAw&piggybackCookie=$UID

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3039::6815:c099 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c6420ab9ec6ebff1cd61333dade6ba9ac879d3617a59334148672dee6af12fec

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; report-to report-endpoint; report-uri https://as.ad4m.at/ad/rcv; upgrade-insecure-requests; sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/

Response headers

date: Mon, 13 Dec 2021 14:51:58 GMT
content-type: text/plain; charset=utf-8
content-length: 15
report-to: {"endpoints":[{"url":"https://as.ad4m.at/ad/vre"}],"group":"report-endpoint","max_age":86400}
nel: {"failure_fraction":"1.0","max_age":86400,"report_to":"report-endpoint","success_fraction":"0.0"}
expires: 0
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate
content-security-policy: block-all-mixed-content; report-to report-endpoint; report-uri https://as.ad4m.at/ad/rcv; upgrade-insecure-requests; sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox
feature-policy: geolocation 'none';midi 'none';sync-xhr 'none';microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';fullscreen 'none';payment 'none';accelerometer 'none';usb 'none';autoplay 'self'
referrer-policy: same-origin
pragma: no-cache
surrogate-control: no-store
via: 1.1 google
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 6bd0037d0aa2dfc3-FRA

GET
H2

200

rtb-h Show response
match.taboola.com/sg/pubmatic-ssp-network/1/ Frame C245
Redirect Chain

https://trc.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw&piggybackCookie=uid:$UID
https://match.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&tbid=1dd1433c-db56-418d-98af-cfa22feba923-tuct8b0e38e&query=taboola_hm%3D1%26redir%3Dhttps%3A%2F%2Fsimage2.pubmatic.com%2FAdSe...

0
147 B

46ms
18ms

Document
text/plain

151.101.65.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://match.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&tbid=1dd1433c-db56-418d-98af-cfa22feba923-tuct8b0e38e&query=taboola_hm%3D1%26redir%3Dhttps%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw%26piggybackCookie%3Duid%3A%24UID&isDirect=0
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3Dc15c691fe1cf8b15%26uid%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.65.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/

Response headers

server: nginx
accept-ranges: bytes
date: Mon, 13 Dec 2021 14:51:58 GMT
via: 1.1 varnish
x-served-by: cache-hhn4075-HHN
x-cache: MISS
x-cache-hits: 0
x-timer: S1639407119.930957,VS0,VE9
content-length: 0

Redirect headers

server: nginx
location: https://match.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&tbid=1dd1433c-db56-418d-98af-cfa22feba923-tuct8b0e38e&query=taboola_hm%3D1%26redir%3Dhttps%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw%26piggybackCookie%3Duid%3A%24UID&isDirect=0
accept-ranges: bytes
date: Mon, 13 Dec 2021 14:51:58 GMT
via: 1.1 varnish
x-served-by: cache-hhn4073-HHN
x-cache: MISS
x-cache-hits: 0
x-timer: S1639407119.882317,VS0,VE8
x-vcl-time-ms: 8
content-length: 0

GET
H/1.1 200
OK cookiesync Show response
core.iprom.net/ Frame E409 43 B
282 B 121ms
25ms Document
image/gif 195.5.165.20
IPROM-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://core.iprom.net/cookiesync
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3Dc15c691fe1cf8b15%26uid%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 195.5.165.20 , Slovenia, ASN44968 (IPROM-AS, SI),
Reverse DNS
Software: /
Resource Hash: 98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/

Response headers

Vary: Accept-Encoding
X-adserver-worker: leviathan-fb5edfabe1c5@version_1.363v2
Connection: close
X-server-arch: v2
Content-Type: image/gif
Content-Length: 43
X-core-time: 0ms
Date: Mon, 13 Dec 2021 14:51:58 GMT

GET
H2 200 um Show response
u-ams02.e-planning.net/ Frame DD26 42 B
103 B 19ms
16ms Document
image/gif 46.249.52.248
SERVERIUS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://u-ams02.e-planning.net/um?dc=a208d9366469aa64&fi=c15c691fe1cf8b15&uid=6D69887C-9336-45AC-829A-BD8C9192CDDE
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3Dc15c691fe1cf8b15%26uid%3D
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 46.249.52.248 Amsterdam, Netherlands, ASN50673 (SERVERIUS-AS, NL),
Reverse DNS: ads.us.e-planning.net
Software: openresty /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/

Response headers

server: openresty
date: Mon, 13 Dec 2021 14:51:58 GMT
content-type: image/gif

GET
H2

200

user_sync.html
ads.pubmatic.com/AdServer/js/ Frame 4C04
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=bWmIfJM2RayCmr2MkZLN3g%3D%3D
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=bWmIfJM2RayCmr2MkZLN3g%3D%3D&google_tc=
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=

14 KB
14 KB

9ms
7ms

Image
text/html

2.18.233.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3Dc15c691fe1cf8b15%26uid%3D
Protocol: H2
Server: 2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 14:51:59 GMT
content-encoding: gzip
last-modified: Tue, 15 Jun 2021 06:08:03 GMT
server: Apache/2.2.15 (CentOS)
etag: "1300708-3945-5c4c7cc02bd56"
vary: Accept-Encoding
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: max-age=81865
accept-ranges: bytes
content-type: text/html; charset=UTF-8
content-length: 5054
expires: Tue, 14 Dec 2021 13:36:24 GMT

Redirect headers

pragma: no-cache
date: Mon, 13 Dec 2021 14:51:59 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 272
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

SPug
image4.pubmatic.com/AdServer/ Frame 4C04
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=3&redir=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3FpartnerID%3D27%26partnerUID%3D%5BMM_UUID%5D
https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=6f4c61b7-5e0e-4000-b1c1-d9f603b3b255

0
260 B

77ms
14ms

Image
text/plain

198.47.127.20
GTT-BACKBONE GTT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=6f4c61b7-5e0e-4000-b1c1-d9f603b3b255
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3Dc15c691fe1cf8b15%26uid%3D
Protocol: H2
Server: 198.47.127.20 , United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 14:51:58 GMT
cache-control: no-store, no-cache, private
server: nginx
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Date: Mon, 13 Dec 2021 14:51:58 GMT
Server: MT3 4133 baa842e master zrh-pixel-x12 config:1.0.0
Access-Control-Allow-Origin: *
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=6f4c61b7-5e0e-4000-b1c1-d9f603b3b255
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Mon, 13 Dec 2021 14:51:57 GMT

GET
H2

200

/
spl.zeotap.com/ Frame 4C04
Redirect Chain

https://pixel.onaudience.com/?partner=214&mapped=6D69887C-9336-45AC-829A-BD8C9192CDDE
https://sync.crwdcntrl.net/map/c=8587/tp=CLOD?https%3A%2F%2Fpixel.onaudience.com%2F%3Fpartner%3D104%26icm%26cver%26mapped%3D%24%7Bprofile_id%7D
https://sync.crwdcntrl.net/map/ct=y/c=8587/tp=CLOD?https%3A%2F%2Fpixel.onaudience.com%2F%3Fpartner%3D104%26icm%26cver%26mapped%3D%24%7Bprofile_id%7D
https://pixel.onaudience.com/?partner=104&icm&cver&mapped=fcc6b7d9aec90eef210a58a5bcddbe17
https://match.adsrvr.org/track/cmf/generic?ttd_pid=xksw9la&ttd_tpi=1
https://pixel.onaudience.com/?partner=147&mapped=22653919-009f-4f9a-864e-eb4e5e5e19ca&icm
https://spl.zeotap.com/?zdid=1332&zcluid=94cc348466ebafa5

95 B
556 B

33ms
32ms

Image
image/png

2606:4700:10::ac43:db6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://spl.zeotap.com/?zdid=1332&zcluid=94cc348466ebafa5
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3Dc15c691fe1cf8b15%26uid%3D
Protocol: H2
Server: 2606:4700:10::ac43:db6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 14:51:59 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://ads.pubmatic.com
access-control-allow-credentials: true
cf-ray: 6bd0037eec63693a-FRA
access-control-allow-headers: *
content-length: 95

Redirect headers

location: https://spl.zeotap.com?zdid=1332&zcluid=94cc348466ebafa5
content-length: 0

GET
H2

200

Pug
image2.pubmatic.com/AdServer/ Frame 4C04
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=NkQ2OTg4N0MtOTMzNi00NUFDLTgyOUEtQkQ4QzkxOTJDRERF&gdpr=0&gdpr_consent=
https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=NkQ2OTg4N0MtOTMzNi00NUFDLTgyOUEtQkQ4QzkxOTJDRERF&gdpr=0&gdpr_consent=&google_tc=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=

42 B
110 B

16ms
15ms

Image
image/gif

185.64.189.110
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3Dc15c691fe1cf8b15%26uid%3D
Protocol: H2
Server: 185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 14:51:57 GMT
cache-control: no-store, no-cache, private
x-lat: amspug001:0:538
server: nginx
content-type: image/gif; charset=utf-8
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma: no-cache
date: Mon, 13 Dec 2021 14:51:59 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

Pug
image2.pubmatic.com/AdServer/ Frame 4C04
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm&google_sc&gdpr=0&gdpr_consent=
https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm=&google_sc=&gdpr=0&gdpr_consent=&google_tc=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEGQuGlJ061tnhyezwzzSbY8&google_cver=1

42 B
281 B

15ms
14ms

Image
image/gif

185.64.189.110
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEGQuGlJ061tnhyezwzzSbY8&google_cver=1
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3Dc15c691fe1cf8b15%26uid%3D
Protocol: H2
Server: 185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 14:51:58 GMT
cache-control: no-store, no-cache, private
x-lat: amspug004:0:388
server: nginx
content-type: image/gif; charset=utf-8
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma: no-cache
date: Mon, 13 Dec 2021 14:51:59 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEGQuGlJ061tnhyezwzzSbY8&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 379
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pubmatic
um.simpli.fi/ Frame 4C04 43 B
617 B 69ms
19ms Image
image/gif 169.50.137.184
SOFTLAYER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://um.simpli.fi/pubmatic?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODA2JnRsPTUxODQwMA==&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent=

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

169.50.137.184 , United States, ASN36351 (SOFTLAYER, US),

Reverse DNS

b8.89.32a9.ip4.static.sl-reverse.com

Software

nginx /

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 14:51:58 GMT
x-content-type-options: nosniff
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
server: nginx
strict-transport-security: max-age=63072000; includeSubdomains; preload
access-control-allow-methods: GET, POST, OPTIONS
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 43
expires: Sun, 12 Dec 2021 14:51:58 GMT

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/ Frame 4C04
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=3&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA%3D%3D%26piggybackCookie%3...
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA==&piggybackCookie=uid:8b9d61b7-5e0e-4300-ba0d-feebf75e4e8e&gdpr=0&gdpr_consent=

42 B
340 B

48ms
17ms

Image
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA==&piggybackCookie=uid:8b9d61b7-5e0e-4300-ba0d-feebf75e4e8e&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3Dc15c691fe1cf8b15%26uid%3D
Protocol: H2
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 14:51:58 GMT
cache-control: no-store, no-cache, private
x-lat: lhrpug006:0:524
server: nginx
content-type: image/gif; charset=utf-8
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Date: Mon, 13 Dec 2021 14:51:58 GMT
Server: MT3 4133 baa842e master zrh-pixel-x1 config:1.0.0
Access-Control-Allow-Origin: *
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA==&piggybackCookie=uid:8b9d61b7-5e0e-4300-ba0d-feebf75e4e8e&gdpr=0&gdpr_consent=
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Mon, 13 Dec 2021 14:51:57 GMT

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/ Frame 4C04
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=pubmatic&ttd_tpi=1&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=22653919-009f-4f9a-864e-eb4e5e5e19ca

42 B
602 B

71ms
16ms

Image
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=22653919-009f-4f9a-864e-eb4e5e5e19ca
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3Dc15c691fe1cf8b15%26uid%3D
Protocol: H2
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 14:51:58 GMT
cache-control: no-store, no-cache, private
x-lat: lhrpug020:0:329
server: nginx
content-type: image/gif; charset=utf-8
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma: no-cache
date: Mon, 13 Dec 2021 14:51:58 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=22653919-009f-4f9a-864e-eb4e5e5e19ca
cache-control: private,no-cache, must-revalidate
content-type: text/html
content-length: 313

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/ Frame 4C04
Redirect Chain

https://c1.adform.net/serving/cookie/match?party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COO...
https://c1.adform.net/serving/cookie/match?CC=1&party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%...
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=686955697831082021

42 B
232 B

25ms
18ms

Image
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=686955697831082021
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3Dc15c691fe1cf8b15%26uid%3D
Protocol: H2
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 14:51:58 GMT
cache-control: no-store, no-cache, private
x-lat: lhrpug018:0:481
server: nginx
content-type: image/gif; charset=utf-8
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma: no-cache
date: Mon, 13 Dec 2021 14:51:58 GMT
server: nginx
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=686955697831082021
access-control-max-age: 86400
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H2

200

Pug
image2.pubmatic.com/AdServer/ Frame 4C04
Redirect Chain

https://ib.adnxs.com/getuid?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=$UID&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=8877751720064750958&gdpr=0&gdpr_consent=

42 B
366 B

62ms
13ms

Image
image/gif

185.64.189.110
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=8877751720064750958&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3Dc15c691fe1cf8b15%26uid%3D
Protocol: H2
Server: 185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 14:51:57 GMT
cache-control: no-store, no-cache, private
x-lat: amspug015:0:395
server: nginx
content-type: image/gif; charset=utf-8
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Pragma: no-cache
Date: Mon, 13 Dec 2021 14:51:58 GMT
X-Proxy-Origin: 185.213.155.162; 185.213.155.162; 723.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 8dc6f82d-8beb-4976-a2e0-a130d1eba851
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=8877751720064750958&gdpr=0&gdpr_consent=
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

Pug
image2.pubmatic.com/AdServer/ Frame 4C04
Redirect Chain

https://pixel.quantserve.com/pixel/p-5aWVS_roA1dVM.gif?idmatch=0&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=yQc-_MpTbK7SUmuvmlRxqMlSaPrSBT3-nlKWEt3B

42 B
623 B

26ms
13ms

Image
image/gif

185.64.189.110
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=yQc-_MpTbK7SUmuvmlRxqMlSaPrSBT3-nlKWEt3B
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3Dc15c691fe1cf8b15%26uid%3D
Protocol: H2
Server: 185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 14:51:58 GMT
cache-control: no-store, no-cache, private
x-lat: amspug016:0:410
server: nginx
content-type: image/gif; charset=utf-8
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma: no-cache
date: Mon, 13 Dec 2021 14:51:58 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
location: https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=yQc-_MpTbK7SUmuvmlRxqMlSaPrSBT3-nlKWEt3B
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 0
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2

200

SPug
image4.pubmatic.com/AdServer/ Frame 4C04
Redirect Chain

https://ups.analytics.yahoo.com/ups/58292/sync?_origin=1&uid=6D69887C-9336-45AC-829A-BD8C9192CDDE&redir=true&gdpr=0&gdpr_consent=
https://ups.analytics.yahoo.com/ups/58292/sync?_origin=1&uid=6D69887C-9336-45AC-829A-BD8C9192CDDE&redir=true&gdpr=0&gdpr_consent=&verify=true
https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-yOIMZKZE2uVWLZ2dvNonKpG2oMCWnwg-~A&gdpr=0&gdpr_consent=

0
48 B

21ms
15ms

Image
text/plain

198.47.127.20
GTT-BACKBONE GTT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-yOIMZKZE2uVWLZ2dvNonKpG2oMCWnwg-~A&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3Dc15c691fe1cf8b15%26uid%3D
Protocol: H2
Server: 198.47.127.20 , United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 14:51:58 GMT
cache-control: no-store, no-cache, private
server: nginx
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

location: https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-yOIMZKZE2uVWLZ2dvNonKpG2oMCWnwg-~A&gdpr=0&gdpr_consent=
date: Mon, 13 Dec 2021 14:51:58 GMT
server: ATS/9.1.0.33
age: 0
content-length: 0
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H2 200 6D69887C-9336-45AC-829A-BD8C9192CDDE
pr-bh.ybp.yahoo.com/sync/pubmatic/ Frame 4C04 43 B
868 B 115ms
35ms Image
image/gif 2a05:d018:d29:3605:14b1:76c0:1806:81d9
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pr-bh.ybp.yahoo.com/sync/pubmatic/6D69887C-9336-45AC-829A-BD8C9192CDDE?gdpr=0&gdpr_consent=

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a05:d018:d29:3605:14b1:76c0:1806:81d9 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

ATS /

Resource Hash

48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 14:51:59 GMT
referrer-policy: strict-origin-when-cross-origin
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=31536000
content-type: image/gif
x-xss-protection: 1; mode=block
content-length: 43
x-content-type-options: nosniff

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/ Frame 4C04
Redirect Chain

https://x.bidswitch.net/sync?ssp=pubmatic&gdpr=0&gdpr_consent=
https://x.bidswitch.net/ul_cb/sync?ssp=pubmatic&gdpr=0&gdpr_consent=
https://ads.creative-serving.com/bsw_sync?bidswitch_ssp_id=pubmatic&bsw_custom_parameter=1365c82b-edf6-43f3-936a-102b421a5b25
https://ads.creative-serving.com/ul_cb/bsw_sync?bidswitch_ssp_id=pubmatic&bsw_custom_parameter=1365c82b-edf6-43f3-936a-102b421a5b25
https://x.bidswitch.net/sync?dsp_id=4&user_id=77f58ace-0989-47ef-92bb-6c269f74c8c6&ssp=pubmatic&expires=30&user_group=5&bsw_param=1365c82b-edf6-43f3-936a-102b421a5b25
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=1365c82b-edf6-43f3-936a-102b421a5b25&gdpr=&gdpr_consent=&gdpr_pd=

1 B
181 B

17ms
15ms

Image
text/html

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=1365c82b-edf6-43f3-936a-102b421a5b25&gdpr=&gdpr_consent=&gdpr_pd=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3Dc15c691fe1cf8b15%26uid%3D
Protocol: H2
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 14:51:59 GMT
cache-control: no-store, no-cache, private
x-lat: lhrpug020:0:469
server: nginx
content-type: text/html; charset=utf-8
content-length: 1
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Location: //simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=1365c82b-edf6-43f3-936a-102b421a5b25&gdpr=&gdpr_consent=&gdpr_pd=
Date: Mon, 13 Dec 2021 14:51:59 GMT
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 0

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/ Frame 4C04
Redirect Chain

https://ad.turn.com/r/cs?pid=1&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=3405951207433908295&gdpr=0&gdpr_consent=&us_privacy=

1 B
167 B

16ms
16ms

Image
text/html

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=3405951207433908295&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3Dc15c691fe1cf8b15%26uid%3D
Protocol: H2
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 14:51:59 GMT
cache-control: no-store, no-cache, private
x-lat: lhrpug009:0:461
server: nginx
content-type: text/html; charset=utf-8
content-length: 1
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=3405951207433908295&gdpr=0&gdpr_consent=&us_privacy=
pragma: no-cache
date: Mon, 13 Dec 2021 14:51:58 GMT
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length: 0
p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

GET
H2 204 current
pubmatic-match.dotomi.com/match/bounce/ Frame 4C04 0
104 B 85ms
25ms Image
text/plain 2a02:fa8:8806:13::1400
VCLK-EU-SE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pubmatic-match.dotomi.com/match/bounce/current?networkId=17100&version=1&nuid=6D69887C-9336-45AC-829A-BD8C9192CDDE&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3Dc15c691fe1cf8b15%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:fa8:8806:13::1400 , Singapore, ASN41041 (VCLK-EU-SE, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 13 Dec 2021 14:51:59 GMT
cache-control: no-cache, private, max-age=0, no-store
server: nginx
expires: 0

GET
H2

200

Pug
image2.pubmatic.com/AdServer/ Frame 4C04
Redirect Chain

https://pixel-sync.sitescout.com/dmp/pixelSync?nid=3&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5NjkmdGw9MjU5MjAw=&piggybackCookie=no-consent&gdpr=1&gdpr_consent=

42 B
203 B

19ms
19ms

Image
image/gif

185.64.189.110
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5NjkmdGw9MjU5MjAw=&piggybackCookie=no-consent&gdpr=1&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3Dc15c691fe1cf8b15%26uid%3D
Protocol: H2
Server: 185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 14:51:58 GMT
cache-control: no-store, no-cache, private
x-lat: amspug003:0:438
server: nginx
content-type: image/gif; charset=utf-8
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma: no-cache
date: Mon, 13 Dec 2021 14:51:58 GMT
server: AC1.1
p3p: CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5NjkmdGw9MjU5MjAw=&piggybackCookie=no-consent&gdpr=1&gdpr_consent=
cache-control: max-age=0,no-cache,no-store
content-length: 0
expires: Tue, 11 Oct 1977 12:34:56 GMT

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/ Frame 4C04
Redirect Chain

https://match.adsby.bidtheatre.com/pubmaticmatch?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?piggybackCookie=uid:684377e9-6dec-4e6d-a5e9-7c26fc49d3c0&vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw

42 B
111 B

22ms
21ms

Image
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?piggybackCookie=uid:684377e9-6dec-4e6d-a5e9-7c26fc49d3c0&vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3Dc15c691fe1cf8b15%26uid%3D
Protocol: H2
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 14:51:59 GMT
cache-control: no-store, no-cache, private
x-lat: lhrpug016:0:358
server: nginx
content-type: image/gif; charset=utf-8
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Location: https://simage2.pubmatic.com/AdServer/Pug?piggybackCookie=uid:684377e9-6dec-4e6d-a5e9-7c26fc49d3c0&vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw
Date: Mon, 13 Dec 2021 14:51:59 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=3000
Content-Length: 0
P3P: policyref="/w3c/p3p.xml", CP="DSP NON LAW OUR CUR DEVo PSAo PSDo IND STA NAV COM INT"

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/ Frame 4C04
Redirect Chain

https://ads.playground.xyz/usersync/apn?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=$UID
https://secure.adnxs.com/getuid?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=$UID
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=8877751720064750958

42 B
110 B

16ms
16ms

Image
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=8877751720064750958
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3Dc15c691fe1cf8b15%26uid%3D
Protocol: H2
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 14:51:59 GMT
cache-control: no-store, no-cache, private
x-lat: lhrpug022:0:369
server: nginx
content-type: image/gif; charset=utf-8
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Pragma: no-cache
Date: Mon, 13 Dec 2021 14:51:59 GMT
X-Proxy-Origin: 185.213.155.162; 185.213.155.162; 718.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 55add546-ddd8-4242-b609-32a247f83537
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=8877751720064750958
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 d1ba4609
rtb.gumgum.com/getuid/ Frame 4C04 35 B
238 B 105ms
29ms Image
image/gif 54.228.52.99
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.gumgum.com/getuid/d1ba4609?gdpr=0&gdpr_consent=&r=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzNDImdGw9MTI5NjAw%26piggybackCookie%3D
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3Dc15c691fe1cf8b15%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.228.52.99 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-228-52-99.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 13 Dec 2021 14:51:59 GMT
content-type: image/gif;charset=UTF-8
server: nginx
p3p: CP="This is not a P3P policy"
cache-control: private, no-store, must-revalidate, max-age=0
timing-allow-origin: *
content-length: 35
expires: 0

GET
H/1.1 200
OK bql.php Show response
lg3.media.net/ Frame 3186 15 B
397 B 19ms
17ms Script
text/javascript 23.58.216.132
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://lg3.media.net/bql.php?&vgd_l2type=setting&v=1&gdpr=1&hvsid=00001639407117626031177838089905&geo=50.12|8.68&dlper=25&lper=100&fp=EIMN-ehR7Pps_CSyS_Yzo-2i1OixKc5bcJvKkD7oNWATQGXYvCMCRP14dGZsAg3hEW7ot1CMnJ_fJbF3jnfXUmVKv3dZcneg4hOiU0Ml7YJfFzZFLhM5vJpSwPJ4kgSVa7-AEIFawWQ%3D&lpid=&tsid=1&q=&prv=&type=&ps=&cme=2fwC-SHuSOg3q0rqI-MKsES1wHOwQk_bbOvdt_yU5sI4Dpi10qOEkNkgiqUtZOuWE7Y2IBK1oKs1cLyLmsI0Yf9hQ1BOAwI-DhRhQE3Sw2aqU2LJ0JSDfpx_ikCUfa8Ji11gxp6VK20jJ_phOkxeDZ_UDUPyGja18hj9TijWGLbTYEyoFLkhHTqOyjWay3K_J7MY9Nnvw62NtKqEphnijxJBU7dPpExViw1FWjYhtjA%3D%7C%7CNDHRnZ9Gz3KXlI-i9OnZqQ%3D%3D%7C5gDUJdTGiJzedmq9hanWYg%3D%3D%7Cy2SqoJcE0s-9IUO1sSido6Y3VR48iOc4%7CcMzb_KsVZc09A0KvyT3TfszVCgrhB3BXcLRbpdpd8vDu3TTt_Vw53y8_yDIgkf8xNWz8BVsgon4fqe9DP1pTeY_hzfltDpe8AWXgOOwjgXg%3D%7CN7fu2vKt8_s%3D%7CZCOy_GrKeFt4SDO-dl47HAgAEMQZVY5jdzRdd2wpfcwVpz2b5GfXJF1TgpR-CorW4RZEPylc9z1mDD-0egs_q4-2kOljG_2oarK57d4JzS7y65zkyLJ1r9D_yDmGVOQFCVmdfr6Jk3mBFCxgXRD2yDCl5GXumLSAy-IOPWE4LhThbULWIKrY-H_9jARQZJ9fhowm5WS9cbGrieLWXEuBTn8zm3cnlmOe%7C&hint=&td=&cc=DE&wsip=170721621&bca=0&ugd=4&vgd_chost=contextual.media.net&vgd_fcic=1&vgde_kbbh=fuoyxQBuG&vgde_setid=Nfu&&rc=0&ksu=207&oref=https%3A%2F%2Ft.co&fdkt=267&kwd[]=Cyber%20Security%20Risks&kwt[]=267&kbc[]=139812&kwp[]=1&kid[]=68172917&kbc2[]=ps%3D0.562%7C%7Crpc%3D0.91%7C%7Clvl%3D1.00&ktd[]=274894815488&kwd[]=Firewall%20Internet%20Security&kwt[]=244&kbc[]=1204776014&kwp[]=2&kid[]=10910457&kbc2[]=ps%3D0.551%7C%7Crpc%3D0.88%7C%7Clvl%3D1.00&ktd[]=274894815488&kwd[]=Vulnerability%20Assessment%20Scanner&kwt[]=244&kbc[]=1204776014&kwp[]=3&kid[]=30219595&kbc2[]=ps%3D0.551%7C%7Crpc%3D0.45%7C%7Clvl%3D1.64&ktd[]=274894815488&kwd[]=Antivirus%20for%20Windows%2010&kwt[]=240&kbc[]=b929ad6d4b2dae39694d8837c0866b17.d2s&kwp[]=4&kid[]=324855848&kbc2[]=101%7C%7Cps%3D0.546%7C%7Crpc%3D0.24%7C%7Clvl%3D1.89&ktd[]=274911854848&kwd[]=Best%20Windows%20Antivirus%202021&kwt[]=240&kbc[]=b929ad6d4b2dae39694d8837c0866b17.d2s&kwp[]=5&kid[]=329945038&kbc2[]=101%7C%7Cps%3D0.546%7C%7Crpc%3D1.71%7C%7Clvl%3D1.00&ktd[]=274895077632&rand=1639407118832&cid=8CU5BD6EW&vwid=1639407117677767426&vi=1639407117677767426&l3ch=0&slnkp=no&tdAdd[]=ib=0&vgd_uspa=0&vgd_sc=HE&vgd_l1rakh=1639407117172961648&vgd_l1rhst=contextual.media.net&vgd_lhl=966&tdAdd[]=%7C%40%7Csde%3D1%7C%40%7Cadepth%3D1%7C%40%7Cddepth%3D1%7C%40%7Cfsap%3D0&vgd_ifrmode=00&sttm=1639407117626&upk=1639407118.22680&hvsid=00001639407117626031177838089905&verid=3121199&kbbq=%26sde%3D1%26adepth%3D1%26ddepth%3D1%26asn%3D39351&vgd_isiolc=1&npgv=1&pid=8PO9OT5EW&katen=1&pc=100&vgd_pgid=p0787618973t202112131451&matm=1639407118835&vgd_ltime=1210&vgd_ltimesrc=2&abpl=2&tdAdd[]=nw%3DNone&tdAdd[]=nwType%3DNone&tdAdd[]=asnum%3D39351&tdAdd[]=proxy%3DNone&tdAdd[]=comp%3DNone&vgd_l3_sc=HE&vgd_l1ch=1&vgd_refdomain=t.co&vgd_katbid=-2&vgd_kals=base%7C%7Cpc%3D100%7C%7Cfat%3D0&vgd_kasts=tstype%3D-10401%7C%7Cgbid%3D-2&vgd_altbql=sb&vgd_pdtid=1&vgd_implt=3&vgd_sbSup=1&vgd_l2wsip=170721634&vgd_nrrsf=nrr&vgd_nrrv=2109&vgd_nrrs=2109&vgd_nrrmf=4a&vgd_cntrdt=AS%7CDIV-647633027%7CDIV&vgd_x_pos=980&vgd_y_pos=982&vgd_ren_page_h=5061&vgd_cty=FRANKFURT&vgd_l1hcsd=A32%7C8179&vgd_sethcsd=N9%7C8204&vgd_cfud=210701&vgd_is_amp=0&vgd_icat=599&vgd_spcat=-1&vgd_optout=0&vgd_l2ch=0&vgd_ect=4g&vgd_rensize=300_250&vgd_scr_h=1200&vgd_scr_w=1600&vgd_mbr=1&vgd_l1rpth=%2Fdmedianet.js&vgd_pgids=2&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F125409%2Fmalware%2Fmoobot-botnet-hikvision.html&oRurl=http%3A%2F%2Fcdn3gor%2Fmediamain.html%3F%26nb%3D1%26settings%3D1%26%26cc%3DDE%26isOffice%3D0%26fvips%3D0%26vi%3D1639407117677767426%26lw%3D1%26esi%3D1%26size%3D300x250%26crid%3D647633027%26vpf%3D000%26kwrf%3Dhttps%253a%252f%252ft.co%26cid%3D8CU5BD6EW%26ugd%3D4%26chost%3Dcontextual.media.net%26vif%3D1%26blacpfl%3D1%26https%3D1%26blapd%3D0%26nse%3D5%26baeFlag%3D1%26cpcd%3DRlAcVccC-RdUYIl-LjF9ag%253d%253d%26nb%3D1%26cb%3Dwindow._mNDetails.initAd%26gdpr%3D1%26pid%3D8PO9OT5EW%26requrl%3Dhttps%253a%252f%252fsecurityaffairs.co%252fwordpress%252f125409%252fmalware%252fmoobot-botnet-hikvision.html%26%26katen%3D1%26katbid%3D-2&tdAdd[]=uiparams%3D%3Brend_w%3A300%3Brend_h%3A250%3Bwin_w%3A1600%3Bwin_h%3A1200%3Bkwd_scnt%3A5&vgd_crefurl=https://t.co/&vgd_end=1

Requested by

Host: contextual.media.net
URL: https://contextual.media.net/4a/nrrV2109.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.58.216.132 Berlin, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-58-216-132.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

c787e9dd6dc8ea3c935f5f0f30e3b9e4a3e066b4619bb244f569883f8e318a24

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Strict-Transport-Security: max-age=21600
Server: Apache
Date: Mon, 13 Dec 2021 14:51:58 GMT
ntCoent-Length: 15
Vary: Accept-Encoding
Content-Type: text/javascript;charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 15
Expires: Mon, 13 Dec 2021 14:51:58 GMT

POST
H2 200 log
navvy.media.net/ Frame 3186 35 B
97 B 157ms
156ms Ping
image/gif 34.102.149.62
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://navvy.media.net/log
Requested by: Host: contextual.media.net
URL: https://contextual.media.net/4a/nrrV2109.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.102.149.62 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 62.149.102.34.bc.googleusercontent.com
Software: Jetty(9.4.7.v20170914) /
Resource Hash: 796c46ec10bc9105545f6f90d51593921b69956bd9087eb72bee83f40ad86f90

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Mon, 13 Dec 2021 14:51:58 GMT
via: 1.1 google
server: Jetty(9.4.7.v20170914)
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=0, no-cache,no-store
alt-svc: clear
content-length: 35
expires: Mon, 13 Dec 2021 14:51:58 GMT

GET
H/1.1 400
Request failed due to privacy signals getuid
ib.adnxs.com/ Frame 888D 0
0 180ms
180ms Image
text/html 185.33.221.87
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ib.adnxs.com/getuid?https://mwzeom.zeotap.com/mw?adnxs_uid=$UID&zpartnerid=2&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=d3c45572-f3bb-45a6-4f08-50157969e3f9&reqId=1629df10-1e12-42e7-45b0-824325257fc7&zdid=1361
Requested by: Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 185.33.221.87 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS: 723.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

GET
H2

200

mw
mwzeom.zeotap.com/ Frame 888D
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=zeotap_ddp&google_cm&zpartnerid=1&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=d3c45572-f3bb-45a6-4f08-50157969e3f9&reqId=1629df10-1e12-42e7-45...
https://cm.g.doubleclick.net/pixel?google_nid=zeotap_ddp&google_cm=&zpartnerid=1&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=d3c45572-f3bb-45a6-4f08-50157969e3f9&reqId=1629df10-1e12-42e7-4...
https://mwzeom.zeotap.com/mw?google_gid=CAESENzO5Yk83u3kC32_oRJmo7Y&google_cver=1&zpartnerid=1&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=d3c45572-f3bb-45a6-4f08-50157969e3f9&reqId=1629df...

95 B
153 B

29ms
27ms

Image
image/png

2606:4700:10::ac43:db6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?google_gid=CAESENzO5Yk83u3kC32_oRJmo7Y&google_cver=1&zpartnerid=1&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=d3c45572-f3bb-45a6-4f08-50157969e3f9&reqId=1629df10-1e12-42e7-45b0-824325257fc7&zdid=1361
Requested by: Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol: H2
Server: 2606:4700:10::ac43:db6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 14:51:59 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://spl.zeotap.com
access-control-allow-credentials: true
cf-ray: 6bd0037e7b83693a-FRA
access-control-allow-headers: *
content-length: 95

Redirect headers

pragma: no-cache
date: Mon, 13 Dec 2021 14:51:59 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://mwzeom.zeotap.com/mw?google_gid=CAESENzO5Yk83u3kC32_oRJmo7Y&google_cver=1&zpartnerid=1&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=d3c45572-f3bb-45a6-4f08-50157969e3f9&reqId=1629df10-1e12-42e7-45b0-824325257fc7&zdid=1361
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 470
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

mw
mwzeom.zeotap.com/ Frame 888D
Redirect Chain

https://pixel.tapad.com/idsync/ex/push?partner_url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BTA_DEVICE_ID%7D%26zpartnerid%3D5%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26...
https://pixel.tapad.com/idsync/ex/push/check?partner_url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BTA_DEVICE_ID%7D%26zpartnerid%3D5%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent...
https://mwzeom.zeotap.com/mw?cid=811f9729-98db-4b92-967b-02041522fad0&zpartnerid=5&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=d3c45572-f3bb-45a6-4f08-50157969e3f9&reqId=1629df10-1e12-42e7...

95 B
153 B

26ms
26ms

Image
image/png

2606:4700:10::ac43:db6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?cid=811f9729-98db-4b92-967b-02041522fad0&zpartnerid=5&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=d3c45572-f3bb-45a6-4f08-50157969e3f9&reqId=1629df10-1e12-42e7-45b0-824325257fc7&zdid=1361
Requested by: Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol: H2
Server: 2606:4700:10::ac43:db6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 14:51:58 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://spl.zeotap.com
access-control-allow-credentials: true
cf-ray: 6bd0037d7926693a-FRA
access-control-allow-headers: *
content-length: 95

Redirect headers

location: https://mwzeom.zeotap.com/mw?cid=811f9729-98db-4b92-967b-02041522fad0&zpartnerid=5&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=d3c45572-f3bb-45a6-4f08-50157969e3f9&reqId=1629df10-1e12-42e7-45b0-824325257fc7&zdid=1361
date: Mon, 13 Dec 2021 14:51:58 GMT
via: 1.1 google
alt-svc: clear
content-length: 0
strict-transport-security: max-age=31536000
p3p: policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"

GET
H2 403 /
dmp.adform.net/serving/cookie/match/ Frame 888D 0
331 B 71ms
18ms Image
text/plain 37.157.2.234
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dmp.adform.net/serving/cookie/match/?party=1105&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=d3c45572-f3bb-45a6-4f08-50157969e3f9&reqId=1629df10-1e12-42e7-45b0-824325257fc7&zdid=1361

Requested by

Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.2.234 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 13 Dec 2021 14:51:58 GMT
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H2

200

mw
mwzeom.zeotap.com/ Frame 888D
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=2xlgrzl&ttd_tpi=1&ttd_puid=env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3Dd3c45572-f3bb-45a6-4f08-50157969e3f9%26reqId%3D1...
https://mwzeom.zeotap.com/mw?cid=22653919-009f-4f9a-864e-eb4e5e5e19ca&zpartnerid=6&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=d3c45572-f3bb-45a6-4f08-50157969e3f9&reqId=1629df10-1e12-42e7...

