urlscan.io logo urlscan.io
SecurityTrails logo

securityaffairs.co Open in urlscan Pro
2001:8d8:100f:f000::289  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://t.co/ms2nVAhQmD
Effective URL: https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html
Submission: On November 08 via api from CA — Scanned from CA
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 123 IPs in 11 countries across 136 domains to perform 906 HTTP transactions. The main IP is 2001:8d8:100f:f000::289, located in Germany and belongs to IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE. The main domain is securityaffairs.co.
TLS certificate: Issued by GeoTrust TLS DV RSA Mixed SHA256 2020... on March 24th 2021. Valid for: a year.
This is the only time securityaffairs.co was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 104.244.42.133 13414 (TWITTER)
46 2001:8d8:100f... 8560 (IONOS-AS ...)
1 2607:f8b0:400... 15169 (GOOGLE)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2600:9000:211... 16509 (AMAZON-02)
1 13.249.109.18 16509 (AMAZON-02)
73 23.205.72.10 16625 (AKAMAI-AS)
11 68.183.31.14 14061 (DIGITALOC...)
9 192.0.77.2 2635 (AUTOMATTIC)
2 2a03:2880:f01... 32934 (FACEBOOK)
3 192.0.76.3 2635 (AUTOMATTIC)
3 2607:f8b0:400... 15169 (GOOGLE)
1 3 54.161.247.27 14618 (AMAZON-AES)
1 2600:9000:211... 16509 (AMAZON-02)
1 2607:f8b0:400... 15169 (GOOGLE)
1 2a04:fa87:fff... 2635 (AUTOMATTIC)
2 2606:4700:20:... 13335 (CLOUDFLAR...)
2 23.215.130.91 20940 (AKAMAI-ASN1)
1 23.38.2.151 16625 (AKAMAI-AS)
1 2a03:2880:f01... 32934 (FACEBOOK)
2 4 156.154.200.36 19907 (NEUSTAR-AS6)
11 18.211.217.109 14618 (AMAZON-AES)
1 2600:1f18:42d... 14618 (AMAZON-AES)
1 6 2620:100:a001::c 19750 (AS-CRITEO)
2 74.119.119.139 19750 (AS-CRITEO)
1 2 51.89.42.88 16276 (OVH)
32 33 15.197.193.217 16509 (AMAZON-02)
16 18 68.67.179.135 29990 (ASN-APPNEX)
7 157.245.94.128 14061 (DIGITALOC...)
16 31 68.67.161.183 29990 (ASN-APPNEX)
4 34.107.148.139 15169 (GOOGLE)
4 69.166.1.14 27630 (AS-XFERNET)
4 2602:803:c002... 26667 (RUBICONPR...)
4 104.36.115.111 62713 (AS-PUBMATIC)
4 20 35.244.159.8 15169 (GOOGLE)
8 20 69.175.41.32 32475 (SINGLEHOP...)
3 34.224.137.182 14618 (AMAZON-AES)
4 34.149.20.76 15169 (GOOGLE)
2 52.4.33.45 14618 (AMAZON-AES)
1 184.51.146.145 20940 (AKAMAI-ASN1)
1 6 172.98.26.125 399668 (E-PLANNING-)
4 34.102.149.62 15169 (GOOGLE)
33 2607:f8b0:400... 15169 (GOOGLE)
2 2 216.152.140.211 13768 (COGECO-PEER1)
2 2 50.16.197.56 14618 (AMAZON-AES)
19 22 107.178.246.49 15169 (GOOGLE)
8 172.98.26.126 399668 (E-PLANNING-)
37 45 199.127.204.142 26120 (RHYTHMONE)
4 172.98.26.121 399668 (E-PLANNING-)
2 3 35.227.252.103 15169 (GOOGLE)
3 6 34.206.192.53 14618 (AMAZON-AES)
8 8 2001:438:65:1... 26762 (CNVR-US-EAST)
3 4 168.119.146.39 24940 (HETZNER-AS)
6 6 199.187.193.166 47043 (SMARTADSE...)
6 25 69.166.1.10 27630 (AS-XFERNET)
9 10 52.45.33.138 14618 (AMAZON-AES)
1 1 88.214.206.247 46636 (NATCOWEB)
6 6 23.78.168.242 16625 (AKAMAI-AS)
14 23.73.244.44 16625 (AKAMAI-AS)
22 184.29.128.213 16625 (AKAMAI-AS)
3 6 8.28.7.81 62713 (AS-PUBMATIC)
5 23 184.29.129.7 16625 (AKAMAI-AS)
1 14 2606:4700:10:... 13335 (CLOUDFLAR...)
2 51.222.239.232 16276 (OVH)
16 2606:4700:10:... 13335 (CLOUDFLAR...)
1 13.249.109.81 16509 (AMAZON-02)
9 2606:4700:10:... 13335 (CLOUDFLAR...)
1 212.129.3.112 12876 (Online SAS)
6 8 185.167.164.39 198622 (ADFORM)
14 14 151.101.2.49 54113 (FASTLY)
2 19 8.28.7.83 62713 (AS-PUBMATIC)
9 12 52.20.77.98 14618 (AMAZON-AES)
43 80 142.250.65.162 15169 (GOOGLE)
5 6 74.119.119.150 19750 (AS-CRITEO)
4 5 38.91.45.7 398989 (DEEPINTENT)
2 2 173.231.178.115 29791 (VOXEL-DOT...)
6 6 54.161.144.238 14618 (AMAZON-AES)
7 7 54.81.207.173 14618 (AMAZON-AES)
40 41 35.211.178.172 19527 (GOOGLE-2)
1 1 47.252.78.131 45102 (CNNIC-ALI...)
2 3 2606:4700::68... 13335 (CLOUDFLAR...)
8 12 23.46.249.89 16625 (AKAMAI-AS)
5 5 69.90.254.78 13768 (COGECO-PEER1)
2 3 2a04:4e42:600... 54113 (FASTLY)
1 151.101.65.44 54113 (FASTLY)
3 6 35.190.60.146 15169 (GOOGLE)
3 3 107.178.254.65 15169 (GOOGLE)
1 1 34.98.67.3 15169 (GOOGLE)
20 20 74.121.140.14 30419 (MEDIAMATH...)
2 8.28.7.84 62713 (AS-PUBMATIC)
1 8 104.36.115.109 62713 (AS-PUBMATIC)
8 8 108.168.159.145 36351 (SOFTLAYER)
10 11 2620:112:f002... 6336 (TURN-US-ASN)
2 12 2600:1f18:4e9... 14618 (AMAZON-AES)
2 52.3.173.52 14618 (AMAZON-AES)
6 6 34.199.172.6 14618 (AMAZON-AES)
15 15 207.198.113.169 13768 (COGECO-PEER1)
1 2 4.78.226.233 3356 (LEVEL3)
7 8 2620:116:800b... 14618 (AMAZON-AES)
1 1 54.165.73.61 14618 (AMAZON-AES)
1 1 45.35.192.162 40676 (AS40676)
1 2606:4700:10:... 13335 (CLOUDFLAR...)
6 6 8.43.72.98 26667 (RUBICONPR...)
3 142.251.40.226 15169 (GOOGLE)
6 2607:f8b0:400... 15169 (GOOGLE)
1 2607:ae80:5::49 26558 (FREEWHEEL)
2 2 2600:1f18:1c9... 14618 (AMAZON-AES)
3 3 34.209.21.51 16509 (AMAZON-02)
1 1 85.114.159.93 24961 (MYLOC-AS ...)
2 2 35.201.81.244 15169 (GOOGLE)
7 13 18.233.246.214 14618 (AMAZON-AES)
2 2 76.13.32.147 26101 (YAHOO-BF1)
4 4 35.190.90.30 15169 (GOOGLE)
6 54.156.89.184 14618 (AMAZON-AES)
4 4 18.205.214.32 14618 (AMAZON-AES)
2 9 209.54.176.128 16509 (AMAZON-02)
10 11 184.50.205.90 16625 (AKAMAI-AS)
1 1 54.161.185.212 14618 (AMAZON-AES)
3 3 35.211.233.246 19527 (GOOGLE-2)
4 11 69.173.151.100 26667 (RUBICONPR...)
1 2606:4700:20:... 13335 (CLOUDFLAR...)
19 19 199.38.167.128 54312 (ROCKETFUEL)
1 1 52.0.54.12 14618 (AMAZON-AES)
2 34.200.50.237 14618 (AMAZON-AES)
9 23.41.168.211 16625 (AKAMAI-AS)
1 1 23.195.109.72 16625 (AKAMAI-AS)
1 172.67.23.236 13335 (CLOUDFLAR...)
1 1 18.214.253.211 14618 (AMAZON-AES)
14 14 198.148.27.139 19189 (PULSEPOINT)
9 9 13.249.118.43 16509 (AMAZON-02)
3 3 192.35.249.127 11742 (SPOTX-IAD)
2 2 162.248.18.11 62713 (AS-PUBMATIC)
19 2607:f8b0:400... 15169 (GOOGLE)
3 2607:f8b0:400... 15169 (GOOGLE)
1 6 2607:f8b0:400... 15169 (GOOGLE)
4 142.250.64.66 15169 (GOOGLE)
12 184.29.129.187 16625 (AKAMAI-AS)
2 2607:f8b0:400... 15169 (GOOGLE)
1 85.14.248.91 24961 (MYLOC-AS ...)
27 27 67.202.105.24 32748 (STEADFAST)
1 6 67.202.105.31 32748 (STEADFAST)
4 151.101.193.108 54113 (FASTLY)
86 63.251.86.49 10913 (INTERNAP-BLK)
13 13 35.207.24.140 15169 (GOOGLE)
4 4 213.19.162.90 3356 (LEVEL3)
3 3 52.71.83.156 14618 (AMAZON-AES)
4 4 34.198.192.195 14618 (AMAZON-AES)
4 4 3.217.216.1 14618 (AMAZON-AES)
11 11 185.184.8.65 204995 (RTB-HOUSE...)
4 36 34.98.64.218 15169 (GOOGLE)
4 84 34.233.157.225 14618 (AMAZON-AES)
5 5 2620:112:f002... 6336 (TURN-US-ASN)
17 17 70.42.32.191 13789 (INTERNAP-...)
2 2 96.46.183.20 7979 (SERVERS-COM)
6 6 34.234.8.115 14618 (AMAZON-AES)
1 2 104.18.100.194 13335 (CLOUDFLAR...)
12 16 70.42.32.31 13789 (INTERNAP-...)
4 4 150.136.222.2 31898 (ORACLE-BM...)
6 6 35.172.5.168 14618 (AMAZON-AES)
4 199.187.193.181 47043 (SMARTADSE...)
1 1 52.71.142.200 14618 (AMAZON-AES)
1 52.200.159.188 14618 (AMAZON-AES)
6 6 52.86.129.164 14618 (AMAZON-AES)
4 4 124.146.215.51 2514 (INFOSPHER...)
3 3 54.85.129.7 14618 (AMAZON-AES)
1 2600:1f18:444... 14618 (AMAZON-AES)
1 1 198.24.170.52 19437 (SS-ASH)
2 34.255.141.19 16509 (AMAZON-02)
2 2 54.166.52.96 14618 (AMAZON-AES)
1 1 34.198.89.40 14618 (AMAZON-AES)
18 34.117.239.71 15169 (GOOGLE)
2 104.36.115.114 62713 (AS-PUBMATIC)
1 1 204.2.255.224 2914 (NTT-COMMU...)
1 51.178.20.140 16276 (OVH)
1 1 139.162.84.221 63949 (LINODE-AP...)
1 1 195.5.165.20 44968 (IPROM-AS)
2 162.55.6.212 ()
1 38.27.122.126 174 (COGENT-174)
3 3 51.210.112.63 16276 (OVH)
1 2 35.201.96.126 15169 (GOOGLE)
1 2 52.200.167.170 14618 (AMAZON-AES)
1 1 34.98.107.212 15169 (GOOGLE)
1 1 178.62.202.251 14061 (DIGITALOC...)
1 1 192.132.33.46 18568 (BIDTELLECT)
3 3 134.209.129.254 14061 (DIGITALOC...)
5 34.197.192.192 14618 (AMAZON-AES)
1 34.96.105.8 15169 (GOOGLE)
1 1 204.2.255.232 2914 (NTT-COMMU...)
1 1 204.62.13.72 46636 (NATCOWEB)
1 1 64.58.232.176 13649 (ASN-VINS)
1 64.58.232.180 13649 (ASN-VINS)
906 123
1    104.244.42.133 (United States)