95 B
153 B

25ms
24ms

Image
image/png

2606:4700:10::ac43:db6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?cid=22653919-009f-4f9a-864e-eb4e5e5e19ca&zpartnerid=6&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=d3c45572-f3bb-45a6-4f08-50157969e3f9&reqId=1629df10-1e12-42e7-45b0-824325257fc7&zdid=1361
Requested by: Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol: H2
Server: 2606:4700:10::ac43:db6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 14:51:58 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://spl.zeotap.com
access-control-allow-credentials: true
cf-ray: 6bd0037d1fe6693a-FRA
access-control-allow-headers: *
content-length: 95

Redirect headers

pragma: no-cache
date: Mon, 13 Dec 2021 14:51:58 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://mwzeom.zeotap.com/mw?cid=22653919-009f-4f9a-864e-eb4e5e5e19ca&zpartnerid=6&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=d3c45572-f3bb-45a6-4f08-50157969e3f9&reqId=1629df10-1e12-42e7-45b0-824325257fc7&zdid=1361
cache-control: private,no-cache, must-revalidate
content-type: text/html
content-length: 481

GET
H2 200 cm
trc.taboola.com/sg/zeotap/1/ Frame 888D 0
57 B 48ms
17ms Image
text/plain 2a04:4e42:400::300
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trc.taboola.com/sg/zeotap/1/cm?env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=d3c45572-f3bb-45a6-4f08-50157969e3f9&reqId=1629df10-1e12-42e7-45b0-824325257fc7&zdid=1361
Requested by: Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:400::300 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-vcl-time-ms: 9
date: Mon, 13 Dec 2021 14:51:58 GMT
via: 1.1 varnish
server: nginx
x-timer: S1639407119.882495,VS0,VE9
x-cache: MISS
x-cache-hits: 0
accept-ranges: bytes
content-length: 0
x-served-by: cache-hhn4073-HHN

GET
H/1.1 200
OK u
dmp.v.fwmrm.net/ad/ Frame 888D 0
411 B 437ms
100ms Image
text/html 2600:1f18:6593:f606:5126:e6b:eab6:7393
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dmp.v.fwmrm.net/ad/u?mode=echo&cr=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D1368%26env%3DmWeb%26cid%3D%23%7Buser.id%7D%26gdpr%3D%24%7BGDPR_ENFORCED%7D%26gdpr_consent%3D%24%7BGDPR_CONSENT%7D
Requested by: Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:6593:f606:5126:e6b:eab6:7393 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 13 Dec 2021 14:51:59 GMT
P3P: policyref="https://www.freewheel.tv/w3c/p3p.xml",CP="ALL DSP COR NID"
Cache-Control: no-store
Connection: keep-alive
Content-Type: text/html
Keep-Alive: timeout=300
Content-Length: 0
Expires: 0

GET
H2 200 UCookieSetPug
image6.pubmatic.com/AdServer/ Frame 888D 0
41 B 24ms
19ms Image
text/html 185.64.190.78
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image6.pubmatic.com/AdServer/UCookieSetPug?gdpr=1&gdpr_consent=&rd=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D1384%26env%3DmWeb%26cid%3D%23PM_USER_ID%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3Dd3c45572-f3bb-45a6-4f08-50157969e3f9%26reqId%3D1629df10-1e12-42e7-45b0-824325257fc7%26zdid%3D1361
Requested by: Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.78 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 14:51:58 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H2

200

mw
mwzeom.zeotap.com/ Frame 888D
Redirect Chain

https://sync.tidaltv.com/genericusersync.ashx?dpid=3169&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=d3c45572-f3bb-45a6-4f08-50157969e3f9&reqId=1629df10-1e12-42e7-45b0-824325257fc7&zdid=1361
https://sync.tidaltv.com/genericusersync.ashx?dpid=3169&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=d3c45572-f3bb-45a6-4f08-50157969e3f9&reqId=1629df10-1e12-42e7-45b0-824325257fc7&zdid=136...
https://mwzeom.zeotap.com/mw?cid=da823595-6cb7-4bfe-b62e-f024360f41e6&zpartnerid=317&gdpr=1&gdpr_consent=

95 B
176 B

25ms
24ms

Image
image/png

2606:4700:10::ac43:db6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?cid=da823595-6cb7-4bfe-b62e-f024360f41e6&zpartnerid=317&gdpr=1&gdpr_consent=
Requested by: Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol: H2
Server: 2606:4700:10::ac43:db6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 14:51:59 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://spl.zeotap.com
access-control-allow-credentials: true
cf-ray: 6bd0037dea26693a-FRA
access-control-allow-headers: *
content-length: 95

Redirect headers

pragma: no-cache
date: Mon, 13 Dec 2021 14:51:59 GMT
server: Apache-Coyote/1.1
location: https://mwzeom.zeotap.com/mw?cid=da823595-6cb7-4bfe-b62e-f024360f41e6&zpartnerid=317&gdpr=1&gdpr_consent=
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-length: 0
x-xss-protection: 1; mode=block
expires: 0

GET
H2

200

mw
mwzeom.zeotap.com/ Frame 888D
Redirect Chain

https://dpm.demdex.net/ibs:dpid=199624&dpuuid=d3c45572-f3bb-45a6-4f08-50157969e3f9&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BDD_UUID%7D%26zpartnerid%3D314%26env%3DmWeb%26eventType%3D...
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=199624&dpuuid=d3c45572-f3bb-45a6-4f08-50157969e3f9&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BDD_UUID%7D%26zpartnerid%3D314%26env...
https://mwzeom.zeotap.com/mw?cid=41422844723829990031445744553350014138&zpartnerid=314&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=d3c45572-f3bb-45a6-4f08-50157969e3f9&reqId=1629df10-1e12-...

95 B
153 B

19ms
18ms

Image
image/png

2606:4700:10::ac43:db6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?cid=41422844723829990031445744553350014138&zpartnerid=314&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=d3c45572-f3bb-45a6-4f08-50157969e3f9&reqId=1629df10-1e12-42e7-45b0-824325257fc7&zdid=1361
Requested by: Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol: H2
Server: 2606:4700:10::ac43:db6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 14:51:59 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://spl.zeotap.com
access-control-allow-credentials: true
cf-ray: 6bd0037e2ac7693a-FRA
access-control-allow-headers: *
content-length: 95

Redirect headers

DCS: dcs-prod-irl1-1-v023-077028713.edge-irl1.demdex.com UNKNOWN
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: msFKg3o2QBo=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Location: https://mwzeom.zeotap.com/mw?cid=41422844723829990031445744553350014138&zpartnerid=314&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=d3c45572-f3bb-45a6-4f08-50157969e3f9&reqId=1629df10-1e12-42e7-45b0-824325257fc7&zdid=1361
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H2 204 /
loadeu.exelator.com/load/ Frame 888D 0
324 B 135ms
27ms Image
text/plain 34.254.143.3
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://loadeu.exelator.com/load/?p=709&g=008&j=0&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=d3c45572-f3bb-45a6-4f08-50157969e3f9&reqId=1629df10-1e12-42e7-45b0-824325257fc7&zdid=1361
Requested by: Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.254.143.3 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-254-143-3.eu-west-1.compute.amazonaws.com
Software: nginx / Undertow/1
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 14:51:58 GMT
cache-control: no-cache
access-control-allow-credentials: true
server: nginx
x-powered-by: Undertow/1
p3p: policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA, policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA

GET
H2

200

mw
mwzeom.zeotap.com/ Frame 888D
Redirect Chain

https://bn01.er.bemail.it/zeotap.php?_bid=d3c45572-f3bb-45a6-4f08-50157969e3f9&_from=Zeotap&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=d3c45572-f3bb-45a6-4f08-50157969e3f9&reqId=1629df10-...
https://mwzeom.zeotap.com/mw?cid=BE1-2021121315-56558-0.709730001639407111-10cbd0b622a0e1e36f4aa91566d585c0&zdid=533&env=mWeb

95 B
153 B

21ms
21ms

Image
image/png

2606:4700:10::ac43:db6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?cid=BE1-2021121315-56558-0.709730001639407111-10cbd0b622a0e1e36f4aa91566d585c0&zdid=533&env=mWeb
Requested by: Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol: H2
Server: 2606:4700:10::ac43:db6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 14:51:58 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://spl.zeotap.com
access-control-allow-credentials: true
cf-ray: 6bd0037da98b693a-FRA
access-control-allow-headers: *
content-length: 95

Redirect headers

Location: https://mwzeom.zeotap.com/mw?cid=BE1-2021121315-56558-0.709730001639407111-10cbd0b622a0e1e36f4aa91566d585c0&zdid=533&env=mWeb
Date: Mon, 13 Dec 2021 14:51:51 GMT
Server: nginx/1.10.2
Connection: keep-alive
X-Powered-By: PHP/5.4.16
Transfer-Encoding: chunked
Content-Type: text/html

GET
H2

200

mw
mwzeom.zeotap.com/ Frame 888D
Redirect Chain

https://dsp.adfarm1.adition.com/cookie/?redirect=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%25%25COOKIE%25%25%26env%3DmWeb%26zpartnerid%3D563%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_con...
https://mwzeom.zeotap.com/mw?cid=7041199956690729112&env=mWeb&zpartnerid=563&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=d3c45572-f3bb-45a6-4f08-50157969e3f9&reqId=1629df10-1e12-42e7-45b0-...

95 B
153 B

24ms
22ms

Image
image/png

2606:4700:10::ac43:db6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?cid=7041199956690729112&env=mWeb&zpartnerid=563&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=d3c45572-f3bb-45a6-4f08-50157969e3f9&reqId=1629df10-1e12-42e7-45b0-824325257fc7&zdid=1361
Requested by: Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol: H2
Server: 2606:4700:10::ac43:db6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 14:51:58 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://spl.zeotap.com
access-control-allow-credentials: true
cf-ray: 6bd0037d4883693a-FRA
access-control-allow-headers: *
content-length: 95

Redirect headers

Location: https://mwzeom.zeotap.com/mw?cid=7041199956690729112&env=mWeb&zpartnerid=563&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=d3c45572-f3bb-45a6-4f08-50157969e3f9&reqId=1629df10-1e12-42e7-45b0-824325257fc7&zdid=1361
Date: Mon, 13 Dec 2021 14:51:58 GMT
Server: nginx
Connection: keep-alive
Transfer-Encoding: chunked
p3p: policyref="http://imagesrv.adition.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"

GET
H2

200

check
pixel.tapad.com/idsync/ex/receive/ Frame 888D
Redirect Chain

https://pixel.tapad.com/idsync/ex/receive?partner_id=2885&partner_device_id=d3c45572-f3bb-45a6-4f08-50157969e3f9
https://pixel.tapad.com/idsync/ex/receive/check?partner_id=2885&partner_device_id=d3c45572-f3bb-45a6-4f08-50157969e3f9

95 B
425 B

24ms
24ms

Image
image/png

35.227.248.159
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.tapad.com/idsync/ex/receive/check?partner_id=2885&partner_device_id=d3c45572-f3bb-45a6-4f08-50157969e3f9

Requested by

Protocol

Server

35.227.248.159 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

159.248.227.35.bc.googleusercontent.com

Software

Resource Hash

3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 14:51:58 GMT
via: 1.1 google
content-type: image/png
alt-svc: clear
content-length: 95
strict-transport-security: max-age=31536000
p3p: policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"

Redirect headers

location: https://pixel.tapad.com/idsync/ex/receive/check?partner_id=2885&partner_device_id=d3c45572-f3bb-45a6-4f08-50157969e3f9
date: Mon, 13 Dec 2021 14:51:58 GMT
via: 1.1 google
alt-svc: clear
content-length: 0
strict-transport-security: max-age=31536000
p3p: policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"

GET
H2

200

mw
mwzeom.zeotap.com/ Frame 888D
Redirect Chain

https://idsync.frontend.weborama.fr/ids?key=zeotap&value=d3c45572-f3bb-45a6-4f08-50157969e3f9&url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fwebouuid%3D%7BWEBO_CID%7D%26env%3DmWeb%26zpartnerid%3D431%26...
https://idsync.frontend.weborama.fr/ids?key=zeotap&value=d3c45572-f3bb-45a6-4f08-50157969e3f9&url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fwebouuid%3D%7BWEBO_CID%7D%26env%3DmWeb%26zpartnerid%3D431%26...
https://mwzeom.zeotap.com/mw?webouuid=0KR94CXwjAL/AggskIq54O&env=mWeb&zpartnerid=431&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=d3c45572-f3bb-45a6-4f08-50157969e3f9&reqId=1629df10-1e12-42...

95 B
153 B

38ms
38ms

Image
image/png

2606:4700:10::ac43:db6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?webouuid=0KR94CXwjAL/AggskIq54O&env=mWeb&zpartnerid=431&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=d3c45572-f3bb-45a6-4f08-50157969e3f9&reqId=1629df10-1e12-42e7-45b0-824325257fc7&zdid=1361
Requested by: Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol: H2
Server: 2606:4700:10::ac43:db6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 14:51:59 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://spl.zeotap.com
access-control-allow-credentials: true
cf-ray: 6bd0037e2ad4693a-FRA
access-control-allow-headers: *
content-length: 95

Redirect headers

pragma: no-cache
date: Mon, 13 Dec 2021 14:51:59 GMT
via: 1.1 google
last-modified: Mon, 13 Dec 2021 14:51:59 GMT
server: nginx/1.12.0
location: https://mwzeom.zeotap.com/mw?webouuid=0KR94CXwjAL/AggskIq54O&env=mWeb&zpartnerid=431&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=d3c45572-f3bb-45a6-4f08-50157969e3f9&reqId=1629df10-1e12-42e7-45b0-824325257fc7&zdid=1361
p3p: CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Tue, 03 Jul 2001 06:00:00 GMT

GET
H2 200 2.gif
dmp.theadex.com/d/949/i/ Frame 888D 36 B
335 B 61ms
19ms Image
image/gif 89.163.159.109
MYLOC-AS IP Backb...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dmp.theadex.com/d/949/i/2.gif?axd_fuid=d3c45572-f3bb-45a6-4f08-50157969e3f9&axd_pid=175
Requested by: Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 89.163.159.109 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),
Reverse DNS
Software: nginx /
Resource Hash: 204265a6f1fc8529e4a64cff2c17c04709b46455f93003d24edb50bd78977223

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 13 Dec 2021 14:51:59 GMT
server: nginx
content-type: image/gif
cache-control: no-store, no-cache, must-revalidate
access-control-allow-credentials: true
content-length: 36
expires: 0

GET
H2

200

mw
mwzeom.zeotap.com/ Frame 888D
Redirect Chain

https://bcp.crwdcntrl.net/map/c=13620/tp=ZEOT/tpid=d3c45572-f3bb-45a6-4f08-50157969e3f9?https://mwzeom.zeotap.com/mw?pid=${profile_id}&zpartnerid=637&env=mWeb&env=mWeb&eventType=map&gdpr=1&gdpr_con...
https://bcp.crwdcntrl.net/map/ct=y/c=13620/tp=ZEOT/tpid=d3c45572-f3bb-45a6-4f08-50157969e3f9?https://mwzeom.zeotap.com/mw?pid=${profile_id}&zpartnerid=637&env=mWeb&env=mWeb&eventType=map&gdpr=1&gdp...
https://mwzeom.zeotap.com/mw?pid=fcc6b7d9aec90eef210a58a5bcddbe17&zpartnerid=637&env=mWeb&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=d3c45572-f3bb-45a6-4f08-50157969e3f9&reqId=1629df10-1e...

95 B
153 B

25ms
23ms

Image
image/png

2606:4700:10::ac43:db6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?pid=fcc6b7d9aec90eef210a58a5bcddbe17&zpartnerid=637&env=mWeb&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=d3c45572-f3bb-45a6-4f08-50157969e3f9&reqId=1629df10-1e12-42e7-45b0-824325257fc7&zdid=1361
Requested by: Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol: H2
Server: 2606:4700:10::ac43:db6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 14:51:59 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://spl.zeotap.com
access-control-allow-credentials: true
cf-ray: 6bd0037e7b81693a-FRA
access-control-allow-headers: *
content-length: 95

Redirect headers

pragma: no-cache
date: Mon, 13 Dec 2021 14:51:59 GMT
server: Jetty(9.4.38.v20210224)
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
location: https://mwzeom.zeotap.com/mw?pid=fcc6b7d9aec90eef210a58a5bcddbe17&zpartnerid=637&env=mWeb&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=d3c45572-f3bb-45a6-4f08-50157969e3f9&reqId=1629df10-1e12-42e7-45b0-824325257fc7&zdid=1361
cache-control: no-cache
x-server: 10.45.17.4
content-length: 0
expires: 0

GET
H2

200

mw
mwzeom.zeotap.com/ Frame 888D
Redirect Chain

https://cms.analytics.yahoo.com/cms?partner_id=ZTAP
https://mwzeom.zeotap.com/mw?cid=y-zWAvthpE2ool6GOMIQOQCvR4IZ4npTlRqQ--~A&zpartnerid=570&env=mWeb

95 B
153 B

37ms
36ms

Image
image/png

2606:4700:10::ac43:db6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?cid=y-zWAvthpE2ool6GOMIQOQCvR4IZ4npTlRqQ--~A&zpartnerid=570&env=mWeb
Requested by: Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol: H2
Server: 2606:4700:10::ac43:db6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 14:51:59 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://spl.zeotap.com
access-control-allow-credentials: true
cf-ray: 6bd0037ebbff693a-FRA
access-control-allow-headers: *
content-length: 95

Redirect headers

date: Mon, 13 Dec 2021 14:51:59 GMT
referrer-policy: strict-origin-when-cross-origin
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
content-type: text/html;charset=utf-8
location: https://mwzeom.zeotap.com/mw?cid=y-zWAvthpE2ool6GOMIQOQCvR4IZ4npTlRqQ--~A&zpartnerid=570&env=mWeb
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000
content-length: 0
x-content-type-options: nosniff

GET
H2

200

mw
mwzeom.zeotap.com/ Frame 888D
Redirect Chain

https://aa.agkn.com/adscores/g.pixel?sid=9212299398&zctry=DEU&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=d3c45572-f3bb-45a6-4f08-50157969e3f9&reqId=1629df10-1e12-42e7-45b0-824325257fc7&zd...
https://mwzeom.zeotap.com/mw?zpartnerid=660&env=mWeb&zctry=DEU&zdid=1361&cid=7%2Bfx6CegwCZmDIqWL4SO9ZaPSND78s8Q%2BS41iYitP1U%3D

95 B
164 B

43ms
27ms

Image
image/png

2606:4700:10::ac43:db6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?zpartnerid=660&env=mWeb&zctry=DEU&zdid=1361&cid=7%2Bfx6CegwCZmDIqWL4SO9ZaPSND78s8Q%2BS41iYitP1U%3D
Requested by: Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol: H2
Server: 2606:4700:10::ac43:db6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 14:51:58 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://spl.zeotap.com
access-control-allow-credentials: true
cf-ray: 6bd0037d0fbb693a-FRA
access-control-allow-headers: *
content-length: 95

Redirect headers

pragma: no-cache
date: Mon, 13 Dec 2021 14:51:58 GMT
server: AAWebServer
p3p: policyref="https://www.agkn.com/p3p/p3p.xml",CP="NOI NID"
location: https://mwzeom.zeotap.com/mw?zpartnerid=660&env=mWeb&zctry=DEU&zdid=1361&cid=7%2Bfx6CegwCZmDIqWL4SO9ZaPSND78s8Q%2BS41iYitP1U%3D
cache-control: no-cache, no-store, must-revalidate
content-length: 0
expires: 0

GET
H2 200 v2
odr.mookie1.com/t/ Frame 888D 43 B
324 B 60ms
22ms Image
image/gif 34.98.67.61
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://odr.mookie1.com/t/v2?tagid=V2_746632&src.visitorId=d3c45572-f3bb-45a6-4f08-50157969e3f9&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=d3c45572-f3bb-45a6-4f08-50157969e3f9&reqId=1629df10-1e12-42e7-45b0-824325257fc7&zdid=1361
Requested by: Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.67.61 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 61.67.98.34.bc.googleusercontent.com
Software: Apache /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 13 Dec 2021 14:51:59 GMT
via: 1.1 google
server: Apache
p3p: CP="NON DSP COR NID CURa PSAa PSDa OUR STP UNI COM NAV STA LOC OTC",policyref="/w3c/p3p.xml"
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif;charset=UTF-8
alt-svc: clear
content-length: 43
x-application-context: application
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 204 usermatch.gif
beacon.krxd.net/ Frame 888D 0
338 B 95ms
29ms Image
text/plain 52.215.164.121
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://beacon.krxd.net/usermatch.gif?partner=zeotap&partner_uid=141838&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=d3c45572-f3bb-45a6-4f08-50157969e3f9&reqId=1629df10-1e12-42e7-45b0-824325257fc7&zdid=1361
Requested by: Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.215.164.121 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-215-164-121.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 14:51:59 GMT
cache-control: private, no-cache, no-store
x-request-time: D=37 t=1639407119
x-served-by: beacon-n012-dub-prod.krxd.net
p3p: policyref="https://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H2 200 /
sync.richaudience.com/1988B3F6BED450961C9D70DD91/ Frame 888D 95 B
360 B 18ms
16ms Image
image/png 162.55.236.225
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.richaudience.com/1988B3F6BED450961C9D70DD91/?uuid=d3c45572-f3bb-45a6-4f08-50157969e3f9&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=d3c45572-f3bb-45a6-4f08-50157969e3f9&reqId=1629df10-1e12-42e7-45b0-824325257fc7&zdid=1361
Requested by: Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 162.55.236.225 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.225.236.55.162.clients.your-server.de
Software: nginx/1.14.2 /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 14:51:58 GMT
server: nginx/1.14.2
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
content-type: image/png

GET
H2 503 cQZGoH6Q
sync-tm.everesttech.net/upi/pid/ Frame 888D 0
83 B 7ms
7ms Image
text/plain 151.101.2.49
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync-tm.everesttech.net/upi/pid/cQZGoH6Q?redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D876%26env%3DmWeb%26cid%3D${TM_USER_ID}%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3Dd3c45572-f3bb-45a6-4f08-50157969e3f9%26reqId%3D1629df10-1e12-42e7-45b0-824325257fc7%26zdid%3D1361
Requested by: Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.2.49 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: Varnish /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 13 Dec 2021 14:51:59 GMT
via: 1.1 varnish
server: Varnish
x-timer: S1639407119.017023,VS0,VE0
x-cache: MISS
cache-control: no-cache
x-cache-hits: 0
accept-ranges: bytes
content-length: 0
retry-after: 0
x-served-by: cache-hhn4059-HHN

GET
H2

200

mw
mwzeom.zeotap.com/ Frame 888D
Redirect Chain

https://pixel.mathtag.com/sync/img?mt_exid=10092&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%5BMM_UUID%5D%26env%3DmWeb%26zpartnerid%3D979%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_co...
https://mwzeom.zeotap.com/mw?cid=8b9d61b7-5e0e-4300-ba0d-feebf75e4e8e&env=mWeb&zpartnerid=979&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=d3c45572-f3bb-45a6-4f08-50157969e3f9&reqId=1629df1...

95 B
153 B

22ms
22ms

Image
image/png

2606:4700:10::ac43:db6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?cid=8b9d61b7-5e0e-4300-ba0d-feebf75e4e8e&env=mWeb&zpartnerid=979&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=d3c45572-f3bb-45a6-4f08-50157969e3f9&reqId=1629df10-1e12-42e7-45b0-824325257fc7&zdid=1361
Requested by: Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol: H2
Server: 2606:4700:10::ac43:db6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 14:51:59 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://spl.zeotap.com
access-control-allow-credentials: true
cf-ray: 6bd0037e8b97693a-FRA
access-control-allow-headers: *
content-length: 95

Redirect headers

Date: Mon, 13 Dec 2021 14:51:59 GMT
Server: MT3 4103 f8fad19 master cdg-pixel-x27 config:1.0.0
Access-Control-Allow-Origin: *
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Location: https://mwzeom.zeotap.com/mw?cid=8b9d61b7-5e0e-4300-ba0d-feebf75e4e8e&env=mWeb&zpartnerid=979&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=d3c45572-f3bb-45a6-4f08-50157969e3f9&reqId=1629df10-1e12-42e7-45b0-824325257fc7&zdid=1361
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 0
Expires: Mon, 13 Dec 2021 14:51:58 GMT

GET
H2

204

usermatch.gif
beacon.krxd.net/ Frame 888D
Redirect Chain

https://usermatch.krxd.net/um/v2?partner=zeotap&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=d3c45572-f3bb-45a6-4f08-50157969e3f9&reqId=1629df10-1e12-42e7-45b0-824325257fc7&zdid=1361
https://beacon.krxd.net/usermatch.gif?kuid_status=new&partner=zeotap&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=d3c45572-f3bb-45a6-4f08-50157969e3f9&reqId=1629df10-1e12-42e7-45b0-82432525...

0
337 B

32ms
31ms

Image
text/plain

52.215.164.121
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://beacon.krxd.net/usermatch.gif?kuid_status=new&partner=zeotap&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=d3c45572-f3bb-45a6-4f08-50157969e3f9&reqId=1629df10-1e12-42e7-45b0-824325257fc7&zdid=1361
Requested by: Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol: H2
Server: 52.215.164.121 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-215-164-121.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 14:51:59 GMT
cache-control: private, no-cache, no-store
x-request-time: D=79 t=1639407119
x-served-by: beacon-n007-dub-prod.krxd.net
p3p: policyref="https://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

location: https://beacon.krxd.net/usermatch.gif?kuid_status=new&partner=zeotap&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=d3c45572-f3bb-45a6-4f08-50157969e3f9&reqId=1629df10-1e12-42e7-45b0-824325257fc7&zdid=1361
date: Mon, 13 Dec 2021 14:51:59 GMT
x-cache-hits: 0
x-age: 0
content-length: 0
x-cache: MISS
x-served-by: usermatch-a014-ash-prod.krxd.net

GET
H/1.1

200
OK

dcm
aax-eu.amazon-adsystem.com/s/ Frame 888D
Redirect Chain

https://aax-eu.amazon-adsystem.com/s/dcm?pid=cda341cb-196c-4da8-897b-752ce4bb588d&id=d3c45572-f3bb-45a6-4f08-50157969e3f9&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=d3c45572-f3bb-45a6-4f0...
https://aax-eu.amazon-adsystem.com/s/dcm?pid=cda341cb-196c-4da8-897b-752ce4bb588d&id=d3c45572-f3bb-45a6-4f08-50157969e3f9&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=d3c45572-f3bb-45a6-4f0...

43 B
645 B

32ms
32ms

Image
image/gif

54.239.37.23
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://aax-eu.amazon-adsystem.com/s/dcm?pid=cda341cb-196c-4da8-897b-752ce4bb588d&id=d3c45572-f3bb-45a6-4f08-50157969e3f9&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=d3c45572-f3bb-45a6-4f08-50157969e3f9&reqId=1629df10-1e12-42e7-45b0-824325257fc7&zdid=1361&dcc=t

Requested by

Protocol

HTTP/1.1

Server

54.239.37.23 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 13 Dec 2021 14:51:59 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: HNMEC1ZJTSJ3TGK4KKDD
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Mon, 13 Dec 2021 14:51:59 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: 2YX5R3YSVZZEB9K71BG2
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location: https://aax-eu.amazon-adsystem.com/s/dcm?pid=cda341cb-196c-4da8-897b-752ce4bb588d&id=d3c45572-f3bb-45a6-4f08-50157969e3f9&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=d3c45572-f3bb-45a6-4f08-50157969e3f9&reqId=1629df10-1e12-42e7-45b0-824325257fc7&zdid=1361&dcc=t
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2

200

mw
mwzeom.zeotap.com/ Frame 888D
Redirect Chain

https://tags.bluekai.com/site/87734?id=d3c45572-f3bb-45a6-4f08-50157969e3f9&gdpr=1&gdpr_consent=&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D1202%26env%3DmWeb%26cid%3D%24_BK_UUID%26BK...
https://mwzeom.zeotap.com/mw?zpartnerid=1202&env=mWeb&cid=$_BK_UUID&BK_SWAP_DEST=87734

95 B
153 B

28ms
27ms

Image
image/png

2606:4700:10::ac43:db6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?zpartnerid=1202&env=mWeb&cid=$_BK_UUID&BK_SWAP_DEST=87734
Requested by: Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol: H2
Server: 2606:4700:10::ac43:db6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 14:51:59 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://spl.zeotap.com
access-control-allow-credentials: true
cf-ray: 6bd0037f6da5693a-FRA
access-control-allow-headers: *
content-length: 95

Redirect headers

Location: https://mwzeom.zeotap.com/mw?zpartnerid=1202&env=mWeb&cid=$_BK_UUID&BK_SWAP_DEST=87734
Date: Mon, 13 Dec 2021 14:51:59 GMT
Connection: keep-alive
Content-Length: 0
BK-Server: 4373
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"

GET
H2

200

mw
mwzeom.zeotap.com/ Frame 888D
Redirect Chain

https://obgpm76tt0a0sgogzhdfe.redinuid.imrworldwide.com/zeo?url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D1395%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3Dd3c...
https://mwzeom.zeotap.com/mw?zpartnerid=1395&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=d3c45572-f3bb-45a6-4f08-50157969e3f9&reqId=1629df10-1e12-42e7-45b0-824325257fc7&zdid=1361

95 B
153 B

46ms
46ms

Image
image/png

2606:4700:10::ac43:db6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?zpartnerid=1395&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=d3c45572-f3bb-45a6-4f08-50157969e3f9&reqId=1629df10-1e12-42e7-45b0-824325257fc7&zdid=1361
Requested by: Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol: H2
Server: 2606:4700:10::ac43:db6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 14:51:59 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://spl.zeotap.com
access-control-allow-credentials: true
cf-ray: 6bd0037f3d31693a-FRA
access-control-allow-headers: *
content-length: 95

Redirect headers

location: https://mwzeom.zeotap.com/mw?zpartnerid=1395&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=d3c45572-f3bb-45a6-4f08-50157969e3f9&reqId=1629df10-1e12-42e7-45b0-824325257fc7&zdid=1361
date: Mon, 13 Dec 2021 14:51:59 GMT
cross-origin-resource-policy: cross-origin
content-length: 0

GET
H2 200 cmp.min.js Show response
spl.zeotap.com/ Frame 888D 557 B
498 B 24ms
22ms Script
text/plain 2606:4700:10::ac43:db6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://spl.zeotap.com/cmp.min.js?env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=d3c45572-f3bb-45a6-4f08-50157969e3f9&reqId=1629df10-1e12-42e7-45b0-824325257fc7&zdid=1361
Requested by: Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:db6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4f6d2f65857a97e5d206912792e430caa2c3ef86338533016af58de57fd70fc3

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

cf-ray: 6bd0037cdf4f693a-FRA
date: Mon, 13 Dec 2021 14:51:58 GMT
via: 1.1 google
cf-cache-status: MISS
last-modified: Mon, 13 Dec 2021 14:51:58 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin, Accept-Encoding
content-type: text/plain; charset=utf-8
access-control-allow-origin: https://spl.zeotap.com
access-control-allow-credentials: true
content-encoding: br
access-control-allow-headers: *

GET
H3 200 show_ads_impl_with_ama_fy2019.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202112060101/ Frame C3B5 276 KB
99 KB 137ms
136ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202112060101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1575911585432548&plah=securityaffairs.co

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/show_ads.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

00db1163ca6054f2a8496a8613addd64991e27eedc8a136ca3e1f9dc04e894f8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 14:51:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 101734
x-xss-protection: 0
server: cafe
etag: 4507154694380913909
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Mon, 13 Dec 2021 14:51:58 GMT

GET
H2 200 casale
match.adsrvr.org/track/cmf/ Frame 69CA 70 B
264 B 31ms
30ms Image
image/gif 15.197.193.217
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/casale?gdpr=1
Requested by: Host: ssum.casalemedia.com
URL: https://ssum.casalemedia.com/usermatch?cb=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3Dc15c691fe1cf8b15%26uid%3D&s=190243&C=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 15.197.193.217 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a12b7a488abeaa9e4.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssum.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 13 Dec 2021 14:51:58 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H/1.1

200
OK

usermatchredir
ssum-sec.casalemedia.com/ Frame 69CA
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=YbdeDr6Zg-VHPqDI-_eGlQAABJMAAAAB&gdpr_consent=&us_privacy=&gdpr=1
https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm=&google_hm=YbdeDr6Zg-VHPqDI-_eGlQAABJMAAAAB&gdpr_consent=&us_privacy=&gdpr=1&google_tc=
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=1&google_gid=CAESEO5B1yGST6msGZAzUe7r7Is&google_cver=1

43 B
315 B

36ms
11ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=1&google_gid=CAESEO5B1yGST6msGZAzUe7r7Is&google_cver=1
Requested by: Host: ssum.casalemedia.com
URL: https://ssum.casalemedia.com/usermatch?cb=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3Dc15c691fe1cf8b15%26uid%3D&s=190243&C=1
Protocol: HTTP/1.1
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssum.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 13 Dec 2021 14:51:59 GMT
Server: Apache
Vary: Is-Traffic-Usersync
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 43
Expires: Mon, 13 Dec 2021 14:51:59 GMT

Redirect headers

pragma: no-cache
date: Mon, 13 Dec 2021 14:51:59 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=1&google_gid=CAESEO5B1yGST6msGZAzUe7r7Is&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 343
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

crum
dsum-sec.casalemedia.com/ Frame 69CA
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D&gdpr=1
https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=YbdeDr6Zg.VHPqDI.-eGlQAA
https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=casale_media2_dbm&google_cm=&google_sc=&google_hm=YbdeDr6Zg.VHPqDI.-eGlQAA&google_tc=
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEAGO5U-k1oHdQCeW_6xOPuc&google_cver=1&gdpr=1&google_hm=2

43 B
1 KB

13ms
12ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEAGO5U-k1oHdQCeW_6xOPuc&google_cver=1&gdpr=1&google_hm=2
Requested by: Host: ssum.casalemedia.com
URL: https://ssum.casalemedia.com/usermatch?cb=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3Dc15c691fe1cf8b15%26uid%3D&s=190243&C=1
Protocol: HTTP/1.1
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssum.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 13 Dec 2021 14:51:59 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Mon, 13 Dec 2021 14:51:59 GMT

Redirect headers

pragma: no-cache
date: Mon, 13 Dec 2021 14:51:59 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEAGO5U-k1oHdQCeW_6xOPuc&google_cver=1&gdpr=1&google_hm=2
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 341
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

dcm
s.amazon-adsystem.com/ Frame 69CA
Redirect Chain

https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YbdeDr6Zg-VHPqDI-_eGlQAABJMAAAAB
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YbdeDr6Zg-VHPqDI-_eGlQAABJMAAAAB&dcc=t

43 B
645 B

99ms
99ms

Image
image/gif

209.54.180.144
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YbdeDr6Zg-VHPqDI-_eGlQAABJMAAAAB&dcc=t

Requested by

Host: ssum.casalemedia.com
URL: https://ssum.casalemedia.com/usermatch?cb=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3Dc15c691fe1cf8b15%26uid%3D&s=190243&C=1

Protocol

HTTP/1.1

Server

209.54.180.144 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssum.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 13 Dec 2021 14:51:59 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: 5S9A9EW4158AZMA23XV7
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Mon, 13 Dec 2021 14:51:59 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: Z5QY4ASE99SMD1H837JC
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location: https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YbdeDr6Zg-VHPqDI-_eGlQAABJMAAAAB&dcc=t
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 204 sync
ups.analytics.yahoo.com/ups/55940/ Frame 69CA 0
124 B 63ms
11ms Image
text/plain 18.156.0.31
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ups.analytics.yahoo.com/ups/55940/sync?_origin=1&redir2=true&uid=YbdeDr6Zg-VHPqDI-_eGlQAABJMAAAAB&gdpr_consent=&us_privacy=&gdpr=1

Requested by

Host: ssum.casalemedia.com
URL: https://ssum.casalemedia.com/usermatch?cb=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3Dc15c691fe1cf8b15%26uid%3D&s=190243&C=1

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

18.156.0.31 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-156-0-31.eu-central-1.compute.amazonaws.com

Software

ATS/9.1.0.33 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssum.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 14:51:58 GMT
server: ATS/9.1.0.33
age: 0
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H/1.1 400
Request failed due to privacy signals getuid
ib.adnxs.com/ Frame 69CA 0
0 47ms
46ms Image
text/html 185.33.221.87
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ib.adnxs.com/getuid?https://dsum.casalemedia.com/crum?cm_dsp_id=190&external_user_id=$UID&gdpr=1
Requested by: Host: ssum.casalemedia.com
URL: https://ssum.casalemedia.com/usermatch?cb=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3Dc15c691fe1cf8b15%26uid%3D&s=190243&C=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 185.33.221.87 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS: 723.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssum.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