ASN13414 (TWITTER, US)
t.co
46    2001:8d8:100f:f000::289 (Germany)

ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE)
securityaffairs.co
1    2607:f8b0:4006:80c::2008 (United States)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
1    2606:4700::6812:acf (United States)

ASN13335 (CLOUDFLARENET, US)
maxcdn.bootstrapcdn.com
1    2600:9000:211c:4e00:3:c04e:c780:93a1 (United States)

ASN16509 (AMAZON-02, US)
ws.sharethis.com
1    13.249.109.18 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-249-109-18.atl50.r.cloudfront.net
platform-api.sharethis.com
73    23.205.72.10 (Edison, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-205-72-10.deploy.static.akamaitechnologies.com
contextual.media.net
lg3.media.net
cs.media.net
c21lg-d.media.net
11    68.183.31.14 (North Bergen, United States)

ASN14061 (DIGITALOCEAN-ASN, US)
served-by.pixfuture.com
9    192.0.77.2 (United States)

ASN2635 (AUTOMATTIC, US)
PTR: i0.wp.com
i0.wp.com
i1.wp.com
i2.wp.com
2    2a03:2880:f012:8:face:b00c:0:1 (Secaucus, United States)

ASN32934 (FACEBOOK, US)
connect.facebook.net
3    192.0.76.3 (United States)

ASN2635 (AUTOMATTIC, US)
stats.wp.com
pixel.wp.com
3    2607:f8b0:4006:823::200e (United States)

ASN15169 (GOOGLE, US)
www.google-analytics.com
3    54.161.247.27 (United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-161-247-27.compute-1.amazonaws.com
l.sharethis.com
1    2600:9000:211c:c600:c:abe:f440:93a1 (United States)

ASN16509 (AMAZON-02, US)
buttons-config.sharethis.com
1    2607:f8b0:4006:824::2004 (United States)

ASN15169 (GOOGLE, US)
google-analytics.com
1    2a04:fa87:fffe::c000:4902 (Ireland)

ASN2635 (AUTOMATTIC, US)
secure.gravatar.com
2    2606:4700:20::681a:b9c (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.pixfuture.com
2    23.215.130.91 (Secaucus, United States)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-215-130-91.deploy.static.akamaitechnologies.com
pxlclnmdecom-a.akamaihd.net
1    23.38.2.151 (Paris, France)

ASN16625 (AKAMAI-AS, US)
PTR: a23-38-2-151.deploy.static.akamaitechnologies.com
adservetx.media.net
1    2a03:2880:f012:1:face:b00c:0:1 (Secaucus, United States)

ASN32934 (FACEBOOK, US)
graph.facebook.com
4    156.154.200.36 (United States)

ASN19907 (NEUSTAR-AS6, US)
aa.agkn.com
11    18.211.217.109 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-18-211-217-109.compute-1.amazonaws.com
dt.clnmde.com
1    2600:1f18:42df:3a00:f366:a1cd:7aa0:18c2 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
dt6.clnmde.com
6    2620:100:a001::c (United States)

ASN19750 (AS-CRITEO, US)
gum.criteo.com
2    74.119.119.139 (United States)

ASN19750 (AS-CRITEO, US)
mug.criteo.com
2    51.89.42.88 (London, United Kingdom)

ASN16276 (OVH, FR)
PTR: p27.id5-sync.com
id5-sync.com
33    15.197.193.217 (United States)

ASN16509 (AMAZON-02, US)
PTR: a12b7a488abeaa9e4.awsglobalaccelerator.com
match.adsrvr.org
data.adsrvr.org
18    68.67.179.135 (Secaucus, United States)

ASN29990 (ASN-APPNEX, US)
PTR: 550.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net
secure.adnxs.com
7    157.245.94.128 (North Bergen, United States)

ASN14061 (DIGITALOCEAN-ASN, US)
prebidserver.pixfuture.com
31    68.67.161.183 (New York, United States)

ASN29990 (ASN-APPNEX, US)
PTR: 803.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net
ib.adnxs.com
4    34.107.148.139 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 139.148.107.34.bc.googleusercontent.com
prebid.media.net
4    69.166.1.14 (United States)

ASN27630 (AS-XFERNET, US)
apex.go.sonobi.com
4    2602:803:c002:200::43 (United States)

ASN26667 (RUBICONPROJECT, US)
fastlane.rubiconproject.com
4    104.36.115.111 (United States)

ASN62713 (AS-PUBMATIC, US)
hbopenbid.pubmatic.com
20    35.244.159.8 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 8.159.244.35.bc.googleusercontent.com
pixfuture2-d.openx.net
u.openx.net
us-u.openx.net
eu-u.openx.net
20    69.175.41.32 (Downers Grove, United States)

ASN32475 (SINGLEHOP-LLC, US)
PTR: sovrn-193627-chi03-placeholder
ap.lijit.com
3    34.224.137.182 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-224-137-182.compute-1.amazonaws.com
btlr.sharethrough.com
4    34.149.20.76 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 76.20.149.34.bc.googleusercontent.com
ssc.33across.com
2    52.4.33.45 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-4-33-45.compute-1.amazonaws.com
c2shb.ssp.yahoo.com
1    184.51.146.145 (Secaucus, United States)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a184-51-146-145.deploy.static.akamaitechnologies.com
qsearch-a.akamaihd.net
6    172.98.26.125 (United States)

ASN399668 (E-PLANNING-, US)
PTR: ads.us.e-planning.net
ads.us.e-planning.net
sync.e-planning.net
4    34.102.149.62 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 62.149.102.34.bc.googleusercontent.com
navvy.media.net
33    2607:f8b0:4006:81c::2002 (United States)

ASN15169 (GOOGLE, US)
pagead2.googlesyndication.com
2    216.152.140.211 (Herndon, United States)

ASN13768 (COGECO-PEER1, CA)
pixel.sitescout.com
2    50.16.197.56 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-50-16-197-56.compute-1.amazonaws.com
loadm.exelator.com
22    107.178.246.49 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 49.246.178.107.bc.googleusercontent.com
pixel.tapad.com
8    172.98.26.126 (United States)

ASN399668 (E-PLANNING-, US)
PTR: ads.us.e-planning.net
u-iad04.e-planning.net
45    199.127.204.142 (United States)

ASN26120 (RHYTHMONE, US)
sync.1rx.io
sync.targeting.unrulymedia.com
4    172.98.26.121 (United States)

ASN399668 (E-PLANNING-, US)
PTR: s.e-planning.net
s.e-planning.net
3    35.227.252.103 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 103.252.227.35.bc.googleusercontent.com
rtb.openx.net
6    34.206.192.53 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-206-192-53.compute-1.amazonaws.com
a.audrte.com
8    2001:438:65:11::1690 (United States)

ASN26762 (CNVR-US-EAST, US)
prebid-match.dotomi.com
pubmatic-match.dotomi.com
33across-match.dotomi.com
openx2-match.dotomi.com
4    168.119.146.39 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.39.146.119.168.clients.your-server.de
sync.richaudience.com
6    199.187.193.166 (Canada)

ASN47043 (SMARTADSERVER, CA)
sync.smartadserver.com
25    69.166.1.10 (United States)

ASN27630 (AS-XFERNET, US)
sync.go.sonobi.com
10    52.45.33.138 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-45-33-138.compute-1.amazonaws.com
ups.analytics.yahoo.com
1    88.214.206.247 (United Kingdom)

ASN46636 (NATCOWEB, US)
PTR: buycheapfags.com
cs.admanmedia.com
6    23.78.168.242 (New York, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-78-168-242.deploy.static.akamaitechnologies.com
secure-assets.rubiconproject.com
14    23.73.244.44 (Edison, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-73-244-44.deploy.static.akamaitechnologies.com
eus.rubiconproject.com
22    184.29.128.213 (Edison, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a184-29-128-213.deploy.static.akamaitechnologies.com
ads.pubmatic.com
6    8.28.7.81 (United States)

ASN62713 (AS-PUBMATIC, US)
image6.pubmatic.com
23    184.29.129.7 (Edison, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a184-29-129-7.deploy.static.akamaitechnologies.com
ssum.casalemedia.com
ssum-sec.casalemedia.com
dsum-sec.casalemedia.com
14    2606:4700:10::6816:118d (United States)

ASN13335 (CLOUDFLARENET, US)
api.retargetly.com
app.retargetly.com
2    51.222.239.232 (Canada)

ASN16276 (OVH, FR)
PTR: ip232.ip-51-222-239.net
onetag-sys.com
16    2606:4700:10::6816:1957 (United States)

ASN13335 (CLOUDFLARENET, US)
spl.zeotap.com
mwzeom.zeotap.com
1    13.249.109.81 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-249-109-81.atl50.r.cloudfront.net
tags.crwdcntrl.net
9    2606:4700:10::6816:397e (United States)

ASN13335 (CLOUDFLARENET, US)
sync.quantumdex.io
1    212.129.3.112 (France)

ASN12876 (Online SAS, FR)
PTR: 212-129-3-112.rev.poneytelecom.eu
js.cookieless-data.com
8    185.167.164.39 (Denmark)

ASN198622 (ADFORM, DK)
c1.adform.net
dmp.adform.net
14    151.101.2.49 (United States)

ASN54113 (FASTLY, US)
sync-tm.everesttech.net
19    8.28.7.83 (United States)

ASN62713 (AS-PUBMATIC, US)
simage2.pubmatic.com
12    52.20.77.98 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-20-77-98.compute-1.amazonaws.com
match.prod.bidr.io
80    142.250.65.162 (United States)

ASN15169 (GOOGLE, US)
PTR: lga25s71-in-f2.1e100.net
cm.g.doubleclick.net
googleads.g.doubleclick.net
6    74.119.119.150 (United States)

ASN19750 (AS-CRITEO, US)
dis.criteo.com
5    38.91.45.7 (United States)

ASN398989 (DEEPINTENT, US)
match.deepintent.com
2    173.231.178.115 (United States)

ASN29791 (VOXEL-DOT-NET, US)
PTR: lga-delivery-7.sys.adgear.com
cm.adgrx.com
6    54.161.144.238 (United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-161-144-238.compute-1.amazonaws.com
pm.w55c.net
7    54.81.207.173 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-81-207-173.compute-1.amazonaws.com
sync.srv.stackadapt.com
41    35.211.178.172 (North Charleston, United States)

ASN19527 (GOOGLE-2, US)
PTR: 172.178.211.35.bc.googleusercontent.com
x.bidswitch.net
1    47.252.78.131 (United States)

ASN45102 (CNNIC-ALIBABA-US-NET-AP Alibaba US Technology Co., Ltd., CN)
event.clientgear.com
3    2606:4700::6812:d05 (United States)

ASN13335 (CLOUDFLARENET, US)
a.tribalfusion.com
s.tribalfusion.com
12    23.46.249.89 (Atlanta, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-46-249-89.deploy.static.akamaitechnologies.com
px.owneriq.net
5    69.90.254.78 (Herndon, United States)

ASN13768 (COGECO-PEER1, CA)
ums.acuityplatform.com
3    2a04:4e42:600::300 (United States)

ASN54113 (FASTLY, US)
trc.taboola.com
1    151.101.65.44 (United States)