GET
H/1.1 200
OK ibs:dpid=23728&dpuuid=YbdeDr6Zg.VHPqDI.-eGlQAA%261171
dpm.demdex.net/ Frame 69CA 0
0 129ms
32ms Image
application/json 54.228.253.216
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dpm.demdex.net/ibs:dpid=23728&dpuuid=YbdeDr6Zg.VHPqDI.-eGlQAA%261171?gdpr_consent=&us_privacy=&gdpr=1
Requested by: Host: ssum.casalemedia.com
URL: https://ssum.casalemedia.com/usermatch?cb=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3Dc15c691fe1cf8b15%26uid%3D&s=190243&C=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.228.253.216 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-228-253-216.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssum.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

GET
H/1.1

200
OK

crum
dsum-sec.casalemedia.com/ Frame 69CA
Redirect Chain

https://p.rfihub.com/cm?in=1&pub=2079&gdpr=1
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=57&external_user_id=5142336719120101289

43 B
991 B

15ms
14ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=57&external_user_id=5142336719120101289
Requested by: Host: ssum.casalemedia.com
URL: https://ssum.casalemedia.com/usermatch?cb=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3Dc15c691fe1cf8b15%26uid%3D&s=190243&C=1
Protocol: HTTP/1.1
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssum.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 13 Dec 2021 14:51:58 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Mon, 13 Dec 2021 14:51:58 GMT

Redirect headers

Location: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=57&external_user_id=5142336719120101289
Date: Mon, 13 Dec 2021 14:51:58 GMT
Server: Jetty(9.3.29.v20201019)
Content-Length: 0
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H2 200 um
u-ams02.e-planning.net/ Frame 69CA 42 B
103 B 17ms
16ms Image
image/gif 46.249.52.248
SERVERIUS-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://u-ams02.e-planning.net/um?dc=99e41df815fd80b4&fi=c15c691fe1cf8b15&uid=YbdeDr6Zg.VHPqDI.-eGlQAA%261171
Requested by: Host: ssum.casalemedia.com
URL: https://ssum.casalemedia.com/usermatch?cb=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3Dc15c691fe1cf8b15%26uid%3D&s=190243&C=1
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 46.249.52.248 Amsterdam, Netherlands, ASN50673 (SERVERIUS-AS, NL),
Reverse DNS: ads.us.e-planning.net
Software: openresty /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssum.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 14:51:58 GMT
server: openresty
content-type: image/gif

GET
H2 204 cmp
spl.zeotap.com/ Frame 888D 0
0 25ms
23ms Document
text/plain 2606:4700:10::ac43:db6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://spl.zeotap.com/cmp?env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=d3c45572-f3bb-45a6-4f08-50157969e3f9&reqId=1629df10-1e12-42e7-45b0-824325257fc7&zdid=1361&cmp=0
Requested by: Host: spl.zeotap.com
URL: https://spl.zeotap.com/cmp.min.js?env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=d3c45572-f3bb-45a6-4f08-50157969e3f9&reqId=1629df10-1e12-42e7-45b0-824325257fc7&zdid=1361
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:db6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map

Response headers

date: Mon, 13 Dec 2021 14:51:58 GMT
access-control-allow-credentials: true
access-control-allow-headers: *
access-control-allow-origin: https://spl.zeotap.com
vary: Origin
via: 1.1 google
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 6bd0037d0fc0693a-FRA

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 5A61
Redirect Chain

https://token.rubiconproject.com/token?pid=2249&pt=n
https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=Y2Y0N2IyN2JlYjhhMGM4NmMxMTlmMTA1NDczYTU2MjlmMGQwNWFlNg
https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=Y2Y0N2IyN2JlYjhhMGM4NmMxMTlmMTA1NDczYTU2MjlmMGQwNWFlNg&google_tc=

170 B
188 B

93ms
60ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=Y2Y0N2IyN2JlYjhhMGM4NmMxMTlmMTA1NDczYTU2MjlmMGQwNWFlNg&google_tc=

Requested by

Protocol

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 13 Dec 2021 14:51:59 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 13 Dec 2021 14:51:58 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=Y2Y0N2IyN2JlYjhhMGM4NmMxMTlmMTA1NDczYTU2MjlmMGQwNWFlNg&google_tc=
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 334
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 5A61
Redirect Chain

https://token.rubiconproject.com/token?pid=25470
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1g0U080RTUtMjItTDZNRg==
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1g0U080RTUtMjItTDZNRg==&google_tc=

170 B
188 B

84ms
59ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1g0U080RTUtMjItTDZNRg==&google_tc=

Requested by

Protocol

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 13 Dec 2021 14:51:59 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 13 Dec 2021 14:51:58 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1g0U080RTUtMjItTDZNRg==&google_tc=
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 299
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 451 709414.gif
id.rlcdn.com/ Frame 5A61 0
0 70ms
20ms Image
text/plain 35.244.174.68
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://id.rlcdn.com/709414.gif
Requested by: Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.174.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 68.174.244.35.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

GET
H2 200 rubicon
match.adsrvr.org/track/cmf/ Frame 5A61 70 B
264 B 34ms
31ms Image
image/gif 15.197.193.217
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/rubicon
Requested by: Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 15.197.193.217 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a12b7a488abeaa9e4.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 13 Dec 2021 14:51:58 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H/1.1

204
No Content

tap.php
pixel.rubiconproject.com/ Frame 5A61
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm&google_sc
https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm=&google_sc=&google_tc=
https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEN0fgGMv3k0WVXZa4nrvhZU&google_cver=1

0
239 B

10ms
9ms

Image
image/gif

69.173.144.139
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEN0fgGMv3k0WVXZa4nrvhZU&google_cver=1
Requested by: Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol: HTTP/1.1
Server: 69.173.144.139 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: 3bafef7aa4e37890defcd73f0a080481
Content-Type: image/gif

Redirect headers

pragma: no-cache
date: Mon, 13 Dec 2021 14:51:59 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEN0fgGMv3k0WVXZa4nrvhZU&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 326
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

204
No Content

tap.php
pixel.rubiconproject.com/ Frame 5A61
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=9&redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D4222%26nid%3D1512%26put%3D%5BMM_UUID%5D
https://pixel.rubiconproject.com/tap.php?v=4222&nid=1512&put=8b9d61b7-5e0e-4300-ba0d-feebf75e4e8e&expires=28

0
239 B

38ms
8ms

Image
image/gif

69.173.144.139
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=4222&nid=1512&put=8b9d61b7-5e0e-4300-ba0d-feebf75e4e8e&expires=28
Requested by: Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol: HTTP/1.1
Server: 69.173.144.139 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: 3bafef7aa4e37890defcd73f0a080481
Content-Type: image/gif

Redirect headers

Date: Mon, 13 Dec 2021 14:51:58 GMT
Server: MT3 4133 baa842e master zrh-pixel-x13 config:1.0.0
Access-Control-Allow-Origin: *
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://pixel.rubiconproject.com/tap.php?v=4222&nid=1512&put=8b9d61b7-5e0e-4300-ba0d-feebf75e4e8e&expires=28
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Mon, 13 Dec 2021 14:51:57 GMT

GET
H2 503 btu4jd3a
sync-tm.everesttech.net/upi/pid/ Frame 5A61 0
60 B 10ms
7ms Image
text/plain 151.101.2.49
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync-tm.everesttech.net/upi/pid/btu4jd3a?redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D191940%26nid%3D3778%26put%3D%24%7BUSER_ID%7D
Requested by: Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.2.49 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: Varnish /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 13 Dec 2021 14:51:58 GMT
via: 1.1 varnish
server: Varnish
x-timer: S1639407119.913900,VS0,VE0
x-cache: MISS
cache-control: no-cache
x-cache-hits: 0
accept-ranges: bytes
content-length: 0
retry-after: 0
x-served-by: cache-hhn4059-HHN

GET
H/1.1

204
No Content

tap.php
pixel.rubiconproject.com/ Frame 5A61
Redirect Chain

https://token.rubiconproject.com/token?pid=2974&pt=n&a=1
https://pr-bh.ybp.yahoo.com/sync/rubicon/ocdlAD0y8FEbJ4Hviv1khMn5EUdSAgOZEtemQ7w0kco?csrc=
https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=7765981465656487839

0
239 B

12ms
11ms

Image
image/gif

69.173.144.139
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=7765981465656487839
Requested by: Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol: HTTP/1.1
Server: 69.173.144.139 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: 3bafef7aa4e37890defcd73f0a080481
Content-Type: image/gif

Redirect headers

date: Mon, 13 Dec 2021 14:51:59 GMT
referrer-policy: strict-origin-when-cross-origin
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=31536000
location: https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=7765981465656487839
x-xss-protection: 1; mode=block
content-length: 0
x-content-type-options: nosniff

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ Frame E6A2 222 B
649 B 165ms
50ms Script
text/javascript 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=securityaffairs.co&callback=_gfp_s_&client=ca-pub-1575911585432548

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202112060101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1575911585432548&plah=securityaffairs.co

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

b2aee8a51c45e18adbf31c9c228d5dc54d1430c38c9ad1840bae188dc52db4d1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 14:51:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 205
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ Frame E6A2 107 B
792 B 146ms
45ms Script
application/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=securityaffairs.co

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 13 Dec 2021 14:51:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ Frame E6A2 107 B
549 B 140ms
48ms Script
application/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=securityaffairs.co

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 13 Dec 2021 14:51:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 4C94 71 KB
26 KB 453ms
360ms Document
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=90&slotname=Internal_728x90_0.10&adk=1194620937&adf=1174745093&pi=t.ma~as.Internal_728x90_0.10&w=728&lmt=1639407119&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F125409%2Fmalware%2Fmoobot-botnet-hikvision.html&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639407118812&bpp=4&bdt=177&idt=222&shv=r20211207&mjsv=m202112060101&ptt=5&saldr=sa&correlator=430915082853&frm=21&ife=1&pv=2&ga_vid=182916415.1639407118&ga_sid=1639407119&ga_hid=752639538&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&dmc=8&adx=320&ady=520&biw=1600&bih=1200&isw=728&ish=90&ifk=3911216124&scr_x=0&scr_y=0&eid=31063793%2C31063825&oid=2&pvsid=2748366020503080&pem=700&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.n0bplkaqjacx&fsb=1&xpc=OUrJ6fbcVR&p=https%3A//securityaffairs.co&dtd=245

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d3f31f1511c6e170baa35fd0e68b80c55246503f2abfa9cfce349bd7714d8475

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Mon, 13 Dec 2021 14:51:59 GMT
server: cafe
content-length: 26239
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Mon, 13 Dec 2021 14:51:59 GMT
cache-control: private

GET cookie.js
partner.googleadservices.com/gampad/ Frame 54F0 0
0

GET integrator.js
adservice.google.de/adsid/ Frame 54F0 0
0

GET integrator.js
adservice.google.com/adsid/ Frame 54F0 0
0

GET ads
googleads.g.doubleclick.net/pagead/ Frame EB20 0
0

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ Frame C3B5 222 B
272 B 120ms
58ms Script
text/javascript 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=securityaffairs.co&callback=_gfp_s_&client=ca-pub-1575911585432548

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

b861d116700d312124c4f34326956c0293ef45efc14bbd21f554fdc5bb8f9de9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 14:51:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 204
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ Frame C3B5 107 B
165 B 104ms
55ms Script
application/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=securityaffairs.co

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 13 Dec 2021 14:51:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ Frame C3B5 107 B
165 B 99ms
59ms Script
application/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=securityaffairs.co

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 13 Dec 2021 14:51:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2

200

afr.php Show response
served-by.pixfuture.com/www/delivery/ Frame 89FD
Redirect Chain

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=250&slotname=Internal_300x250_0.10&adk=1639670682&adf=1174745092&pi=t.ma~as.Internal_300x250_0._&w=300&fw...
https://served-by.pixfuture.com/www/delivery/afr.php

1 KB
1 KB

96ms
95ms

Document
text/html

68.183.31.14
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://served-by.pixfuture.com/www/delivery/afr.php
Requested by: Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202112060101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1575911585432548&plah=securityaffairs.co
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.10.3 (Ubuntu) /
Resource Hash: 64c41a6752147d6209ab9377bd28d1970be83a0a8d8617dfa4ea8dddf0516194

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/

Response headers

server: nginx/1.10.3 (Ubuntu)
date: Mon, 13 Dec 2021 14:51:59 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: max-age=172800 public, no-transform
pragma: no-cache
expires: Wed, 15 Dec 2021 14:51:59 GMT
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-encoding: gzip

Redirect headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
location: https://served-by.pixfuture.com/www/delivery/afr.php
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Mon, 13 Dec 2021 14:51:59 GMT
server: cafe
content-length: 46
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 cc.js Show response
tags.crwdcntrl.net/c/15238/ Frame 5A3E 38 KB
11 KB 40ms
8ms Script
application/json 65.9.68.65
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.crwdcntrl.net/c/15238/cc.js?ns=_cc15238
Requested by: Host: s.e-planning.net
URL: https://s.e-planning.net/esb/4/1/3fb8/69b1486c74a3b7dc/lotame.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.68.65 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-68-65.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 1844237c138bd410bc7fcfecd38156aa58aa2968d59889386b17de5c796e3c84

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.us.e-planning.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Sun, 12 Dec 2021 22:56:14 GMT
content-encoding: gzip
etag: W/"2b2f816f40499d384e118ce88a266e02"
last-modified: Thu, 02 Jul 2020 15:35:12 GMT
server: AmazonS3
age: 57349
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/json
via: 1.1 36d9e1bd4f00d39c57a56679dc44e264.cloudfront.net (CloudFront)
cache-control: max-age: 86400
x-amz-cf-pop: FRA56-C1
x-amz-cf-id: dAnbU2iLWwQwaJqfO9t7OLRAC-U3BFlVdzTIiuy57km-_UebUS4oNg==

GET
H2 200 sirdata_03022021.html Show response
s.e-planning.net/esb/4/0/1992d/bb6e7a161f794f56/ Frame 1430 636 B
577 B 18ms
17ms Document
text/html 5.178.65.253
SERVERIUS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://s.e-planning.net/esb/4/0/1992d/bb6e7a161f794f56/sirdata_03022021.html
Requested by: Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 5.178.65.253 Woerden, Netherlands, ASN50673 (SERVERIUS-AS, NL),
Reverse DNS: i.e-planning.net
Software: openresty /
Resource Hash: 14d79e2cf47df339b79d25ffc6d0136e5d2e70a96b75e6782198ea6bbda3ca0a

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ads.us.e-planning.net/

Response headers

server: openresty
date: Mon, 13 Dec 2021 14:51:59 GMT
content-type: text/html
last-modified: Wed, 03 Feb 2021 21:18:20 GMT
etag: W/"601b131c-27c"
expires: Sat, 12 Dec 2026 14:51:59 GMT
cache-control: max-age=157680000
access-control-allow-origin: *
content-encoding: gzip

GET
H/1.1 200
OK setuid Show response
prebidserver.pixfuture.com/ Frame A1C1 0
524 B 303ms
105ms Document
text/html 157.245.94.128
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://prebidserver.pixfuture.com:8000/setuid?bidder=eplanning&gdpr=&gdpr_consent=&f=b&uid=AHmF3iijALiurkkB
Requested by: Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 157.245.94.128 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ads.us.e-planning.net/

Response headers

Server: nginx/1.14.0 (Ubuntu)
Date: Mon, 13 Dec 2021 14:51:59 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
Cache-Control: no-cache, no-store, must-revalidate
Expires: 0
Pragma: no-cache
Vary: Origin

GET
H3 200 show_ads.js Show response
pagead2.googlesyndication.com/pagead/ Frame DF07 112 KB
39 KB 68ms
67ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/show_ads.js

Requested by

Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d90858c97f7ef3de60307392e3630e672e72a035900a90a3ab3b4c67f3fa85d8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 14:51:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 40319
x-xss-protection: 0
server: cafe
etag: 10764621412826571936
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Mon, 13 Dec 2021 14:51:59 GMT

POST
H2 204 tracking.php Show response
served-by.pixfuture.com/www/headerbid/library/tracking/ 0
309 B 97ms
94ms XHR
text/plain 68.183.31.14
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://served-by.pixfuture.com/www/headerbid/library/tracking/tracking.php
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.10.3 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

pragma: no-cache
date: Mon, 13 Dec 2021 14:51:59 GMT
server: nginx/1.10.3 (Ubuntu)
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: max-age=172800
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
expires: Wed, 15 Dec 2021 14:51:59 GMT

GET
H/1.1 200
OK GS.d Show response
js.cookieless-data.com/ Frame 1430 0
535 B 100ms
34ms Script
text/plain 51.158.28.83
Online SAS

General

Check archive.org

Show headers Download Go to

Full URL

https://js.cookieless-data.com/GS.d?pa=24492&cmp=0&si=1&u=https%3A%2F%2Fs.e-planning.net%2Fesb%2F4%2F0%2F1992d%2Fbb6e7a161f794f56%2Fsirdata_03022021.html&r=https%3A%2F%2Fads.us.e-planning.net%2F&s=&rand=1639407119158

Requested by

Host: s.e-planning.net
URL: https://s.e-planning.net/esb/4/0/1992d/bb6e7a161f794f56/sirdata_03022021.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

51.158.28.83 Paris, France, ASN12876 (Online SAS, FR),

Reverse DNS

51-158-28-83.rev.poneytelecom.eu

Software

nginx/1.11.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains; preload
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s.e-planning.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 13 Dec 2021 14:51:59 GMT
Server: nginx/1.11.3
Strict-Transport-Security: max-age=15724800; includeSubDomains; preload
P3p: CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
Content-Length: 0
X-Xss-Protection: 0
Expires: Tue, 01 Jan 2000 00:00:00 GMT

GET
H3 200 show_ads_impl_with_ama_fy2019.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202112060101/ Frame DF07 276 KB
99 KB 63ms
63ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202112060101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1575911585432548&plah=securityaffairs.co

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/show_ads.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

00db1163ca6054f2a8496a8613addd64991e27eedc8a136ca3e1f9dc04e894f8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 14:51:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 101734
x-xss-protection: 0
server: cafe
etag: 4507154694380913909
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Mon, 13 Dec 2021 14:51:59 GMT

GET
H/1.1 200
OK bqi.php
lg3.media.net/ 15 B
15 B 21ms
21ms Image
text/javascript 23.58.216.132
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lg3.media.net/bqi.php?lf=3&&vgd_l2type=setting&pid=8PO9OT5EW&kals=base%7C%7Cpc%3D100%7C%7Cfat%3D0&katen=1&pc=100&kata=at2&katbid=-2&kasts=tstype%3D-10401%7C%7Cgbid%3D-2&cme=kMiBrX4urhH86FdqC2bu3qoYqqur-lBdiiC9CZSbGnES9B-uwsrMvYUX2Y5E71aASsvvH6q7bQQWPpfPS2nMytnXOSTo6KXeWi4WBLC8iJcNNjCu6tNkBEGyAeCkdgxYbDD76BV8lqxxIzYt8ZZkPa34f4tx5vTYm8zlRI7AqqjyTmkojVITL8_WsY1kqJwF6Fy4njP13BezscsOZJykHZoqox-A_re2||NDHRnZ9Gz3KXlI-i9OnZqQ==|5gDUJdTGiJzedmq9hanWYg==|y2SqoJcE0s-9IUO1sSido6Y3VR48iOc4|cMzb_KsVZc09A0KvyT3TfszVCgrhB3BXcLRbpdpd8vDu3TTt_Vw53y8_yDIgkf8xNWz8BVsgon4fqe9DP1pTeY_hzfltDpe8AWXgOOwjgXg=|N7fu2vKt8_s=|QtZ2xRQGHbI_GBZA5zL2Gmw93bXYXi49QAIANiS2fD2Cb8bEOBrNt8QI89V0SpkbUhwD_hmy6XddYFvAKYG9LqW7K2F7KpoSTWJ7oEJH-Q1tkOAZuopxo5imuSJfCfCit7iVaLWS3lxbDTKMcSfm_tMwPfhAtbiOV9eieH-zSh_h34-5w6EvyG3DUbJpHM6CLYte8CuuR3xwbqAaNIJVXDsEy2mgsDtIHY3JZ0nWmdw=|&gdpr=1&prid=8PRHGG6T9&cid=8CU5BD6EW&crid=647633027&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F125409%2Fmalware%2Fmoobot-botnet-hikvision.html&vi=1639407117712333202&ugd=4&cc=DE&sc=HE&startTime=1639407117633&l2type=setting&vgd_l1rakh=1639407117172961648&l1ch=1&cref=https%3A%2F%2Ft.co%2F&sttm=1639407117633&upk=1639407118.22680&hvsid=00001639407117626031177838089905&verid=3121199&vgd_sc=HE&tdAdd[]=%7C%40%7Csde%3D1%7C%40%7Cadepth%3D2%7C%40%7Cddepth%3D1%7C%40%7Cfsap%3D0&kbbq=%26sde%3D1%26adepth%3D2%26ddepth%3D1&l1hcsd=l1!A32|8179&vgd_l1rhst=contextual.media.net&vgd_uspa=0&vgd_isiolc=1&npgv=1&clp=%7B%7D&cl=%7B%7D&l2ch=0&l2wsip=2887305234&sethcsd=set!N9%7C8204&vgd_pgid=p0787618973t202112131451&vgd_pgids=2

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/125409/malware/moobot-botnet-hikvision.html

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.58.216.132 Berlin, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-58-216-132.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Strict-Transport-Security: max-age=21600
Server: Apache
Date: Mon, 13 Dec 2021 14:51:59 GMT
ntCoent-Length: 15
Vary: Accept-Encoding
Content-Type: text/javascript;charset=UTF-8
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 15
Expires: Mon, 13 Dec 2021 14:51:59 GMT

GET
H3 200 cookie.js Show response
partner.googleadservices.com/gampad/ Frame DF07 12 B
53 B 101ms
52ms Script
text/javascript 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=securityaffairs.co&callback=_gfp_s_&client=ca-pub-1575911585432548&cookie=ID%3D29f0cbdf7a8fad8f-2201eceb06cd00fa%3AT%3D1639407119%3ART%3D1639407119%3AS%3DALNI_MaGMixP8prSAyxDQ9t0TNYnfWrj5g

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

daa795332e5dbcf893adf2d5f3349f02b8c1cb957ff3b5f4c11b742e33c3376f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 14:51:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 32
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ Frame DF07 107 B
122 B 99ms
52ms Script
application/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=securityaffairs.co

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 13 Dec 2021 14:51:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ Frame DF07 107 B
122 B 103ms
54ms Script
application/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=securityaffairs.co

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 13 Dec 2021 14:51:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame A7A3 17 KB
9 KB 406ms
405ms Document
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=50&slotname=Internal_320x50_0.10&adk=468307373&adf=1174745090&pi=t.ma~as.Internal_320x50_0.10&w=320&lmt=1639407119&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F125409%2Fmalware%2Fmoobot-botnet-hikvision.html&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639407119223&bpp=7&bdt=84&idt=101&shv=r20211207&mjsv=m202112060101&ptt=5&saldr=sa&cookie=ID%3D29f0cbdf7a8fad8f-2201eceb06cd00fa%3AT%3D1639407119%3ART%3D1639407119%3AS%3DALNI_MaGMixP8prSAyxDQ9t0TNYnfWrj5g&correlator=430915082853&frm=21&ife=1&pv=1&ga_vid=182916415.1639407118&ga_sid=1639407119&ga_hid=1980667300&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=896&biw=1600&bih=1200&isw=320&ish=50&ifk=3924086883&scr_x=0&scr_y=0&eid=31063858%2C31063866&oid=2&pvsid=4057988921220794&pem=700&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.9z5nqluhso2i&fsb=1&xpc=N2y8mezyIk&p=https%3A//securityaffairs.co&dtd=106

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3b853e8d7968c1942cb13e283519e52f1cc0c0cbaea74722f62b828980f70f7e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Mon, 13 Dec 2021 14:51:59 GMT
server: cafe
content-length: 9453
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H/1.1 200
OK bqi.php
lg3.media.net/ 15 B
15 B 22ms
22ms Image
text/javascript 23.58.216.132
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lg3.media.net/bqi.php?lf=3&&vgd_l2type=setting&pid=8PO9OT5EW&kals=base%7C%7Cpc%3D100%7C%7Cfat%3D0&katen=1&pc=100&kata=at2&katbid=-2&kasts=tstype%3D-10401%7C%7Cgbid%3D-2&cme=wGwlv6HPxP_s0TgKeNOw0K0cs4utmYP60PhCkLzExH_S7dD7jNQtmNyjK9GwS6qGqwnJHuVhpSLbNpBNyuin4aVauMZnSyPLKaAn0rkLWL3fEjJKI8yZ0p7uvO_djmP91uJe9IGIkF0USpmoEztpFNjQ3Z2zjNBOqBiyTQVwr0RPUcTFYeD0j-INelcJE9wiSd4pY9REQ7J2iKgiESfb_jfaUqOA2SdJd5DzBb5louc=||NDHRnZ9Gz3KXlI-i9OnZqQ==|5gDUJdTGiJzedmq9hanWYg==|y2SqoJcE0s-9IUO1sSido6Y3VR48iOc4|cMzb_KsVZc09A0KvyT3TfszVCgrhB3BXcLRbpdpd8vDu3TTt_Vw53y8_yDIgkf8xNWz8BVsgon4fqe9DP1pTeY_hzfltDpe8AWXgOOwjgXg=|N7fu2vKt8_s=|TYQWD74_LH7JGJu1fgBMwDYZsovQZhjxjSeaA_f56dTB55hMghd-HS6mku5U6HchmpL1Ttw9e-MtyN_4Zaba-8YfOXp6GWP_hv7a1ai6WGu2wQet0i3oXDTpoBI0Ej0RmeUn-RIntOTbpTy8xTA821H68H61xkayHCKjdQ6kWvBiX-phtrClUAa97kVn_DKszrkiI8dPDhKxHRmR96ctWZ009J2tYTvx|&gdpr=1&prid=8PRHGG6T9&cid=8CU5BD6EW&crid=184323154&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F125409%2Fmalware%2Fmoobot-botnet-hikvision.html&vi=1639407117533436158&ugd=4&cc=DE&sc=HE&startTime=1639407117615&l2type=setting&vgd_l1rakh=1639407117172961648&l1ch=1&cref=https%3A%2F%2Ft.co%2F&sttm=1639407117616&upk=1639407118.22680&hvsid=00001639407117616031177838085349&verid=3121199&vgd_sc=HE&tdAdd[]=%7C%40%7Csde%3D1%7C%40%7Cadepth%3D1%7C%40%7Cddepth%3D1%7C%40%7Cfsap%3D0&kbbq=%26sde%3D1%26adepth%3D1%26ddepth%3D1&l1hcsd=l1!A32|8179&vgd_l1rhst=contextual.media.net&vgd_uspa=0&vgd_isiolc=1&npgv=1&clp=%7B%7D&cl=%7B%7D&l2ch=0&l2wsip=170721339&sethcsd=set!N9%7C8204&vgd_pgid=p0787618973t202112131451&vgd_pgids=2

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/125409/malware/moobot-botnet-hikvision.html

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.58.216.132 Berlin, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-58-216-132.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Strict-Transport-Security: max-age=21600
Server: Apache
Date: Mon, 13 Dec 2021 14:51:59 GMT
ntCoent-Length: 15
Vary: Accept-Encoding
Content-Type: text/javascript;charset=UTF-8
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 15
Expires: Mon, 13 Dec 2021 14:51:59 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 4C94 3 KB
1 KB 131ms
45ms Stylesheet
text/css 2a00:1450:4001:827::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=90&slotname=Internal_728x90_0.10&adk=1194620937&adf=1174745093&pi=t.ma~as.Internal_728x90_0.10&w=728&lmt=1639407119&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F125409%2Fmalware%2Fmoobot-botnet-hikvision.html&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639407118812&bpp=4&bdt=177&idt=222&shv=r20211207&mjsv=m202112060101&ptt=5&saldr=sa&correlator=430915082853&frm=21&ife=1&pv=2&ga_vid=182916415.1639407118&ga_sid=1639407119&ga_hid=752639538&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&dmc=8&adx=320&ady=520&biw=1600&bih=1200&isw=728&ish=90&ifk=3911216124&scr_x=0&scr_y=0&eid=31063793%2C31063825&oid=2&pvsid=2748366020503080&pem=700&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.n0bplkaqjacx&fsb=1&xpc=OUrJ6fbcVR&p=https%3A//securityaffairs.co&dtd=245

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

32b5c88160bab78ae20a39de4a8abe015f4f4c5d48be8300a6686d32a570ccfb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 13 Dec 2021 14:33:49 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Mon, 13 Dec 2021 14:51:59 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 13 Dec 2021 14:51:59 GMT

GET
H2 200 load_preloaded_resource_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame 4C94 1 KB
960 B 146ms
48ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/load_preloaded_resource_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b4a25f11fbb1e2b547eaf848472f9c048824e307a945f3a0417aac7b09d0456e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 14:39:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 739
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 853
x-xss-protection: 0
server: cafe
etag: 7170004918125193417
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 27 Dec 2021 14:39:40 GMT

GET
H2 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/ Frame 4C94 19 KB
8 KB 119ms
38ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/abg_lite_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d9955b485ec10339d863941175c02572657bf9d4f6c5fa2e5603e7d803c1b8cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 14:49:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 132
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7876
x-xss-protection: 0
server: cafe
etag: 5333878705136318229
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 27 Dec 2021 14:49:47 GMT

GET
H2 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame 4C94 2 KB
1 KB 129ms
49ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/window_focus_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 14:47:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 266
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1332
x-xss-protection: 0
server: cafe
etag: 3351516697335751560
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 27 Dec 2021 14:47:33 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 4C94 119 KB
37 KB 173ms
70ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

87f7f86b17eacf56e623a69be05e5f5487470d6b30347efe12742aefa3f5af48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 14:51:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37305
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1638461285297402"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 13 Dec 2021 14:51:59 GMT

GET
H2 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame 4C94 15 KB
6 KB 116ms
44ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ffb89f1f1fa54e822805cddf1f6ec0492cd8b806b36a921eda855241d1eee914

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 14:26:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1504
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6464
x-xss-protection: 0
server: cafe
etag: 15715955993838318253
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 27 Dec 2021 14:26:55 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame 4C94 0
0 136ms
48ms Image
text/html 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaRsXImdFuloMB6kK9qzKZ3qtj3lZlm10-prJ0ZVVj0gflkx9C83o1AD5BjfNZlAqZupx-UilDJRHFALrlV0epqTv0tmEg
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=90&slotname=Internal_728x90_0.10&adk=1194620937&adf=1174745093&pi=t.ma~as.Internal_728x90_0.10&w=728&lmt=1639407119&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F125409%2Fmalware%2Fmoobot-botnet-hikvision.html&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639407118812&bpp=4&bdt=177&idt=222&shv=r20211207&mjsv=m202112060101&ptt=5&saldr=sa&correlator=430915082853&frm=21&ife=1&pv=2&ga_vid=182916415.1639407118&ga_sid=1639407119&ga_hid=752639538&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&dmc=8&adx=320&ady=520&biw=1600&bih=1200&isw=728&ish=90&ifk=3911216124&scr_x=0&scr_y=0&eid=31063793%2C31063825&oid=2&pvsid=2748366020503080&pem=700&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.n0bplkaqjacx&fsb=1&xpc=OUrJ6fbcVR&p=https%3A//securityaffairs.co&dtd=245
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

GET
H2 200 6d065ef8aad4e53a06604e1059b7b7b3.js Show response
www.gstatic.com/mysidia/ Frame 4C94 27 KB
12 KB 127ms
39ms Script
text/javascript 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/6d065ef8aad4e53a06604e1059b7b7b3.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b138f0b28fe44581bebb03d0ff7046e4f8416deeb5d152ede640eaa3dc1c7872

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 07 Dec 2021 19:06:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 503118
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11408
x-xss-protection: 0
last-modified: Mon, 06 Dec 2021 07:52:38 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Mon, 07 Mar 2022 19:06:41 GMT

GET
H/1.1 200
OK usync.html Show response
eus.rubiconproject.com/ Frame BE89 281 B
554 B 14ms
14ms Document
text/html 23.37.42.132
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.37.42.132 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-37-42-132.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/

Response headers

Server: Apache/2.2.15 (CentOS)
Last-Modified: Tue, 26 Oct 2021 17:01:05 GMT
ETag: "40019-119-5cf446c48f640"
Accept-Ranges: bytes
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Mon, 13 Dec 2021 14:51:59 GMT
Connection: keep-alive
Vary: Accept-Encoding

GET
H/1.1 200
OK check.html Show response
biddr.brealtime.com/ Frame 0A19 926 B
1 KB 58ms
19ms Document
text/html 104.17.120.107
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://biddr.brealtime.com/check.html
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.17.120.107 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 868a78df4f3d0a21f89c48ccc709df44d3875f5fb33e22bf51ca8b5c28be4202

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/

Response headers

Date: Mon, 13 Dec 2021 14:51:59 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
x-amz-id-2: iThDOqIsDS8Lc8XERmO4THti/L0TNokZlU7KZ5ydViHoGsz8wSrXydQlClxKzw+8VZ9YuulUJ7s=
x-amz-request-id: 5S3T1K5V2G9VMX3D
Last-Modified: Tue, 08 Sep 2020 13:51:51 GMT
CF-Cache-Status: HIT
Age: 5945
Expires: Mon, 13 Dec 2021 14:52:59 GMT
Cache-Control: public, max-age=60
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 6bd00381992b2c26-FRA
Content-Encoding: gzip

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame 049C 14 KB
5 KB 11ms
11ms Document
text/html 2.18.233.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 2295c7a89c8ac4a19e2641283109be472d8f58bd78e42a38a0d16e34203e4bba

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/

Response headers

last-modified: Tue, 15 Jun 2021 06:08:03 GMT
etag: "1300708-3945-5c4c7cc02bd56"
server: Apache/2.2.15 (CentOS)
accept-ranges: bytes
content-encoding: gzip
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 5054
content-type: text/html; charset=UTF-8
cache-control: max-age=81865
expires: Tue, 14 Dec 2021 13:36:24 GMT
date: Mon, 13 Dec 2021 14:51:59 GMT
vary: Accept-Encoding

GET
H2 200 checksync.php Show response
contextual.media.net/ Frame 0FBF 23 KB
8 KB 72ms
72ms Document
text/html 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUIUMTP7&prvid=2034%2C2033%2C2031%2C2030%2C273%2C233%2C2029%2C2028%2C2027%2C236%2C237%2C2025%2C238%2C117%2C97%2C99%2C55%2C3012%2C3011%2C3010%2C2040%2C3007%2C201%2C4%2C246%2C2037%2C203%2C9%2C2011%2C3022%2C3020%2C172%2C251%2C175%2C2009%2C255%2C178%2C3018%2C3017%2C3016%2C214%2C3014%2C70%2C77%2C38%2C182%2C261%2C141%2C222%2C301%2C225%2C80%2C10000%2C229%2C108&purpose1=1&gdprconsent=0&gdpr=1&usp_status=0&usp_consent=1&itype=PREBID

Requested by

Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

557e499768558e33175f530d34630fcee444aa6085e8f8c109fd2698b44add5a

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/

Response headers

server: Apache
content-type: text/html; charset=UTF-8
x-mnet-hl2: E
strict-transport-security: max-age=604800
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=87599
expires: Tue, 14 Dec 2021 15:11:58 GMT
date: Mon, 13 Dec 2021 14:51:59 GMT
content-length: 8228

GET
H/1.1 204
No Content beacon
ap.lijit.com/ Frame 9027 0
0 35ms
34ms Document
text/plain 216.52.2.30
VOXEL-DOT-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://ap.lijit.com/beacon?informer=13480300
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.30 , United States, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software: nginx / raptor
Resource Hash

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/

Response headers

Server: nginx
Date: Mon, 13 Dec 2021 14:51:59 GMT
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
Pragma: no-cache
Expires: Fri, 20 Mar 2009 00:00:00 GMT
P3P: CP="CUR ADM OUR NOR STA NID"
X-Powered-By: raptor
X-Sovrn-Pod: ad_ap6ams1

GET
H2 200 pd Show response
u.openx.net/w/1.0/ Frame A549 0
80 B 29ms
23ms Document
text/html 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://u.openx.net/w/1.0/pd
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/16.221.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/

Response headers

vary: Accept, Accept-Encoding
server: OXGW/16.221.0
date: Mon, 13 Dec 2021 14:51:59 GMT
content-type: text/html
content-length: 20
content-encoding: gzip
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame 1EF7 14 KB
5 KB 8ms
7ms Document
text/html 2.18.233.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 2295c7a89c8ac4a19e2641283109be472d8f58bd78e42a38a0d16e34203e4bba

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/

Response headers

last-modified: Tue, 15 Jun 2021 06:08:03 GMT
etag: "1300708-3945-5c4c7cc02bd56"
server: Apache/2.2.15 (CentOS)
accept-ranges: bytes
content-encoding: gzip
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 5054
content-type: text/html; charset=UTF-8
cache-control: max-age=81865
expires: Tue, 14 Dec 2021 13:36:24 GMT
date: Mon, 13 Dec 2021 14:51:59 GMT
vary: Accept-Encoding