ASN54113 (FASTLY, US)
match.taboola.com
6    35.190.60.146 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 146.60.190.35.bc.googleusercontent.com
idsync.rlcdn.com
id.rlcdn.com
3    107.178.254.65 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 65.254.178.107.bc.googleusercontent.com
pippio.com
1    34.98.67.3 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 3.67.98.34.bc.googleusercontent.com
tags.rd.linksynergy.com
20    74.121.140.14 (Reston, United States)

ASN30419 (MEDIAMATH-INC, US)
sync.mathtag.com
2    8.28.7.84 (United States)

ASN62713 (AS-PUBMATIC, US)
image4.pubmatic.com
8    104.36.115.109 (United States)

ASN62713 (AS-PUBMATIC, US)
image2.pubmatic.com
8    108.168.159.145 (Dallas, United States)

ASN36351 (SOFTLAYER, US)
PTR: 91.9f.a86c.ip4.static.sl-reverse.com
um.simpli.fi
11    2620:112:f002:bbbb::21 (United States)

ASN6336 (TURN-US-ASN, US)
ad.turn.com
r.turn.com
12    2600:1f18:4e9:5a01:90f9:19e1:7d5f:7568 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
pr-bh.ybp.yahoo.com
2    52.3.173.52 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-3-173-52.compute-1.amazonaws.com
rtb.adentifi.com
6    34.199.172.6 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-199-172-6.compute-1.amazonaws.com
sync.ipredictive.com
15    207.198.113.169 (Herndon, United States)

ASN13768 (COGECO-PEER1, CA)
pixel-sync.sitescout.com
2    4.78.226.233 (Fort Worth, United States)

ASN3356 (LEVEL3, US)
pmp.mxptint.net
8    2620:116:800b:21:559e:e8a8:8a19:7f11 (United States)

ASN14618 (AMAZON-AES, US)
pixel.quantserve.com
1    54.165.73.61 (United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-165-73-61.compute-1.amazonaws.com
rtb.adstanding.com
1    45.35.192.162 (United States)

ASN40676 (AS40676, US)
sync.resetdigital.co
1    2606:4700:10::6816:4acb (United States)

ASN13335 (CLOUDFLARENET, US)
resources-rt.idx.lat
6    8.43.72.98 (United States)

ASN26667 (RUBICONPROJECT, US)
pixel-us-east.rubiconproject.com
3    142.251.40.226 (United States)

ASN15169 (GOOGLE, US)
PTR: lga34s39-in-f2.1e100.net
partner.googleadservices.com
6    2607:f8b0:4006:80c::2002 (United States)

ASN15169 (GOOGLE, US)
adservice.google.ca
adservice.google.com
1    2607:ae80:5::49 (United States)

ASN26558 (FREEWHEEL, US)
dmp.v.fwmrm.net
2    2600:1f18:1c96:4102:98df:7314:c81c:e465 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
sync.tidaltv.com
3    34.209.21.51 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-209-21-51.us-west-2.compute.amazonaws.com
dpm.demdex.net
1    85.114.159.93 (Germany)

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)
PTR: dsp.adfarm1.adition.com
dsp.adfarm1.adition.com
2    35.201.81.244 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 244.81.201.35.bc.googleusercontent.com
idsync.frontend.weborama.fr
13    18.233.246.214 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-18-233-246-214.compute-1.amazonaws.com
bcp.crwdcntrl.net
sync.crwdcntrl.net
2    76.13.32.147 (Lockport, United States)

ASN26101 (YAHOO-BF1, US)
PTR: spcms.pbp.vip.bf1.yahoo.com
cms.analytics.yahoo.com
4    35.190.90.30 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 30.90.190.35.bc.googleusercontent.com
odr.mookie1.com
6    54.156.89.184 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-156-89-184.compute-1.amazonaws.com
beacon.krxd.net
4    18.205.214.32 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-18-205-214-32.compute-1.amazonaws.com
usermatch.krxd.net
9    209.54.176.128 (Ashburn, United States)

ASN16509 (AMAZON-02, US)
s.amazon-adsystem.com
11    184.50.205.90 (Edison, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a184-50-205-90.deploy.static.akamaitechnologies.com
tags.bluekai.com
stags.bluekai.com
1    54.161.185.212 (United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-161-185-212.compute-1.amazonaws.com
match.sharethrough.com
3    35.211.233.246 (North Charleston, United States)

ASN19527 (GOOGLE-2, US)
PTR: 246.233.211.35.bc.googleusercontent.com
a.sportradarserving.com
11    69.173.151.100 (United States)

ASN26667 (RUBICONPROJECT, US)
pixel.rubiconproject.com
token.rubiconproject.com
1    2606:4700:20::ac43:4a81 (United States)

ASN13335 (CLOUDFLARENET, US)
ad4m.at
19    199.38.167.128 (United States)

ASN54312 (ROCKETFUEL, US)
p.rfihub.com
1    52.0.54.12 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-0-54-12.compute-1.amazonaws.com
beacon.lynx.cognitivlabs.com
2    34.200.50.237 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-200-50-237.compute-1.amazonaws.com
rt.idx.lat
9    23.41.168.211 (Edison, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-41-168-211.deploy.static.akamaitechnologies.com
pixel.mathtag.com
1    23.195.109.72 (Edison, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-195-109-72.deploy.static.akamaitechnologies.com
sync.teads.tv
1    172.67.23.236 (United States)

ASN13335 (CLOUDFLARENET, US)
ads01.groovinads.com
1    18.214.253.211 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-18-214-253-211.compute-1.amazonaws.com
nep.advangelists.com
14    198.148.27.139 (New York, United States)

ASN19189 (PULSEPOINT, US)
bh.contextweb.com
9    13.249.118.43 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-249-118-43.atl51.r.cloudfront.net
api.intentiq.com
3    192.35.249.127 (Ashburn, United States)

ASN11742 (SPOTX-IAD, US)
sync.search.spotxchange.com
2    162.248.18.11 (United States)

ASN62713 (AS-PUBMATIC, US)
image8.pubmatic.com
19    2607:f8b0:4006:816::2001 (United States)

ASN15169 (GOOGLE, US)
tpc.googlesyndication.com
3    2607:f8b0:4006:816::2002 (United States)

ASN15169 (GOOGLE, US)
www.googletagservices.com
6    2607:f8b0:4006:817::2004 (United States)

ASN15169 (GOOGLE, US)
www.google.com
4    142.250.64.66 (United States)

ASN15169 (GOOGLE, US)
PTR: lga34s30-in-f2.1e100.net
googleads4.g.doubleclick.net
12    184.29.129.187 (Edison, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a184-29-129-187.deploy.static.akamaitechnologies.com
z.moatads.com
px.moatads.com
2    2607:f8b0:4006:80b::2006 (United States)

ASN15169 (GOOGLE, US)
s2.2mdn.net
s0.2mdn.net
1    85.14.248.91 (Kamp-Lintfort, Germany)

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)
m.exactag.com
27    67.202.105.24 (United States)

ASN32748 (STEADFAST, US)
PTR: ip24.67-202-105.static.steadfastdns.net
ssc-cms.33across.com
6    67.202.105.31 (United States)

ASN32748 (STEADFAST, US)
PTR: ip31.67-202-105.static.steadfastdns.net
de.tynt.com
4    151.101.193.108 (United States)

ASN54113 (FASTLY, US)
acdn.adnxs.com
86    63.251.86.49 (United States)

ASN10913 (INTERNAP-BLK, US)
ce.lijit.com
13    35.207.24.140 (North Charleston, United States)

ASN15169 (GOOGLE, US)
PTR: 140.24.207.35.bc.googleusercontent.com
rtb.mfadsrvr.com
4    213.19.162.90 (United Kingdom)

ASN3356 (LEVEL3, US)
pixel-eu.rubiconproject.com
3    52.71.83.156 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-71-83-156.compute-1.amazonaws.com
ads.creative-serving.com
4    34.198.192.195 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-198-192-195.compute-1.amazonaws.com
aorta.clickagy.com
4    3.217.216.1 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-217-216-1.compute-1.amazonaws.com
jadserve.postrelease.com
11    185.184.8.65 (Amsterdam, Netherlands)

ASN204995 (RTB-HOUSE-AMS, PL)
PTR: ip-185-184-8-65.rtbhouse.net
creativecdn.com
36    34.98.64.218 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 218.64.98.34.bc.googleusercontent.com
us-u.openx.net
84    34.233.157.225 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-233-157-225.compute-1.amazonaws.com
rtb.gumgum.com
5    2620:112:f002:bbbb::23 (United States)

ASN6336 (TURN-US-ASN, US)
d.turn.com
17    70.42.32.191 (United States)

ASN13789 (INTERNAP-BLK3, US)
PTR: ny.outbrain.com
b1sync.zemanta.com
2    96.46.183.20 (United States)

ASN7979 (SERVERS-COM, US)
ads.betweendigital.com
6    34.234.8.115 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-234-8-115.compute-1.amazonaws.com
pixel.advertising.com
2    104.18.100.194 (None, )

ASN13335 (CLOUDFLARENET, US)
p.adsymptotic.com
16    70.42.32.31 (United States)

ASN13789 (INTERNAP-BLK3, US)
PTR: ny.outbrain.com
sync.outbrain.com
4    150.136.222.2 (Ashburn, United States)

ASN31898 (ORACLE-BMC-31898, US)
sync.technoratimedia.com
6    35.172.5.168 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-35-172-5-168.compute-1.amazonaws.com
ad.360yield.com
4    199.187.193.181 (Canada)

ASN47043 (SMARTADSERVER, CA)
ssbsync.smartadserver.com
1    52.71.142.200 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-71-142-200.compute-1.amazonaws.com
sync.extend.tv
1    52.200.159.188 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-200-159-188.compute-1.amazonaws.com
sync.adaptv.advertising.com
6    52.86.129.164 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-86-129-164.compute-1.amazonaws.com
cs.emxdgt.com
4    124.146.215.51 (Toshima, Japan)

ASN2514 (INFOSPHERE NTT PC Communications, Inc., JP)
tg.socdm.com
3    54.85.129.7 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-85-129-7.compute-1.amazonaws.com
i.liadm.com
1    2600:1f18:444a:4602:b51a:2bef:14:5241 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
i6.liadm.com
1    198.24.170.52 (Ashburn, United States)

ASN19437 (SS-ASH, US)
server.cpmstar.com
2    34.255.141.19 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-255-141-19.eu-west-1.compute.amazonaws.com
s.cpx.to
2    54.166.52.96 (United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-166-52-96.compute-1.amazonaws.com
i.w55c.net
1    34.198.89.40 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-198-89-40.compute-1.amazonaws.com
cms-xch.33across.com
18    34.117.239.71 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 71.239.117.34.bc.googleusercontent.com
cms-xch-chicago.33across.com
2    104.36.115.114 (United States)

ASN62713 (AS-PUBMATIC, US)
simage4.pubmatic.com
1    204.2.255.224 (United States)

ASN2914 (NTT-COMMUNICATIONS-2914, US)
aep.mxptint.net
1    51.178.20.140 (France)

ASN16276 (OVH, FR)
PTR: ns31193670.ip-51-178-20.eu
c.eu1.dyntrk.com
1    139.162.84.221 (Tokyo, Japan)

ASN63949 (LINODE-AP Linode, LLC, US)
PTR: li1564-221.members.linode.com
gocm.c.appier.net
1    195.5.165.20 (Slovenia)

ASN44968 (IPROM-AS, SI)
core.iprom.net
2    162.55.6.212 (None, )

ASN- ()
csync.loopme.me
1    38.27.122.126 (Chestertown, United States)

ASN174 (COGENT-174, US)
match.bnmla.com
3    51.210.112.63 (France)

ASN16276 (OVH, FR)
PTR: pikafka-3.cloudy.ovh
pixel.onaudience.com
2    35.201.96.126 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 126.96.201.35.bc.googleusercontent.com
visitor.fiftyt.com
2    52.200.167.170 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-200-167-170.compute-1.amazonaws.com
io.narrative.io
1    34.98.107.212 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 212.107.98.34.bc.googleusercontent.com
ads.playground.xyz
1    178.62.202.251 (Amsterdam, Netherlands)