GET
H/1.1 200
OK check.html Show response
biddr.brealtime.com/ Frame 8030 926 B
1 KB 71ms
38ms Document
text/html 104.17.120.107
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://biddr.brealtime.com/check.html
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.17.120.107 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 868a78df4f3d0a21f89c48ccc709df44d3875f5fb33e22bf51ca8b5c28be4202

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/

Response headers

Date: Mon, 13 Dec 2021 14:51:59 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
x-amz-id-2: iThDOqIsDS8Lc8XERmO4THti/L0TNokZlU7KZ5ydViHoGsz8wSrXydQlClxKzw+8VZ9YuulUJ7s=
x-amz-request-id: 5S3T1K5V2G9VMX3D
Last-Modified: Tue, 08 Sep 2020 13:51:51 GMT
CF-Cache-Status: HIT
Age: 5945
Expires: Mon, 13 Dec 2021 14:52:59 GMT
Cache-Control: public, max-age=60
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 6bd003818d0de00b-FRA
Content-Encoding: gzip

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame F3AE 14 KB
5 KB 8ms
7ms Document
text/html 2.18.233.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 2295c7a89c8ac4a19e2641283109be472d8f58bd78e42a38a0d16e34203e4bba

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/

Response headers

last-modified: Tue, 15 Jun 2021 06:08:03 GMT
etag: "1300708-3945-5c4c7cc02bd56"
server: Apache/2.2.15 (CentOS)
accept-ranges: bytes
content-encoding: gzip
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 5054
content-type: text/html; charset=UTF-8
cache-control: max-age=81865
expires: Tue, 14 Dec 2021 13:36:24 GMT
date: Mon, 13 Dec 2021 14:51:59 GMT
vary: Accept-Encoding

GET
H2 200 checksync.php Show response
contextual.media.net/ Frame 9A41 23 KB
8 KB 67ms
67ms Document
text/html 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

557e499768558e33175f530d34630fcee444aa6085e8f8c109fd2698b44add5a

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/

Response headers

server: Apache
content-type: text/html; charset=UTF-8
x-mnet-hl2: E
strict-transport-security: max-age=604800
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=87599
expires: Tue, 14 Dec 2021 15:11:58 GMT
date: Mon, 13 Dec 2021 14:51:59 GMT
content-length: 8228

GET
H2 200 checksync.php Show response
contextual.media.net/ Frame 22D8 23 KB
8 KB 67ms
67ms Document
text/html 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

557e499768558e33175f530d34630fcee444aa6085e8f8c109fd2698b44add5a

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/

Response headers

server: Apache
content-type: text/html; charset=UTF-8
x-mnet-hl2: E
strict-transport-security: max-age=604800
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=87599
expires: Tue, 14 Dec 2021 15:11:58 GMT
date: Mon, 13 Dec 2021 14:51:59 GMT
content-length: 8228

GET
H/1.1 204
No Content beacon
ap.lijit.com/ Frame E13F 0
0 29ms
29ms Document
text/plain 216.52.2.30
VOXEL-DOT-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://ap.lijit.com/beacon?informer=13480300
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.30 , United States, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software: nginx / raptor
Resource Hash

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/

Response headers

Server: nginx
Date: Mon, 13 Dec 2021 14:51:59 GMT
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
Pragma: no-cache
Expires: Fri, 20 Mar 2009 00:00:00 GMT
P3P: CP="CUR ADM OUR NOR STA NID"
X-Powered-By: raptor
X-Sovrn-Pod: ad_ap6ams1

GET
H/1.1 200
OK async_usersync.html Show response
acdn.adnxs.com/dmp/ Frame 39DC 52 KB
17 KB 35ms
10ms Document
text/html 151.101.193.108
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.193.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/

Response headers

Connection: keep-alive
Content-Length: 17053
Server: nginx/1.18.0 (Ubuntu)
Content-Type: text/html
Last-Modified: Wed, 02 Dec 2020 20:56:47 GMT
ETag: W/"5fc7ff8f-cf34"
Expires: Wed, 08 Dec 2021 02:31:34 GMT
Cache-Control: max-age=86402
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Via: 1.1 varnish, 1.1 varnish
Accept-Ranges: bytes
Date: Mon, 13 Dec 2021 14:51:59 GMT
Age: 44415
X-Served-By: cache-lga21969-LGA, cache-hhn4075-HHN
X-Cache: HIT, HIT
X-Cache-Hits: 2, 748214
X-Timer: S1639407120.608548,VS0,VE0
Vary: Accept-Encoding

GET
H2 200 pd Show response
u.openx.net/w/1.0/ Frame 7B3A 0
91 B 21ms
21ms Document
text/html 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://u.openx.net/w/1.0/pd
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/16.221.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/

Response headers

vary: Accept, Accept-Encoding
server: OXGW/16.221.0
date: Mon, 13 Dec 2021 14:51:59 GMT
content-type: text/html
content-length: 20
content-encoding: gzip
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H2 200 pd Show response
u.openx.net/w/1.0/ Frame 7377 0
80 B 25ms
22ms Document
text/html 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://u.openx.net/w/1.0/pd
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/16.221.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/

Response headers

vary: Accept, Accept-Encoding
server: OXGW/16.221.0
date: Mon, 13 Dec 2021 14:51:59 GMT
content-type: text/html
content-length: 20
content-encoding: gzip
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H/1.1 200
OK async_usersync.html Show response
acdn.adnxs.com/dmp/ Frame 01EC 52 KB
17 KB 29ms
7ms Document
text/html 151.101.193.108
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.193.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/

Response headers

Connection: keep-alive
Content-Length: 17053
Server: nginx/1.18.0 (Ubuntu)
Content-Type: text/html
Last-Modified: Wed, 02 Dec 2020 20:56:47 GMT
ETag: W/"5fc7ff8f-cf34"
Expires: Wed, 08 Dec 2021 02:31:34 GMT
Cache-Control: max-age=86402
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Via: 1.1 varnish, 1.1 varnish
Accept-Ranges: bytes
Date: Mon, 13 Dec 2021 14:51:59 GMT
Age: 44416
X-Served-By: cache-lga21969-LGA, cache-hhn4022-HHN
X-Cache: HIT, HIT
X-Cache-Hits: 2, 751915
X-Timer: S1639407120.608573,VS0,VE0
Vary: Accept-Encoding

GET
H/1.1 200
OK check.html Show response
biddr.brealtime.com/ Frame 5140 926 B
1 KB 45ms
19ms Document
text/html 104.17.120.107
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://biddr.brealtime.com/check.html
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.17.120.107 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 868a78df4f3d0a21f89c48ccc709df44d3875f5fb33e22bf51ca8b5c28be4202

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/

Response headers

Date: Mon, 13 Dec 2021 14:51:59 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
x-amz-id-2: iThDOqIsDS8Lc8XERmO4THti/L0TNokZlU7KZ5ydViHoGsz8wSrXydQlClxKzw+8VZ9YuulUJ7s=
x-amz-request-id: 5S3T1K5V2G9VMX3D
Last-Modified: Tue, 08 Sep 2020 13:51:51 GMT
CF-Cache-Status: HIT
Age: 5945
Expires: Mon, 13 Dec 2021 14:52:59 GMT
Cache-Control: public, max-age=60
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 6bd00381994405f5-FRA
Content-Encoding: gzip

GET
H2 204 /
ssc-cms.33across.com/ps/ Frame CE71 0
0 335ms
110ms Document
text/plain 67.202.105.23
STEADFAST

General

Check archive.org

Show headers Download Go to

Full URL: https://ssc-cms.33across.com/ps/?m=xch&rt=html&ru=deb&id=azC7qard4r6OkMaKlId8sQ&gdpr_consent=undefined&us_privacy=undefined
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.202.105.23 , United States, ASN32748 (STEADFAST, US),
Reverse DNS: ip23.67-202-105.static.steadfastdns.net
Software: 33XP003 /
Resource Hash

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/

Response headers

x-33x-status: 2000208
server: 33XP003
date: Mon, 13 Dec 2021 14:51:59 GMT

GET
H/1.1 200
OK async_usersync.html Show response
acdn.adnxs.com/dmp/ Frame EF54 52 KB
17 KB 28ms
8ms Document
text/html 151.101.193.108
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.193.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/

Response headers

Connection: keep-alive
Content-Length: 17053
Server: nginx/1.18.0 (Ubuntu)
Content-Type: text/html
Last-Modified: Wed, 02 Dec 2020 20:56:47 GMT
ETag: W/"5fc7ff8f-cf34"
Expires: Wed, 08 Dec 2021 02:31:34 GMT
Cache-Control: max-age=86402
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Via: 1.1 varnish, 1.1 varnish
Accept-Ranges: bytes
Date: Mon, 13 Dec 2021 14:51:59 GMT
Age: 44416
X-Served-By: cache-lga21969-LGA, cache-hhn4025-HHN
X-Cache: HIT, HIT
X-Cache-Hits: 2, 749208
X-Timer: S1639407120.608745,VS0,VE0
Vary: Accept-Encoding

GET
H/1.1 200
OK async_usersync.html Show response
acdn.adnxs.com/dmp/ Frame 44E4 52 KB
17 KB 35ms
12ms Document
text/html 151.101.193.108
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.193.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/

Response headers

Connection: keep-alive
Content-Length: 17053
Server: nginx/1.18.0 (Ubuntu)
Content-Type: text/html
Last-Modified: Wed, 02 Dec 2020 20:56:47 GMT
ETag: W/"5fc7ff8f-cf34"
Expires: Wed, 08 Dec 2021 02:31:34 GMT
Cache-Control: max-age=86402
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Via: 1.1 varnish, 1.1 varnish
Accept-Ranges: bytes
Date: Mon, 13 Dec 2021 14:51:59 GMT
Age: 44415
X-Served-By: cache-lga21969-LGA, cache-hhn4020-HHN
X-Cache: HIT, HIT
X-Cache-Hits: 2, 749152
X-Timer: S1639407120.618150,VS0,VE0
Vary: Accept-Encoding

GET
H/1.1 204
No Content beacon
ap.lijit.com/ Frame 4B53 0
0 53ms
53ms Document
text/plain 216.52.2.30
VOXEL-DOT-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://ap.lijit.com/beacon?informer=13480300
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.30 , United States, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software: nginx / raptor
Resource Hash

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/

Response headers

Server: nginx
Date: Mon, 13 Dec 2021 14:51:59 GMT
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
Pragma: no-cache
Expires: Fri, 20 Mar 2009 00:00:00 GMT
P3P: CP="CUR ADM OUR NOR STA NID"
X-Powered-By: raptor
X-Sovrn-Pod: ad_ap6ams1

GET
H/1.1 200
OK check.html Show response
biddr.brealtime.com/ Frame 4091 926 B
1 KB 45ms
25ms Document
text/html 104.17.120.107
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://biddr.brealtime.com/check.html
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.17.120.107 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 868a78df4f3d0a21f89c48ccc709df44d3875f5fb33e22bf51ca8b5c28be4202

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/

Response headers

Date: Mon, 13 Dec 2021 14:51:59 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
x-amz-id-2: iThDOqIsDS8Lc8XERmO4THti/L0TNokZlU7KZ5ydViHoGsz8wSrXydQlClxKzw+8VZ9YuulUJ7s=
x-amz-request-id: 5S3T1K5V2G9VMX3D
Last-Modified: Tue, 08 Sep 2020 13:51:51 GMT
CF-Cache-Status: HIT
Age: 5945
Expires: Mon, 13 Dec 2021 14:52:59 GMT
Cache-Control: public, max-age=60
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 6bd003819d2042e1-FRA
Content-Encoding: gzip

GET
H2 200 pd Show response
u.openx.net/w/1.0/ Frame B8E8 0
80 B 26ms
26ms Document
text/html 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://u.openx.net/w/1.0/pd
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/16.221.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/

Response headers

vary: Accept, Accept-Encoding
server: OXGW/16.221.0
date: Mon, 13 Dec 2021 14:51:59 GMT
content-type: text/html
content-length: 20
content-encoding: gzip
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame 5BA0 14 KB
5 KB 8ms
8ms Document
text/html 2.18.233.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 2295c7a89c8ac4a19e2641283109be472d8f58bd78e42a38a0d16e34203e4bba

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/

Response headers

last-modified: Tue, 15 Jun 2021 06:08:03 GMT
etag: "1300708-3945-5c4c7cc02bd56"
server: Apache/2.2.15 (CentOS)
accept-ranges: bytes
content-encoding: gzip
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 5054
content-type: text/html; charset=UTF-8
cache-control: max-age=81865
expires: Tue, 14 Dec 2021 13:36:24 GMT
date: Mon, 13 Dec 2021 14:51:59 GMT
vary: Accept-Encoding

GET
H2 200 checksync.php Show response
contextual.media.net/ Frame 0735 23 KB
8 KB 54ms
54ms Document
text/html 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

557e499768558e33175f530d34630fcee444aa6085e8f8c109fd2698b44add5a

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/

Response headers

server: Apache
content-type: text/html; charset=UTF-8
x-mnet-hl2: E
strict-transport-security: max-age=604800
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=87599
expires: Tue, 14 Dec 2021 15:11:58 GMT
date: Mon, 13 Dec 2021 14:51:59 GMT
content-length: 8228

GET
H/1.1 204
No Content beacon
ap.lijit.com/ Frame 47C3 0
0 26ms
26ms Document
text/plain 216.52.2.30
VOXEL-DOT-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://ap.lijit.com/beacon?informer=13480300
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.30 , United States, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software: nginx / raptor
Resource Hash

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/

Response headers

Server: nginx
Date: Mon, 13 Dec 2021 14:51:59 GMT
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
Pragma: no-cache
Expires: Fri, 20 Mar 2009 00:00:00 GMT
P3P: CP="CUR ADM OUR NOR STA NID"
X-Powered-By: raptor
X-Sovrn-Pod: ad_ap6ams1

POST
H2 204 vtr.php Show response
served-by.pixfuture.com/www/headerbid/library/tracking/ 0
309 B 93ms
93ms XHR
text/plain 68.183.31.14
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://served-by.pixfuture.com/www/headerbid/library/tracking/vtr.php
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.10.3 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

pragma: no-cache
date: Mon, 13 Dec 2021 14:51:59 GMT
server: nginx/1.10.3 (Ubuntu)
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: max-age=172800
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
expires: Wed, 15 Dec 2021 14:51:59 GMT

GET
H/1.1 200
OK usync.js Show response
eus.rubiconproject.com/ Frame BE89 32 KB
10 KB 17ms
17ms Script
text/html 23.37.42.132
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.37.42.132 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-37-42-132.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: 5a25de0ee0917c2a760c0d03028e629863026404aa44422f08a98bb63e349378

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/usync.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Mon, 13 Dec 2021 14:51:59 GMT
Content-Encoding: gzip
Last-Modified: Mon, 06 Dec 2021 17:06:23 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control: max-age=78214
Connection: keep-alive
Content-Type: text/html; charset=UTF-8
Content-Length: 9507
Expires: Tue, 14 Dec 2021 12:35:33 GMT

POST
H2 204 vtr.php Show response
served-by.pixfuture.com/www/headerbid/library/tracking/ 0
309 B 93ms
92ms XHR
text/plain 68.183.31.14
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://served-by.pixfuture.com/www/headerbid/library/tracking/vtr.php
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.10.3 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

pragma: no-cache
date: Mon, 13 Dec 2021 14:51:59 GMT
server: nginx/1.10.3 (Ubuntu)
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: max-age=172800
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
expires: Wed, 15 Dec 2021 14:51:59 GMT

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 1480 143 B
163 B 81ms
36ms Document
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=90&slotname=Internal_728x90_0.10&adk=1194620937&adf=1174745093&pi=t.ma~as.Internal_728x90_0.10&w=728&lmt=1639407119&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F125409%2Fmalware%2Fmoobot-botnet-hikvision.html&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639407118812&bpp=4&bdt=177&idt=222&shv=r20211207&mjsv=m202112060101&ptt=5&saldr=sa&correlator=430915082853&frm=21&ife=1&pv=2&ga_vid=182916415.1639407118&ga_sid=1639407119&ga_hid=752639538&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&dmc=8&adx=320&ady=520&biw=1600&bih=1200&isw=728&ish=90&ifk=3911216124&scr_x=0&scr_y=0&eid=31063793%2C31063825&oid=2&pvsid=2748366020503080&pem=700&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.n0bplkaqjacx&fsb=1&xpc=OUrJ6fbcVR&p=https%3A//securityaffairs.co&dtd=245

Response headers

content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Mon, 13 Dec 2021 14:02:20 GMT
server: cafe
content-length: 145
x-xss-protection: 0
cache-control: public, max-age=3600
age: 2979
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame FA01 1 KB
749 B 38ms
37ms Document
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Mon, 13 Dec 2021 13:26:12 GMT
expires: Tue, 14 Dec 2021 13:26:12 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
age: 5147
cache-control: public, max-age=86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame 01EC 0
735 B 40ms
13ms Script
text/html 185.33.221.87
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.87 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

723.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 13 Dec 2021 14:51:59 GMT
X-Proxy-Origin: 185.213.155.162; 185.213.155.162; 723.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 272e5fdd-e529-4664-a013-32b6544611df
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame EF54 0
735 B 41ms
14ms Script
text/html 185.33.221.87
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.87 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

723.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 13 Dec 2021 14:51:59 GMT
X-Proxy-Origin: 185.213.155.162; 185.213.155.162; 723.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: f2a1edc9-c792-4a74-b29c-ae393435a480
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame 39DC 0
735 B 66ms
40ms Script
text/html 185.33.221.87
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.87 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

723.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 13 Dec 2021 14:51:59 GMT
X-Proxy-Origin: 185.213.155.162; 185.213.155.162; 723.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: a069744c-bcdc-47de-8852-476d5aad3ad4
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame 44E4 0
735 B 81ms
55ms Script
text/html 185.33.221.87
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.87 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

723.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 13 Dec 2021 14:51:59 GMT
X-Proxy-Origin: 185.213.155.162; 185.213.155.162; 723.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 21268028-528a-4202-b7a7-8cd21bbfce76
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
DATA 200
OK truncated
/ Frame 4C94 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 70820a30c883b9a4c94a49d2a57a3d0499988dc21f404f38ac450200182f682f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame A7A3 42 B
63 B 69ms
69ms Image
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-B3R89GhY0rheYSCUAPh6vNE8rLHXyS7yqK70_H-eaE_5L2nNNiPGDp8tR4453etX2IejqSPYHuPg6g7z3HDvg_R9PEE9egsa1FgHP38F_wpRGP0Ys

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=50&slotname=Internal_320x50_0.10&adk=468307373&adf=1174745090&pi=t.ma~as.Internal_320x50_0.10&w=320&lmt=1639407119&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F125409%2Fmalware%2Fmoobot-botnet-hikvision.html&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639407119223&bpp=7&bdt=84&idt=101&shv=r20211207&mjsv=m202112060101&ptt=5&saldr=sa&cookie=ID%3D29f0cbdf7a8fad8f-2201eceb06cd00fa%3AT%3D1639407119%3ART%3D1639407119%3AS%3DALNI_MaGMixP8prSAyxDQ9t0TNYnfWrj5g&correlator=430915082853&frm=21&ife=1&pv=1&ga_vid=182916415.1639407118&ga_sid=1639407119&ga_hid=1980667300&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=896&biw=1600&bih=1200&isw=320&ish=50&ifk=3924086883&scr_x=0&scr_y=0&eid=31063858%2C31063866&oid=2&pvsid=4057988921220794&pem=700&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.9z5nqluhso2i&fsb=1&xpc=N2y8mezyIk&p=https%3A//securityaffairs.co&dtd=106

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 13 Dec 2021 14:51:59 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame A7A3 2 KB
1 KB 87ms
39ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/window_focus_fy2019.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 14:44:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 450
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1332
x-xss-protection: 0
server: cafe
etag: 3351516697335751560
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 27 Dec 2021 14:44:29 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame A7A3 119 KB
36 KB 95ms
48ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

87f7f86b17eacf56e623a69be05e5f5487470d6b30347efe12742aefa3f5af48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 14:51:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37305
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1638461285297402"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 13 Dec 2021 14:51:59 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame A7A3 15 KB
6 KB 59ms
37ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ffb89f1f1fa54e822805cddf1f6ec0492cd8b806b36a921eda855241d1eee914

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 14:36:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 957
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6464
x-xss-protection: 0
server: cafe
etag: 15715955993838318253
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 27 Dec 2021 14:36:02 GMT

GET
H2 200 4UaGrENHsxJlGDuGo1OIlL3Owp4.woff2
fonts.gstatic.com/s/googlesans/v36/ Frame 4C94 21 KB
22 KB 129ms
40ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v36/4UaGrENHsxJlGDuGo1OIlL3Owp4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c55eebd9845964c111ecdbe7e583ed00ff47536f13c46a7e9c70430cc7ea091f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 06 Dec 2021 18:21:26 GMT
x-content-type-options: nosniff
age: 592233
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21424
x-xss-protection: 0
last-modified: Wed, 01 Sep 2021 18:08:24 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Tue, 06 Dec 2022 18:21:26 GMT

GET
H2 200 4UabrENHsxJlGDuGo1OIlLU94YtzCwY.woff2
fonts.gstatic.com/s/googlesans/v36/ Frame 4C94 21 KB
21 KB 164ms
77ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v36/4UabrENHsxJlGDuGo1OIlLU94YtzCwY.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1abc5469f1235e85489ca1062a07fe18c7f449e3ba039d3de0da07fbb3c5892d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 13:17:51 GMT
x-content-type-options: nosniff
age: 264848
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21660
x-xss-protection: 0
last-modified: Wed, 01 Sep 2021 18:07:18 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Sat, 10 Dec 2022 13:17:51 GMT

GET
H/1.1 200
OK bqi.php
lg3.media.net/ 15 B
15 B 15ms
15ms Image
text/javascript 23.58.216.132
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lg3.media.net/bqi.php?lf=3&&vgd_l2type=setting&pid=8PO9OT5EW&kals=base%7C%7Cpc%3D100%7C%7Cfat%3D0&katen=1&pc=100&kata=at2&katbid=-2&kasts=tstype%3D-10401%7C%7Cgbid%3D-2&cme=2fwC-SHuSOg3q0rqI-MKsES1wHOwQk_bbOvdt_yU5sI4Dpi10qOEkNkgiqUtZOuWE7Y2IBK1oKs1cLyLmsI0Yf9hQ1BOAwI-DhRhQE3Sw2aqU2LJ0JSDfpx_ikCUfa8Ji11gxp6VK20jJ_phOkxeDZ_UDUPyGja18hj9TijWGLbTYEyoFLkhHTqOyjWay3K_J7MY9Nnvw62NtKqEphnijxJBU7dPpExViw1FWjYhtjA=||NDHRnZ9Gz3KXlI-i9OnZqQ==|5gDUJdTGiJzedmq9hanWYg==|y2SqoJcE0s-9IUO1sSido6Y3VR48iOc4|cMzb_KsVZc09A0KvyT3TfszVCgrhB3BXcLRbpdpd8vDu3TTt_Vw53y8_yDIgkf8xNWz8BVsgon4fqe9DP1pTeY_hzfltDpe8AWXgOOwjgXg=|N7fu2vKt8_s=|ZCOy_GrKeFt4SDO-dl47HAgAEMQZVY5jdzRdd2wpfcwVpz2b5GfXJF1TgpR-CorW4RZEPylc9z1mDD-0egs_q4-2kOljG_2oarK57d4JzS7y65zkyLJ1r9D_yDmGVOQFCVmdfr6Jk3mBFCxgXRD2yDCl5GXumLSAy-IOPWE4LhThbULWIKrY-H_9jARQZJ9fhowm5WS9cbGrieLWXEuBTn8zm3cnlmOe|&gdpr=1&prid=8PRHGG6T9&cid=8CU5BD6EW&crid=647633027&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F125409%2Fmalware%2Fmoobot-botnet-hikvision.html&vi=1639407117677767426&ugd=4&cc=DE&sc=HE&startTime=1639407117625&l2type=setting&vgd_l1rakh=1639407117172961648&l1ch=1&cref=https%3A%2F%2Ft.co%2F&sttm=1639407117626&upk=1639407118.22680&hvsid=00001639407117626031177838089905&verid=3121199&vgd_sc=HE&tdAdd[]=%7C%40%7Csde%3D1%7C%40%7Cadepth%3D1%7C%40%7Cddepth%3D1%7C%40%7Cfsap%3D0&kbbq=%26sde%3D1%26adepth%3D1%26ddepth%3D1&l1hcsd=l1!A32|8179&vgd_l1rhst=contextual.media.net&vgd_uspa=0&vgd_isiolc=1&npgv=1&clp=%7B%7D&cl=%7B%7D&l2ch=0&l2wsip=170721634&sethcsd=set!N9%7C8204&vgd_pgid=p0787618973t202112131451&vgd_pgids=2

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/125409/malware/moobot-botnet-hikvision.html

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.58.216.132 Berlin, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-58-216-132.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Strict-Transport-Security: max-age=21600
Server: Apache
Date: Mon, 13 Dec 2021 14:51:59 GMT
ntCoent-Length: 15
Vary: Accept-Encoding
Content-Type: text/javascript;charset=UTF-8
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 15
Expires: Mon, 13 Dec 2021 14:51:59 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 1D46 624 B
297 B 48ms
48ms Document
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARi_6uioATAB&v=APEucNUfwNmNKdJVDOR1cE2ilLamcn_X50oQZ8oLD8gv-gN0NZRlDKTxjnUhfXpbgwp5u-KPkhkSQJRgtO83msQcf_Dj0Gm6Oekvxw-kiyetDR9370jw4k31cIrRR9dAJ8GmLQld1UsqbtclfOcj-n8iQnstKbM1ddw32177OQMxLF5vm8tdTyoKf003jQ1X0gQJQFjesS4tVk7x8mQkE8IxxWp1pXw-lQ

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=50&slotname=Internal_320x50_0.10&adk=468307373&adf=1174745090&pi=t.ma~as.Internal_320x50_0.10&w=320&lmt=1639407119&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F125409%2Fmalware%2Fmoobot-botnet-hikvision.html&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639407119223&bpp=7&bdt=84&idt=101&shv=r20211207&mjsv=m202112060101&ptt=5&saldr=sa&cookie=ID%3D29f0cbdf7a8fad8f-2201eceb06cd00fa%3AT%3D1639407119%3ART%3D1639407119%3AS%3DALNI_MaGMixP8prSAyxDQ9t0TNYnfWrj5g&correlator=430915082853&frm=21&ife=1&pv=1&ga_vid=182916415.1639407118&ga_sid=1639407119&ga_hid=1980667300&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=896&biw=1600&bih=1200&isw=320&ish=50&ifk=3924086883&scr_x=0&scr_y=0&eid=31063858%2C31063866&oid=2&pvsid=4057988921220794&pem=700&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.9z5nqluhso2i&fsb=1&xpc=N2y8mezyIk&p=https%3A//securityaffairs.co&dtd=106

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Mon, 13 Dec 2021 14:51:59 GMT
server: cafe
cache-control: private
content-length: 276
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame A7A3 77 KB
30 KB 91ms
90ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AVvcEQRGC_ZvdAu9a0DLiPRpE82RrLg7NfQyoki3uzmsApXssGfsuTDbB1_QCtKhlbmkJPnrEKVgTmyQrpq_QUve4hAG8f6Xkvp8lTiGxsy2ySOloABOLkpiH3a0KYaoH0-MKbhlGkEpWrL_wM3-gBw0GqjA&dbm_d=AKAmf-DR2yMqYjpSFyse8dNQwv1ycrTFMiSBcpWCaSqx6dwtEKTv6axV5hzonVG7uD_2ttKlb3x-aZ4Q0LdLjW3vkUXlP8yeWJpxYFg-B9DYBwkAb9HuQ_orzf5byROZ-9xnjX2TBHM2ZyvHKT5-CtMekNMw8oAGs8zzU09oZr0qDvJ36Xd7lLrN7OS8jGFB42fH61pJIMPUfNc5vd9WANBjSZ7Rnc1n7W7PZr7JZZhVzN6qzg-S6lSrvgs8EUwLUUuG905GDo1WXsb7rckP3VX_369dJgLGaRmxYuDn6QCI3dcS4GPLQ-rPHcIcYQaBGuCY3FVfXC4n8f3quH_Uln9_FCQdUXnu-7zDG_fflMWiu-4HArvVIXw2m9bNcJp8UUdA72X3goZSTN4iLqSnEI14wgvKWu7Z5wKJ8STzpos3ra_7ZjO9h2GZmJAHXC3fzE078SQyILKt-vSBr1SWHG65POAwMhQutnV9kp3xlCtqgad6PnJ_YX4lQsccO69xDmGKEYXmDGWCsfe6SiUNCuOBzr8shADmvYtRjuf7ZEynouPjZxOGV6IQkwRqzFYEtbrb4YFaLO0nLq_ofU3fE0xXpeYtWVxYl5CAX-5doI_is6QgKk8b5wECepuRsxqlhCVtYdFpPnAGV3iUnIpmkEWNgCUIDxgEsnSNtfcGxn-wrYrhOQuJbB0nfLui2yfNVlDWK04t_i1VTu9hEK5EygFNZXgs58WcJhL24W54iFt_1BE96eQFYQBv7MJZ6ioMzmMvCtPBg5TgaktLz5AC2RHhqv0cwOKJwLPhsfySJFbGYN35eyJEdZPe9nCC5VCigofqPcov8JEpG2LzlmBqMNq0LwBam1VNzMOUqILjhrhCO3HaIaYzJ6ZosFxzkD2DUUg4OLBq1owW0blbJMAUwYnVYwYwANQ5Hu2I73WhHqVoJIA_V1eVmTzOOKszyCeGqQ591494deOrW71FDbxlVAWMsTt25wW7BDgV9MaaMpeMlmKONsQl6VHKDUtzCu7oNh04i_zq1cjV1A8YIdbdoP46njZM0tWs6iU0Y7HLJ9wdt8oxExMVhsSl1IQB4ASiewDG4luv3Y1SeFlNceALXeltoP2R2eFUTU-yK00X2C76RVz09mljdOupgCXBbgMDOmfXMOPy_afluhirabtNYogVEyjE01zN8xRW_3s345ehOmeHpQybzmIUY9fG1MH0SmqO5w1wbhAGQ7UljriCzhvDWx8uRfUF5UiZaZ_vOoBm26mOMVVr7RZSV71axmMSU-Nu46urBysMgR2c7rxizCSWiz-fmF_t1cjAxuTuV1mSaO_gZAWxnmbsgN_1DnsxHQ4goIdIdeD4OP5PEs_Roowvv9_g56YldxhqcKgleUJs2fvDBEhMxOBH0yXv8Y_T7q5jlbaa3QcFeraWVShxuVLskJoidFyxnzd7tmy8smxQVvEKWIiiYDvcNFCcuCW_qBwU2Fd1Jy6z6UrZuar5sRs9z8bN34o72QwcV2oYs7C_jSZnZzzriPTQ6XtNoAleT8sh8NlfwAr9X0B-ehlujNmT9ys1IEVT_LrjRCFePzSTLLJutgNga2CyGYICAQNeK8z46VcLPXzdekgtCXQw_ZDc1DQX1c5ZrtBdNTSW6l62myG1TNOjcIDn2WxhzxsLaZBTUjUVjTr261ZS24a-8LFMbiaXvO8hfWlfieu1mrUwbR7KgvuXmRSw7ZPy5jMX3L5vpq4mAOtcsSc9c05XmMQUHAMEwjGjIZHTO2nbhsVukDCzp6kNj6aP685gEG5WuievMnZMRri_Q39niQ1fDIGysJpprvPwlUXtS92tnuhtdD1fVJNPCRonmG1yOX8YAH-3BSWaLbPqPOx0R6-R3SjZx3bo1z1jcZ1hIfCb-i9U_1y_ekIrkFawcOvE49Ttso7N_zJG9EYwSvOh11dlc_ZzIpt9wF91V_4Qr56kaMBRdpe53dHp6G9gLESwU9pmoPcl6j__q9WIbUZjCy8GwPEvUInMBxNMQRV2xpvHPK5j2os_HoYSzxLMVBB3cKFcz_EJLZkSOTbz4foF691iQNPcX-kVRvYxZIWP97xiwa-_b74i1V5re4ui-wByaAd2X-PTeQ7YAisfpbnpVE7oGrXlMzEVmBn9gWD4sGjHEN-1yVEnAqERHU_MzRTclhePC3rHDSrPvcSLp1jScNTT3kWnGh4Jj8zO60f-RSd2MHqoT6t_S0Zb3LhsidyEZW0-kQdlsBvPKhtJZeQC2HgZ-Q77ET967-f79I8Zy74AwcnKhKpDDwweY0qSIj4JWAsQE8WHn7oqwwJG8d9ib_4P6St4Qn7Mph_rruONZmfJTVi0aanzWo_I5EbmMpUdbXv_3v9NadNKMcEuzQsUJvmA2dO09hSls_e59JOESVNf3tOXp3EnpGVtv8pJZFAKIEs1Tj7Byae1taSyLtlZ-kLw2WzpFwjtDx-3Qdjui0ITql8pvGW49tlrNbeCQboe9C_M4FPJuKP0R0jo2lV1dOIiXlNCFCXUp2oHx__fybVFpGb8eLlEZN9xfObrrGrkLHFe8d7e_OfHLNMJ_Ka2qpwSPbn9AXvB3FAxpfrfSAsjbR59_6r6D7A2ASnpxcvqcLiHnmbkcWPJMICAV6EBGGLnw4pFjfaeBJV45jX5Ye30ws4VZmHfTGCyOqkjN4UpB2Pd5nRzEfRWA2iZ3e6zFC8twLAmtkKxGMGUZBa_o9p7XHeJGGc_brabsLIGusI7KfWDPR7wPSb9LjBMr_CxCw6iBMx4G5g0tpByyTUiqf3Sz0y4o6sV6G9K3ccFlI9HexghC4HHdm85lrRxL8Zv4MR8orB4sSznlf04sIwN9QTgY7ru0PsLc5Awv393eLjb9H93wARMTghQfKdn_71csr_ZMISdTMZB5RLdL1p7ram-sxemMJW_09zyaK1d5tR65-KrW9k-jCjwIoZ7sK2P1dlOGoZSA4WsO3szEcszLeraAyAiU73XMYsBguY8IawihWDMpFHt4OIYlQHGvmeukUYjMczqAS8M96SgTRNDBFiAln09AzU57nE_6ORZg9FdCX4ZCW4DGKEhEZzD&cid=CAASEuRopWpksQyJ5f8G_yc_wZhjuA&rfl=2%2Chttps%253A%252F%252Fsecurityaffairs.co%242%2Chttps%253A%252F%252Fsecurityaffairs.co%252F%240

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5f8e10bbeee75f4a9aca7f8f1a343c277f266045692091f79fd21b790cb9a212

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=50&slotname=Internal_320x50_0.10&adk=468307373&adf=1174745090&pi=t.ma~as.Internal_320x50_0.10&w=320&lmt=1639407119&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F125409%2Fmalware%2Fmoobot-botnet-hikvision.html&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639407119223&bpp=7&bdt=84&idt=101&shv=r20211207&mjsv=m202112060101&ptt=5&saldr=sa&cookie=ID%3D29f0cbdf7a8fad8f-2201eceb06cd00fa%3AT%3D1639407119%3ART%3D1639407119%3AS%3DALNI_MaGMixP8prSAyxDQ9t0TNYnfWrj5g&correlator=430915082853&frm=21&ife=1&pv=1&ga_vid=182916415.1639407118&ga_sid=1639407119&ga_hid=1980667300&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=896&biw=1600&bih=1200&isw=320&ish=50&ifk=3924086883&scr_x=0&scr_y=0&eid=31063858%2C31063866&oid=2&pvsid=4057988921220794&pem=700&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.9z5nqluhso2i&fsb=1&xpc=N2y8mezyIk&p=https%3A//securityaffairs.co&dtd=106
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 13 Dec 2021 14:51:59 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 31140
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame C3B5 11 KB
8 KB 94ms
50ms XHR
application/json 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20211207&st=env

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

164ee662cc53430214d9f1ab3c8135a1026c568649de2dea2a29d5fd16bff6f4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 13 Dec 2021 14:51:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8388
x-xss-protection: 0

GET
H/1.1 200 ptrack Show response
a.audrte.com/ Frame 5A3E 368 B
879 B 115ms
115ms XHR
text/plain 3.228.116.73
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://a.audrte.com/ptrack?arlocation=185.213.155.162&p=M1353665098&artime=2021-12-13T14:51:59.895Z&arlocation=YWRzLnVzLmUtcGxhbm5pbmcubmV0L3VzcGQvMT9jdD0xJmR1PWh0dHBzJTNBJTJGJTJGcHJlYmlkc2VydmVyLnBpeGZ1dHVyZS5jb20lM0E4MDAwJTJGc2V0dWlkJTNGYmlkZGVyJTNEZXBsYW5uaW5nJTI2Z2RwciUzRCUyNmdkcHJfY29uc2VudCUzRCUyNmYlM0RiJTI2dWlkJTNEJTI0VUlE&gdpr=0&gdpr_consent=null&gdpr_version=1&arreferer=c2VjdXJpdHlhZmZhaXJzLmNvLw==
Requested by: Host: a.audrte.com
URL: https://a.audrte.com/ptag?p=M1353665098
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.228.116.73 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-228-116-73.compute-1.amazonaws.com
Software: nginx/1.18.0 /
Resource Hash: 15d9da2cea018c2a9187c35a9982dd67faf17a0d415961a88c94b2b90e1f09ce

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.us.e-planning.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Mon, 13 Dec 2021 14:51:59 GMT
Content-Encoding: gzip
Server: nginx/1.18.0
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Methods: POST, GET, OPTIONS
Content-Type: text/plain;charset=UTF-8
Access-Control-Allow-Origin: https://ads.us.e-planning.net
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 262

GET
H/1.1

200
OK

setuid
prebidserver.pixfuture.com/
Redirect Chain

https://pixfuture-inv-nyc.admixer.net/adxcm.aspx?gdpr=&gdpr_consent=&us_privacy=&redir=1&rurl=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Dadmixeropenrtb%26gdpr%3D%26gdpr_con...
https://prebidserver.pixfuture.com:8000/setuid?bidder=admixeropenrtb&gdpr=&gdpr_consent=&f=i&uid=7e215b60286842349376b570ea57da0d

86 B
747 B

104ms
103ms

Image
image/png

157.245.94.128
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://prebidserver.pixfuture.com:8000/setuid?bidder=admixeropenrtb&gdpr=&gdpr_consent=&f=i&uid=7e215b60286842349376b570ea57da0d
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/125409/malware/moobot-botnet-hikvision.html
Protocol: HTTP/1.1
Server: 157.245.94.128 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: c2ecff291918a3caf0b7e470323e89f2a1f05b92e12a10649e598cacebe62acf

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 13 Dec 2021 14:52:00 GMT
Server: nginx/1.14.0 (Ubuntu)
Vary: Origin
Content-Type: image/png
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 86
Expires: 0

Redirect headers

Date: Mon, 13 Dec 2021 14:52:00 GMT
Server: nginx
Access-Control-Allow-Origin: *
P3p: CP="NID DSP ALL COR"
Location: https://prebidserver.pixfuture.com:8000/setuid?bidder=admixeropenrtb&gdpr=&gdpr_consent=&f=i&uid=7e215b60286842349376b570ea57da0d
Access-Control-Allow-Credentials: true
Connection: keep-alive
Keep-Alive: timeout=25
Content-Length: 0
X-Xss-Protection: 0

GET
H2 200 dpixel
cms.quantserve.com/ Frame FA01 35 B
365 B 18ms
10ms Image
image/gif 2620:116:800d:21:f916:5049:f87f:108e
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEH2aY4cMpQgyYu9_wLRGeI0&google_cver=1&google_push=AYg5qPKJRlTzNLTyH86EVUoXiHmjV2RJ8KuXqBD_Kwl6X_kcZhHUhX8oHIKFn99ROy0Wsu_GOTOyNpfC5Yzeq8l46smtwQb2NWrWfA

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:f916:5049:f87f:108e , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 13 Dec 2021 14:51:59 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
cache-control: private, no-cache, no-store, proxy-revalidate
content-type: image/gif
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame FA01
Redirect Chain

https://dsp.adfarm1.adition.com/cookie/?ssp=2&google_gid=CAESEBX1_-BAVI0wt_EPW7Aeg0c&google_cver=1&google_push=AYg5qPKywRWpmZqIA8B60S4s3pCyMbCPaTONdkMoEYDng3wPH8haxMoJ6zENTto7qNbOvG1LiWdOnWpwMOa0nR...
https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzA0MTE5OTk1NjY5MDcyOTExMg%3D%3D&google_push=AYg5qPKywRWpmZqIA8B60S4s3pCyMbCPaTONdkMoEYDng3wPH8haxMoJ6zENTto7qNbOvG1LiWdOnWpwMOa0nRtuHr...