ASN14061 (DIGITALOCEAN-ASN, US)
match.adsby.bidtheatre.com
1    192.132.33.46 (United States)

ASN18568 (BIDTELLECT, US)
PTR: 46.bidtellect.com
bttrack.com
3    134.209.129.254 (North Bergen, United States)

ASN14061 (DIGITALOCEAN-ASN, US)
e.serverbid.com
5    34.197.192.192 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-197-192-192.compute-1.amazonaws.com
ps.eyeota.net
1    34.96.105.8 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 8.105.96.34.bc.googleusercontent.com
tr.blismedia.com
1    204.2.255.232 (United States)

ASN2914 (NTT-COMMUNICATIONS-2914, US)
oxp.mxptint.net
1    204.62.13.72 (Clifton, United States)

ASN46636 (NATCOWEB, US)
pixfuture-inv-nyc.admixer.net
1    64.58.232.176 (United States)

ASN13649 (ASN-VINS, US)
global.ib-ibi.com
1    64.58.232.180 (United States)

ASN13649 (ASN-VINS, US)
ib.mookie1.com
Apex Domain
Subdomains		 Transfer
106 lijit.com
ap.lijit.com
ce.lijit.com
293 KB
84 gumgum.com
rtb.gumgum.com
25 KB
84 doubleclick.net
cm.g.doubleclick.net
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
102 KB
82 media.net
contextual.media.net
adservetx.media.net
lg3.media.net
prebid.media.net
navvy.media.net
cs.media.net
c21lg-d.media.net
440 KB
65 pubmatic.com
hbopenbid.pubmatic.com
ads.pubmatic.com
image6.pubmatic.com
simage2.pubmatic.com
image4.pubmatic.com
image2.pubmatic.com
image8.pubmatic.com
simage4.pubmatic.com
145 KB
59 openx.net
pixfuture2-d.openx.net
rtb.openx.net
u.openx.net
us-u.openx.net
eu-u.openx.net
11 KB
53 adnxs.com
secure.adnxs.com
ib.adnxs.com
acdn.adnxs.com
111 KB
52 googlesyndication.com
pagead2.googlesyndication.com Failed
tpc.googlesyndication.com
688 KB
50 33across.com
ssc.33across.com
ssc-cms.33across.com
cms-xch.33across.com
cms-xch-chicago.33across.com
19 KB
46 securityaffairs.co
securityaffairs.co
1 MB
45 rubiconproject.com
fastlane.rubiconproject.com
secure-assets.rubiconproject.com
eus.rubiconproject.com
pixel-us-east.rubiconproject.com
pixel.rubiconproject.com
token.rubiconproject.com
pixel-eu.rubiconproject.com
93 KB
41 bidswitch.net
x.bidswitch.net
17 KB
33 adsrvr.org
match.adsrvr.org
data.adsrvr.org
19 KB
32 1rx.io
sync.1rx.io
20 KB
29 mathtag.com
sync.mathtag.com
pixel.mathtag.com
17 KB
29 sonobi.com
apex.go.sonobi.com
sync.go.sonobi.com
30 KB
26 yahoo.com
c2shb.ssp.yahoo.com
ups.analytics.yahoo.com
pr-bh.ybp.yahoo.com
cms.analytics.yahoo.com
14 KB
23 casalemedia.com
ssum.casalemedia.com
ssum-sec.casalemedia.com
dsum-sec.casalemedia.com
25 KB
22 tapad.com
pixel.tapad.com
9 KB
20 pixfuture.com
served-by.pixfuture.com
cdn.pixfuture.com
prebidserver.pixfuture.com
504 KB
19 rfihub.com
p.rfihub.com
15 KB
18 e-planning.net
ads.us.e-planning.net
u-iad04.e-planning.net
sync.e-planning.net
s.e-planning.net
19 KB
17 zemanta.com
b1sync.zemanta.com
11 KB
17 sitescout.com
pixel.sitescout.com
pixel-sync.sitescout.com
12 KB
16 outbrain.com
sync.outbrain.com
5 KB
16 turn.com
ad.turn.com
d.turn.com
r.turn.com
7 KB
16 zeotap.com
spl.zeotap.com
mwzeom.zeotap.com
5 KB
14 contextweb.com
bh.contextweb.com
9 KB
14 everesttech.net
sync-tm.everesttech.net
2 KB
14 crwdcntrl.net
tags.crwdcntrl.net
bcp.crwdcntrl.net
sync.crwdcntrl.net
18 KB
14 retargetly.com
api.retargetly.com
app.retargetly.com
12 KB
14 criteo.com
gum.criteo.com
mug.criteo.com
dis.criteo.com
5 KB
13 mfadsrvr.com
rtb.mfadsrvr.com
3 KB
13 unrulymedia.com
sync.targeting.unrulymedia.com
7 KB
12 moatads.com
z.moatads.com
px.moatads.com
107 KB
12 owneriq.net
px.owneriq.net
7 KB
12 bidr.io
match.prod.bidr.io
4 KB
12 clnmde.com
dt.clnmde.com
dt6.clnmde.com
4 KB
12 wp.com
i0.wp.com
i1.wp.com
stats.wp.com
i2.wp.com
pixel.wp.com
239 KB
11 creativecdn.com
creativecdn.com
3 KB
11 bluekai.com
tags.bluekai.com
stags.bluekai.com
7 KB
10 krxd.net
beacon.krxd.net
usermatch.krxd.net
3 KB
10 smartadserver.com
sync.smartadserver.com
ssbsync.smartadserver.com
4 KB
9 intentiq.com
api.intentiq.com
10 KB
9 amazon-adsystem.com
s.amazon-adsystem.com
4 KB
9 google.com
adservice.google.com
www.google.com
3 KB
9 quantumdex.io
sync.quantumdex.io
2 KB
8 quantserve.com
pixel.quantserve.com
3 KB
8 simpli.fi
um.simpli.fi
3 KB
8 w55c.net
pm.w55c.net
i.w55c.net
7 KB
8 adform.net
c1.adform.net
dmp.adform.net
4 KB
8 dotomi.com
prebid-match.dotomi.com
pubmatic-match.dotomi.com
33across-match.dotomi.com
openx2-match.dotomi.com
3 KB
7 advertising.com
pixel.advertising.com
sync.adaptv.advertising.com
2 KB
7 stackadapt.com
sync.srv.stackadapt.com
2 KB
6 emxdgt.com
cs.emxdgt.com
887 B
6 tynt.com
de.tynt.com
15 KB
6 360yield.com
ice.360yield.com Failed
ad.360yield.com
2 KB
6 ipredictive.com
sync.ipredictive.com
3 KB
6 audrte.com
a.audrte.com
5 KB
6 rlcdn.com
api.rlcdn.com Failed
idsync.rlcdn.com
id.rlcdn.com
2 KB
6 sharethis.com
ws.sharethis.com
platform-api.sharethis.com
l.sharethis.com
buttons-config.sharethis.com
52 KB
5 eyeota.net
ps.eyeota.net
3 KB
5 mookie1.com
odr.mookie1.com
ib.mookie1.com
3 KB
5 acuityplatform.com
ums.acuityplatform.com
3 KB
5 deepintent.com
match.deepintent.com
1 KB
4 liadm.com
i.liadm.com
i6.liadm.com
2 KB
4 socdm.com
tg.socdm.com
3 KB
4 technoratimedia.com
sync.technoratimedia.com
2 KB
4 postrelease.com
jadserve.postrelease.com
2 KB
4 clickagy.com
aorta.clickagy.com
3 KB
4 mxptint.net
pmp.mxptint.net
aep.mxptint.net
oxp.mxptint.net
2 KB
4 taboola.com
trc.taboola.com
match.taboola.com
983 B
4 richaudience.com
sync.richaudience.com
1 KB
4 sharethrough.com
btlr.sharethrough.com
match.sharethrough.com
837 B
4 agkn.com
aa.agkn.com
3 KB
4 google-analytics.com
www.google-analytics.com
google-analytics.com
40 KB
3 serverbid.com
e.serverbid.com
771 B
3 onaudience.com
pixel.onaudience.com
1 KB
3 creative-serving.com
ads.creative-serving.com
2 KB
3 googletagservices.com
www.googletagservices.com
111 KB
3 spotxchange.com
sync.search.spotxchange.com
2 KB
3 sportradarserving.com
a.sportradarserving.com
1 KB
3 demdex.net
dpm.demdex.net
3 KB
3 google.ca
adservice.google.ca
1 KB
3 googleadservices.com
partner.googleadservices.com
1 KB
3 idx.lat
resources-rt.idx.lat
rt.idx.lat
8 KB
3 pippio.com
pippio.com
1 KB
3 tribalfusion.com
a.tribalfusion.com
s.tribalfusion.com
2 KB
3 akamaihd.net
pxlclnmdecom-a.akamaihd.net
qsearch-a.akamaihd.net
38 KB
2 narrative.io
io.narrative.io
643 B
2 fiftyt.com
visitor.fiftyt.com
1013 B
2 loopme.me
csync.loopme.me
75 B
2 cpx.to
s.cpx.to
2 KB
2 adsymptotic.com
p.adsymptotic.com
485 B
2 betweendigital.com
ads.betweendigital.com
1 KB
2 2mdn.net
s2.2mdn.net
s0.2mdn.net
50 KB
2 weborama.fr
idsync.frontend.weborama.fr
842 B
2 tidaltv.com
sync.tidaltv.com
792 B
2 adentifi.com
rtb.adentifi.com
176 B
2 adgrx.com
cm.adgrx.com
1 KB
2 onetag-sys.com
onetag-sys.com
2 KB
2 exelator.com
loadm.exelator.com
2 KB
2 id5-sync.com
id5-sync.com
3 KB
2 facebook.net
connect.facebook.net
78 KB
1 ib-ibi.com
global.ib-ibi.com
513 B
1 admixer.net
pixfuture-inv-nyc.admixer.net
538 B
1 blismedia.com
tr.blismedia.com
141 B
1 bttrack.com
bttrack.com
660 B
1 bidtheatre.com
match.adsby.bidtheatre.com
550 B
1 playground.xyz
ads.playground.xyz
519 B
1 bnmla.com
match.bnmla.com
112 B
1 iprom.net
core.iprom.net
524 B
1 appier.net
gocm.c.appier.net
395 B
1 dyntrk.com
c.eu1.dyntrk.com
215 B
1 cpmstar.com
server.cpmstar.com
611 B
1 extend.tv
sync.extend.tv
663 B
1 exactag.com
m.exactag.com
833 B
1 advangelists.com
nep.advangelists.com
232 B
1 groovinads.com
ads01.groovinads.com
550 B
1 teads.tv
sync.teads.tv
202 B
1 cognitivlabs.com
beacon.lynx.cognitivlabs.com
380 B
1 ad4m.at
ad4m.at
1 adition.com
dsp.adfarm1.adition.com
596 B
1 fwmrm.net
dmp.v.fwmrm.net
361 B
1 resetdigital.co
sync.resetdigital.co
485 B
1 adstanding.com
rtb.adstanding.com
358 B
1 linksynergy.com
tags.rd.linksynergy.com
360 B
1 clientgear.com
event.clientgear.com
264 B
1 cookieless-data.com
js.cookieless-data.com
535 B
1 admanmedia.com
cs.admanmedia.com
524 B
1 facebook.com
graph.facebook.com
677 B
1 gravatar.com
secure.gravatar.com
1 KB
1 bootstrapcdn.com
maxcdn.bootstrapcdn.com
6 KB
1 googletagmanager.com
www.googletagmanager.com
36 KB
1 t.co
t.co
666 B
0 googleapis.com Failed
fonts.googleapis.com Failed
906 136
Domain Requested by
86 ce.lijit.com ap.lijit.com
us-u.openx.net
rtb.gumgum.com
ads.pubmatic.com
84 rtb.gumgum.com 4 redirects ap.lijit.com
rtb.gumgum.com
ads.pubmatic.com
de.tynt.com
eus.rubiconproject.com
70 cm.g.doubleclick.net 43 redirects eus.rubiconproject.com
googleads.g.doubleclick.net
ap.lijit.com
us-u.openx.net
rtb.gumgum.com