170 B
188 B

48ms
48ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzA0MTE5OTk1NjY5MDcyOTExMg%3D%3D&google_push=AYg5qPKywRWpmZqIA8B60S4s3pCyMbCPaTONdkMoEYDng3wPH8haxMoJ6zENTto7qNbOvG1LiWdOnWpwMOa0nRtuHrWsDAqro-_BZg

Requested by

Protocol

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 13 Dec 2021 14:51:59 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzA0MTE5OTk1NjY5MDcyOTExMg%3D%3D&google_push=AYg5qPKywRWpmZqIA8B60S4s3pCyMbCPaTONdkMoEYDng3wPH8haxMoJ6zENTto7qNbOvG1LiWdOnWpwMOa0nRtuHrWsDAqro-_BZg
Date: Mon, 13 Dec 2021 14:51:59 GMT
Server: nginx
Connection: keep-alive
Transfer-Encoding: chunked
p3p: policyref="http://imagesrv.adition.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame FA01
Redirect Chain

https://tracking.m6r.eu/sync/adxRedirect?gdprFallback=true&google_gid=&google_gid=CAESEPaRYL4sK96l-ki26SYxMpw&google_cver=1&google_push=AYg5qPK5pAo2eLE_6syZYYCEmCwb3a6dn4KIlw_shrsVbeA3F0uDn3ATCOQoT...
https://tracking.m6r.eu/sync/adxRedirect?gdprFallback=true&google_gid=&google_gid=CAESEPaRYL4sK96l-ki26SYxMpw&google_cver=1&google_push=AYg5qPK5pAo2eLE_6syZYYCEmCwb3a6dn4KIlw_shrsVbeA3F0uDn3ATCOQoT...
https://cm.g.doubleclick.net/pixel?google_nid=m6r&google_ula=158217889&google_hm=cJLLszGq1ob5gbhX8s_iMg&google_push=AYg5qPK5pAo2eLE_6syZYYCEmCwb3a6dn4KIlw_shrsVbeA3F0uDn3ATCOQoTq-Qf9VNpZ2kyHrigxMZM...

170 B
188 B

52ms
51ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=m6r&google_ula=158217889&google_hm=cJLLszGq1ob5gbhX8s_iMg&google_push=AYg5qPK5pAo2eLE_6syZYYCEmCwb3a6dn4KIlw_shrsVbeA3F0uDn3ATCOQoTq-Qf9VNpZ2kyHrigxMZMCsF4X888qZ_uE9ysPlrtA

Requested by

Protocol

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 13 Dec 2021 14:52:00 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Mon, 13 Dec 2021 14:52:00 GMT
Server: nginx
Vary: Accept
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=m6r&google_ula=158217889&google_hm=cJLLszGq1ob5gbhX8s_iMg&google_push=AYg5qPK5pAo2eLE_6syZYYCEmCwb3a6dn4KIlw_shrsVbeA3F0uDn3ATCOQoTq-Qf9VNpZ2kyHrigxMZMCsF4X888qZ_uE9ysPlrtA
Connection: close
Content-Type: text/plain; charset=utf-8
Content-Length: 240

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame FA01
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=bWmIfJM2RayCmr2MkZLN3g%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

49ms
48ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=bWmIfJM2RayCmr2MkZLN3g%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPKsi7uou0y7VfLnEYB9IjJ-o5VP81xE62OqgKV6pV0W8LpRy7FXwawgm14ZTHxtNaKOwc5bgQgIS6XvERgR3lq8DQ_ZWjCZGA

Requested by

Protocol

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 13 Dec 2021 14:51:59 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=bWmIfJM2RayCmr2MkZLN3g%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPKsi7uou0y7VfLnEYB9IjJ-o5VP81xE62OqgKV6pV0W8LpRy7FXwawgm14ZTHxtNaKOwc5bgQgIS6XvERgR3lq8DQ_ZWjCZGA
date: Mon, 13 Dec 2021 14:51:58 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame FA01
Redirect Chain

https://sync.srv.stackadapt.com/sync?nid=154&google_gid=CAESEEXw4Qb8BJSD8_cn9O79i14&google_cver=1&google_push=AYg5qPKNFLtGeFj1F7hVi19i71iXS0Eop1c2m5ajOhgMS_Y-QuDAXjfgJwKFULmM7HuAPiTmxsYNqJz0RIDE4_i...
https://cm.g.doubleclick.net/pixel?google_nid=stackadapt_usd&google_hm=K9kruCFkQVduyzWEf6gP87nVm6I&google_push=AYg5qPKNFLtGeFj1F7hVi19i71iXS0Eop1c2m5ajOhgMS_Y-QuDAXjfgJwKFULmM7HuAPiTmxsYNqJz0RIDE4_...

170 B
188 B

49ms
49ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=stackadapt_usd&google_hm=K9kruCFkQVduyzWEf6gP87nVm6I&google_push=AYg5qPKNFLtGeFj1F7hVi19i71iXS0Eop1c2m5ajOhgMS_Y-QuDAXjfgJwKFULmM7HuAPiTmxsYNqJz0RIDE4_ipSyu1ugUo1OXt

Requested by

Protocol

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 13 Dec 2021 14:52:00 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=stackadapt_usd&google_hm=K9kruCFkQVduyzWEf6gP87nVm6I&google_push=AYg5qPKNFLtGeFj1F7hVi19i71iXS0Eop1c2m5ajOhgMS_Y-QuDAXjfgJwKFULmM7HuAPiTmxsYNqJz0RIDE4_ipSyu1ugUo1OXt
Date: Mon, 13 Dec 2021 14:51:59 GMT
Connection: keep-alive
Content-Length: 242
Content-Type: text/html; charset=utf-8

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame FA01
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEHt3q0YJNVqxTYCSXXfkUOE&google_cver=1&google_push=AYg5qPJUT83xyenRBT5XMe5WROyWgQ5nvj2LapnNSpHeLmxtimBIigF0Sne-xqOEILS65MfoHp4...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1g0U080RTUtMjItTDZNRg==&google_push=AYg5qPJUT83xyenRBT5XMe5WROyWgQ5nvj2LapnNSpHeLmxtimBIigF0Sne-xqOEILS65MfoHp4Cre_un7JmvlPpHNUombTmja-nGQ

170 B
188 B

48ms
48ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1g0U080RTUtMjItTDZNRg==&google_push=AYg5qPJUT83xyenRBT5XMe5WROyWgQ5nvj2LapnNSpHeLmxtimBIigF0Sne-xqOEILS65MfoHp4Cre_un7JmvlPpHNUombTmja-nGQ

Requested by

Protocol

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 13 Dec 2021 14:51:59 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1g0U080RTUtMjItTDZNRg==&google_push=AYg5qPJUT83xyenRBT5XMe5WROyWgQ5nvj2LapnNSpHeLmxtimBIigF0Sne-xqOEILS65MfoHp4Cre_un7JmvlPpHNUombTmja-nGQ
Cache-Control: no-cache,no-store,must-revalidate
Content-Type: text/html
content-length: 0
X-RPHost: 3bafef7aa4e37890defcd73f0a080481
Expires: 0

GET
H/1.1

200

1.gif
id5-sync.com/c/495/0/0/ Frame FA01
Redirect Chain

https://sync.inmobi.com/gob?google_gid=CAESEAZoeKdH-hTKTejVCokPM-A&google_cver=1&google_push=AYg5qPKKxLA3m1blqcpbZRmcUuX3X68Z3TfImk-YfcboW9g467YMYFGX7Zk1vWPZE9EALyFlJqSqhVl_Sry1zcAruejf7XRKaUepTVE
https://id5-sync.com/i/495/0.gif?callback=https%3A%2F%2Fsync.inmobi.com%2FgobRedirectFromId5%3Fid%3D%7BID5UID%7D%26gdpr_consent%3D%26gdpr%3D&gdpr_consent=&gdpr=
https://id5-sync.com/c/495/0/0/1.gif?gdpr=1&gdpr_consent=

43 B
1009 B

9ms
9ms

Image
image/gif

51.75.146.199
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://id5-sync.com/c/495/0/0/1.gif?gdpr=1&gdpr_consent=

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/125409/malware/moobot-botnet-hikvision.html

Protocol

HTTP/1.1

Server

51.75.146.199 , France, ASN16276 (OVH, FR),

Reverse DNS

p12.id5-sync.com

Software

Resource Hash

a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Mon, 13 Dec 2021 14:51:53 GMT
Transfer-Encoding: chunked
Content-Type: image/gif;charset=UTF-8
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
P3P: CP="CAO PSA OUR"

Redirect headers

Location: https://id5-sync.com/c/495/0/0/1.gif?gdpr=1&gdpr_consent=
Date: Mon, 13 Dec 2021 14:51:53 GMT
Transfer-Encoding: chunked
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
P3P: CP="CAO PSA OUR"

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame FA01 0
12 B 48ms
47ms Image
text/html 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13Kj4Mms2g4D39vOhXKomaIdI6uBN13FEnCxqN2awITuQCYWhOukDa7S3u5K8IfCcSdKXMamsA

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 14:51:59 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 1480
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
16 B

89ms
89ms

Document
text/html

2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Mon, 13 Dec 2021 14:52:00 GMT
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Mon, 13 Dec 2021 14:52:00 GMT
cache-control: private

Redirect headers

location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
cache-control: private
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Mon, 13 Dec 2021 14:52:00 GMT
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 1D46
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENaIhVBelTsSWf61r3bGTf8&google_cver=1

43 B
1018 B

21ms
20ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENaIhVBelTsSWf61r3bGTf8&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARi_6uioATAB&v=APEucNUfwNmNKdJVDOR1cE2ilLamcn_X50oQZ8oLD8gv-gN0NZRlDKTxjnUhfXpbgwp5u-KPkhkSQJRgtO83msQcf_Dj0Gm6Oekvxw-kiyetDR9370jw4k31cIrRR9dAJ8GmLQld1UsqbtclfOcj-n8iQnstKbM1ddw32177OQMxLF5vm8tdTyoKf003jQ1X0gQJQFjesS4tVk7x8mQkE8IxxWp1pXw-lQ
Protocol: HTTP/1.1
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 13 Dec 2021 14:52:00 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Mon, 13 Dec 2021 14:52:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 13 Dec 2021 14:51:59 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENaIhVBelTsSWf61r3bGTf8&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 1D46
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YbdeDr6Zg.VHPqDI.-eGlQAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENaIhVBelTsSWf61r3bGTf8&google_cver=1&google_hm=2

43 B
1 KB

20ms
20ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENaIhVBelTsSWf61r3bGTf8&google_cver=1&google_hm=2
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARi_6uioATAB&v=APEucNUfwNmNKdJVDOR1cE2ilLamcn_X50oQZ8oLD8gv-gN0NZRlDKTxjnUhfXpbgwp5u-KPkhkSQJRgtO83msQcf_Dj0Gm6Oekvxw-kiyetDR9370jw4k31cIrRR9dAJ8GmLQld1UsqbtclfOcj-n8iQnstKbM1ddw32177OQMxLF5vm8tdTyoKf003jQ1X0gQJQFjesS4tVk7x8mQkE8IxxWp1pXw-lQ
Protocol: HTTP/1.1
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 13 Dec 2021 14:52:00 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Mon, 13 Dec 2021 14:52:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 13 Dec 2021 14:51:59 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENaIhVBelTsSWf61r3bGTf8&google_cver=1&google_hm=2
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame 1D46
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESECelUDk-EL8H9V0RTpZOx88&google_cver=1

43 B
1008 B

17ms
16ms

Image
image/gif

185.33.221.87
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESECelUDk-EL8H9V0RTpZOx88&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARi_6uioATAB&v=APEucNUfwNmNKdJVDOR1cE2ilLamcn_X50oQZ8oLD8gv-gN0NZRlDKTxjnUhfXpbgwp5u-KPkhkSQJRgtO83msQcf_Dj0Gm6Oekvxw-kiyetDR9370jw4k31cIrRR9dAJ8GmLQld1UsqbtclfOcj-n8iQnstKbM1ddw32177OQMxLF5vm8tdTyoKf003jQ1X0gQJQFjesS4tVk7x8mQkE8IxxWp1pXw-lQ

Protocol

HTTP/1.1

Server

185.33.221.87 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

723.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 13 Dec 2021 14:52:00 GMT
X-Proxy-Origin: 185.213.155.162; 185.213.155.162; 723.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 50fdec9a-9317-4f53-a117-e1b395f9a4a2
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 13 Dec 2021 14:51:59 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ib.adnxs.com/setuid?entity=101&code=CAESECelUDk-EL8H9V0RTpZOx88&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 1D46
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODg3Nzc1MTcyMDA2NDc1MDk1OA%3D%3D

170 B
188 B

56ms
56ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODg3Nzc1MTcyMDA2NDc1MDk1OA%3D%3D

Requested by

Protocol

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 13 Dec 2021 14:51:59 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Mon, 13 Dec 2021 14:51:59 GMT
X-Proxy-Origin: 185.213.155.162; 185.213.155.162; 723.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: ed705566-c5ed-4315-85d2-70ec799a0b47
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODg3Nzc1MTcyMDA2NDc1MDk1OA%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 html_inpage_rendering_lib_200_275.js Show response
s0.2mdn.net/879366/ Frame A7A3 169 KB
59 KB 130ms
42ms Script
text/javascript 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_275.js

Requested by

Host: t.co
URL: https://t.co/MBE9JJENv7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e30f3479d6ce52ce1c83c50e5568a4a7c1080c3214b23aacbc9d21efdd52f95a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Origin: https://googleads.g.doubleclick.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Sun, 12 Dec 2021 15:45:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 83172
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 60173
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:44:51 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 13 Dec 2021 15:45:48 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20211207/r20110914/elements/html/ Frame A7A3 8 KB
3 KB 52ms
49ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20211207/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AVvcEQRGC_ZvdAu9a0DLiPRpE82RrLg7NfQyoki3uzmsApXssGfsuTDbB1_QCtKhlbmkJPnrEKVgTmyQrpq_QUve4hAG8f6Xkvp8lTiGxsy2ySOloABOLkpiH3a0KYaoH0-MKbhlGkEpWrL_wM3-gBw0GqjA&dbm_d=AKAmf-DR2yMqYjpSFyse8dNQwv1ycrTFMiSBcpWCaSqx6dwtEKTv6axV5hzonVG7uD_2ttKlb3x-aZ4Q0LdLjW3vkUXlP8yeWJpxYFg-B9DYBwkAb9HuQ_orzf5byROZ-9xnjX2TBHM2ZyvHKT5-CtMekNMw8oAGs8zzU09oZr0qDvJ36Xd7lLrN7OS8jGFB42fH61pJIMPUfNc5vd9WANBjSZ7Rnc1n7W7PZr7JZZhVzN6qzg-S6lSrvgs8EUwLUUuG905GDo1WXsb7rckP3VX_369dJgLGaRmxYuDn6QCI3dcS4GPLQ-rPHcIcYQaBGuCY3FVfXC4n8f3quH_Uln9_FCQdUXnu-7zDG_fflMWiu-4HArvVIXw2m9bNcJp8UUdA72X3goZSTN4iLqSnEI14wgvKWu7Z5wKJ8STzpos3ra_7ZjO9h2GZmJAHXC3fzE078SQyILKt-vSBr1SWHG65POAwMhQutnV9kp3xlCtqgad6PnJ_YX4lQsccO69xDmGKEYXmDGWCsfe6SiUNCuOBzr8shADmvYtRjuf7ZEynouPjZxOGV6IQkwRqzFYEtbrb4YFaLO0nLq_ofU3fE0xXpeYtWVxYl5CAX-5doI_is6QgKk8b5wECepuRsxqlhCVtYdFpPnAGV3iUnIpmkEWNgCUIDxgEsnSNtfcGxn-wrYrhOQuJbB0nfLui2yfNVlDWK04t_i1VTu9hEK5EygFNZXgs58WcJhL24W54iFt_1BE96eQFYQBv7MJZ6ioMzmMvCtPBg5TgaktLz5AC2RHhqv0cwOKJwLPhsfySJFbGYN35eyJEdZPe9nCC5VCigofqPcov8JEpG2LzlmBqMNq0LwBam1VNzMOUqILjhrhCO3HaIaYzJ6ZosFxzkD2DUUg4OLBq1owW0blbJMAUwYnVYwYwANQ5Hu2I73WhHqVoJIA_V1eVmTzOOKszyCeGqQ591494deOrW71FDbxlVAWMsTt25wW7BDgV9MaaMpeMlmKONsQl6VHKDUtzCu7oNh04i_zq1cjV1A8YIdbdoP46njZM0tWs6iU0Y7HLJ9wdt8oxExMVhsSl1IQB4ASiewDG4luv3Y1SeFlNceALXeltoP2R2eFUTU-yK00X2C76RVz09mljdOupgCXBbgMDOmfXMOPy_afluhirabtNYogVEyjE01zN8xRW_3s345ehOmeHpQybzmIUY9fG1MH0SmqO5w1wbhAGQ7UljriCzhvDWx8uRfUF5UiZaZ_vOoBm26mOMVVr7RZSV71axmMSU-Nu46urBysMgR2c7rxizCSWiz-fmF_t1cjAxuTuV1mSaO_gZAWxnmbsgN_1DnsxHQ4goIdIdeD4OP5PEs_Roowvv9_g56YldxhqcKgleUJs2fvDBEhMxOBH0yXv8Y_T7q5jlbaa3QcFeraWVShxuVLskJoidFyxnzd7tmy8smxQVvEKWIiiYDvcNFCcuCW_qBwU2Fd1Jy6z6UrZuar5sRs9z8bN34o72QwcV2oYs7C_jSZnZzzriPTQ6XtNoAleT8sh8NlfwAr9X0B-ehlujNmT9ys1IEVT_LrjRCFePzSTLLJutgNga2CyGYICAQNeK8z46VcLPXzdekgtCXQw_ZDc1DQX1c5ZrtBdNTSW6l62myG1TNOjcIDn2WxhzxsLaZBTUjUVjTr261ZS24a-8LFMbiaXvO8hfWlfieu1mrUwbR7KgvuXmRSw7ZPy5jMX3L5vpq4mAOtcsSc9c05XmMQUHAMEwjGjIZHTO2nbhsVukDCzp6kNj6aP685gEG5WuievMnZMRri_Q39niQ1fDIGysJpprvPwlUXtS92tnuhtdD1fVJNPCRonmG1yOX8YAH-3BSWaLbPqPOx0R6-R3SjZx3bo1z1jcZ1hIfCb-i9U_1y_ekIrkFawcOvE49Ttso7N_zJG9EYwSvOh11dlc_ZzIpt9wF91V_4Qr56kaMBRdpe53dHp6G9gLESwU9pmoPcl6j__q9WIbUZjCy8GwPEvUInMBxNMQRV2xpvHPK5j2os_HoYSzxLMVBB3cKFcz_EJLZkSOTbz4foF691iQNPcX-kVRvYxZIWP97xiwa-_b74i1V5re4ui-wByaAd2X-PTeQ7YAisfpbnpVE7oGrXlMzEVmBn9gWD4sGjHEN-1yVEnAqERHU_MzRTclhePC3rHDSrPvcSLp1jScNTT3kWnGh4Jj8zO60f-RSd2MHqoT6t_S0Zb3LhsidyEZW0-kQdlsBvPKhtJZeQC2HgZ-Q77ET967-f79I8Zy74AwcnKhKpDDwweY0qSIj4JWAsQE8WHn7oqwwJG8d9ib_4P6St4Qn7Mph_rruONZmfJTVi0aanzWo_I5EbmMpUdbXv_3v9NadNKMcEuzQsUJvmA2dO09hSls_e59JOESVNf3tOXp3EnpGVtv8pJZFAKIEs1Tj7Byae1taSyLtlZ-kLw2WzpFwjtDx-3Qdjui0ITql8pvGW49tlrNbeCQboe9C_M4FPJuKP0R0jo2lV1dOIiXlNCFCXUp2oHx__fybVFpGb8eLlEZN9xfObrrGrkLHFe8d7e_OfHLNMJ_Ka2qpwSPbn9AXvB3FAxpfrfSAsjbR59_6r6D7A2ASnpxcvqcLiHnmbkcWPJMICAV6EBGGLnw4pFjfaeBJV45jX5Ye30ws4VZmHfTGCyOqkjN4UpB2Pd5nRzEfRWA2iZ3e6zFC8twLAmtkKxGMGUZBa_o9p7XHeJGGc_brabsLIGusI7KfWDPR7wPSb9LjBMr_CxCw6iBMx4G5g0tpByyTUiqf3Sz0y4o6sV6G9K3ccFlI9HexghC4HHdm85lrRxL8Zv4MR8orB4sSznlf04sIwN9QTgY7ru0PsLc5Awv393eLjb9H93wARMTghQfKdn_71csr_ZMISdTMZB5RLdL1p7ram-sxemMJW_09zyaK1d5tR65-KrW9k-jCjwIoZ7sK2P1dlOGoZSA4WsO3szEcszLeraAyAiU73XMYsBguY8IawihWDMpFHt4OIYlQHGvmeukUYjMczqAS8M96SgTRNDBFiAln09AzU57nE_6ORZg9FdCX4ZCW4DGKEhEZzD&cid=CAASEuRopWpksQyJ5f8G_yc_wZhjuA&rfl=2%2Chttps%253A%252F%252Fsecurityaffairs.co%242%2Chttps%253A%252F%252Fsecurityaffairs.co%252F%240

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9db8a678d1681c1c4a3f15e1769c3f54d96f126db4a7b00cea65127c820a7763

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 14:51:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 17
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3140
x-xss-protection: 0
server: cafe
etag: 17163059639670574047
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 27 Dec 2021 14:51:43 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20211207/r20110914/ Frame A7A3 24 KB
9 KB 49ms
47ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20211207/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a1b000b433199bfd60632e61b74bb2c4abd074dce072784e7acd55b1e4158cee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 14:47:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 278
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9516
x-xss-protection: 0
server: cafe
etag: 14328493792227503680
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 27 Dec 2021 14:47:22 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame C3B5 17 KB
6 KB 76ms
75ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 14:52:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
expires: Mon, 13 Dec 2021 14:52:00 GMT

GET
H/1.1

200
OK

match
ps.eyeota.net/ Frame 5A3E
Redirect Chain

https://dmp.adform.net/serving/cookie/match/?party=1003&gdpr=0&gdpr_consent=
https://a.audrte.com/a?adform_uid=686955697831082021
https://cm.g.doubleclick.net/pixel?google_nid=ar101281&google_cm&red=eyJ1IjoiaHR0cHM6Ly9hLmF1ZHJ0ZS5jb206NDQzL3AiLCJkIjpbeyJuYW1lIjoiZXllb3RhIn1dfQ%3D%3D&gdpr=0&gdpr_consent=
https://a.audrte.com/g?red=eyJ1IjoiaHR0cHM6Ly9hLmF1ZHJ0ZS5jb206NDQzL3AiLCJkIjpbeyJuYW1lIjoiZXllb3RhIn1dfQ%3D%3D&gdpr=0&gdpr_consent=&google_gid=CAESEFUsCklILvDj4eQX0EPGVH8&google_cver=1
https://ps.eyeota.net/match?bid=kh51m51&uid=c2hPhaoFXkyQbG-mHz7ZBzgWQ&gdpr=0&gdpr_consent=

0
344 B

34ms
33ms

Image
text/plain

52.57.150.20
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ps.eyeota.net/match?bid=kh51m51&uid=c2hPhaoFXkyQbG-mHz7ZBzgWQ&gdpr=0&gdpr_consent=
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/125409/malware/moobot-botnet-hikvision.html
Protocol: HTTP/1.1
Server: 52.57.150.20 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-57-150-20.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.us.e-planning.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Mon, 13 Dec 2021 14:52:00 GMT
Content-Length: 0
P3P: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR SAMo BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR", policyref="http://ps.eyeota.net/w3c/p3p.xml"

Redirect headers

Date: Mon, 13 Dec 2021 14:52:00 GMT
Server: nginx/1.18.0
Access-Control-Allow-Origin: *
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Methods: POST, GET, OPTIONS
Location: https://ps.eyeota.net/match?bid=kh51m51&uid=c2hPhaoFXkyQbG-mHz7ZBzgWQ&gdpr=0&gdpr_consent=
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 0

GET
H/1.1 200
OK pixel
ps.eyeota.net/ Frame 5A3E 1 KB
1 KB 49ms
8ms Image
text/plain 52.57.150.20
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ps.eyeota.net/pixel?pid=kh51m51&t=ajs&uid=c2hPhaoFXkyQbG-mHz7ZBzgWQ&gdpr=0&gdpr_consent=
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/125409/malware/moobot-botnet-hikvision.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.57.150.20 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-57-150-20.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.us.e-planning.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Mon, 13 Dec 2021 14:52:00 GMT
Content-Length: 1241
P3P: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR SAMo BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR", policyref="http://ps.eyeota.net/w3c/p3p.xml"

GET
H/1.1

200

p
a.audrte.com/ Frame 5A3E
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=ar101281&google_cm&red=eyJ1IjoiaHR0cHM6Ly9hLmF1ZHJ0ZS5jb206NDQzL3AiLCJkIjpbXX0%3D&ar_id=c2hPhaoFXkyQbG-mHz7ZBzgWQ&gdpr=0&gdpr_consent=
https://a.audrte.com/g?red=eyJ1IjoiaHR0cHM6Ly9hLmF1ZHJ0ZS5jb206NDQzL3AiLCJkIjpbXX0%3D&ar_id=c2hPhaoFXkyQbG-mHz7ZBzgWQ&gdpr=0&gdpr_consent=&google_gid=CAESEFUsCklILvDj4eQX0EPGVH8&google_cver=1
https://a.audrte.com/p

68 B
617 B

102ms
102ms

Image
image/png

3.228.116.73
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://a.audrte.com/p
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/125409/malware/moobot-botnet-hikvision.html
Protocol: HTTP/1.1
Server: 3.228.116.73 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-228-116-73.compute-1.amazonaws.com
Software: nginx/1.18.0 /
Resource Hash: 2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.us.e-planning.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Mon, 13 Dec 2021 14:52:00 GMT
Server: nginx/1.18.0
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Methods: POST, GET, OPTIONS
Content-Type: image/png
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 68

Redirect headers

Date: Mon, 13 Dec 2021 14:52:00 GMT
Server: nginx/1.18.0
Access-Control-Allow-Origin: *
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Methods: POST, GET, OPTIONS
Location: https://a.audrte.com:443/p
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 0

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame A7A3 41 KB
15 KB 44ms
43ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Sun, 12 Dec 2021 23:38:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 54822
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 12 Dec 2022 23:38:18 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 7C49 1 KB
749 B 43ms
42ms Document
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Mon, 13 Dec 2021 13:26:12 GMT
expires: Tue, 14 Dec 2021 13:26:12 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
age: 5148
cache-control: public, max-age=86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame A7A3 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9f77f8ef7689073738785568e658a01838e979fa60e7c6874cc91f7279cd95a8

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 6F1F 13 KB
5 KB 43ms
42ms Document
text/html 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5046
date: Mon, 13 Dec 2021 14:39:47 GMT
expires: Tue, 13 Dec 2022 14:39:47 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 733
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame FC08 783 B
533 B 47ms
46ms Document
text/html 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

4f3c7931a5cffd675d3e3e5619e93b5ae79170492bc2f7551e1280167942f09e

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-AjAn1APNdmmsy4+QEGrdQw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Mon, 13 Dec 2021 14:52:00 GMT
date: Mon, 13 Dec 2021 14:52:00 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-AjAn1APNdmmsy4+QEGrdQw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 511
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame D1E1 22 KB
8 KB 43ms
42ms Document
text/html 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
timing-allow-origin: *
content-length: 8395
date: Sun, 12 Dec 2021 23:38:39 GMT
expires: Mon, 12 Dec 2022 23:38:39 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 54801
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 7C49
Redirect Chain

https://um.simpli.fi/gp_match?google_gid=CAESEIa0u0wTgOsj0aW5P2rILlg&google_cver=1&google_push=AYg5qPIm85TgIJ7sVrwXt5YgkuJzRifj49Hx6B5d-h2tUoHJNxxe7rsbk4WQKhCuWdAgSHj2trZad_yf3YndPawXBsZL8zemtw
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=DFF88AA1811B4641851BEAA2ED49BFE9&google_push=AYg5qPIm85TgIJ7sVrwXt5YgkuJzRifj49Hx6B5d-h2tUoHJNxxe7rsbk4WQKhCuWdAgSHj2trZad_yf3YndPaw...

170 B
188 B

50ms
49ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=DFF88AA1811B4641851BEAA2ED49BFE9&google_push=AYg5qPIm85TgIJ7sVrwXt5YgkuJzRifj49Hx6B5d-h2tUoHJNxxe7rsbk4WQKhCuWdAgSHj2trZad_yf3YndPawXBsZL8zemtw

Requested by

Protocol

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 13 Dec 2021 14:52:00 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Mon, 13 Dec 2021 14:52:00 GMT
x-content-type-options: nosniff
server: nginx
location: https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=DFF88AA1811B4641851BEAA2ED49BFE9&google_push=AYg5qPIm85TgIJ7sVrwXt5YgkuJzRifj49Hx6B5d-h2tUoHJNxxe7rsbk4WQKhCuWdAgSHj2trZad_yf3YndPawXBsZL8zemtw
strict-transport-security: max-age=63072000; includeSubdomains; preload
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 138
expires: Sun, 12 Dec 2021 14:52:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 7C49
Redirect Chain

https://px.ads.linkedin.com/setuid?partner=googleadxdb&google_gid=CAESEEbDOjsaM9IVe6Audfx02vk&google_cver=1&google_push=AYg5qPK5-39IHsipK9Lfys44soV7xpXuWk2_2VWIwqR_2Yzagfg1-j0cc4S1LFTeSr5ooEFfGfAEO...
https://cm.g.doubleclick.net/pixel?google_nid=linkedin&google_push=AYg5qPK5-39IHsipK9Lfys44soV7xpXuWk2_2VWIwqR_2Yzagfg1-j0cc4S1LFTeSr5ooEFfGfAEOUMuKbHDnuadqMzTMEs5eaE

170 B
188 B

52ms
51ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=linkedin&google_push=AYg5qPK5-39IHsipK9Lfys44soV7xpXuWk2_2VWIwqR_2Yzagfg1-j0cc4S1LFTeSr5ooEFfGfAEOUMuKbHDnuadqMzTMEs5eaE

Requested by

Protocol

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 13 Dec 2021 14:52:00 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Mon, 13 Dec 2021 14:51:59 GMT
x-li-pop: afd-prod-lva1-x
x-msedge-ref: Ref A: E6A3BBAA225E4EF79F5E21BE083B2AD3 Ref B: VIEEDGE2521 Ref C: 2021-12-13T14:52:00Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-lva1
location: https://cm.g.doubleclick.net/pixel?google_nid=linkedin&google_push=AYg5qPK5-39IHsipK9Lfys44soV7xpXuWk2_2VWIwqR_2Yzagfg1-j0cc4S1LFTeSr5ooEFfGfAEOUMuKbHDnuadqMzTMEs5eaE
x-li-proto: http/2
content-length: 0
x-li-uuid: AAXTCDcLk2GnYC7ukbuv+g==

GET
H2 204 AdxPixel
tr.blismedia.com/v1/api/sync/ Frame 7C49 0
141 B 69ms
23ms Image
text/plain 34.96.105.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tr.blismedia.com/v1/api/sync/AdxPixel?google_gid=CAESEGtdfD7wqwyQCtYOuVCBTG4&google_cver=1&google_push=AYg5qPLQGoUdaIRFa0bXMa7uN3fnfNJbglII2SHzhA50sqW-QdNIF7Qz3LFB7JIaUB97be1zrkoAFHfNINr2djFkXM6HLIkHDJI
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=50&slotname=Internal_320x50_0.10&adk=468307373&adf=1174745090&pi=t.ma~as.Internal_320x50_0.10&w=320&lmt=1639407119&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F125409%2Fmalware%2Fmoobot-botnet-hikvision.html&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639407119223&bpp=7&bdt=84&idt=101&shv=r20211207&mjsv=m202112060101&ptt=5&saldr=sa&cookie=ID%3D29f0cbdf7a8fad8f-2201eceb06cd00fa%3AT%3D1639407119%3ART%3D1639407119%3AS%3DALNI_MaGMixP8prSAyxDQ9t0TNYnfWrj5g&correlator=430915082853&frm=21&ife=1&pv=1&ga_vid=182916415.1639407118&ga_sid=1639407119&ga_hid=1980667300&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=896&biw=1600&bih=1200&isw=320&ish=50&ifk=3924086883&scr_x=0&scr_y=0&eid=31063858%2C31063866&oid=2&pvsid=4057988921220794&pem=700&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.9z5nqluhso2i&fsb=1&xpc=N2y8mezyIk&p=https%3A//securityaffairs.co&dtd=106
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.96.105.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.105.96.34.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 14:52:00 GMT
via: 1.1 google
alt-svc: clear

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 7C49
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=bWmIfJM2RayCmr2MkZLN3g%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

50ms
49ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=bWmIfJM2RayCmr2MkZLN3g%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPKSaAMP7acpEcRlSJOdF8O6wtt5NFX_jzDM0d8D4WbU7lN_6YkWCu-lnmrxCo9bUdbRlyp-k4qE1j8cE_HxOMSGLBWQQyU

Requested by

Protocol

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 13 Dec 2021 14:52:00 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=bWmIfJM2RayCmr2MkZLN3g%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPKSaAMP7acpEcRlSJOdF8O6wtt5NFX_jzDM0d8D4WbU7lN_6YkWCu-lnmrxCo9bUdbRlyp-k4qE1j8cE_HxOMSGLBWQQyU
date: Mon, 13 Dec 2021 14:52:00 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 7C49
Redirect Chain

https://sync.srv.stackadapt.com/sync?nid=154&google_gid=CAESENDzbUD4s6-_-Y7jBD12KH8&google_cver=1&google_push=AYg5qPKR4yIqvh6QsN8zCKOtTtmEK4P49JHDfX1T8vFlTeX5zId7SXf2lzOOJynfXr4snKWf0etGquI7zX5kSBR...
https://cm.g.doubleclick.net/pixel?google_nid=stackadapt_usd&google_hm=K9kruCFkQVduyzWEf6gP87nVm6I&google_push=AYg5qPKR4yIqvh6QsN8zCKOtTtmEK4P49JHDfX1T8vFlTeX5zId7SXf2lzOOJynfXr4snKWf0etGquI7zX5kSB...