securityaffairs.co
53 contextual.media.net securityaffairs.co
contextual.media.net
cdn.pixfuture.com
ap.lijit.com
us-u.openx.net
49 us-u.openx.net 7 redirects cdn.pixfuture.com
ap.lijit.com
us-u.openx.net
de.tynt.com
46 securityaffairs.co t.co
securityaffairs.co
41 x.bidswitch.net 40 redirects ap.lijit.com
33 pagead2.googlesyndication.com cdn.pixfuture.com
pagead2.googlesyndication.com
googleads.g.doubleclick.net
www.googletagservices.com
tpc.googlesyndication.com
securityaffairs.co
32 sync.1rx.io 28 redirects contextual.media.net
31 ib.adnxs.com 16 redirects cdn.pixfuture.com
spl.zeotap.com
googleads.g.doubleclick.net
acdn.adnxs.com
29 match.adsrvr.org 28 redirects cdn.pixfuture.com
27 ssc-cms.33across.com 27 redirects
25 sync.go.sonobi.com 6 redirects sync.quantumdex.io
sync.go.sonobi.com
securityaffairs.co
22 ads.pubmatic.com ads.us.e-planning.net
ads.pubmatic.com
cdn.pixfuture.com
ap.lijit.com
contextual.media.net
rtb.gumgum.com
22 pixel.tapad.com 19 redirects api.retargetly.com
sync.go.sonobi.com
us-u.openx.net
20 sync.mathtag.com 20 redirects
20 ap.lijit.com 8 redirects cdn.pixfuture.com
ap.lijit.com
19 tpc.googlesyndication.com googleads.g.doubleclick.net
tpc.googlesyndication.com
pagead2.googlesyndication.com
19 p.rfihub.com 19 redirects
19 simage2.pubmatic.com 2 redirects ads.pubmatic.com
18 cms-xch-chicago.33across.com de.tynt.com
eus.rubiconproject.com
us-u.openx.net
18 secure.adnxs.com 16 redirects securityaffairs.co
17 b1sync.zemanta.com 17 redirects
17 dsum-sec.casalemedia.com 3 redirects ssum.casalemedia.com
ssum-sec.casalemedia.com
googleads.g.doubleclick.net
16 sync.outbrain.com 12 redirects rtb.gumgum.com
15 pixel-sync.sitescout.com 15 redirects
14 bh.contextweb.com 14 redirects
14 mwzeom.zeotap.com spl.zeotap.com
14 sync-tm.everesttech.net 14 redirects
14 eus.rubiconproject.com ads.us.e-planning.net
eus.rubiconproject.com
cdn.pixfuture.com
rtb.gumgum.com
de.tynt.com
13 rtb.mfadsrvr.com 13 redirects
13 sync.targeting.unrulymedia.com 9 redirects sync.quantumdex.io
rtb.gumgum.com
us-u.openx.net
12 pr-bh.ybp.yahoo.com 2 redirects ads.pubmatic.com
ssum-sec.casalemedia.com
us-u.openx.net
rtb.gumgum.com
12 px.owneriq.net 8 redirects ap.lijit.com
12 match.prod.bidr.io 9 redirects ads.pubmatic.com
ssum-sec.casalemedia.com
us-u.openx.net
11 px.moatads.com googleads.g.doubleclick.net
securityaffairs.co
11 creativecdn.com 11 redirects
11 dt.clnmde.com pxlclnmdecom-a.akamaihd.net
securityaffairs.co
11 served-by.pixfuture.com securityaffairs.co
cdn.pixfuture.com
10 app.retargetly.com api.retargetly.com
ads.us.e-planning.net
10 googleads.g.doubleclick.net pagead2.googlesyndication.com
googleads.g.doubleclick.net
www.googletagservices.com
10 ad.turn.com 10 redirects
10 ups.analytics.yahoo.com 9 redirects us-u.openx.net
10 lg3.media.net securityaffairs.co
contextual.media.net
9 api.intentiq.com 9 redirects
9 pixel.mathtag.com api.retargetly.com
pixel.mathtag.com
ads.us.e-planning.net
securityaffairs.co
9 s.amazon-adsystem.com 2 redirects spl.zeotap.com
ssum.casalemedia.com
ap.lijit.com
us-u.openx.net
9 sync.quantumdex.io ads.us.e-planning.net
ads.pubmatic.com
sync.quantumdex.io
ssum-sec.casalemedia.com
8 stags.bluekai.com 8 redirects
8 cs.media.net contextual.media.net
8 pixel.rubiconproject.com 1 redirects eus.rubiconproject.com
sync.go.sonobi.com
ads.pubmatic.com
8 bcp.crwdcntrl.net 6 redirects api.retargetly.com
tags.crwdcntrl.net
8 pixel.quantserve.com 7 redirects googleads.g.doubleclick.net
8 um.simpli.fi 8 redirects
8 image2.pubmatic.com 1 redirects ads.pubmatic.com
8 u-iad04.e-planning.net ads.us.e-planning.net
ads.pubmatic.com
ssum.casalemedia.com
7 sync.srv.stackadapt.com 7 redirects
7 prebidserver.pixfuture.com cdn.pixfuture.com
ads.us.e-planning.net
securityaffairs.co
6 cs.emxdgt.com 6 redirects
6 ad.360yield.com 6 redirects
6 pixel.advertising.com 6 redirects
6 de.tynt.com 1 redirects cdn.pixfuture.com
rtb.gumgum.com
6 www.google.com 1 redirects googleads.g.doubleclick.net
tpc.googlesyndication.com
6 beacon.krxd.net spl.zeotap.com
de.tynt.com
bcp.crwdcntrl.net
6 pixel-us-east.rubiconproject.com 6 redirects
6 sync.ipredictive.com 6 redirects
6 pm.w55c.net 6 redirects
6 dis.criteo.com 5 redirects ads.pubmatic.com
6 c1.adform.net 5 redirects ads.pubmatic.com
6 image6.pubmatic.com 3 redirects ads.pubmatic.com
6 secure-assets.rubiconproject.com 6 redirects
6 sync.smartadserver.com 6 redirects
6 a.audrte.com 3 redirects ads.us.e-planning.net
a.audrte.com
securityaffairs.co
6 gum.criteo.com 1 redirects contextual.media.net
5 ps.eyeota.net de.tynt.com
securityaffairs.co
5 sync.crwdcntrl.net 1 redirects bcp.crwdcntrl.net
5 d.turn.com 5 redirects
5 ums.acuityplatform.com 5 redirects
5 match.deepintent.com 4 redirects ads.pubmatic.com
4 tg.socdm.com 4 redirects
4 ssbsync.smartadserver.com rtb.gumgum.com
4 sync.technoratimedia.com 4 redirects
4 jadserve.postrelease.com 4 redirects
4 aorta.clickagy.com 4 redirects
4 pixel-eu.rubiconproject.com 4 redirects
4 data.adsrvr.org 4 redirects
4 acdn.adnxs.com cdn.pixfuture.com
4 googleads4.g.doubleclick.net googleads.g.doubleclick.net
4 ssum-sec.casalemedia.com 1 redirects sync.quantumdex.io
ssum.casalemedia.com
ssum-sec.casalemedia.com
4 usermatch.krxd.net 4 redirects
4 odr.mookie1.com 4 redirects
4 api.retargetly.com 1 redirects s.e-planning.net
api.retargetly.com
4 sync.richaudience.com 3 redirects ads.us.e-planning.net
4 s.e-planning.net ads.us.e-planning.net
4 sync.e-planning.net ads.us.e-planning.net
eus.rubiconproject.com
sync.quantumdex.io
4 navvy.media.net contextual.media.net
4 ssc.33across.com cdn.pixfuture.com
4 pixfuture2-d.openx.net cdn.pixfuture.com
4 hbopenbid.pubmatic.com cdn.pixfuture.com
4 fastlane.rubiconproject.com cdn.pixfuture.com
4 apex.go.sonobi.com cdn.pixfuture.com
4 prebid.media.net cdn.pixfuture.com
4 aa.agkn.com 2 redirects cdn.pixfuture.com
ads.pubmatic.com
4 i0.wp.com securityaffairs.co
3 e.serverbid.com 3 redirects
3 pixel.onaudience.com 3 redirects
3 i.liadm.com 3 redirects
3 ads.creative-serving.com 3 redirects
3 www.googletagservices.com googleads.g.doubleclick.net
3 sync.search.spotxchange.com 3 redirects
3 token.rubiconproject.com 3 redirects
3 id.rlcdn.com 1 redirects eus.rubiconproject.com
us-u.openx.net
3 a.sportradarserving.com 3 redirects
3 tags.bluekai.com 2 redirects spl.zeotap.com
3 dpm.demdex.net 3 redirects
3 adservice.google.com pagead2.googlesyndication.com
3 adservice.google.ca pagead2.googlesyndication.com
3 partner.googleadservices.com pagead2.googlesyndication.com
3 pippio.com 3 redirects
3 idsync.rlcdn.com 2 redirects ads.pubmatic.com
3 trc.taboola.com 2 redirects spl.zeotap.com
3 rtb.openx.net 2 redirects us-u.openx.net
3 btlr.sharethrough.com cdn.pixfuture.com
3 l.sharethis.com 1 redirects securityaffairs.co
3 www.google-analytics.com www.googletagmanager.com
www.google-analytics.com
3 i1.wp.com securityaffairs.co
2 openx2-match.dotomi.com 2 redirects
2 io.narrative.io 1 redirects ads.pubmatic.com
2 visitor.fiftyt.com 1 redirects ads.pubmatic.com
2 csync.loopme.me ads.pubmatic.com
us-u.openx.net
2 simage4.pubmatic.com ads.pubmatic.com
2 33across-match.dotomi.com 2 redirects
2 c21lg-d.media.net contextual.media.net
2 eu-u.openx.net us-u.openx.net
2 i.w55c.net 2 redirects
2 s.cpx.to us-u.openx.net
2 p.adsymptotic.com 1 redirects us-u.openx.net
2 ads.betweendigital.com 2 redirects
2 image8.pubmatic.com 2 redirects
2 rt.idx.lat resources-rt.idx.lat
2 cms.analytics.yahoo.com 2 redirects
2 idsync.frontend.weborama.fr 2 redirects
2 sync.tidaltv.com 2 redirects
2 dmp.adform.net 1 redirects spl.zeotap.com
2 pmp.mxptint.net 1 redirects ads.pubmatic.com
2 pubmatic-match.dotomi.com 2 redirects
2 rtb.adentifi.com ads.pubmatic.com
us-u.openx.net
2 image4.pubmatic.com ads.pubmatic.com
2 a.tribalfusion.com 2 redirects
2 cm.adgrx.com 2 redirects
2 spl.zeotap.com ads.us.e-planning.net
ads.pubmatic.com
2 onetag-sys.com ads.us.e-planning.net
sync.quantumdex.io
2 ssum.casalemedia.com 1 redirects ads.us.e-planning.net
2 prebid-match.dotomi.com 2 redirects
2 loadm.exelator.com 2 redirects
2 pixel.sitescout.com 2 redirects
2 ads.us.e-planning.net 1 redirects cdn.pixfuture.com
2 c2shb.ssp.yahoo.com cdn.pixfuture.com
2 id5-sync.com 1 redirects cdn.pixfuture.com
2 mug.criteo.com securityaffairs.co
2 pixel.wp.com securityaffairs.co
2 pxlclnmdecom-a.akamaihd.net contextual.media.net
pxlclnmdecom-a.akamaihd.net