170 B
188 B

49ms
48ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=stackadapt_usd&google_hm=K9kruCFkQVduyzWEf6gP87nVm6I&google_push=AYg5qPKR4yIqvh6QsN8zCKOtTtmEK4P49JHDfX1T8vFlTeX5zId7SXf2lzOOJynfXr4snKWf0etGquI7zX5kSBRyOu9YE0EGeXc

Requested by

Protocol

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 13 Dec 2021 14:52:00 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=stackadapt_usd&google_hm=K9kruCFkQVduyzWEf6gP87nVm6I&google_push=AYg5qPKR4yIqvh6QsN8zCKOtTtmEK4P49JHDfX1T8vFlTeX5zId7SXf2lzOOJynfXr4snKWf0etGquI7zX5kSBRyOu9YE0EGeXc
Date: Mon, 13 Dec 2021 14:52:00 GMT
Connection: keep-alive
Content-Length: 241
Content-Type: text/html; charset=utf-8

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 7C49
Redirect Chain

https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEFth3YF3lohK6gcMpyNUKrI&google_cver=1&google_push=AYg5qPLXUI6Na8fCr8-xhk9CBku51ULp4Gf45yfRR-wehivxMltkZIf6XmJX97uHTz_i_qofv2eB_AVg1wg-yKX6j...
https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEFth3YF3lohK6gcMpyNUKrI&google_cver=1&google_push=AYg5qPLXUI6Na8fCr8-xhk9CBku51ULp4Gf45yfRR-wehivxMltkZIf6XmJX97uHTz_i_qofv2eB_AVg1wg-yKX6j...
https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AYg5qPLXUI6Na8fCr8-xhk9CBku51ULp4Gf45yfRR-wehivxMltkZIf6XmJX97uHTz_i_qofv2eB_AVg1wg-yKX6jawx7tiaNwE&google_hm=91ea6ffaf83d7a3368eb33d4

170 B
188 B

49ms
49ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AYg5qPLXUI6Na8fCr8-xhk9CBku51ULp4Gf45yfRR-wehivxMltkZIf6XmJX97uHTz_i_qofv2eB_AVg1wg-yKX6jawx7tiaNwE&google_hm=91ea6ffaf83d7a3368eb33d4

Requested by

Protocol

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 13 Dec 2021 14:52:00 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Mon, 13 Dec 2021 14:52:00 GMT
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Location: https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AYg5qPLXUI6Na8fCr8-xhk9CBku51ULp4Gf45yfRR-wehivxMltkZIf6XmJX97uHTz_i_qofv2eB_AVg1wg-yKX6jawx7tiaNwE&google_hm=91ea6ffaf83d7a3368eb33d4
Access-Control-Allow-Credentials: true
Connection: close
X-Sovrn-Pod: ad_ap6ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 7C49
Redirect Chain

https://s.ad.smaato.net/c/n///-?adNetInit=g&google_gid=CAESEPFjGKfP9qoeIBu44sXuBDw&google_cver=1&google_push=AYg5qPJHlfZl_cUw7VdU0tY2tEyZQ7_X9u1Bk5X01i5texaJI27bqbrgEZnktO6GN_Am9POmWoLxJDudCiQo7-En...
https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=AYg5qPJHlfZl_cUw7VdU0tY2tEyZQ7_X9u1Bk5X01i5texaJI27bqbrgEZnktO6GN_Am9POmWoLxJDudCiQo7-EnpUGyGGNNpQ

170 B
188 B

50ms
50ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=AYg5qPJHlfZl_cUw7VdU0tY2tEyZQ7_X9u1Bk5X01i5texaJI27bqbrgEZnktO6GN_Am9POmWoLxJDudCiQo7-EnpUGyGGNNpQ

Requested by

Protocol

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 13 Dec 2021 14:52:00 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Mon, 13 Dec 2021 14:52:00 GMT
via: 1.1 7d3c59ee1b45f72158a8cbce053c8978.cloudfront.net (CloudFront)
server: CloudFront
x-amz-cf-pop: FRA56-C2
x-cache: FunctionGeneratedResponse from cloudfront
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=AYg5qPJHlfZl_cUw7VdU0tY2tEyZQ7_X9u1Bk5X01i5texaJI27bqbrgEZnktO6GN_Am9POmWoLxJDudCiQo7-EnpUGyGGNNpQ
cache-control: no-cache, must-revalidate
content-length: 0
x-amz-cf-id: UrfBk7qx_1Htu67xahVuC41IG11PtgCfXmkhRioDHYYuoIH5K66CWg==

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 7C49 0
12 B 52ms
49ms Image
text/html 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13JJL1768O8rw_rbAfL5MPLCnTLnMYhAwYi_ENKs5S_qPJ2LNMVG5vOCyICrWTyBMbyPUCmg

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 14:52:00 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame E6A2 11 KB
8 KB 49ms
49ms XHR
application/json 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20211207&st=env

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c3ecc4e4c47ed04d75d8ac936d99ff03d082fa3b29f58ae025105daee6f6f4f7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 13 Dec 2021 14:52:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8457
x-xss-protection: 0

GET
H3 200 EnZy1JEvhtfL3qsMHM2VNqoz8zWnsWCdOjk5wdd4Ig4.js Show response
pagead2.googlesyndication.com/bg/ Frame DA28 35 KB
13 KB 38ms
37ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/EnZy1JEvhtfL3qsMHM2VNqoz8zWnsWCdOjk5wdd4Ig4.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127672d4912f86d7cbdeab0c1ccd9536aa33f335a7b1609d3a3939c1d778220e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 12:29:54 GMT
content-encoding: br
x-content-type-options: nosniff
age: 8526
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13555
x-xss-protection: 0
last-modified: Mon, 06 Dec 2021 19:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 13 Dec 2022 12:29:54 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame FC08 0
0 86ms
85ms Image
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20211207&jk=3563385897914018&rc=
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/125409/malware/moobot-botnet-hikvision.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

GET
H3 200 320x050.html Show response
s0.2mdn.net/sadbundle/153662122784456704/ Frame 2589 47 KB
11 KB 93ms
46ms Document
text/html 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/153662122784456704/320x050.html?e=69&leftOffset=0&topOffset=0&c=9Fx83NJjeA&t=1&renderingType=2

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_275.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e8086d37ec7e070f099e680b743e6d6f0d7c261294e8a48383a754faca44de8a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-type: text/html
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
timing-allow-origin: *
date: Mon, 13 Dec 2021 14:52:00 GMT
expires: Tue, 13 Dec 2022 14:52:00 GMT
cache-control: public, max-age=31536000
last-modified: Fri, 24 Sep 2021 03:34:50 GMT
x-content-type-options: nosniff
x-dns-prefetch-control: off
content-encoding: gzip
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame A7A3 0
571 B 185ms
83ms Ping
image/gif 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssk4V6KJQoS6i4oIQZR-4OGiE5E9HSSTNK3AKFnisEWRGXSqaTFwlYuY0zvvwKeZZja3mLyS70MlX7BbHQKCengHi7QiUiFGAXdI9vyds1zsalnU3jxTVmHUTV-eQ4O17NnJL_b8HerSsJE10LF13VcZMUdWlToj7o6gh5wsCHMkMeDSnwvkgfqYa6C0YvesN2uJb5WwZnfcn8hXZQTbQQhJPMKx3VfBFKd9F4cr0MSS05Wbg9kTXTJGfWH6eg7SDIzaxL9fenIbdj1ic0G0BEIjgZsFIpjW1cC79gIuIMTIDxRLli99yF2PWeeZqQ51fEfM1_udKWYjuJ2deRnfPQEyxWEG2ZVuVl1wfeEbMcdO_YCC2dO0LzD-0zzW_a_YoysfcTNiCwE-WvOI6JC31OoSP63jVd3yOsWz-5Do7wNrgIf6ib-Yhu8vqYK27YdE5WHKzmLzubP2Keghh8CBq0QBUupN7C9mX3sJ2btVyt8zTl6wwE9rlpO_JSNKJKlw0aFxkPUrw3BNyNX4NdWUAm-SzE7EgBeaRDulYpa-LSbGq_qxzSa3d4-YAiyqXw7SKqu3OWlxJH37D_eBXaf1ZkRnBagNiAkfuuqVblPW4LPgIQJN3sY-lCRBtr8plVGYlaoVPdDsjeYU58jb8FAFA-pDAN8HC1O32ahZHcaM_BEA97R2ybnEricDkZC7NeYtwN6jUH5qrU3jLHtVgSva9CTEI1Du_Sg4zXVTi9-Bx48XTV_6IX5c4b6WuRd1WJY2W08-F7XsuyOsWTDxJtysoeTOCsKG4vZReh_sbQMf-tkRiEFXocDLA3i9x7h_xjp9YJOQHLPcpqf5DsTALuJjv0-0XfHU0Of3ZKlZRGuaPoaijZ10a5hBnNpsaBGeue-Oz0UZOWu0QKghalZfHc4zYu1Ej0jDTAi4Kqzi6sy1Q9ntL36_anFOW15rDBVJQjByNlvV3ZbHbxAwp9--9G5od9Fv8GSpjAasVxG9pDIqQa4y7m_38eehG1A6NCH1DYU0JvIY0cw5IG8Tt6biFbnp6-PmMQH3jZlXhRKxhReyABriynj0ClnnwJ4uo02lAMneHoK8osXnHcNSazfigBpnm7D64Xb48fPT7s62s5RpvhAxRHgcaAbF1Nh6pIY2gRR-OgjOS6l21mQCA4klZFXwIhvosol9qCVKxwFJs0KOSMWTsCGsfu-RtlbZ4KnmSU&sai=AMfl-YSUYR7kMIABcXNZ3UGEcwTl-hz5i8VHIAZiA4s9TbIHoe7pw8YNoHgu_uFEzIEt02qPi9OH9zXNrYkIooxxmX1UVa5EHbZiibqEyDHux1JW68jWg45LoFJBT305PAAgl0zHRzQ0F9E5smD2_kHejTHIRytdhg&sig=Cg0ArKJSzN1TLPXuRbTaEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=211&cbvp=1&cstd=205&cisv=r20211207.55619&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&adurl=

Requested by

Host: t.co
URL: https://t.co/MBE9JJENv7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
date: Mon, 13 Dec 2021 14:52:00 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 EnZy1JEvhtfL3qsMHM2VNqoz8zWnsWCdOjk5wdd4Ig4.js Show response
pagead2.googlesyndication.com/bg/ Frame 6F1F 35 KB
13 KB 38ms
37ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/EnZy1JEvhtfL3qsMHM2VNqoz8zWnsWCdOjk5wdd4Ig4.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127672d4912f86d7cbdeab0c1ccd9536aa33f335a7b1609d3a3939c1d778220e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 12:29:54 GMT
content-encoding: br
x-content-type-options: nosniff
age: 8526
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13555
x-xss-protection: 0
last-modified: Mon, 06 Dec 2021 19:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 13 Dec 2022 12:29:54 GMT

GET
H3 200 EnZy1JEvhtfL3qsMHM2VNqoz8zWnsWCdOjk5wdd4Ig4.js Show response
pagead2.googlesyndication.com/bg/ Frame D1E1 35 KB
13 KB 37ms
37ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/EnZy1JEvhtfL3qsMHM2VNqoz8zWnsWCdOjk5wdd4Ig4.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127672d4912f86d7cbdeab0c1ccd9536aa33f335a7b1609d3a3939c1d778220e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 12:29:54 GMT
content-encoding: br
x-content-type-options: nosniff
age: 8526
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13555
x-xss-protection: 0
last-modified: Mon, 06 Dec 2021 19:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 13 Dec 2022 12:29:54 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame E6A2 17 KB
6 KB 47ms
46ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 14:52:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
expires: Mon, 13 Dec 2021 14:52:00 GMT

GET
H3 200 Enabler_01_246.js Show response
s0.2mdn.net/879366/ Frame 2589 116 KB
39 KB 37ms
37ms Script
text/javascript 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_246.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/153662122784456704/320x050.html?e=69&leftOffset=0&topOffset=0&c=9Fx83NJjeA&t=1&renderingType=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b64291fc91dc77833930ffcead244193c5cfd9e882af312ecc89b580160c22a1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/153662122784456704/320x050.html?e=69&leftOffset=0&topOffset=0&c=9Fx83NJjeA&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 12:48:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 7403
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 40237
x-xss-protection: 0
last-modified: Wed, 30 Jun 2021 20:54:51 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 14 Dec 2021 12:48:37 GMT

GET
H3 200 gsap_3.5.1_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame 2589 60 KB
24 KB 61ms
61ms Script
text/javascript 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/153662122784456704/320x050.html?e=69&leftOffset=0&topOffset=0&c=9Fx83NJjeA&t=1&renderingType=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

341e0d761251ee538d0cad6322c66abdbf78dc7d6f3ca62f3459fab822a2103f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/153662122784456704/320x050.html?e=69&leftOffset=0&topOffset=0&c=9Fx83NJjeA&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 14:52:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 24155
x-xss-protection: 0
last-modified: Mon, 31 Aug 2020 21:23:17 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 13 Dec 2021 14:52:00 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame F700 13 KB
5 KB 38ms
38ms Document
text/html 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5046
date: Mon, 13 Dec 2021 14:39:47 GMT
expires: Tue, 13 Dec 2022 14:39:47 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 733
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 0278 783 B
532 B 46ms
46ms Document
text/html 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

3033677156ff1f9ddd52d8d77b448f9c35c78637f4b258f9b28cf7f8784f4fe6

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-c3FiieSn6dpUoMS/Dbs9Rw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Mon, 13 Dec 2021 14:52:00 GMT
date: Mon, 13 Dec 2021 14:52:00 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-c3FiieSn6dpUoMS/Dbs9Rw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 510
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame A7A3 0
23 B 124ms
75ms Ping
image/gif 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssk4V6KJQoS6i4oIQZR-4OGiE5E9HSSTNK3AKFnisEWRGXSqaTFwlYuY0zvvwKeZZja3mLyS70MlX7BbHQKCengHi7QiUiFGAXdI9vyds1zsalnU3jxTVmHUTV-eQ4O17NnJL_b8HerSsJE10LF13VcZMUdWlToj7o6gh5wsCHMkMeDSnwvkgfqYa6C0YvesN2uJb5WwZnfcn8hXZQTbQQhJPMKx3VfBFKd9F4cr0MSS05Wbg9kTXTJGfWH6eg7SDIzaxL9fenIbdj1ic0G0BEIjgZsFIpjW1cC79gIuIMTIDxRLli99yF2PWeeZqQ51fEfM1_udKWYjuJ2deRnfPQEyxWEG2ZVuVl1wfeEbMcdO_YCC2dO0LzD-0zzW_a_YoysfcTNiCwE-WvOI6JC31OoSP63jVd3yOsWz-5Do7wNrgIf6ib-Yhu8vqYK27YdE5WHKzmLzubP2Keghh8CBq0QBUupN7C9mX3sJ2btVyt8zTl6wwE9rlpO_JSNKJKlw0aFxkPUrw3BNyNX4NdWUAm-SzE7EgBeaRDulYpa-LSbGq_qxzSa3d4-YAiyqXw7SKqu3OWlxJH37D_eBXaf1ZkRnBagNiAkfuuqVblPW4LPgIQJN3sY-lCRBtr8plVGYlaoVPdDsjeYU58jb8FAFA-pDAN8HC1O32ahZHcaM_BEA97R2ybnEricDkZC7NeYtwN6jUH5qrU3jLHtVgSva9CTEI1Du_Sg4zXVTi9-Bx48XTV_6IX5c4b6WuRd1WJY2W08-F7XsuyOsWTDxJtysoeTOCsKG4vZReh_sbQMf-tkRiEFXocDLA3i9x7h_xjp9YJOQHLPcpqf5DsTALuJjv0-0XfHU0Of3ZKlZRGuaPoaijZ10a5hBnNpsaBGeue-Oz0UZOWu0QKghalZfHc4zYu1Ej0jDTAi4Kqzi6sy1Q9ntL36_anFOW15rDBVJQjByNlvV3ZbHbxAwp9--9G5od9Fv8GSpjAasVxG9pDIqQa4y7m_38eehG1A6NCH1DYU0JvIY0cw5IG8Tt6biFbnp6-PmMQH3jZlXhRKxhReyABriynj0ClnnwJ4uo02lAMneHoK8osXnHcNSazfigBpnm7D64Xb48fPT7s62s5RpvhAxRHgcaAbF1Nh6pIY2gRR-OgjOS6l21mQCA4klZFXwIhvosol9qCVKxwFJs0KOSMWTsCGsfu-RtlbZ4KnmSU&sai=AMfl-YSUYR7kMIABcXNZ3UGEcwTl-hz5i8VHIAZiA4s9TbIHoe7pw8YNoHgu_uFEzIEt02qPi9OH9zXNrYkIooxxmX1UVa5EHbZiibqEyDHux1JW68jWg45LoFJBT305PAAgl0zHRzQ0F9E5smD2_kHejTHIRytdhg&sig=Cg0ArKJSzN1TLPXuRbTaEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=444&vt=11&dtpt=233&dett=3&cstd=205&cisv=r20211207.55619&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&adurl=

Requested by

Host: t.co
URL: https://t.co/MBE9JJENv7

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Mon, 13 Dec 2021 14:52:00 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame DF07 11 KB
8 KB 51ms
51ms XHR
application/json 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20211207&st=env

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

764942bafb7fece2c8c6b026e49fc13d48fc2cdbc610bb383685948bee036b2d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 13 Dec 2021 14:52:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8417
x-xss-protection: 0

GET
H3 200 OnAir-Bold.woff2
s0.2mdn.net/creatives/assets/4140742/ Frame 2589 47 KB
47 KB 37ms
37ms Font
font/woff2 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4140742/OnAir-Bold.woff2

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/125409/malware/moobot-botnet-hikvision.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c284299aeec8595fd3a10dcd2c27022edfda37c815571843a90c45cad18ace95

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/153662122784456704/320x050.html?e=69&leftOffset=0&topOffset=0&c=9Fx83NJjeA&t=1&renderingType=2
Origin: https://s0.2mdn.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 14:50:34 GMT
x-content-type-options: nosniff
age: 86
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 47676
x-xss-protection: 0
last-modified: Thu, 06 May 2021 11:38:39 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 13 Dec 2021 15:05:34 GMT

GET
H3 200 OnAir-Regular.woff2
s0.2mdn.net/creatives/assets/4140742/ Frame 2589 47 KB
47 KB 41ms
41ms Font
font/woff2 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4140742/OnAir-Regular.woff2

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/125409/malware/moobot-botnet-hikvision.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c110419995948214e5b16d9d0df8f7d91536cc42783edd90c7fc1810308309ac

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/153662122784456704/320x050.html?e=69&leftOffset=0&topOffset=0&c=9Fx83NJjeA&t=1&renderingType=2
Origin: https://s0.2mdn.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 14:48:51 GMT
x-content-type-options: nosniff
age: 189
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 47848
x-xss-protection: 0
last-modified: Thu, 06 May 2021 11:38:29 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 13 Dec 2021 15:03:51 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 2589 6 KB
4 KB 48ms
47ms XHR
application/json 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_246&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_246.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8933f6428d4ea56329a61b89865d9e2ef601d915b1ad83f4a71925e2d4efa30d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 13 Dec 2021 14:52:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4367
x-xss-protection: 0

GET
H3 200 60005582_20180201040701083_empty.png
s0.2mdn.net/ads/richmedia/studio/60005582/ Frame 2589 95 B
121 B 49ms
49ms Image
image/png 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/60005582/60005582_20180201040701083_empty.png

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/125409/malware/moobot-botnet-hikvision.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/153662122784456704/320x050.html?e=69&leftOffset=0&topOffset=0&c=9Fx83NJjeA&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 11:07:59 GMT
x-content-type-options: nosniff
age: 13441
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 95
x-xss-protection: 0
last-modified: Thu, 01 Feb 2018 12:07:01 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 14 Dec 2021 11:07:59 GMT

GET
H3 200 60005582_20211014235342828_APP_iPhone-13-Pro-Max_Asset.png
s0.2mdn.net/ads/richmedia/studio/60005582/ Frame 2589 26 KB
26 KB 49ms
49ms Image
image/png 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/60005582/60005582_20211014235342828_APP_iPhone-13-Pro-Max_Asset.png

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/125409/malware/moobot-botnet-hikvision.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

94c861b3e4bc918650205113892b86d7768e0fbc75fdfcd8e103e87988eea6aa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/153662122784456704/320x050.html?e=69&leftOffset=0&topOffset=0&c=9Fx83NJjeA&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Sun, 12 Dec 2021 20:08:06 GMT
x-content-type-options: nosniff
age: 67434
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 26950
x-xss-protection: 0
last-modified: Fri, 15 Oct 2021 06:53:43 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 13 Dec 2021 20:08:06 GMT

GET
H/1.1 200
OK postview.gif
portal.o2online.de/nws/img/ Frame 2589 43 B
609 B 134ms
9ms Image
image/gif 82.113.101.132
TDDE-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://portal.o2online.de/nws/img/postview.gif?partnerId=O2_DSP_TRA_HAV_14112_PV&mediacode=25667676_4307561_303197237_146334472_-0&ref=25667676_4307561_303197237_146334472_-0
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/125409/malware/moobot-botnet-hikvision.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 82.113.101.132 Hanau, Germany, ASN6805 (TDDE-ASN1, DE),
Reverse DNS: portal.o2online.de
Software: Apache /
Resource Hash: e46eb58f99814c32c849b97a268129ddb14ca88e9070964ee75a2cd987c66839

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Mon, 13 Dec 2021 14:52:00 GMT
Last-Modified: Wed, 26 Aug 2020 10:11:24 GMT
Server: Apache
ETag: "2b-5adc50abeeb00"
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Connection: close
Accept-Ranges: bytes
Content-Type: image/gif
Content-Length: 43

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 0278 0
0 85ms
85ms Image
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20211207&jk=2748366020503080&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

GET
H3 200 EnZy1JEvhtfL3qsMHM2VNqoz8zWnsWCdOjk5wdd4Ig4.js Show response
pagead2.googlesyndication.com/bg/ Frame F700 35 KB
13 KB 37ms
36ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/EnZy1JEvhtfL3qsMHM2VNqoz8zWnsWCdOjk5wdd4Ig4.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127672d4912f86d7cbdeab0c1ccd9536aa33f335a7b1609d3a3939c1d778220e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 12:29:54 GMT
content-encoding: br
x-content-type-options: nosniff
age: 8526
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13555
x-xss-protection: 0
last-modified: Mon, 06 Dec 2021 19:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 13 Dec 2022 12:29:54 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame C3B5 0
20 B 73ms
72ms Image
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=225&t=2&li=gda_r20211207&jk=3563385897914018&bg=!vb6lvvrNAAZKWFskSlg7ACkAdvg8Wp00c2Z3wHOspmLNRMsq66EWABbAl4pVQgkH06Xc20xu3dZS1AIAAACZUgAAACBoAQcKADkRz2N1akSoElVBZDZAmFENsd-0fF0lNSnL68vTr8szaMdEBgLi9P5tN-G4cSmsAT191jQrIyFVlyWZAu_c4EB18aDQqvT4bnYcOs2azOpd3WWrCtIzNNpS5fgvQpDo0UHsUI7mjK3r0VXY4aZA-Yzpr4oR2nnFHTHXrHpQrv2ePyFlpE7SUpr_vvKkFATpRC1uJ6KvZTQZOOL5qa2KlLZemkosXGx0tL59waIVHugzd1NHgNEhZppiIKL_Q4w_d4RT2pVaJbOq6G4-QKPxWMYNVGIhwtsb8yWayFmNzU1C85zs1YyM8zNbY8RAE25m9CU-6OLEb6TlYMLZgJ5wSCEomgZGfeKCudNJc07DGDMsWDorKQ4AqH8McMwiBrpQIcZoE_kYcmxvo-jedOfsW1Mj3_wEj-pgH0X6_yxeF0TzfpjL-7zKQU41NmERzo46uiXbteO6r-k4pP2g_XkEsDwW261mCZBQ_FF0g8bdknFv3K_gQY77Sx_ve6RgO8EFhuR36MEnGR1OjUXP6MDis-mZ69H6IJ6yCemgCGvGMle8i4ynhLw-3Uo7Gtnc4adenFRIzi9UFGHVvpJfoFOT9qhJbNETCCWmGAW6nWcPDp_-eWLp4qHaIMLIeMk_SlMIxr5viUGghgVvACySeu5I4X_8tLVO1iWyKBRgyC4ICteu46Wrz7GRKcl2OaceMKvGSUfN1AXDV3Hm7VUang_e2H-WJc8n_C-hUBstbos0659rxjjEdaiihyt4wIW0eXNhgRPnFTssX4jqZBIm_0C2C9ZbHnGpC3sZuLpMm9xaadIcdVKiUtGDvAzk-5KhEF9cd5_remX4B4xrK1WAHoYYSK4Nf_w5jbGjcwfMXbejl5_HcY7TMxpd5BjQK5se_4P9NoHpi8TEQ5kAYViNUXI91Di6Zq6Lwwafs2skqgYUb0inyU8X7tLwfQLv-9VRMDG0BhFU-CwlrAslhLKg5I9X5ieRDN4-Cdtv7QSnpxDdcAojSV_v-xmvk4uQCEuC69e-f_X2IV9bOvvpAsb3pbEWszp8V36tQxo9jauuXyPjbEneLDJ-_EqirBxD34-u

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 13 Dec 2021 14:52:00 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame D1E1 0
20 B 72ms
71ms Image
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BOi7CD163YbCjN4nE-gar0Kf4CQAAAAA4AeAEAg&bg=!8POl87fNAAZKWFskSlg7ACkAdvg8WvyB6HJ9RwiO6xh7qa1tzozN2EHPy0LJVEn4WscoR-Lm6ZPKAQIAAACVUgAAAB5oAQcKAHExySIhcfpEwm5UehyZmqNilLBVF0AOlfq1HVK7VM5a6lWVxzTIUJPHUwonkhYqfMY4iJRMMcXdYt_-FoYuubxFagsRRUN56a9VQYvxBgTU_HuiNcS5fDR8L2I5kJd8s7kFmEc-tl_-8fUEgzF0mcDZb5kDGGElVx9p9iOBLkeoUYPaiMv1jhGNzVyOj9aR4hh1UFIy325m59J5kxQNwE7Ra6-jC4oOH_s4DQVSnoBMDuxXLZu2-X0DIk1wfQRybZ4UNdu5BbywkIbu5mh7ZnPQXQah1qt_2MsEOOmDPX8auAbBgai4ySigZgzkIKoXutfwEpMtapoyUM8qGi7PxvCLjOvOt2Uq2Y9tNct_Xh3h71-Tzr_y7j7xPXqFzFvsDGWrI1Tyjo1SRgpLAWDtzgv9R9QExIpYzYKPwJJfvbZs0jOXcGeQb5I4VB4du-Ds_Fvpm0tk3eckzBK5ylgBZidCrD9YFlef89ug4gcL3jXV5EUmdAtYoesFMPc3H1KJja-4JZxoxu0K-oqMZy_9ornf58aubwWIzt0yyyxQf9CRDpVTCMWkEuPm3Nz0alePm8VHXgzrSq5hxd57-whE_6EnLulz9iuReJEN12Uowi3zXfRYqEYn1_KZdJMg9siz5Ooc4R72Y5rblO8AoI1B_WFEg4XXLupHuo4GIOCg0JNYODvd06KIEHs3dEx0jCGRY52EhQVCHWwBu60WGd4Jv7oC70HXK0PRs5CSIstXayic1AZmGyHi4JNBwIcL_ovp-2a2Y7J-xxoN1c-0_jvqssKsI8iSSs51mj9hrv5IQtPHUgXhvsnlhMb9V0yBrFtcEsXN3tUrb4qEpUiqYBKiJRkqkGjyLACczsIEddMWhUX_9DKuPAyvWhijtBO70MTxRMdDfn4wQb3y6A2boZw8F_-Cy6Y5WxnqOsLFuIc9xbdt58V2fif3kx8tBZYynvARZIP1_7Ch89GWc3EH_wJMETk5BbxZtkoaVMKUojbHsVgGnp7sjjxO7aWf7AaO80XmV67skCWqzzkIwGvrfDn7v3gcdVg6ROzPXr19iAyV8-Zf7hXWAVTwsA8PTrR4t6A5sNQWllRdAYLSZIsPYmu5G8l5GhdW6zXe8zKO7NYH3YnfLOr7F-GzMgy_eF0gH4GIiLPf77aeKN-AKPm8yN4JXaYLc4CduQi5jYSzCLhMzpjLURliNeXzJGEx1Q8vHw

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 13 Dec 2021 14:52:00 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame DF07 17 KB
6 KB 51ms
51ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 14:52:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
expires: Mon, 13 Dec 2021 14:52:00 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 2589 17 KB
6 KB 58ms
57ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_246.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 14:52:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
expires: Mon, 13 Dec 2021 14:52:00 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 0CF0 13 KB
5 KB 37ms
37ms Document
text/html 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5046
date: Mon, 13 Dec 2021 14:39:47 GMT
expires: Tue, 13 Dec 2022 14:39:47 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 733
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 766E 783 B
534 B 47ms
47ms Document
text/html 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

aba8ff1f0d8acee4eb692b5075966a3569d01e1a3b0e0bca09bfda8dc6d1356d

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-4ZI/vCmq8gmdszqbZZaToQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Mon, 13 Dec 2021 14:52:00 GMT
date: Mon, 13 Dec 2021 14:52:00 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-4ZI/vCmq8gmdszqbZZaToQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 512
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 EnZy1JEvhtfL3qsMHM2VNqoz8zWnsWCdOjk5wdd4Ig4.js Show response
pagead2.googlesyndication.com/bg/ Frame D30E 35 KB
13 KB 37ms
36ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/EnZy1JEvhtfL3qsMHM2VNqoz8zWnsWCdOjk5wdd4Ig4.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127672d4912f86d7cbdeab0c1ccd9536aa33f335a7b1609d3a3939c1d778220e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 12:29:54 GMT
content-encoding: br
x-content-type-options: nosniff
age: 8526
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13555
x-xss-protection: 0
last-modified: Mon, 06 Dec 2021 19:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 13 Dec 2022 12:29:54 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 766E 0
0 85ms
85ms Image
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20211207&jk=4057988921220794&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

GET
H3 200 EnZy1JEvhtfL3qsMHM2VNqoz8zWnsWCdOjk5wdd4Ig4.js Show response
pagead2.googlesyndication.com/bg/ Frame 0CF0 35 KB
13 KB 37ms
36ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/EnZy1JEvhtfL3qsMHM2VNqoz8zWnsWCdOjk5wdd4Ig4.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127672d4912f86d7cbdeab0c1ccd9536aa33f335a7b1609d3a3939c1d778220e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 12:29:54 GMT
content-encoding: br
x-content-type-options: nosniff
age: 8526
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13555
x-xss-protection: 0
last-modified: Mon, 06 Dec 2021 19:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 13 Dec 2022 12:29:54 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame E6A2 0
20 B 72ms
72ms Image
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=225&t=2&li=gda_r20211207&jk=2748366020503080&bg=!AwClAETNAAZKWFskSlg7ACkAdvg8WjGyDJHbMwlu0dVGD8xVPO6E46sEgI3_zGbhk0fniQgDAbtNpwIAAABoUgAAAApoAQcKAKLgnJdOaByr5Vmpgk4fzFnKUdhTpjrG1C8SB1AWIXd-OnbS3dzx9aegCCJde6_inO6N47LR6ZwQ7MIOMhZAV8EDRNBl6r3vZOksgxKAEJNW48pFN_ZIZwAQMc3s-vN8XT8ItmywgONdp_WNJMy_ULgbKrOxq27Hr5OwWuzPDaf3OTsd9U83w6oUTl5TllrpegH-oSCgxN7Y0oCw7s4W3Ka86ImZAuE9b69EokM-5C26vhPK2RTe-Y6xwjJDm_bpq47RG0GWgoTS6xRHxbO8XCxgUjOlk6k10NwwNyXKp3K_EVr0UAEH9DsnCunb4uF9KFnOYjk_0U_BcKMAOZGk-PMhM1oxy5q6Jz_6ReDdPsFiS_349mwpzrSUByk8x_ZQ6kWAZXAocsJhCAivdcnQf18hUpim7NoUu-38Uz1kXGJ6iRbPk7oyQCylNRj-4CNOjPjRb1QvRynrKU-EAFgg-UulYNGdVLGkSJ7Q5IlpuY0w2Mn_9MTsT5h6nPQwfQW_rKdyKSwd0huaXY6nFsRF6ZzgrG96KvItvQM1QW8aOysyWWZWLf1xBO8XgOWWqegBmlqFb6YykG0aT0KySBMyczVuS-Pg-FTm297wFoydTdFY_TKU3HUnLnBRnh8Jcmndg2c_rmwvr-bdCogDKvxUMchZdQ5siMeifBSKQOoQePQQ1Gwbwvq5BZXYRDWYYqU6mAJmIPGCZS0n8OAekxoQgCJ7arsJHrUkTwhKiXqvc3rjJIeb2XSrCIhcuI7EjSd0wEp8Om6aj8baL9xEh1IiACrBlpTvgXyDGMk4z0Zuv21A2zkq1Zvuc8-cgmMaGkeFVl8SXyrDHp-P3wPAiASRFCleEaHlMjfbF_B6Cs8n9ekJALySpr59srBdZTqmSfGmeIH3zlYpwzqzm_dfzw2uRsHNVIaY6U6d3bpFChxgEWsdCNVZA1iDifKiygK-zxhgN1M1b-w-05TGv39e0r4IJ3a4xlsPoo2u7C6o8qFcEvuU5OHmhlDlLxTIRag3pSBtL_qLTnKYHNbK7QZ168-O2DzYJuAw-Y5OAI7RKc26nd2k6So5VAK4SrankOPKvrbs0Og-IilqfwjUp5a2v4PiHzMAQm2JQSlObaTfpKvZBnik5apITkB03dH0EUO1T7RdXH2WN0bUkH1359Kb3hmqimiIit2A2GWJi7vkWScY8x87B4jie8X0EA

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 13 Dec 2021 14:52:00 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame 01EC 0
735 B 33ms
32ms Script
text/html 185.33.221.87
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.87 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

723.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 13 Dec 2021 14:52:00 GMT
X-Proxy-Origin: 185.213.155.162; 185.213.155.162; 723.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 61b87f91-1530-4340-ab5c-dd0b3ff4a7a2
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame EF54 0
735 B 19ms
19ms Script
text/html 185.33.221.87
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.87 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

723.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 13 Dec 2021 14:52:00 GMT
X-Proxy-Origin: 185.213.155.162; 185.213.155.162; 723.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 17f8658e-36c3-4e17-bcdd-1eb201f9be4b
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame 39DC 0
735 B 44ms
44ms Script
text/html 185.33.221.87
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.87 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

723.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 13 Dec 2021 14:52:00 GMT
X-Proxy-Origin: 185.213.155.162; 185.213.155.162; 723.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 76c263b7-3ae3-4114-9e4a-e6cf27ae37fb
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame 44E4 0
735 B 28ms
27ms Script
text/html 185.33.221.87
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.87 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

723.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 13 Dec 2021 14:52:00 GMT
X-Proxy-Origin: 185.213.155.162; 185.213.155.162; 723.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 18767715-1ba5-44a8-9cae-6b986ea30789
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 SPug Show response
simage4.pubmatic.com/AdServer/ Frame 4C04 0
128 B 18ms
15ms Script
text/plain 198.47.127.20
GTT-BACKBONE GTT