2 cdn.pixfuture.com served-by.pixfuture.com
cdn.pixfuture.com
2 i2.wp.com securityaffairs.co
2 connect.facebook.net securityaffairs.co
connect.facebook.net
1 ib.mookie1.com bcp.crwdcntrl.net
1 global.ib-ibi.com 1 redirects
1 pixfuture-inv-nyc.admixer.net 1 redirects
1 oxp.mxptint.net 1 redirects
1 tr.blismedia.com us-u.openx.net
1 bttrack.com 1 redirects
1 match.adsby.bidtheatre.com 1 redirects
1 ads.playground.xyz 1 redirects
1 match.bnmla.com ads.pubmatic.com
1 core.iprom.net 1 redirects
1 gocm.c.appier.net 1 redirects
1 c.eu1.dyntrk.com googleads.g.doubleclick.net
1 aep.mxptint.net 1 redirects
1 r.turn.com securityaffairs.co
1 cms-xch.33across.com 1 redirects
1 server.cpmstar.com 1 redirects
1 i6.liadm.com us-u.openx.net
1 sync.adaptv.advertising.com googleads.g.doubleclick.net
1 sync.extend.tv 1 redirects
1 s0.2mdn.net googleads.g.doubleclick.net
1 m.exactag.com googleads.g.doubleclick.net
1 s2.2mdn.net googleads.g.doubleclick.net
1 z.moatads.com googleads.g.doubleclick.net
1 u.openx.net 1 redirects
1 nep.advangelists.com 1 redirects
1 ads01.groovinads.com api.retargetly.com
1 sync.teads.tv 1 redirects
1 beacon.lynx.cognitivlabs.com 1 redirects
1 ad4m.at ssum.casalemedia.com
1 match.sharethrough.com 1 redirects
1 dsp.adfarm1.adition.com 1 redirects
1 dmp.v.fwmrm.net spl.zeotap.com
1 resources-rt.idx.lat api.retargetly.com
1 sync.resetdigital.co 1 redirects
1 rtb.adstanding.com 1 redirects
1 tags.rd.linksynergy.com 1 redirects
1 match.taboola.com ads.pubmatic.com
1 s.tribalfusion.com ads.pubmatic.com
1 event.clientgear.com 1 redirects
1 js.cookieless-data.com s.e-planning.net
1 tags.crwdcntrl.net s.e-planning.net
1 cs.admanmedia.com 1 redirects
1 qsearch-a.akamaihd.net securityaffairs.co
1 dt6.clnmde.com securityaffairs.co
1 graph.facebook.com securityaffairs.co
1 adservetx.media.net contextual.media.net
1 secure.gravatar.com securityaffairs.co
1 google-analytics.com securityaffairs.co
1 buttons-config.sharethis.com platform-api.sharethis.com
1 stats.wp.com securityaffairs.co
1 platform-api.sharethis.com securityaffairs.co
1 ws.sharethis.com securityaffairs.co
1 maxcdn.bootstrapcdn.com securityaffairs.co
1 www.googletagmanager.com securityaffairs.co
1 t.co
0 ice.360yield.com Failed sync.go.sonobi.com
0 api.rlcdn.com Failed cdn.pixfuture.com
0 fonts.googleapis.com Failed securityaffairs.co
906 223
Subject Issuer Validity Valid
t.co
DigiCert TLS RSA SHA256 2020 CA1		 2021-03-24 -
2022-03-23		 a year crt.sh
www.securityaffairs.co
GeoTrust TLS DV RSA Mixed SHA256 2020 CA-1		 2021-03-24 -
2022-04-06		 a year crt.sh
*.google-analytics.com
GTS CA 1C3		 2021-10-18 -
2022-01-10		 3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2021-03-01 -
2022-02-28		 a year crt.sh
sharethis.com
Amazon		 2021-07-19 -
2022-08-17		 a year crt.sh
*.media.net
DigiCert SHA2 Secure Server CA		 2021-04-12 -
2022-04-20		 a year crt.sh
*.pixfuture.com
Sectigo RSA Domain Validation Secure Server CA		 2019-12-03 -
2021-12-02		 2 years crt.sh
*.wp.com
Sectigo RSA Domain Validation Secure Server CA		 2020-04-02 -
2022-07-05		 2 years crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2021-08-17 -
2021-11-15		 3 months crt.sh
*.gravatar.com
Sectigo RSA Domain Validation Secure Server CA		 2020-08-14 -
2022-11-16		 2 years crt.sh
a248.e.akamai.net
DigiCert SHA2 Secure Server CA		 2021-07-15 -
2022-07-20		 a year crt.sh
*.agkn.com
RapidSSL RSA CA 2018		 2020-07-25 -
2022-09-18		 2 years crt.sh
*.clnmde.com
Amazon		 2021-05-06 -
2022-06-04		 a year crt.sh
dt6.clnmde.com
Amazon		 2021-03-29 -
2022-04-27		 a year crt.sh
*.criteo.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2021-09-09 -
2021-12-07		 3 months crt.sh
*.id5-sync.com
R3		 2021-10-05 -
2022-01-03		 3 months crt.sh
*.adsrvr.org
GlobalSign GCC R3 DV TLS CA 2020		 2021-03-18 -
2022-04-19		 a year crt.sh
*.adnxs.com
GeoTrust ECC CA 2018		 2021-03-05 -
2022-02-19		 a year crt.sh
*.go.sonobi.com
Go Daddy Secure Certificate Authority - G2		 2020-12-06 -
2022-01-07		 a year crt.sh
*.rubiconproject.com
DigiCert TLS RSA SHA256 2020 CA1		 2021-03-30 -
2022-04-04		 a year crt.sh
*.pubmatic.com
DigiCert Baltimore TLS RSA SHA256 2020 CA1		 2021-08-04 -
2022-09-04		 a year crt.sh
*.openx.net
GeoTrust RSA CA 2018		 2021-07-08 -
2022-08-08		 a year crt.sh
*.lijit.com
Go Daddy Secure Certificate Authority - G2		 2021-03-11 -
2022-04-12		 a year crt.sh
*.sharethrough.com
Amazon		 2021-08-13 -
2022-09-11		 a year crt.sh
ssc.33across.com
GTS CA 1D4		 2021-09-28 -
2021-12-27		 3 months crt.sh
web.ssp.yahoo.com
DigiCert SHA2 High Assurance Server CA		 2021-10-14 -
2022-04-06		 6 months crt.sh
ads.us.e-planning.net
R3		 2021-10-09 -
2022-01-07		 3 months crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2021-10-18 -
2022-01-10		 3 months crt.sh
*.e-planning.net
R3		 2021-10-22 -
2022-01-20		 3 months crt.sh
*.audrte.com
Amazon		 2021-01-26 -
2022-02-24		 a year crt.sh
san.casalemedia.com
GeoTrust RSA CA 2018		 2021-02-05 -
2022-02-09		 a year crt.sh
*.retargetly.com
Sectigo RSA Domain Validation Secure Server CA		 2020-12-22 -
2021-12-22		 a year crt.sh
onetag-sys.com
R3		 2021-11-02 -
2022-01-31		 3 months crt.sh
*.crwdcntrl.net
Go Daddy Secure Certificate Authority - G2		 2021-04-29 -
2022-05-31		 a year crt.sh
js.cookieless-data.com
R3		 2021-09-30 -
2021-12-29		 3 months crt.sh
track.adform.net
DigiCert TLS RSA SHA256 2020 CA1		 2021-09-06 -
2022-10-07		 a year crt.sh
*.match.prod.bidr.io
Amazon		 2021-02-26 -
2022-03-27		 a year crt.sh
*.deepintent.com
Go Daddy Secure Certificate Authority - G2		 2020-04-09 -
2022-06-08		 2 years crt.sh
*.taboola.com
DigiCert TLS RSA SHA256 2020 CA1		 2020-11-25 -
2021-12-26		 a year crt.sh
*.ybp.yahoo.com
DigiCert SHA2 High Assurance Server CA		 2021-08-24 -
2022-02-16		 6 months crt.sh
adentifi.com
Amazon		 2021-09-04 -
2022-10-03		 a year crt.sh
*.googleadservices.com
GTS CA 1C3		 2021-10-18 -
2022-01-10		 3 months crt.sh
*.google.ca
GTS CA 1C3		 2021-10-18 -
2022-01-10		 3 months crt.sh
*.google.com
GTS CA 1C3		 2021-10-18 -
2022-01-10		 3 months crt.sh
*.v.fwmrm.net
DigiCert TLS RSA SHA256 2020 CA1		 2020-11-17 -
2021-12-18		 a year crt.sh
beacon.krxd.net
DigiCert TLS RSA SHA256 2020 CA1		 2021-01-13 -
2022-01-07		 a year crt.sh
odc-pixel-prod-01.oracle.com
DigiCert SHA2 Secure Server CA		 2021-10-18 -
2022-04-26		 6 months crt.sh
*.rlcdn.com
Sectigo RSA Domain Validation Secure Server CA		 2021-02-25 -
2022-03-28		 a year crt.sh
idx.lat
Amazon		 2021-10-31 -
2022-11-28		 a year crt.sh
pixel.mathtag.com
DigiCert SHA2 Secure Server CA		 2021-06-29 -
2022-07-07		 a year crt.sh
*.groovinads.com
Sectigo RSA Domain Validation Secure Server CA		 2021-02-01 -
2022-03-03		 a year crt.sh
tpc.googlesyndication.com
GTS CA 1C3		 2021-10-18 -
2022-01-10		 3 months crt.sh
www.google.com
GTS CA 1C3		 2021-10-18 -
2022-01-10		 3 months crt.sh
moatads.com
DigiCert SHA2 Secure Server CA		 2021-01-21 -
2022-01-25		 a year crt.sh
*.doubleclick.net
GTS CA 1C3		 2021-10-18 -
2022-01-10		 3 months crt.sh
*.quantserve.com
DigiCert TLS RSA SHA256 2020 CA1		 2021-09-22 -
2022-09-21		 a year crt.sh
*.exactag.com
Sectigo RSA Organization Validation Secure Server CA		 2020-01-22 -
2022-04-21		 2 years crt.sh
*.tynt.com
Sectigo RSA Domain Validation Secure Server CA		 2021-09-23 -
2022-09-30		 a year crt.sh
cdn.adnxs.com
GlobalSign Organization Validated CA - SHA256 - G4		 2021-05-10 -
2022-06-11		 a year crt.sh
s.amazon-adsystem.com
Amazon		 2021-07-14 -
2022-06-27		 a year crt.sh
*.gumgum.com
Amazon		 2021-10-15 -
2022-11-12		 a year crt.sh
*.tapad.com
DigiCert TLS RSA SHA256 2020 CA1		 2021-09-13 -
2022-10-14		 a year crt.sh
*.smartadserver.com
DigiCert ECC Secure Server CA		 2020-01-30 -
2022-02-03		 2 years crt.sh
*.v.ssp.yahoo.com
DigiCert SHA2 High Assurance Server CA		 2021-10-19 -
2022-04-13		 6 months crt.sh
s.cpx.to
Sectigo RSA Domain Validation Secure Server CA		 2021-02-03 -
2022-02-09		 a year crt.sh
c.eu1.dyntrk.com
R3		 2021-10-08 -
2022-01-06		 3 months crt.sh
loopme.me
R3		 2021-10-29 -
2022-01-27		 3 months crt.sh
*.bnmla.com
Go Daddy Secure Certificate Authority - G2		 2021-01-06 -
2022-02-07		 a year crt.sh
*.eyeota.net
R3		 2021-10-26 -
2022-01-24		 3 months crt.sh
cms-xch-chicago.33across.com
GTS CA 1D4		 2021-10-13 -
2022-01-11		 3 months crt.sh
tr.blismedia.com
GTS CA 1D4		 2021-10-25 -
2022-01-23		 3 months crt.sh