General

Check archive.org

Show headers Download Go to

Full URL: https://simage4.pubmatic.com/AdServer/SPug?partnerID=156631&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3Dc15c691fe1cf8b15%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 198.47.127.20 , United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 14:51:59 GMT
cache-control: no-store, no-cache, private
server: nginx
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame DF07 0
20 B 73ms
72ms Image
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=225&t=2&li=gda_r20211207&jk=4057988921220794&bg=!ZmWlZSHNAAZKWFskSlg7ACkAdvg8WveikeY8MvIrRoXelgSBowhzSQHkEiDc9dZvxNGh3AUid9bzcQIAAABeUgAAAAtoAQeZAtfYw53q9cFpfIUILVtZsHlXNFxvwAGTBrH_M87_DB6Y6edc4GOiT4P7WOV6AryjLmZt0zt59OOGxxgEOSXH-4E7HSwmOIAOkKfDFa8nEoOJPEPmRclY2WB8dI-FAto4tfCjHgsK6I8YUtxbdYRIUqStv1U5TEl5l4S6ZA63R-goAC9hndjdq8ME4H8Lj5I2UKkmzQlJ6qoy6bUpeJzK-Hymqq4sFlVhuJuSTa41Y4g7uBUKfoccHKf9F4GPzZfza4eYgi1qe7tX7ZNHIipfpRRM2GS_IRShYjW8hUWobXi8a7lKQXuTDv8onod0V6yfpwO_EAjRgYKhQCz0M2wn96Mehbv-183BK6U__Bx3uL0L2m2RjIlQOWcokyCj4foHWweWQcYnhXHC0uECFg18Pu6cLe8ukoJfa1I1uyUkHjvBcy_3TQthdU2ZYRcfRUK4HGSLViNewBX7WojgjPAt6YYVYk_Bhq-sHiCZFab-ubatNbc5Tldmv-dyLFfePDpUfg1VBaojv9LTVotRrZF3u1bB1fVA5VxfnYZu7Rz5OC3vIhaQtszYLxQbUPgvGVXipC43uv62luPzipV22QYJ2UiAcQvnd5CWEfcmKmjR_R6gKekvLdWF11CX8iYdZ6RuGJkJqh8-_yC3097A4FUDY6q88XgNqX6qijj3ZRHSV6iZQ_9jagYfsZhnstIvHEaiWa3KiydU8emjU3Pzw98gA4xTRFGUH0DtXzv9Hi6FIz9zb01uD3cLkpUCkeEAh84398eJqyItTl4Ximx-pdYWidMKgnfdGUE8QFoHeER6sJTSV-jTPQTEAXPXYAYF6QHGfW_udyOShO43QyTrJfkPLWog8uXgvVVXeWc00xNTfY2x9sFVubGoapEYa47RMW6byQP1my8sm3ZPI0tEkiHe2nKn-LKvgSF4NNUE0MdNzSLQ6wWuyFKfK-k8nZ9CCM_7Xm9T712wJYPT

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 13 Dec 2021 14:52:00 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame A7A3 42 B
64 B 75ms
75ms Fetch
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsu6VDVL0vz8inUnT-2bfpRkz3i_FeECXFr8u6oAfgHBa09frjbA6ChRGSHSA-TjU-ugg68KejRUTzuiKUbF6wCUfQZtL_MLTdKEnVOJVk3AasBROZpkuA&sai=AMfl-YSzq1LlZG_E81xNaol_cx8vapVElpu3uwd16fIHsTzhJDe90wzHhKEirJqQYwg5sMYABtsX1PZvg6sqdv5W_itwobmJXdgRQ14Tke0H5uk3z47qFJUWVcuKeAs&sig=Cg0ArKJSzLLkJ9MyvLLgEAE&cid=CAASEuRopWpksQyJ5f8G_yc_wZhjuA&id=lidar2&mcvt=1000&p=0,0,50,320&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20211202&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=20&adk=468307373&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0%3D&vs=4&r=v&rst=1639407119330&rpt=757&met=ce&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 13 Dec 2021 14:52:01 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 4C94 42 B
64 B 76ms
75ms Fetch
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstj963TkmREsftfLDVUerIng9F1fBOtvUIILkTQpzb3EyluBgHFz7tXrY1raIam9U57Ud0F0Ek6plsU5jCdikqdypC0BNNsidbGy2VIVRp9FKH8Fr1uLMlqlEjDIEaIkCdCLzMrPxXX66Ab&sai=AMfl-YRwkI584q3RVgcOMBNZvLy1WcSwjbPFVkDViOFWhwWbgI1o8scMtbbXQk5JlYy2idpNlsLjehCoNDFvd-K7Xs2451s-QDEssh0&sig=Cg0ArKJSzFiy5-OnS8MgEAE&cid=CAASF-RoegPG7NqAltiw1YUBuRfIjmlhcznP&id=lidar2&mcvt=1000&p=0,0,90,728&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20211202&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=22&adk=1194620937&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0%3D&vs=4&r=v&rst=1639407119059&rpt=1122&met=mue&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 13 Dec 2021 14:52:01 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 tracking.php Show response
served-by.pixfuture.com/www/headerbid/library/tracking/ 0
309 B 94ms
94ms XHR
text/plain 68.183.31.14
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://served-by.pixfuture.com/www/headerbid/library/tracking/tracking.php
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.10.3 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

pragma: no-cache
date: Mon, 13 Dec 2021 14:52:01 GMT
server: nginx/1.10.3 (Ubuntu)
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: max-age=172800
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
expires: Wed, 15 Dec 2021 14:52:01 GMT

GET
H2 200 300x250.png
cdn.pixfuture.com/banners/ Frame D490 44 KB
45 KB 42ms
42ms Image
image/png 2606:4700:20::ac43:4671
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.pixfuture.com/banners/300x250.png
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/125409/malware/moobot-botnet-hikvision.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4671 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6251b4b4525b9007511a48a6cda9a168f07ff77ccc4dd75759486af624a13301

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 14:52:01 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 172549
content-length: 45195
last-modified: Wed, 03 Feb 2021 20:39:58 GMT
server: cloudflare
etag: "601b0a1e-b08b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=D%2BsxhK%2FEe%2Bh0Z7mrIydaEtUW4dGaVgLfWlWxRKvBKG9opTjz3cDcfd3%2BkQJzODrgABcmGCK18vovKCTPJkSQGrfkOHQHuAT1KXXWM%2BRdxY1Ia0PnVPtVL2H0lY90QVkDpg2s8U9jVTHePxdilIfa"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=2678400, no-transform
accept-ranges: bytes
cf-ray: 6bd0038e4f954ab6-FRA
expires: Mon, 13 Dec 2021 14:56:04 GMT

GET
H2 200 rt=ifr Show response
bcp.crwdcntrl.net/5/c=15238/rand=349152831/pv=y/amskip=Y/pltfrm=%23OpR%2399944%23ads.us.e-planning.net%20%3A%20Referral%20Site%20%3A%20securityaffairs.co/ Frame D5B5 1 KB
2 KB 46ms
46ms Document
text/html 34.249.68.36
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://bcp.crwdcntrl.net/5/c=15238/rand=349152831/pv=y/amskip=Y/pltfrm=%23OpR%2399944%23ads.us.e-planning.net%20%3A%20Referral%20Site%20%3A%20securityaffairs.co/rt=ifr
Requested by: Host: tags.crwdcntrl.net
URL: https://tags.crwdcntrl.net/c/15238/cc.js?ns=_cc15238
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.249.68.36 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-249-68-36.eu-west-1.compute.amazonaws.com
Software: Jetty(9.4.38.v20210224) /
Resource Hash: 7056da2488ab42721f92f866eb77c22d5937f24f0ab7dc483cf32c906aeb49dd

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ads.us.e-planning.net/

Response headers

date: Mon, 13 Dec 2021 14:52:02 GMT
content-type: text/html;charset=utf-8
content-length: 1241
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
cache-control: no-cache
pragma: no-cache
expires: 0
x-server: 10.45.19.90
access-control-allow-origin: *
server: Jetty(9.4.38.v20210224)

GET
H2

200

tpid=41422844723829990031445744553350014138
sync.crwdcntrl.net/map/c=9828/tp=ADBE/ Frame D5B5
Redirect Chain

https://dpm.demdex.net/ibs:dpid=121998&dpuuid=fcc6b7d9aec90eef210a58a5bcddbe17&redir=https%3A%2F%2Fsync.crwdcntrl.net%2Fmap%2Fc%3D9828%2Ftp%3DADBE%2Ftpid%3D%24%7BDD_UUID%7D
https://sync.crwdcntrl.net/map/c=9828/tp=ADBE/tpid=41422844723829990031445744553350014138

49 B
264 B

33ms
33ms

Image
image/gif

34.249.68.36
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.crwdcntrl.net/map/c=9828/tp=ADBE/tpid=41422844723829990031445744553350014138
Requested by: Host: bcp.crwdcntrl.net
URL: https://bcp.crwdcntrl.net/5/c=15238/rand=349152831/pv=y/amskip=Y/pltfrm=%23OpR%2399944%23ads.us.e-planning.net%20%3A%20Referral%20Site%20%3A%20securityaffairs.co/rt=ifr
Protocol: H2
Server: 34.249.68.36 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-249-68-36.eu-west-1.compute.amazonaws.com
Software: Jetty(9.4.38.v20210224) /
Resource Hash: 2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://bcp.crwdcntrl.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 13 Dec 2021 14:52:02 GMT
server: Jetty(9.4.38.v20210224)
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin: *
cache-control: no-cache
x-server: 10.45.1.101
content-type: image/gif
content-length: 49
expires: 0

Redirect headers

DCS: dcs-prod-irl1-1-v023-0e1d5b37b.edge-irl1.demdex.com UNKNOWN
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: QPAFx0qkRxE=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Location: https://sync.crwdcntrl.net/map/c=9828/tp=ADBE/tpid=41422844723829990031445744553350014138
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H3 200 pixel
cm.g.doubleclick.net/ Frame D5B5 170 B
188 B 49ms
48ms Image
image/png 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=lotame_dmp&google_hm=ZmNjNmI3ZDlhZWM5MGVlZjIxMGE1OGE1YmNkZGJlMTc

Requested by

Host: bcp.crwdcntrl.net
URL: https://bcp.crwdcntrl.net/5/c=15238/rand=349152831/pv=y/amskip=Y/pltfrm=%23OpR%2399944%23ads.us.e-planning.net%20%3A%20Referral%20Site%20%3A%20securityaffairs.co/rt=ifr

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://bcp.crwdcntrl.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 13 Dec 2021 14:52:02 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 usersync
pixel-sync.sitescout.com/connectors/lotame/ Frame D5B5 0
191 B 20ms
19ms Image
text/plain 66.155.71.150
COGECO-PEER1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel-sync.sitescout.com/connectors/lotame/usersync?redir=https%3A%2F%2Fsync.crwdcntrl.net%2Fmap%2Fc%3D1389%2Ftp%3DSTSC%2Ftpid%3D%24UUID
Requested by: Host: bcp.crwdcntrl.net
URL: https://bcp.crwdcntrl.net/5/c=15238/rand=349152831/pv=y/amskip=Y/pltfrm=%23OpR%2399944%23ads.us.e-planning.net%20%3A%20Referral%20Site%20%3A%20securityaffairs.co/rt=ifr
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 66.155.71.150 Portsmouth, United Kingdom, ASN13768 (COGECO-PEER1, CA),
Reverse DNS
Software: AC1.1 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://bcp.crwdcntrl.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 13 Dec 2021 14:52:01 GMT
cache-control: max-age=0,no-cache,no-store
server: AC1.1
p3p: CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
expires: Tue, 11 Oct 1977 12:34:56 GMT

GET
H2

200

qmap
sync.crwdcntrl.net/ Frame D5B5
Redirect Chain

https://sync.mathtag.com/sync/img?sync=auto&mt_exid=10040&redir=https%3A%2F%2Fsync.crwdcntrl.net%2Fqmap%3Fc%3D4735%26tp%3DMDMA%26tpid%3D%5BMM_UUID%5D
https://sync.crwdcntrl.net/qmap?c=4735&tp=MDMA&tpid=8b9d61b7-5e0e-4300-ba0d-feebf75e4e8e

49 B
265 B

33ms
33ms

Image
image/gif

34.249.68.36
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.crwdcntrl.net/qmap?c=4735&tp=MDMA&tpid=8b9d61b7-5e0e-4300-ba0d-feebf75e4e8e
Requested by: Host: bcp.crwdcntrl.net
URL: https://bcp.crwdcntrl.net/5/c=15238/rand=349152831/pv=y/amskip=Y/pltfrm=%23OpR%2399944%23ads.us.e-planning.net%20%3A%20Referral%20Site%20%3A%20securityaffairs.co/rt=ifr
Protocol: H2
Server: 34.249.68.36 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-249-68-36.eu-west-1.compute.amazonaws.com
Software: Jetty(9.4.38.v20210224) /
Resource Hash: 2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://bcp.crwdcntrl.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 13 Dec 2021 14:52:02 GMT
server: Jetty(9.4.38.v20210224)
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin: *
cache-control: no-cache
x-server: 10.45.19.218
content-type: image/gif
content-length: 49
expires: 0

Redirect headers

Date: Mon, 13 Dec 2021 14:52:02 GMT
Server: MT3 4133 baa842e master zrh-pixel-x29 config:1.0.0
Access-Control-Allow-Origin: *
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://sync.crwdcntrl.net/qmap?c=4735&tp=MDMA&tpid=8b9d61b7-5e0e-4300-ba0d-feebf75e4e8e
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Mon, 13 Dec 2021 14:52:01 GMT

GET
H2 204 usermatch.gif
beacon.krxd.net/ Frame D5B5 0
335 B 30ms
29ms Image
text/plain 52.215.164.121
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://beacon.krxd.net/usermatch.gif?partner=lotame&partner_uid=fcc6b7d9aec90eef210a58a5bcddbe17
Requested by: Host: bcp.crwdcntrl.net
URL: https://bcp.crwdcntrl.net/5/c=15238/rand=349152831/pv=y/amskip=Y/pltfrm=%23OpR%2399944%23ads.us.e-planning.net%20%3A%20Referral%20Site%20%3A%20securityaffairs.co/rt=ifr
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.215.164.121 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-215-164-121.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://bcp.crwdcntrl.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 14:52:02 GMT
cache-control: private, no-cache, no-store
x-request-time: D=27 t=1639407122
x-served-by: beacon-n011-dub-prod.krxd.net
p3p: policyref="https://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H2

200

tpid=3405951207433908295
sync.crwdcntrl.net/map/c=10915/tp=TRNN/ Frame D5B5
Redirect Chain

https://d.turn.com/r/dd/id/L2NzaWQvMS9jaWQvMzQ4ODM4MC90LzI/dpuid/fcc6b7d9aec90eef210a58a5bcddbe17/url/https://sync.crwdcntrl.net/map/c=10915/tp=TRNN/tpid=$!%7BTURN_UUID%7D
https://sync.crwdcntrl.net/map/c=10915/tp=TRNN/tpid=3405951207433908295

49 B
264 B

33ms
33ms

Image
image/gif

34.249.68.36
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.crwdcntrl.net/map/c=10915/tp=TRNN/tpid=3405951207433908295
Requested by: Host: bcp.crwdcntrl.net
URL: https://bcp.crwdcntrl.net/5/c=15238/rand=349152831/pv=y/amskip=Y/pltfrm=%23OpR%2399944%23ads.us.e-planning.net%20%3A%20Referral%20Site%20%3A%20securityaffairs.co/rt=ifr
Protocol: H2
Server: 34.249.68.36 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-249-68-36.eu-west-1.compute.amazonaws.com
Software: Jetty(9.4.38.v20210224) /
Resource Hash: 2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://bcp.crwdcntrl.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 13 Dec 2021 14:52:02 GMT
server: Jetty(9.4.38.v20210224)
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin: *
cache-control: no-cache
x-server: 10.45.7.139
content-type: image/gif
content-length: 49
expires: 0

Redirect headers

location: https://sync.crwdcntrl.net/map/c=10915/tp=TRNN/tpid=3405951207433908295
pragma: no-cache
date: Mon, 13 Dec 2021 14:52:01 GMT
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length: 0
p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: fonts.googleapis.com
URL: http://fonts.googleapis.com/css?family=Roboto+Condensed%3A400italic%2C700italic%2C400%2C700&subset=latin%2Ccyrillic-ext%2Cgreek-ext%2Cgreek%2Ccyrillic%2Clatin-ext%2Cvietnamese&ver=a28b0e9b2cdbb1f5240bb81b525eda0e

Domain: fonts.googleapis.com
URL: http://fonts.googleapis.com/css?family=Lato%3A400%2C700%2C400italic%2C700italic&ver=a28b0e9b2cdbb1f5240bb81b525eda0e

Domain: fonts.googleapis.com
URL: http://fonts.googleapis.com/css?family=Playfair+Display%3A400%2C700%2C400italic&subset=latin%2Ccyrillic-ext%2Cgreek-ext%2Ccyrillic&ver=a28b0e9b2cdbb1f5240bb81b525eda0e

Domain: fonts.googleapis.com
URL: http://fonts.googleapis.com/css?family=Oswald%3A400%2C700%2C400italic&subset=latin%2Ccyrillic-ext%2Cgreek-ext%2Ccyrillic&ver=a28b0e9b2cdbb1f5240bb81b525eda0e

Domain: api.rlcdn.com
URL: https://api.rlcdn.com/api/identity/envelope?pid=c2d18b01-4905-4aba-a83e-e41eac932694

Domain: partner.googleadservices.com
URL: https://partner.googleadservices.com/gampad/cookie.js?domain=securityaffairs.co&callback=_gfp_s_&client=ca-pub-1575911585432548

Domain: adservice.google.de
URL: https://adservice.google.de/adsid/integrator.js?domain=securityaffairs.co

Domain: adservice.google.com
URL: https://adservice.google.com/adsid/integrator.js?domain=securityaffairs.co

Domain: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=50&slotname=Internal_320x50_0.10&adk=468307373&adf=1174745095&pi=t.ma~as.Internal_320x50_0.10&w=320&fwrn=3&lmt=1639407119&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F125409%2Fmalware%2Fmoobot-botnet-hikvision.html&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639407118787&bpp=10&bdt=232&idt=290&shv=r20211207&mjsv=m202112060101&ptt=5&saldr=sa&correlator=430915082853&frm=21&ife=1&pv=1&ga_vid=182916415.1639407118&ga_sid=1639407119&ga_hid=360791749&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=896&biw=1600&bih=1200&isw=320&ish=50&ifk=3924086883&scr_x=0&scr_y=0&eid=31063793%2C31063824%2C31063859%2C31062931&oid=2&pvsid=2903718292152668&pem=700&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.llrpd2i5fq8q&fsb=1&xpc=AMAyRXshbW&p=https%3A//securityaffairs.co&dtd=301

Verdicts & Comments Add Verdict or Comment

152 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

132 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.t.co/	1970-01-20 16:54:39	Name: muc Value: 6c0d355f-89c1-4603-a9f6-0a84cc5675eb
.t.co/	1970-01-20 16:54:39	Name: muc_ads Value: 6c0d355f-89c1-4603-a9f6-0a84cc5675eb
securityaffairs.co/	1970-01-19 23:23:28	Name: session_depth Value: securityaffairs.co%3D1%7C816788371%3D2%7C184323154%3D1%7C647633027%3D2
securityaffairs.co/	1970-01-20 08:09:03	Name: cookielawinfo-checkbox-necessary Value: yes
securityaffairs.co/	1970-01-20 08:09:03	Name: cookielawinfo-checkbox-non-necessary Value: yes
.securityaffairs.co/	1970-01-20 16:54:39	Name: _ga Value: GA1.2.182916415.1639407118
.securityaffairs.co/	1970-01-19 23:24:53	Name: _gid Value: GA1.2.247276548.1639407118
.securityaffairs.co/	1970-01-19 23:23:27	Name: _gat_gtag_UA_59069958_1 Value: 1
.securityaffairs.co/	1970-01-19 23:23:27	Name: _gat Value: 1
securityaffairs.co/	1970-01-20 00:06:39	Name: _pbjs_userid_consent_data Value: 3524755945110770
securityaffairs.co/	1970-01-19 23:23:30	Name: _lr_retry_request Value: true
securityaffairs.co/	1970-01-20 00:06:39	Name: _lr_env_src_ats Value: false
.adsrvr.org/	1970-01-20 08:09:03	Name: TDID Value: 22653919-009f-4f9a-864e-eb4e5e5e19ca
.rubiconproject.com/	1969-12-31 23:59:59	Name: rsid Value: 1\|XoTpdAZC/OrCXi+t2tt8Mx7c5rJaP5uXhxpnGfrzPAh1r4f5PW3gQ6qaZLiJj4/FKQattD3GB2TGFkanCXKRK1XEokALhlcJ9R8vVZqPCx1KqnWuDc9aU/+oD8/ZWV4=
securityaffairs.co/	1970-01-20 00:49:51	Name: pbjs-unifiedid Value: %7B%22TDID%22%3A%2222653919-009f-4f9a-864e-eb4e5e5e19ca%22%2C%22TDID_LOOKUP%22%3A%22FALSE%22%2C%22TDID_CREATED_AT%22%3A%222021-12-13T14%3A51%3A58%22%7D
.adnxs.com/	1970-01-20 01:33:03	Name: uuid2 Value: 8877751720064750958
.go.sonobi.com/	1969-12-31 23:59:59	Name: HAPLB5A Value: s569\|YbdeE
securityaffairs.co/	1970-01-20 08:45:03	Name: cto_bidid Value: 8ZBn9l9kaGlZakpMUDNCZmlhUVpFZW1aUjE2azJJUWVEJTJCSWYwVyUyRjB5UGtFV3RqczZkRW1nMkR3cHZONFpsaFV4NTFROE9vYUZJUzBtSERmU1JweWJDQm53UVElM0QlM0Q
securityaffairs.co/	1970-01-20 08:45:03	Name: cto_bundle Value: ClW7FV8xN3lvVVVQQUVaZUdLRHgwTWdEQnljOXNRNnJlOTg1b2J5cG5jN3h2bEV0Uk42SCUyRjFCTUdjRk5VS2Z1QlQ3bW5jdlZYbSUyRldQeCUyQjBzSEVXaTRXQm40dlRDajVaMVlFckJZSUliUENiSDZERmVWN1hMMlRxRFdXVmdqbmtqQUh1Vg
.rubiconproject.com/	1970-01-20 08:09:03	Name: khaos Value: KX4SO4E5-22-L6MF
.rubiconproject.com/	1970-01-20 08:09:03	Name: audit Value: 1\|naVuGyos1qpqfiytWd1vfz5APvdogVCbaTd6KyMQnasCO6vdpaaRU26y57Uv3hFV5FGfGNePc3/th4iWCi6WjspbV3mhqimWXjmaZkH7bMyyqVI1k5poNA==
ads.us.e-planning.net/	1969-12-31 23:59:59	Name: CT Value: 1
.e-planning.net/	1970-01-22 12:42:39	Name: E Value: AHmF3iijALiurkkB
.pubmatic.com/	1970-01-20 01:33:03	Name: KADUSERCOOKIE Value: 6D69887C-9336-45AC-829A-BD8C9192CDDE
.pubmatic.com/	1970-01-20 01:33:03	Name: chkChromeAb67Sec Value: 1
.pubmatic.com/	1970-01-19 23:24:53	Name: pi Value: 156631:2
.pubmatic.com/	1970-01-20 01:33:03	Name: DPSync3 Value: 1640563200%3A201_197_219%7C1639440000%3A174
.pubmatic.com/	1970-01-20 01:33:03	Name: SyncRTB3 Value: 1640563200%3A54_165_81_21_7_3_55_220_222_161_166_99_230_238_88_56_234_204_189_13_8_71_22_233%7C1639958400%3A223_2_15%7C1641945600%3A203%7C1640217600%3A63%7C1640649600%3A35
.zeotap.com/	1970-01-20 08:09:03	Name: zc Value: d3c45572-f3bb-45a6-4f08-50157969e3f9
.casalemedia.com/	1970-01-20 08:09:03	Name: CMID Value: YbdeDr6Zg.VHPqDI.-eGlQAA
.casalemedia.com/	1970-01-20 01:33:03	Name: CMPS Value: 3267
.casalemedia.com/	1970-01-20 01:33:03	Name: CMPRO Value: 1171
.agkn.com/	1970-01-20 08:09:03	Name: ab Value: 0001%3AE9%2FmT5To0eHTTrkzL9RnAD38GISQa50z
.richaudience.com/	1970-01-20 01:33:03	Name: avcid-zeo-uid Value: d3c45572-f3bb-45a6-4f08-50157969e3f9
.adfarm1.adition.com/	1970-01-20 01:33:03	Name: UserID1 Value: 7041199956690729112
.adform.net/	1970-01-20 00:08:05	Name: C Value: 1
.quantserve.com/	1970-01-20 08:53:41	Name: mc Value: 61b75e0e-d7deb-c6d41-3a5ad
.mathtag.com/	1970-01-20 08:49:22	Name: uuid Value: 8b9d61b7-5e0e-4300-ba0d-feebf75e4e8e
.taboola.com/	1970-01-20 08:09:03	Name: t_gid Value: 1dd1433c-db56-418d-98af-cfa22feba923-tuct8b0e38e
.onaudience.com/	1970-01-20 08:09:03	Name: cookie Value: 94cc348466ebafa5
.onaudience.com/	1970-01-19 23:24:53	Name: done_redirects104 Value: 1
.erne.co/	1970-01-20 08:09:03	Name: u Value: SvN2ydZyPx4U0IVwRnltX-b7
.simpli.fi/	1970-01-20 08:10:29	Name: suid Value: DFF88AA1811B4641851BEAA2ED49BFE9
.adform.net/	1970-01-20 00:49:51	Name: uid Value: 686955697831082021
.pubmatic.com/	1970-01-20 00:06:39	Name: KRTBCOOKIE_153 Value: 1923-yQc-_MpTbK7SUmuvmlRxqMlSaPrSBT3-nlKWEt3B&KRTB&19420-yQc-_MpTbK7SUmuvmlRxqMlSaPrSBT3-nlKWEt3B&KRTB&22979-yQc-_MpTbK7SUmuvmlRxqMlSaPrSBT3-nlKWEt3B
.pubmatic.com/	1970-01-20 01:33:03	Name: PUBMDCID Value: 3
.pubmatic.com/	1970-01-20 00:06:39	Name: KRTBCOOKIE_57 Value: 22776-8877751720064750958
.de17a.com/	1970-01-20 08:01:51	Name: guid2 Value: 1.8851320981600702179
.pubmatic.com/	1970-01-20 00:06:39	Name: KRTBCOOKIE_409 Value: 22966-SvN2ydZyPx4U0IVwRnltX-b7
.yahoo.com/	1970-01-20 08:09:24	Name: A3 Value: d=AQABBA5et2ECEA0hHnLYMqnrF11iepTbE2wFEgEBAQGvuGHBYQAAAAAA_eMAAA&S=AQAAAlDomQD_Udkz5oQ1UQ3iEEo
.rfihub.com/	1969-12-31 23:59:59	Name: ruds Value: H4sIAAAAAAAAAOMSNjU0MTI2NjM3tDQ0MjA0MDSysBTiM9QtjTILDTZ1yojIcPMEAFd2UdMlAAAA
.rfihub.com/	1970-01-20 08:45:03	Name: eud Value: H4sIAAAAAAAAAPvFyGtoZmxpYmBuaGhhaWgIAB4yEtAQAAAA
.rfihub.com/	1970-01-20 08:45:03	Name: rud Value: H4sIAAAAAAAAAOMSNjU0MTI2NjM3tDQ0MjA0MDSysBTiM9QtjTILDTZ1yojIcPOU4jU0M7Y0MTA3NLSwNDQEAO-9z_40AAAA
.tapad.com/	1970-01-20 00:49:51	Name: TapAd_TS Value: 1639407118910
.tapad.com/	1970-01-20 00:49:51	Name: TapAd_DID Value: 811f9729-98db-4b92-967b-02041522fad0
.mathtag.com/	1970-01-20 00:06:39	Name: mt_mop Value: 9:1639407118
.analytics.yahoo.com/	1970-01-20 08:10:29	Name: IDSYNC Value: 18z8~222e
.1rx.io/	1970-01-20 08:09:03	Name: _rxuuid Value: %7B%22rx_uuid%22%3A%22RX-02ad0771-8184-4086-b8bb-22d0c98bc07e-003%22%7D
.pubmatic.com/	1970-01-20 00:06:39	Name: KRTBCOOKIE_377 Value: 6810-22653919-009f-4f9a-864e-eb4e5e5e19ca&KRTB&22918-22653919-009f-4f9a-864e-eb4e5e5e19ca&KRTB&23031-22653919-009f-4f9a-864e-eb4e5e5e19ca
.pubmatic.com/	1970-01-20 00:06:39	Name: KRTBCOOKIE_1101 Value: 23040-7041199956690729112
.pubmatic.com/	1970-01-20 00:06:39	Name: KRTBCOOKIE_27 Value: 16735-uid:8b9d61b7-5e0e-4300-ba0d-feebf75e4e8e&KRTB&16736-uid:8b9d61b7-5e0e-4300-ba0d-feebf75e4e8e&KRTB&23019-uid:8b9d61b7-5e0e-4300-ba0d-feebf75e4e8e&KRTB&23114-uid:8b9d61b7-5e0e-4300-ba0d-feebf75e4e8e
.pubmatic.com/	1970-01-20 00:06:39	Name: KRTBCOOKIE_391 Value: 22924-686955697831082021&KRTB&23263-686955697831082021
.tapad.com/	1970-01-20 00:49:51	Name: TapAd_3WAY_SYNCS Value:
.bidswitch.net/	1970-01-20 08:09:03	Name: tuuid Value: 1365c82b-edf6-43f3-936a-102b421a5b25
.bidswitch.net/	1970-01-20 08:09:03	Name: c Value: 1639407118
.bidswitch.net/	1970-01-20 08:09:03	Name: tuuid_lu Value: 1639407118
.pubmatic.com/	1970-01-20 00:06:39	Name: KRTBCOOKIE_336 Value: 5844-8851320981600702179
.demdex.net/	1970-01-20 03:42:39	Name: demdex Value: 41422844723829990031445744553350014138
.tidaltv.com/	1970-01-20 08:09:03	Name: tidal_ttid Value: da823595-6cb7-4bfe-b62e-f024360f41e6
.weborama.fr/	1970-01-20 08:55:07	Name: AFFICHE_W Value: sQoUFLR0RX2x76
.bidr.io/	1970-01-20 08:51:57	Name: bito Value: AADpM07DbrwAAD2Ay7E7rw
.bidr.io/	1970-01-20 08:51:57	Name: bitoIsSecure Value: ok
.targeting.unrulymedia.com/	1970-01-20 08:09:03	Name: _rxuuid Value: %7B%22rx_uuid%22%3A%22RX-02ad0771-8184-4086-b8bb-22d0c98bc07e-003%22%7D
.theadex.com/	1970-01-20 01:33:03	Name: axd Value: 4280048961607745827
.theadex.com/	1970-01-19 23:33:31	Name: tis__gL Value: _gLeApQv
.tidaltv.com/	1970-01-20 08:09:03	Name: sync-his Value: "H4sIAAAAAAAAADM0sjQztTK0MAIA4d3F+wkAAAA="
.turn.com/	1970-01-20 03:42:39	Name: uid Value: 3405951207433908295
.dpm.demdex.net/	1970-01-20 03:42:39	Name: dpm Value: 41422844723829990031445744553350014138
.pubmatic.com/	1970-01-20 00:06:39	Name: KRTBCOOKIE_594 Value: 17107-RX-02ad0771-8184-4086-b8bb-22d0c98bc07e-003
.pubmatic.com/	1970-01-20 00:06:39	Name: KRTBCOOKIE_22 Value: 14911-3405951207433908295
.adsby.bidtheatre.com/	1970-01-19 23:33:31	Name: __kuid Value: 684377e9-6dec-4e6d-a5e9-7c26fc49d3c0.408621119
.crwdcntrl.net/	1970-01-20 05:52:12	Name: _cc_dc Value: 1
.crwdcntrl.net/	1970-01-20 05:52:12	Name: _cc_id Value: fcc6b7d9aec90eef210a58a5bcddbe17
.creative-serving.com/	1970-01-20 08:45:03	Name: tuuid Value: 77f58ace-0989-47ef-92bb-6c269f74c8c6
.creative-serving.com/	1970-01-20 08:45:03	Name: c Value: 1639407119
.creative-serving.com/	1970-01-20 08:45:03	Name: tuuid_lu Value: 1639407119
.pubmatic.com/	1970-01-20 00:06:39	Name: KRTBCOOKIE_188 Value: 3189-no-consent
.onaudience.com/	1970-01-19 23:24:53	Name: done_redirects147 Value: 1
ads.playground.xyz/	1970-01-19 23:33:31	Name: connect.sid Value: s%3AYLnpMDHnV-NKYFm2CeZczZpQmgZdmPjh.kwnVgXEfaJ8TPDSeRb6dxYMSBoXCdQl2A2ZSudW1qk8
.krxd.net/	1970-01-20 03:42:39	Name: _kuid_ Value: Oidba4jO
.pubmatic.com/	1970-01-20 00:06:39	Name: KRTBCOOKIE_80 Value: 22987-CAESEGQuGlJ061tnhyezwzzSbY8&KRTB&16514-CAESEGQuGlJ061tnhyezwzzSbY8&KRTB&23025-CAESEGQuGlJ061tnhyezwzzSbY8
.adsrvr.org/	1970-01-20 08:09:03	Name: TDCPM Value: CAESFwoIcHVibWF0aWMSCwjm5eDZxJSfOhAFGAEgASgCMgsInsm3iduUnzoQBTgBWgd4a3N3OWxhYAI.
.pubmatic.com/	1970-01-20 00:06:39	Name: KRTBCOOKIE_466 Value: 16530-1365c82b-edf6-43f3-936a-102b421a5b25
.pubmatic.com/	1970-01-20 00:06:39	Name: PugT Value: 1639407119
.onaudience.com/	1970-01-19 23:24:53	Name: done_redirects219 Value: 1
.zeotap.com/	1970-01-19 23:24:53	Name: zsc Value: %1DP%24%16%C9%A0%23%D1%E24%7F%BA%8E%3A%9E%0Fh%A2%0E%29%C7%84%60%DB1N%17%11%C8%5D%D4%2ALc%18%E6i%9F%D3%D38%DFS%0E6%0F%00%DC%C4%FB%AB%CB%86%C1%DC%A2%25%A0%0D%E9%92%0C%CC%9C%90%8C%27%40%15%BBK%CA%BA%E0~%F4%86zo%C3%AD%8C%C1w%EE%D1%12%3C~%B5%B8%E3%DB%DB%B0%3E%EB%C2%CB_C%26%C8t%DFA%5D%CD%AC%DD%2B%AEK%8ES%D8%26B%03%7B%EE%EFbZ%ABs%BC%04%3E%87%E7%2B%C3QZy%D7%01F%A26a%8D%7F%C4c%10%03C%C6%FD%C8%84~%0F%C3%237%3AI%0C%27%0B%A5G2%5D%C1
.securityaffairs.co/	1970-01-20 08:45:03	Name: __gads Value: ID=29f0cbdf7a8fad8f-2201eceb06cd00fa:T=1639407119:RT=1639407119:S=ALNI_MaGMixP8prSAyxDQ9t0TNYnfWrj5g
sync.srv.stackadapt.com/	1970-01-20 08:09:03	Name: sa-user-id Value: s%3A0-2bd92bb8-2164-4157-6ecb-35847fa80ff3.QnaejrgQE0hd2w4j4renoKuDgqHKcn7F7mcJkxXF4qY
.srv.stackadapt.com/	1970-01-20 08:09:03	Name: sa-user-id-v2 Value: s%3A0-2bd92bb8-2164-4157-6ecb-35847fa80ff3%24ip%24185.213.155.162.UNZft%2BUUEdDV7cHDbbqBpa8mxHBPAJOJmlETg4crDZs
.pubmatic.com/	1970-01-20 00:06:39	Name: KRTBCOOKIE_860 Value: 16335-K9kruCFkQVduyzWEf6gP87nVm6I
.fwmrm.net/	1970-01-20 03:42:39	Name: _uid Value: "e9745_7041199960934809293"
.doubleclick.net/	1970-01-20 08:45:03	Name: IDE Value: AHWqTUn7pD7YT7asL24VXn-c4SyiAn3KOzH5zbNDr_2ovKywKkHnVBps-Em5AZYFBwU
bh.contextweb.com/	1969-12-31 23:59:59	Name: INGRESSCOOKIE Value: e846cb63ce56cfdb
.quantserve.com/	1970-01-20 01:33:03	Name: d Value: EIUBDgH5JIEO-TA
.m6r.eu/	1970-01-19 23:23:30	Name: test Value: true
.adnxs.com/	1970-01-20 01:33:03	Name: anj Value: dTM7k!M41.D>6NRF']wIg2C%yf3.+]!]taP8i_iqf!oN/@E'zz<*Z0QpPC#zU^bw2-y(Z(3WC%`Nll].%SdPqLlcY8<QG=%9sk@3@'s>T1DZ(f
.casalemedia.com/	1970-01-19 23:24:53	Name: CMST Value: YbdeDmG3XhAA
.casalemedia.com/	1970-01-20 08:09:03	Name: CMRUM3 Value: ce61b75e0e05a0&2d61b75e102760CAESENaIhVBelTsSWf61r3bGTf8&f161b75e0e05a0&e661b75e0e2760&be61b75e0e05a0&3961b75e0e27605142336719120101289&da61b75e0e2760&2761b75e0e0b40
.eyeota.net/	1970-01-19 23:23:27	Name: SERVERID Value: 18957~DM
.m6r.eu/	1970-01-20 01:33:03	Name: cct Value: 1639407120082
.m6r.eu/	1970-01-20 01:33:03	Name: id Value: 7092cbb331aad686f981b857f2cfe232
.doubleclick.net/	1970-01-19 23:23:30	Name: DSID Value: NO_DATA
.admixer.net/	1970-01-20 16:54:39	Name: am-uid Value: 7e215b60286842349376b570ea57da0d
.lijit.com/	1970-01-20 08:09:03	Name: ljt_reader Value: 91ea6ffaf83d7a3368eb33d4
.blismedia.com/	1970-01-20 08:09:07	Name: b Value: 61B75E10F61B554ABDDF72F5BLIS
.id5-sync.com/	1970-01-19 23:23:27	Name: cf Value:
.id5-sync.com/	1970-01-19 23:23:27	Name: cip Value:
.id5-sync.com/	1970-01-19 23:23:27	Name: cnac Value:
.id5-sync.com/	1970-01-19 23:23:27	Name: car Value:
.id5-sync.com/	1970-01-19 23:23:27	Name: gdpr Value:
.id5-sync.com/	1970-01-19 23:23:27	Name: id5 Value: 61d1ca59-64d0-49d8-b42f-a4d7a28971f8#1639407113150#1
prebidserver.pixfuture.com/	1970-01-20 01:33:03	Name: uids Value: eyJ0ZW1wVUlEcyI6eyJhZG1peGVyb3BlbnJ0YiI6eyJ1aWQiOiI3ZTIxNWI2MDI4Njg0MjM0OTM3NmI1NzBlYTU3ZGEwZCIsImV4cGlyZXMiOiIyMDIxLTEyLTI3VDE0OjUyOjAwLjI0MjM2OTkzOFoifSwiZXBsYW5uaW5nIjp7InVpZCI6IkFIbUYzaWlqQUxpdXJra0IiLCJleHBpcmVzIjoiMjAyMS0xMi0yN1QxNDo1MTo1OS4zNTk0NjU5OTVaIn19LCJiZGF5IjoiMjAyMS0xMi0xM1QxNDo1MTo1OS4zNTk0NTk3MDJaIn0=
.id5-sync.com/	1970-01-19 23:23:27	Name: callback Value:
.ads.linkedin.com/	1969-12-31 23:59:59	Name: lang Value: v=2&lang=en-us
.linkedin.com/	1970-01-20 16:55:20	Name: bcookie Value: "v=2&d3dbca0e-6563-4065-82a1-f619a1d64f61"
.linkedin.com/	1970-01-20 16:54:01	Name: li_gc Value: MTswOzE2Mzk0MDcxMjA7MjswMjFALb+tFnplZW82g55F3+Z0WtMmpE5YyDm7AMyU9EC0aQ==
.linkedin.com/	1970-01-19 23:24:53	Name: lidc Value: "b=VGST02:s=V:r=V:a=V:p=V:g=2500:u=1:x=1:i=1639407120:t=1639493520:v=2:sig=AQH1yjzbp4hEibWCWKLatgyh5_dB3kIp"
.audrte.com/	1970-01-19 23:45:03	Name: arcki2 Value: c2hPhaoFXkyQbG-mHz7ZBzgWQ!20210804!1639407120356
.o2online.de/	1970-01-19 23:33:31	Name: webShopPV Value: ?partnerId=O2_DSP_TRA_HAV_14112_PV&mediacode=25667676_4307561_303197237_146334472_-0&ref=25667676_4307561_303197237_146334472_-0
.pubmatic.com/	1970-01-20 00:06:39	Name: SPugT Value: 1639407119
.crwdcntrl.net/	1970-01-20 05:52:15	Name: _cc_cc Value: "ACZ4XmNQSEtONksyT7FMTE22NEhNTTMyNEg0tUg0TUpOSUlKNTRnAILE7XFCf%2F%2F%2F%2F88P4kAAAOjXD78%3D"
.crwdcntrl.net/	1970-01-20 05:52:15	Name: _cc_aud Value: "ABR4XmNgYGBI3B4nBKSgAAAT2QGJ"

14 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	URL: https://securityaffairs.co/wordpress/125409/malware/moobot-botnet-hikvision.html(Line 520) Message: Mixed Content: The page at 'https://securityaffairs.co/wordpress/125409/malware/moobot-botnet-hikvision.html' was loaded over HTTPS, but requested an insecure stylesheet 'http://fonts.googleapis.com/css?family=Roboto+Condensed%3A400italic%2C700italic%2C400%2C700&subset=latin%2Ccyrillic-ext%2Cgreek-ext%2Cgreek%2Ccyrillic%2Clatin-ext%2Cvietnamese&ver=a28b0e9b2cdbb1f5240bb81b525eda0e'. This request has been blocked; the content must be served over HTTPS.
security	error	URL: https://securityaffairs.co/wordpress/125409/malware/moobot-botnet-hikvision.html(Line 521) Message: Mixed Content: The page at 'https://securityaffairs.co/wordpress/125409/malware/moobot-botnet-hikvision.html' was loaded over HTTPS, but requested an insecure stylesheet 'http://fonts.googleapis.com/css?family=Lato%3A400%2C700%2C400italic%2C700italic&ver=a28b0e9b2cdbb1f5240bb81b525eda0e'. This request has been blocked; the content must be served over HTTPS.
security	error	URL: https://securityaffairs.co/wordpress/125409/malware/moobot-botnet-hikvision.html(Line 522) Message: Mixed Content: The page at 'https://securityaffairs.co/wordpress/125409/malware/moobot-botnet-hikvision.html' was loaded over HTTPS, but requested an insecure stylesheet 'http://fonts.googleapis.com/css?family=Playfair+Display%3A400%2C700%2C400italic&subset=latin%2Ccyrillic-ext%2Cgreek-ext%2Ccyrillic&ver=a28b0e9b2cdbb1f5240bb81b525eda0e'. This request has been blocked; the content must be served over HTTPS.
security	error	URL: https://securityaffairs.co/wordpress/125409/malware/moobot-botnet-hikvision.html(Line 523) Message: Mixed Content: The page at 'https://securityaffairs.co/wordpress/125409/malware/moobot-botnet-hikvision.html' was loaded over HTTPS, but requested an insecure stylesheet 'http://fonts.googleapis.com/css?family=Oswald%3A400%2C700%2C400italic&subset=latin%2Ccyrillic-ext%2Cgreek-ext%2Ccyrillic&ver=a28b0e9b2cdbb1f5240bb81b525eda0e'. This request has been blocked; the content must be served over HTTPS.
javascript	error	URL: https://securityaffairs.co/wordpress/125409/malware/moobot-botnet-hikvision.html Message: Access to XMLHttpRequest at 'https://api.rlcdn.com/api/identity/envelope?pid=c2d18b01-4905-4aba-a83e-e41eac932694' from origin 'https://securityaffairs.co' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://api.rlcdn.com/api/identity/envelope?pid=c2d18b01-4905-4aba-a83e-e41eac932694 Message: Failed to load resource: net::ERR_FAILED
network	error	URL: https://sync-tm.everesttech.net/upi/pid/b9pj45k4?redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%7D%26gdpr%3D0%26gdpr_consent%3D Message: Failed to load resource: the server responded with a status of 503 ()
network	error	URL: https://ib.adnxs.com/getuid?https://dsum.casalemedia.com/crum?cm_dsp_id=190&external_user_id=$UID&gdpr=1 Message: Failed to load resource: the server responded with a status of 400 (Request failed due to privacy signals)
network	error	URL: https://dmp.adform.net/serving/cookie/match/?party=1105&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=d3c45572-f3bb-45a6-4f08-50157969e3f9&reqId=1629df10-1e12-42e7-45b0-824325257fc7&zdid=1361 Message: Failed to load resource: the server responded with a status of 403 ()
network	error	URL: https://sync-tm.everesttech.net/upi/pid/btu4jd3a?redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D191940%26nid%3D3778%26put%3D%24%7BUSER_ID%7D Message: Failed to load resource: the server responded with a status of 503 ()
network	error	URL: https://id.rlcdn.com/709414.gif Message: Failed to load resource: the server responded with a status of 451 ()
network	error	URL: https://ad4m.at/ad/dpe?b=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjkmdGw9MTI5NjAw&piggybackCookie=$UID Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://ib.adnxs.com/getuid?https://mwzeom.zeotap.com/mw?adnxs_uid=$UID&zpartnerid=2&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=d3c45572-f3bb-45a6-4f08-50157969e3f9&reqId=1629df10-1e12-42e7-45b0-824325257fc7&zdid=1361 Message: Failed to load resource: the server responded with a status of 400 (Request failed due to privacy signals)
network	error	URL: https://sync-tm.everesttech.net/upi/pid/cQZGoH6Q?redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D876%26env%3DmWeb%26cid%3D${TM_USER_ID}%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3Dd3c45572-f3bb-45a6-4f08-50157969e3f9%26reqId%3D1629df10-1e12-42e7-45b0-824325257fc7%26zdid%3D1361 Message: Failed to load resource: the server responded with a status of 503 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=0
X-Xss-Protection	0

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a.audrte.com
aa.agkn.com
aax-eu.amazon-adsystem.com
acdn.adnxs.com
ad.turn.com
ad4m.at
ads.creative-serving.com
ads.playground.xyz
ads.pubmatic.com
ads.us.e-planning.net
adservice.google.com
adservice.google.de
ap.lijit.com
apex.go.sonobi.com
api.rlcdn.com
bcp.crwdcntrl.net
beacon.krxd.net
bh.contextweb.com
biddr.brealtime.com
bn01.er.bemail.it
btlr.sharethrough.com
buttons-config.sharethis.com
c1.adform.net
c2shb.ssp.yahoo.com
cdn.pixfuture.com
cm.adgrx.com
cm.g.doubleclick.net
cms.analytics.yahoo.com
cms.quantserve.com
connect.facebook.net
contextual.media.net
core.iprom.net
csync.loopme.me
d.turn.com
d5p.de17a.com
dis.criteo.com
dmp.adform.net
dmp.theadex.com
dmp.v.fwmrm.net
dpm.demdex.net
dsp.adfarm1.adition.com
dsum-sec.casalemedia.com
eus.rubiconproject.com
fastlane.rubiconproject.com
fonts.googleapis.com
fonts.gstatic.com
google-analytics.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
graph.facebook.com
green.erne.co
gum.criteo.com
hb.emxdgt.com
hbopenbid.pubmatic.com
i0.wp.com
i1.wp.com
i2.wp.com
ib.adnxs.com
id.rlcdn.com
id5-sync.com
idsync.frontend.weborama.fr
image2.pubmatic.com
image4.pubmatic.com
image6.pubmatic.com
js.cookieless-data.com
l.sharethis.com
lg3.media.net
loadeu.exelator.com
match.adsby.bidtheatre.com
match.adsrvr.org
match.prod.bidr.io
match.taboola.com
maxcdn.bootstrapcdn.com
mug.criteo.com
mwzeom.zeotap.com
navvy.media.net
obgpm76tt0a0sgogzhdfe.redinuid.imrworldwide.com
odr.mookie1.com
onetag-sys.com
p.rfihub.com
pagead2.googlesyndication.com
partner.googleadservices.com
pixel-eu.rubiconproject.com
pixel-sync.sitescout.com
pixel.mathtag.com
pixel.onaudience.com
pixel.quantserve.com
pixel.rubiconproject.com
pixel.sitescout.com
pixel.tapad.com
pixel.wp.com
pixfuture-inv-nyc.admixer.net
pixfuture2-d.openx.net
platform-api.sharethis.com
portal.o2online.de
pr-bh.ybp.yahoo.com
prebid.media.net
prebidserver.pixfuture.com
prg.smartadserver.com
ps.eyeota.net
pubmatic-match.dotomi.com
px.ads.linkedin.com
rtb-csync.smartadserver.com
rtb.gumgum.com
rtb.openx.net
s.ad.smaato.net
s.amazon-adsystem.com
s.e-planning.net
s0.2mdn.net
secure-assets.rubiconproject.com
secure.adnxs.com
secure.gravatar.com
securityaffairs.co
served-by.pixfuture.com
simage2.pubmatic.com
simage4.pubmatic.com
spl.zeotap.com
ssc-cms.33across.com
ssc.33across.com
ssum-sec.casalemedia.com
ssum.casalemedia.com
stats.wp.com
sync-tm.everesttech.net
sync.1rx.io
sync.crwdcntrl.net
sync.inmobi.com
sync.mathtag.com
sync.richaudience.com
sync.srv.stackadapt.com
sync.targeting.unrulymedia.com
sync.tidaltv.com
t.co
tags.bluekai.com
tags.crwdcntrl.net
token.rubiconproject.com
tpc.googlesyndication.com
tr.blismedia.com
tracking.m6r.eu
trc.taboola.com
u-ams02.e-planning.net
u.openx.net
um.simpli.fi
ups.analytics.yahoo.com
usermatch.krxd.net
ws.sharethis.com
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
x.bidswitch.net
adservice.google.com
adservice.google.de
api.rlcdn.com
fonts.googleapis.com
googleads.g.doubleclick.net
partner.googleadservices.com
104.111.215.191
104.17.120.107
104.244.42.133
13.32.22.86
142.250.181.226
142.250.185.66
142.250.186.66
146.59.148.16
15.197.193.217
151.1.205.165
151.101.193.108
151.101.2.49
151.101.65.44
157.245.94.128
159.65.197.210
162.55.236.225
169.50.137.184
178.162.133.150
178.250.0.157
178.250.2.151
18.156.0.31
18.156.195.47
18.185.195.105
18.192.161.141
18.195.177.130
185.29.132.245
185.33.221.53
185.33.221.87
185.64.189.110
185.64.189.112
185.64.190.78
185.64.190.80
185.86.138.122
185.86.139.114
188.165.4.142
192.0.76.3
192.0.77.2
193.0.160.128
195.5.165.20
198.47.127.20
2.18.233.180
2.18.233.201
2.18.234.21
2.18.235.93
20.72.149.136
2001:678:cb4:bbbb::11
2001:678:cb4:bbbb::13
2001:8d8:100f:f000::289
204.62.13.72
209.54.180.144
212.82.100.182
213.155.156.166
213.19.147.45
216.52.2.30
23.37.42.132
23.58.216.132
23.79.143.124
23.88.75.189
2600:1f18:6593:f606:5126:e6b:eab6:7393
2600:9000:2057:8600:3:c04e:c780:93a1
2600:9000:206f:3800:c:abe:f440:93a1
2600:9000:211e:f600:1b:5138:8a40:93a1
2602:803:c003:200::51
2606:4700:10::ac43:db6
2606:4700:20::ac43:4671
2606:4700:3039::6815:c099
2606:4700::6812:acf
2620:116:800d:21:f916:5049:f87f:108e
2620:1ec:22::14
2a00:1450:4001:803::2004
2a00:1450:4001:80e::2008
2a00:1450:4001:810::2006
2a00:1450:4001:811::2002
2a00:1450:4001:811::200e
2a00:1450:4001:812::2002
2a00:1450:4001:813::2003
2a00:1450:4001:827::200a
2a00:1450:4001:828::2004
2a00:1450:4001:829::2002
2a00:1450:4001:82b::2002
2a00:1450:4001:82b::2003
2a00:1450:4001:82f::2001
2a00:1450:4001:831::2002
2a02:2638:1::13
2a02:fa8:8806:13::1400
2a03:2880:f01c:800e:face:b00c:0:2
2a03:2880:f01c:8012:face:b00c:0:3
2a04:4e42:400::300
2a04:fa87:fffe::c000:4902
2a05:d018:24:b001:be6e:d2d6:b7bf:2108
2a05:d018:d29:3605:14b1:76c0:1806:81d9
3.120.52.200
3.127.253.208
3.228.116.73
34.102.149.62
34.102.253.54
34.107.148.139
34.149.20.76
34.194.7.56
34.249.68.36
34.254.143.3
34.96.105.8
34.98.67.61
35.156.230.193
35.186.253.211
35.201.81.244
35.227.248.159
35.244.159.8
35.244.174.68
37.157.2.234
37.157.2.238
46.249.52.248
5.178.65.245
5.178.65.253
51.158.28.83
51.75.146.199
51.89.9.251
52.18.61.23
52.206.55.189
52.215.164.121
52.215.67.233
52.57.150.20
54.228.253.216
54.228.52.99
54.239.37.23
65.9.68.65
66.155.71.149
66.155.71.150
67.202.105.23
68.183.31.14
69.173.144.139
69.173.144.165
72.251.244.142
72.251.245.179
74.214.196.131
82.113.101.132
85.114.159.93
89.163.159.109
00d534b6d1d7adf2faa7861ce9557403c3c08304e2791fd4301029b0e142c286
00db1163ca6054f2a8496a8613addd64991e27eedc8a136ca3e1f9dc04e894f8
00f28fdb987ce0f9edc935ffe381123a2e1f79fcc0f55759a7bb4a83b4a88584
0423a953637d6aa05ef764fe54a49a387fc61b5d50c65c488815f1dcaf88d803
0757f7ff6e5f6a581922a5e2d42c5e0cf7475d880885a9802e8bdd5e4188dd34
07950a09fba7925fd19fb57100b63b44f631f034eacd0226ce5477e34ef0ca28
08118b89683f56e1195a7fdd320bf6413aed7b73e2eeb8ccbacd59fcbdbd8108
0915fad60bc9b61b6dcd82d05da7ec4bc0232a647e75b8507c3cba6d4d6602f9
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0c27a9c1aee9eacb73655f930a6bbf9ec721006695e5c38405296081cdbcb878
0e53466218d7ff174e0a083ecce89b1c090c67ccbe55775eddca03e930ff9e35
0fbca756035a8bff7e839d7451867f1aae73d64b865b0f42b93940e41c0aafed
0fd28fece9ebd606b8b071460ebd3fc2ed7bc7a66ef91c8834f11dfacab4a849
119f16a48ee60048587f6148ccd7b4d166b5f77d22ac11c87d665f5dee82fc78
127672d4912f86d7cbdeab0c1ccd9536aa33f335a7b1609d3a3939c1d778220e
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
13b61826fde5b78966364a0bfe1f2309da1f0ccd75923528a5014978b7276742
149bccf7e467541fc83e870e967ac322b26065e5d6797169c8a677a67db07e60
14d79e2cf47df339b79d25ffc6d0136e5d2e70a96b75e6782198ea6bbda3ca0a
1523ddaa632d195a1240668fb5c6870519e3cdfeabd5a346141bcbb03222e2e7
15d9da2cea018c2a9187c35a9982dd67faf17a0d415961a88c94b2b90e1f09ce
164ee662cc53430214d9f1ab3c8135a1026c568649de2dea2a29d5fd16bff6f4
16a4590dcac18c2fefbc631cf48a2b8f8321e33062100bb3f52b2194b9e86999
175437ab2d5703d39c01d0f479b19f9b1569bfb2cf43dca8cbf30ff962f0f48b
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
1832a6ee34745b08b1fcae42c24468086358b43071d7679a738951aa7dc243ea
1844237c138bd410bc7fcfecd38156aa58aa2968d59889386b17de5c796e3c84
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002
18d61b5ee68a57bd7a4733f776f9f8aa5c353e7f35a420881523b6edbf7c6b19
1aaab3c3d6f974416ae34893cebe3a544aea17931439b2449ec392061d11ec82
1abc5469f1235e85489ca1062a07fe18c7f449e3ba039d3de0da07fbb3c5892d
1cc4f4c92b087dcaf73fae7b25faeb55c5b3399e5ccf1d8ac5dbc01231fdb61a
204265a6f1fc8529e4a64cff2c17c04709b46455f93003d24edb50bd78977223
2167552439fde13b52404300959bbd25373d8cb01a7c746f0cbf2e3643ac3ba7
2199990352edbb7ec586e01d26e2f6a7010a2fce1517711019b614dcec353ba3
2295c7a89c8ac4a19e2641283109be472d8f58bd78e42a38a0d16e34203e4bba
2333802e4a0c86b4cc4c71b376fc0aedc3b03039bfc777d96105f82231215732
24f2b9883093f19992b2e40b1b0c4cde2250ae4e5f3b4052030b59f0c22a84fe
27137d511f74cacf93119bcbd75466a75edeb9589f56f18c3a660ec66c920078
290cdfc5405554e88883ba29d0b9b34d30340e68b6b8c1bb57a917907039bd5e
2918a99471679fcc2d5e894bd19ba00291cc8a0aef8bfd017db1090b1b7a6b2d
292ef2c34596f8931fcda3e68d2ab7daa70fce96be880ca888b0a4d62cc58ec3
2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11
2c29defe29114d0e8b948e78d50ebb281035df53a9167089deb1e77e801bbd2f
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef
3033677156ff1f9ddd52d8d77b448f9c35c78637f4b258f9b28cf7f8784f4fe6
305586eed15677a63571112dd94407c1661f5274d0713bcfae9a47e09c2cedc3
306077799e243fed89309d0dc36e1916630d54ca941cc5c7645eed34b39136d8
31e970ace5ddc76018ee488a5d09b1dfa427356cda4f6d45d5ecdd234e3d671d
326c32d7ffbd04762a10cf5bb37441d418397959381d3893c9e9a48217aa5347
32b5c88160bab78ae20a39de4a8abe015f4f4c5d48be8300a6686d32a570ccfb
341e0d761251ee538d0cad6322c66abdbf78dc7d6f3ca62f3459fab822a2103f
36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627
374b3f4b68b062d5f9c7780b6cb07c727eade5b469826bf400526e1dd5487edc
37a31642af0a7fe695ed0fd68a06a55af44e854d083dc7f5d0e70535f0189ae0
37cfec1b7d26d6960ccf8965cad6f3c1e90d5edfe258b4d33ffad59b2c0bb319
37d925559381e9d5388c4a096fe1383570546b7b11548d7d6a7e560adcc24e5d
3959ef50f058794429dbb475c8988f630f9df1a2098e55dc997915bda6500f43
3b853e8d7968c1942cb13e283519e52f1cc0c0cbaea74722f62b828980f70f7e
3bcdac4948fc1b805aa0097d6f8f195fbe6f6a96298da66bf6ad6c71dd98d65e
3c02dc9ea15a979bde47f9fbe57900e338b047b697f85a9c566be50e10514d57
3d01dd12e98951af78127f89c1a9e2d7d39d892e1eeb57ec307bf15bf7ff998c
3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
3f6b03eb8e21a3a28aba3faee92d4dace9ed7a9c9bc408ee25e17a21ab4ae96f
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390
4068311a5be67615c4d37b625ca8e478035238d3a51d1aa3f74bd2119c1b2e37
40bc46248d8f8d5fbea7678bd0c0031327e206daaf99f3bf6723b9a70f665f7f
444ee2a405e57ede9ef10e17bb58c0351c39e9d21203f242b55a77fd07d30784
45185c8f6cd2f9b42e3a02b78af40edc7d61328fac3167a0490c9c69bbecaaa6
45df10c585e01c07a3602ed16c1c6842d2572d6b15bceff9cb1f58256d330e31
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
48d363cb5d3e8636be4ebf1fc9e00668fb6c156d32f128b894c9f46fdefe47e6
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4c6b4ef22f4c5dd8fd6e17ab6706d8c55d236824c20b3d8dcd310f7de744def6
4cdecc62f5b2c8e9f7cf7b14b9fd42e0c4787d912c1b71426cdfbe0144cede46
4d1fcf90268b2a4492c24ceac97deb003669751451c534e83f5a1aa57826fe9a
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4eb13ed31317bbf2e5369a19414370e17a8bd90862c504657eec6b7fcdd734b5
4f3c7931a5cffd675d3e3e5619e93b5ae79170492bc2f7551e1280167942f09e
4f6d2f65857a97e5d206912792e430caa2c3ef86338533016af58de57fd70fc3
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
506b662b288239dbf6fe294b75eb30cdd8717b4ea53af6503d60bbf010bb11a8
516591b389f99284a8a3cf2c85501080246966a2cb51bdbd87a8e26a717c0640
541ac58217a8ade1a5e292a65a0661dc9db7a49ae13654943817a4fbc6761afd
5525d57ced576560de8777ea78e4bc0c9d55396c0b668a7563b354de9c165aee
557e499768558e33175f530d34630fcee444aa6085e8f8c109fd2698b44add5a
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
58f70af4fa4e149b0eac1d708737f8d500f60c901f57aa37ea38ed58c3e5d1d9
5a25de0ee0917c2a760c0d03028e629863026404aa44422f08a98bb63e349378
5a71333a93fd57712bf26341e5189f64e322905aa97d1bb6cba938e70f3d5e40
5c77f9eb87844fb0b30f369eaa4de51577ca88936a85426353a9082224010d82
5cbf31f01d7d1ce4853bcd6cc64dbfd103d412ec14d8bcc4ebca3b35dc3f3b74
5f8e10bbeee75f4a9aca7f8f1a343c277f266045692091f79fd21b790cb9a212
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
6251b4b4525b9007511a48a6cda9a168f07ff77ccc4dd75759486af624a13301
63969f17db234aba40cccf5e4831784bdce911b186dfacec10efa6242daaedbd
64c41a6752147d6209ab9377bd28d1970be83a0a8d8617dfa4ea8dddf0516194
650868ebc4c00b2ea4ea72747f655f8a0552ba53c9b5b55defd9457be75f1aa9
65cfa6801a0886fab249b224e8a6982b4740fe7879fce99ff13ddaac9aaca01a
668cad8c2067b00d8e27dcad6732e05bebc63ec0b230775dc4395da722615b40
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6bde25c28ea0240eed31263ee4dbf26feae769e2ab1df92a06aa83608b0c41bd
6c1d535ae1eb172a8869b52e56802d4f3661cd6a17b32416cceb7382819b7194
6d20d8e0c791ee4484bbdbdf04cac495925861496ea0c2727aeed52784c8f6d8
6d9f061cba81145d9bab0964192d66cb2e13a71591482cdfaf5b718341171da1
7056da2488ab42721f92f866eb77c22d5937f24f0ab7dc483cf32c906aeb49dd
70820a30c883b9a4c94a49d2a57a3d0499988dc21f404f38ac450200182f682f
73cadf4725483d9a9290b8ea3ad87fe2afc746de5f70e89f088a3df9996bd8dd
7478123ab457a28ecf9df78f2832fbdbefc205eaef0930b4f6666903e756be46
759949fb0ffaa47eb3755d704adfee7be3ab4fd3d3fa2f37381ca6ea8b9506b1
764942bafb7fece2c8c6b026e49fc13d48fc2cdbc610bb383685948bee036b2d
76a18f5f0637e0d73ce1afece898ce8b0fa75bb6b1c1990ae4a7ac6b083045ce
76d1da9e9902ccf3d2983b706151d7c4f1a910c86b757fae4302ccf989c630a7
7739eefcdee8afcb00fbe9a35cc795fff0cff7092b10d56c4190484d42892433
792e8d90eda8320b9bad0aa1aa9b98cb609ac3a72a642e6d370f40131c88ebe4
796c46ec10bc9105545f6f90d51593921b69956bd9087eb72bee83f40ad86f90
7ac3f3e3b19e3548f01c98e8baca37d59e1e8ea27f1335f8b153081b36fec423
7f08cbc20ce8865c8bd7e4c5a59151895d51d21bc574c5b30d0a5eb235301b39
82d0aae1e7b8cfc0574d6548d1f35096f5e4310321aa964ff3fdb46c4d12e302
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
868a78df4f3d0a21f89c48ccc709df44d3875f5fb33e22bf51ca8b5c28be4202
87f7f86b17eacf56e623a69be05e5f5487470d6b30347efe12742aefa3f5af48
887f4b4bdb8139f091d1ac2fcfb817704b78aa62793a9837b92d7550383d6de9
8933f6428d4ea56329a61b89865d9e2ef601d915b1ad83f4a71925e2d4efa30d
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7
8c3010509fc7480b59413a90d69e9fafcb3d5aa202faf7862466f6bb8be1a335
8d53fc6d842c71696890e115d4f2564114d9fa535d50b1849a6e7bc05b2b15bc
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8d732b3483eb44546a848a82cc9d6a584c81860aae7255f7ac589dcb3f130535
8e6479cd4913a87170eb62978960f57a2966a67fe1ce10ece3cbf9ee4097aa70
908309ab4bce3ff50d0c47be6a9bc5484ea294b118247eb906dd1ae4d4c394f9
923013054eef1a122e7223144f5989bb905afc34fd55de7100c4b203bba226ed
9360299eebce7c61288e49c12d38b8ba6e35a81e71af64d313a8d88525feb664
94c861b3e4bc918650205113892b86d7768e0fbc75fdfcd8e103e87988eea6aa
98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a
9a47abcc220084cd32dd51bd76f84ff7839e2dbf1a132fb970e8a1437f03726b
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9c062d10663416484b5a59bb47a0308526bec56cc69e9f3499fa087d8eae5c7a
9c9f3ab5e47f28e9a7f6aa1c6a3f234ff179acb8a7d3bb1459ba834e55d27c51
9db8a678d1681c1c4a3f15e1769c3f54d96f126db4a7b00cea65127c820a7763
9f77f8ef7689073738785568e658a01838e979fa60e7c6874cc91f7279cd95a8
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a0fded691aed767f851011cd3185b928619298a21a0fbdad4808a9e88b490833
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a1b000b433199bfd60632e61b74bb2c4abd074dce072784e7acd55b1e4158cee
a3c0d6a1ec21864cd81859c59b3bda8520398d0292e3864348808d51bae8400c
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
ab407127b6212a0af9b8f9f834f466e1608e0404bf09420b5026813827289edf
aba8ff1f0d8acee4eb692b5075966a3569d01e1a3b0e0bca09bfda8dc6d1356d
b00af338864761a37a208806e2e8815b46327a5e7e47bf141f4fbdf6d1fd3bcc
b0534210815c3c9ee7e1df828e0916d2997bf39db55466c2cb7353e423db4499
b0b015ea0baa3a87937815ea6ba5b35f9cca8b4a0aeaa71974892b290d3eb0da
b0c86edaa4a291e472d482d607ca5f16e8d4d55a02c9cace06854f1cd8097b76
b12c1cd811f54d11bfdcb5e235e73934a8b8a7a85eafb8529117f9a5bb64ccf8
b138f0b28fe44581bebb03d0ff7046e4f8416deeb5d152ede640eaa3dc1c7872
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b1c4793c00c6995f2393a7bd1e0a6666f6883a10efd9aabefb82495862c1164c
b2aee8a51c45e18adbf31c9c228d5dc54d1430c38c9ad1840bae188dc52db4d1
b4a25f11fbb1e2b547eaf848472f9c048824e307a945f3a0417aac7b09d0456e
b64291fc91dc77833930ffcead244193c5cfd9e882af312ecc89b580160c22a1
b7908a015a567ec2363011df2475368dbff34360e9da3fdff50604d6395fb646
b861d116700d312124c4f34326956c0293ef45efc14bbd21f554fdc5bb8f9de9
b8fa20af264fcdd99621fc4e3a770927452b0fe382599e0d890a3bfa31152f80
b97d80b9eedfeb29936f0d7f89afbdd425ef8d930d09fa1f98030ceb8b26cabd
ba716187f8cc8c54806f5b9de46d1d94bec574ddf31c82f68532cd181e242b7f
bc29c34d0738c5cb3f96585219667566799d9e142699e982f9406d5b04fa9794
c110419995948214e5b16d9d0df8f7d91536cc42783edd90c7fc1810308309ac
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
c284299aeec8595fd3a10dcd2c27022edfda37c815571843a90c45cad18ace95
c2ecff291918a3caf0b7e470323e89f2a1f05b92e12a10649e598cacebe62acf
c3ecc4e4c47ed04d75d8ac936d99ff03d082fa3b29f58ae025105daee6f6f4f7
c55eebd9845964c111ecdbe7e583ed00ff47536f13c46a7e9c70430cc7ea091f
c6420ab9ec6ebff1cd61333dade6ba9ac879d3617a59334148672dee6af12fec
c787e9dd6dc8ea3c935f5f0f30e3b9e4a3e066b4619bb244f569883f8e318a24
c792a063064d4372ce9947d49d3d4012fe7e703b5ae2382990094ab5c233c0ba
ca94692f3312412f1b35e13613f61580664f10160e5be7b7290e7fd451f333c3
ccf05a4e434715de9af5ef3a4478dee4bafb5e6cda332370afbe0197b2244c8c
cdada3f4920654a4d75f1546e78c49e2870da8ce2824a379ef06e7b9e799a18d
cdf3f88beb166e98d2656e957b247c886d1702027559a290e74a02d58d950c8c
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
cffd4611075122372141b45312bd25709da53032409b6e3c61137494a9b43331
d0aa7ece8e8b2683e65aa5a2c3aaedbf5219081e35ac8b35d0340d3a6dad7302
d3f31f1511c6e170baa35fd0e68b80c55246503f2abfa9cfce349bd7714d8475
d490f2efc64637640a21c5282a89dd22344e58974641bc7bbbfa4c7e4dc8648e
d528cc8b301bb63e722aff31e4f02abe2ac17c8ffc021cd1aeb8d6d2ffb48f3d
d90858c97f7ef3de60307392e3630e672e72a035900a90a3ab3b4c67f3fa85d8
d931ba2089021a1357761939c18bcc09aa856d39be2a707ea450333f5b3443c4
d990aff2383d76371c4ad3d4a1aa39d36d2ea4cad513a9026958bc0a80047470
d9955b485ec10339d863941175c02572657bf9d4f6c5fa2e5603e7d803c1b8cf
d99ea9db1da8549489666d36c9e3fb717842550eed1554e96860af8d30c3b008
da649570efe6e0f30e895ffb94119084b91bdb08e9da5c0836ccbe771f800f2d
daa795332e5dbcf893adf2d5f3349f02b8c1cb957ff3b5f4c11b742e33c3376f
dc5831dbb36d6ccae8d0cb573b8ac633557744716b7210c462e64678074358fd
dfa1028a74436c56e0ee1367812c0ee599d6814ec4a3079ca9b9afffba949e26
e2dc35b0dbaa16b45d96eb3691927df48e091f4983ed2cc079568b789f9559da
e30e8422e04f3611a397ff94dc8763985e9a8cab1778d524c00e5c12113e009f
e30f3479d6ce52ce1c83c50e5568a4a7c1080c3214b23aacbc9d21efdd52f95a
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e46eb58f99814c32c849b97a268129ddb14ca88e9070964ee75a2cd987c66839
e503c59c36fc19803b2e9572b10e7c06236bda692aebd97f29e2a5a96f9aa5b6
e772aa4a48d9aa880d51ca1ff7496eda4cc2e9dd8995441af74e7081e5b94ef2
e8086d37ec7e070f099e680b743e6d6f0d7c261294e8a48383a754faca44de8a
e89bbc7723c5114f9cf138c6019bbca4e4f5e13f6b9febaa38c92c4c3584a964
e8caad51a19c5667e4fc7ae6a3b9bf8a23559bb64b09b0c6e90cad6d24083ea6
edd780d5731b7dc634109f357152c24775faf80a035ea701691e2320541acfe5
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
efb8c15457d131f3cc9d6e392d26780d5a23eb1edd33c387c46afee03f146857
f0c6d2d27de284102b03e30cd74be808801ec53ca49f30b4d15620ee84ea39f5
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1
f9fae20d30474c95bf8745df26cfa5c62803462a9ee57dd710c8266d7ece3f3e
ff7ca5dd273fd26d8e0e001f3d5da345e8ba0ded91494a7ec2dead5b8b2c1ee6
ffb89f1f1fa54e822805cddf1f6ec0492cd8b806b36a921eda855241d1eee914

securityaffairs.co Open in urlscan Pro 2001:8d8:100f:f000::289 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

445 Requests

82 %HTTPS

26 %IPv6

95 Domains

151 Subdomains

107 IPs

12 Countries

3907 kBTransfer

7658 kBSize

132 Cookies

20 Outgoing links

Page URL History

Redirected requests

445 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 18 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

securityaffairs.co Open in urlscan Pro
2001:8d8:100f:f000::289 Public Scan

Screenshot
Live screenshot

Full Image

445
Requests

82 %
HTTPS

26 %
IPv6

95
Domains

151
Subdomains

107
IPs

12
Countries

3907 kB
Transfer

7658 kB
Size

132
Cookies

445 HTTP transactions
18 data transactions