This page contains 157 frames:

Primary Page: https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html
Frame ID: 22E126E89816F098A28788B272F14009
Requests: 178 HTTP requests in this frame

Frame: https://pxlclnmdecom-a.akamaihd.net/javascripts/bfp_ssn.js?templateId=3
Frame ID: 8F75869FC550D6D914C14EDD43CB93AA
Requests: 2 HTTP requests in this frame

Frame: https://contextual.media.net/4a/nrrV8478.js
Frame ID: C053AD76816CD234232D1AAC46FCA253
Requests: 7 HTTP requests in this frame

Frame: https://contextual.media.net/4a/nrrV8478.js
Frame ID: B594B712303C2AC292CB42FEB1219B3D
Requests: 7 HTTP requests in this frame

Frame: https://contextual.media.net/4a/nrrV8478.js
Frame ID: C8CE18AFE81C3B475172162FDD4D2394
Requests: 7 HTTP requests in this frame

Frame: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Frame ID: A01234A01203BCA8ED0020AA1FDB8275
Requests: 22 HTTP requests in this frame

Frame: https://contextual.media.net/4a/nrrV8478.js
Frame ID: B2BDEC44F1C522CDAA173C09D83B8FEE
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/show_ads.js
Frame ID: E33F6D71D080DB09189D6F9304087AB1
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/show_ads.js
Frame ID: 991DCC8BE926F6B2519F9B5827936802
Requests: 8 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?&p=eplanning_east&endpoint=us-east
Frame ID: B8BF20E6CD989ABE962D612B4EC88D49
Requests: 11 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-iad04.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3Da925008edff725ea%26uid%3D
Frame ID: E629DA9513726F843BD25B17437D275F
Requests: 24 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/show_ads.js
Frame ID: 142B61E89FFFED3852E45668657D3D71
Requests: 8 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/show_ads.js
Frame ID: 8146D433F3A457094FA44566658A0961
Requests: 8 HTTP requests in this frame

Frame: https://ssum.casalemedia.com/usermatch?cb=https%3A%2F%2Fu-iad04.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3Da925008edff725ea%26uid%3D&s=190243&C=1
Frame ID: 725F65CD62D078B39731755362EDA82C
Requests: 10 HTTP requests in this frame

Frame: https://onetag-sys.com/usync/?pubId=5927d926323dc2c
Frame ID: 060B9651F956E40B6035C6580AEC3368
Requests: 1 HTTP requests in this frame

Frame: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Frame ID: 0A6CBDC8D2445D4AB0638B7A68F8B4BE
Requests: 23 HTTP requests in this frame

Frame: https://s.e-planning.net/esb/4/0/1992d/bb6e7a161f794f56/sirdata_03022021.html
Frame ID: 54CE2ACFC97D98A774D91CA612C50A9E
Requests: 2 HTTP requests in this frame

Frame: https://sync.quantumdex.io/usersync/e-planning
Frame ID: EFCC10F2E9635D3E6C7D70F02A4C3003
Requests: 9 HTTP requests in this frame

Frame: https://prebidserver.pixfuture.com:8000/setuid?bidder=eplanning&gdpr=&gdpr_consent=&f=b&uid=AOltqTKsRf3LV5Jt
Frame ID: B249044EDA0BA4F2FC28985C324F802C
Requests: 1 HTTP requests in this frame

Frame: https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=909D4247-195C-4A1C-B725-510C1A2C19E4
Frame ID: 02251B770E29E10CB476F28C5A637D9C
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=YYlGtQADCzBZAQAz&gdpr=0&gdpr_consent=&_test=YYlGtQADCzBZAQAz
Frame ID: F1839EBE9735D322214839884D6E2A88
Requests: 1 HTTP requests in this frame

Frame: https://match.prod.bidr.io/cookie-sync/adx?bee_sync_partners=pp%2Csas%2Csyn%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&bee_sync_hop_count=1
Frame ID: E3AC96FF1E61807E4C6C8E718B675605
Requests: 1 HTTP requests in this frame

Frame: https://dis.criteo.com/dis/usersync.aspx?r=3&p=4&cp=pubmaticUS&cu=1&&gdpr=0&gdpr_consent=&url=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCookie=uid:@@CRITEO_USERID@@
Frame ID: 95006C20226FEDBE35CFABED7D8C78FC
Requests: 1 HTTP requests in this frame

Frame: https://match.deepintent.com/usersync/141?gdpr=0&gdpr_consent=
Frame ID: 4FC770FF1AEA23CD70AD00BEFAB89A4C
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzMDEmdGw9MTI5NjAw&piggybackCookie=439792cc-40ab-11ec-918a-3b0a3813f2a6
Frame ID: FCF3F8B49C61EF9FDE71A357AAC8ADD1
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:XuW5Oh981MK6Sp5&gdpr=0&gdpr_consent=
Frame ID: 464324EE44D8127C01AE672501D40A7D
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=hUTaF9LeQ2xNm_19Q3CPgCV4zZU
Frame ID: EE28D7BC4FDBDD16877F4003A3A1E7E9
Requests: 1 HTTP requests in this frame

Frame: https://sync.quantumdex.io/setuid?bidder=unruly&uid=RX-af56c6db-498f-42fc-9369-e44a2dbc1924-005
Frame ID: 1262CD1A8CEFCE22952B6E412D0A69BE
Requests: 1 HTTP requests in this frame

Frame: https://s.tribalfusion.com/z/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID}
Frame ID: 9778411D8D7715C16BADDEFD892C104B
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzMmdGw9MTI5NjAw&piggybackCookie=Q6896728851048605046
Frame ID: 62E39FA73C7DABE6DD38D0C33B75341C
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI5NDcmdGw9MTI5NjAw&piggybackCookie=620923216780
Frame ID: 6AAFAFD2EE6F3EF321B1F0CC80CB0E29
Requests: 1 HTTP requests in this frame

Frame: https://match.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&tbid=8fd59bcc-d66b-43c7-9a7e-bd761d6b0394-tuct882cc35&query=taboola_hm%3D1%26redir%3Dhttps%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw%26piggybackCookie%3Duid%3A%24UID&isDirect=0
Frame ID: F068A055B27B3A193828CC6F755BEFAD
Requests: 1 HTTP requests in this frame

Frame: https://u-iad04.e-planning.net/um?dc=a208d9366469aa64&fi=a925008edff725ea&uid=909D4247-195C-4A1C-B725-510C1A2C19E4
Frame ID: 0C9AFE260B5167A95675FB231E13B9A5
Requests: 1 HTTP requests in this frame

Frame: https://api.retargetly.com/api?id=1473&src=0&url=https%3A%2F%2Fsecurityaffairs.co%2F&browserUrl=https%3A%2F%2Fads.us.e-planning.net%2Fuspd%2F1%2F%3Fct%3D1%26du%3Dhttps%253A%252F%252Fprebidserver.pixfuture.com%253A8000%252Fsetuid%253Fbidder%253Deplanning%2526gdpr%253D%2526gdpr_consent%253D%2526f%253Db%2526uid%253D%2524UID&ref=https%3A%2F%2Fads.us.e-planning.net%2Fuspd%2F1%2F%3Fct%3D1%26du%3Dhttps%253A%252F%252Fprebidserver.pixfuture.com%253A8000%252Fsetuid%253Fbidder%253Deplanning%2526gdpr%253D%2526gdpr_consent%253D%2526f%253Db%2526uid%253D%2524UID&utmz=&n=&md=&mk=&il=1&limit_drop=&userid=0a2e2888-773d-4afd-bf1b-4c6e9c21042c&idx=&_rlid=0a2e2888-773d-4afd-bf1b-4c6e9c21042c
Frame ID: 1D3BEBBF5D19A76A7967D7E1B8CEC57C
Requests: 17 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=50&slotname=Internal_320x50_0.10&adk=468307373&adf=1480696131&pi=t.ma~as.Internal_320x50_0.10&w=320&lmt=1636386485&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F112825%2Fmalware%2Fgolang-based-worm-windows-linux.html&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1636386485719&bpp=15&bdt=185&idt=191&shv=r20211103&mjsv=m202111020101&ptt=5&saldr=sa&correlator=6653099393600&frm=21&ife=1&pv=2&ga_vid=826445048.1636386485&ga_sid=1636386486&ga_hid=1089796484&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=320&ady=820&biw=1600&bih=1200&isw=320&ish=50&ifk=1908481605&scr_x=0&scr_y=0&eid=21065724&oid=2&pvsid=3372795393941806&pem=843&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.h7hnysjkfh1q&fsb=1&xpc=fF2ziKw2Ol&p=https%3A//securityaffairs.co&dtd=210
Frame ID: 040221DC7CDDCBCC260615BD2C1A56D5
Requests: 10 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=90&slotname=Internal_728x90_0.10&adk=1194620937&adf=1480696129&pi=t.ma~as.Internal_728x90_0.10&w=728&lmt=1636386485&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F112825%2Fmalware%2Fgolang-based-worm-windows-linux.html&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1636386485752&bpp=6&bdt=145&idt=196&shv=r20211103&mjsv=m202111020101&ptt=5&saldr=sa&correlator=6653099393600&frm=21&ife=1&pv=1&ga_vid=826445048.1636386485&ga_sid=1636386486&ga_hid=1670877418&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=320&ady=518&biw=1600&bih=1200&isw=728&ish=90&ifk=1904614804&scr_x=0&scr_y=0&eid=31062938&oid=2&pvsid=1757560233294358&pem=843&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.xa1tfz6tg05z&fsb=1&xpc=jgpFHxDAe2&p=https%3A//securityaffairs.co&dtd=211
Frame ID: B1D31545AB44C1974B8A574CCBBF7853
Requests: 29 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=250&slotname=Internal_300x250_0.10&adk=1639670682&adf=1480696128&pi=t.ma~as.Internal_300x250_0._&w=300&lmt=1636386485&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F112825%2Fmalware%2Fgolang-based-worm-windows-linux.html&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1636386485746&bpp=5&bdt=180&idt=229&shv=r20211103&mjsv=m202111020101&ptt=5&saldr=sa&correlator=6653099393600&frm=21&ife=1&pv=1&ga_vid=826445048.1636386485&ga_sid=1636386486&ga_hid=1444845079&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=320&ady=2972&biw=1600&bih=1200&isw=300&ish=250&ifk=612157785&scr_x=0&scr_y=0&eid=31063374%2C31062930&oid=2&pvsid=530218145386761&pem=843&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C250&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.huopeqk60154&btvi=1&fsb=1&xpc=yFCYGbik1C&p=https%3A//securityaffairs.co&dtd=244
Frame ID: F442EF3011870C99085D2CA767CFF5D6
Requests: 14 HTTP requests in this frame

Frame: https://onetag-sys.com/usync/?pubId=2bb78272a859ca6
Frame ID: 2200314D141E2124FCE0E438646DBF04
Requests: 1 HTTP requests in this frame

Frame: https://ssum-sec.casalemedia.com/usermatch?s=192922&cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D
Frame ID: 87203930208BAF87BAA673435C8D8814
Requests: 10 HTTP requests in this frame

Frame: https://sync.go.sonobi.com/uc.html?pubid=4d443a3ea2
Frame ID: 4A76DEE6E67B9637968A65C8C88E6EB8
Requests: 10 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJ3FExCr1FUY3pDfuAEwAQ&v=APEucNWa5Thg9BIsJfPl5VSewPfJf0dr04VSNJsB3IAwIcP4s_WQp0tz3ooJqZ2Gz44zpZqiKaUqMEKdAl9BCkvthStTNnlSMQ
Frame ID: 7B0D1EA792679F1E858A9801435351D9
Requests: 5 HTTP requests in this frame

Frame: https://pixel.mathtag.com/sync/iframe?mt_uuid=47ba6189-46b6-4f00-a922-0724bc220c16&no_iframe=1&exsync=https%3A%2F%2Fapp.retargetly.com%2Fsync%3Fsid%3D%5BMM_UUID%5D%26pid%3D10&mt_lim=12&source=mathtag
Frame ID: 3D7F7F508E46209F2449F6E4EE65EF91
Requests: 7 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CO-t7QIQhsvvAhiDks-dATAB&v=APEucNWCShfVHYbJAWJ5paS7sq2hHaJcYa1j1TXvUNZRTCvM1iwrcRg5-buZex2q8dHL12jkg97PopWI4imF2n5NcLwwF_N4sA
Frame ID: F72799C0989AE136CBCE23BA8CA493AC
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 77CE2F20F82B59CC5368199BAB5C1F4F
Requests: 2 HTTP requests in this frame

Frame: https://ap.lijit.com/beacon?informer=13480300
Frame ID: 79EBB8500483F2EF7274AEB55A415257
Requests: 23 HTTP requests in this frame

Frame: https://us-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0
Frame ID: DDEED17841D69CA1DF012B934070D27F
Requests: 7 HTTP requests in this frame

Frame: https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUIUMTP7&prvid=2034%2C2033%2C2031%2C2030%2C273%2C2029%2C2028%2C2027%2C236%2C237%2C2025%2C238%2C117%2C97%2C99%2C3012%2C3011%2C3010%2C3007%2C201%2C4%2C246%2C2037%2C203%2C9%2C2011%2C3022%2C3020%2C251%2C175%2C2009%2C255%2C178%2C3018%2C3017%2C3016%2C214%2C3014%2C70%2C77%2C38%2C182%2C261%2C141%2C222%2C301%2C225%2C80%2C10000%2C108&purpose1=1&gdprconsent=1&gdpr=0&usp_status=0&usp_consent=1&itype=PREBID
Frame ID: 59CB0C2EA40ED946758E2EF78F895BE3
Requests: 12 HTTP requests in this frame

Frame: https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUIUMTP7&prvid=2034%2C2033%2C2031%2C2030%2C273%2C2029%2C2028%2C2027%2C236%2C237%2C2025%2C238%2C117%2C97%2C99%2C3012%2C3011%2C3010%2C3007%2C201%2C4%2C246%2C2037%2C203%2C9%2C2011%2C3022%2C3020%2C251%2C175%2C2009%2C255%2C178%2C3018%2C3017%2C3016%2C214%2C3014%2C70%2C77%2C38%2C182%2C261%2C141%2C222%2C301%2C225%2C80%2C10000%2C108&purpose1=1&gdprconsent=1&gdpr=0&usp_status=0&usp_consent=1&itype=PREBID
Frame ID: CA670D2F0FB47B808025C5D28A75835E
Requests: 13 HTTP requests in this frame

Frame: https://de.tynt.com/deb/?m=xch&rt=html&ru=deb&id=azC7qard4r6OkMaKlId8sQ&gdpr_consent=undefined&us_privacy=undefined&b=1
Frame ID: F07E106CC37E8E95DB1552C9B9E7100B
Requests: 6 HTTP requests in this frame

Frame: https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUIUMTP7&prvid=2034%2C2033%2C2031%2C2030%2C273%2C2029%2C2028%2C2027%2C236%2C237%2C2025%2C238%2C117%2C97%2C99%2C3012%2C3011%2C3010%2C3007%2C201%2C4%2C246%2C2037%2C203%2C9%2C2011%2C3022%2C3020%2C251%2C175%2C2009%2C255%2C178%2C3018%2C3017%2C3016%2C214%2C3014%2C70%2C77%2C38%2C182%2C261%2C141%2C222%2C301%2C225%2C80%2C10000%2C108&purpose1=1&gdprconsent=1&gdpr=0&usp_status=0&usp_consent=1&itype=PREBID
Frame ID: 8EDF083645F290FFE6CAF2395C401569
Requests: 13 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: 93D07E0394EFD96CB6B81AD6A9A9B170
Requests: 3 HTTP requests in this frame

Frame: https://ap.lijit.com/beacon?informer=13480300
Frame ID: 7BF8D8CC4A43EB7381DF2278DAF91225
Requests: 25 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html
Frame ID: 89EC15DD5FFFA766ACB0DB4EA71C255B
Requests: 2 HTTP requests in this frame

Frame: https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUIUMTP7&prvid=2034%2C2033%2C2031%2C2030%2C273%2C2029%2C2028%2C2027%2C236%2C237%2C2025%2C238%2C117%2C97%2C99%2C3012%2C3011%2C3010%2C3007%2C201%2C4%2C246%2C2037%2C203%2C9%2C2011%2C3022%2C3020%2C251%2C175%2C2009%2C255%2C178%2C3018%2C3017%2C3016%2C214%2C3014%2C70%2C77%2C38%2C182%2C261%2C141%2C222%2C301%2C225%2C80%2C10000%2C108&purpose1=1&gdprconsent=1&gdpr=0&usp_status=0&usp_consent=1&itype=PREBID
Frame ID: 8EFF270F27384609865CD2344F720F46
Requests: 12 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Frame ID: 985A4D442EFE919249741C87B8792DDA
Requests: 1 HTTP requests in this frame

Frame: https://ap.lijit.com/beacon?informer=13480300
Frame ID: DFA0F341D0B3CFCAE1C49C0908BEFAFA
Requests: 25 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: 9922444FB443B5E8B2840A1A7C97DE02
Requests: 3 HTTP requests in this frame

Frame: https://us-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0
Frame ID: B71DAFC00DC016B5F086A9D722BC80A3
Requests: 7 HTTP requests in this frame

Frame: https://ap.lijit.com/beacon?informer=13480300
Frame ID: 7945FBF396E44C49C828384488265640
Requests: 23 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: 83702D082443A4BE0013F20E8C116A65
Requests: 3 HTTP requests in this frame

Frame: https://us-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0
Frame ID: 6C637591A49BE5F12349D72CB0D63FB8
Requests: 7 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Frame ID: B02823BD3117945AC587F4EAA07882E9
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Frame ID: 2200A7F2BCF17A15E90735BBFE02EA05
Requests: 1 HTTP requests in this frame

Frame: https://us-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0
Frame ID: DDF013A5A65D319D7DC61EDB8425682C
Requests: 7 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Frame ID: 0D1C5122D68959699A4E963BB74969A4
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: B6C4E426868C844E1D206201B08ED231
Requests: 3 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 55F9F881AC62DCB065E127E96D78CBE8
Requests: 8 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=137711&s=137812&predirect=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D58%263pid%3D&gdpr=0&gdpr_consent=
Frame ID: A04B67C33071F6F7590A6EBD01E24BA7
Requests: 1 HTTP requests in this frame

Frame: https://us-u.openx.net/w/1.0/cm?id=dc2068a3-fa3d-4b5f-8a61-3d5a1a58fc05&ph=21f03281-5b83-4670-a0e0-dc15f7542014&r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D76%263pid%3D%7BOPENX_ID%7D&gdpr=0&gdpr_consent=
Frame ID: 38006DDEED34485727A81967E22D6A00
Requests: 8 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=0&gdpr_consent=
Frame ID: FFBBE6C302B8E47A703561467E83A228
Requests: 16 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156212&predirect=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D71%263pid%3D&gdpr=1&gdpr_consent=ABCFETYFDJLNBFCV&gdpr=0&gdpr_consent=
Frame ID: 73598D91947FDBD78B4D4A0ADB9A3C43
Requests: 1 HTTP requests in this frame

Frame: https://ce.lijit.com/merge?pid=1&3pid=3101355994236352031&gdpr=0&gdpr_consent=
Frame ID: 930E2CE464DDEC3F008732D760DA1E74
Requests: 1 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=0&gdpr_consent=
Frame ID: 73ACF48AADBE4DD9E7B6407F91F65797
Requests: 16 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156212&predirect=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D71%263pid%3D&gdpr=1&gdpr_consent=ABCFETYFDJLNBFCV&gdpr=0&gdpr_consent=
Frame ID: 719FAFE34607AC58E6EAC4B931A9C5BC
Requests: 10 HTTP requests in this frame

Frame: https://ce.lijit.com/merge?pid=1&3pid=3101355994236352031&gdpr=0&gdpr_consent=
Frame ID: 92B163926658AEBCEAE6BEEB6BCFC824
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=137711&s=137812&predirect=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D58%263pid%3D&gdpr=0&gdpr_consent=
Frame ID: 7AFCC5B516CBAB9CE22A15E4222159E0
Requests: 1 HTTP requests in this frame

Frame: https://us-u.openx.net/w/1.0/cm?id=dc2068a3-fa3d-4b5f-8a61-3d5a1a58fc05&ph=21f03281-5b83-4670-a0e0-dc15f7542014&r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D76%263pid%3D%7BOPENX_ID%7D&gdpr=0&gdpr_consent=
Frame ID: 50E52268FFE8D4C5B782FBBA892C0736
Requests: 8 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 717F95AA6EA3A4D31C18F5228B99CD26
Requests: 8 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=137711&s=137812&predirect=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D58%263pid%3D&gdpr=0&gdpr_consent=
Frame ID: 8A3ABAD496DD6394B08A167D9FE5A41F
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156212&predirect=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D71%263pid%3D&gdpr=1&gdpr_consent=ABCFETYFDJLNBFCV&gdpr=0&gdpr_consent=
Frame ID: DFB2BB92AED691005D4A8357304840A0
Requests: 1 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=0&gdpr_consent=
Frame ID: 657A1FF76D3E07EB2DA727A32658F20B
Requests: 16 HTTP requests in this frame

Frame: https://ce.lijit.com/merge?pid=1&3pid=3101355994236352031&gdpr=0&gdpr_consent=
Frame ID: 4104732D2D9C191FDBA3B390EF78F4AB
Requests: 1 HTTP requests in this frame

Frame: https://us-u.openx.net/w/1.0/cm?id=dc2068a3-fa3d-4b5f-8a61-3d5a1a58fc05&ph=21f03281-5b83-4670-a0e0-dc15f7542014&r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D76%263pid%3D%7BOPENX_ID%7D&gdpr=0&gdpr_consent=
Frame ID: D4C6C25E42E8A939D53E25F3B1397084
Requests: 8 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=0&gdpr_consent=
Frame ID: 7D0ECC02E9719FF300BD5737597FAE9A
Requests: 16 HTTP requests in this frame

Frame: https://ce.lijit.com/merge?pid=1&3pid=3101355994236352031&gdpr=0&gdpr_consent=
Frame ID: 9A318E95B6EB5A8796E6ABBACAE4DE55
Requests: 1 HTTP requests in this frame

Frame: https://us-u.openx.net/w/1.0/cm?id=dc2068a3-fa3d-4b5f-8a61-3d5a1a58fc05&ph=21f03281-5b83-4670-a0e0-dc15f7542014&r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D76%263pid%3D%7BOPENX_ID%7D&gdpr=0&gdpr_consent=
Frame ID: 0C8E77BE61CAA90010E0DA2EDCD8654C
Requests: 8 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156212&predirect=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D71%263pid%3D&gdpr=1&gdpr_consent=ABCFETYFDJLNBFCV&gdpr=0&gdpr_consent=
Frame ID: 4B4E1E1EB1F71ECF55053D40509CD417
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=137711&s=137812&predirect=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D58%263pid%3D&gdpr=0&gdpr_consent=
Frame ID: 8BD5849D2BCC84E1CDD9E4F5CE755ACC
Requests: 1 HTTP requests in this frame

Frame: https://contextual.media.net/cksync.html?cs=8&vsid=2793880847394129000V10&type=rkt&refUrl=&vid=63864872712793880847394129000V10&ovsid=978758875032371846
Frame ID: 1BB26EDF966957256BD326D169B67C56
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=159463&userIdMacro=PM_UID&predirect=https%3A%2F%2Fcontextual.media.net%2Fcksync.php%3Fcs%3D8%26vsid%3D2793880847394129000V10%26type%3Dpba%26refUrl%3D%26vid%3D63864872712793880847394129000V10%26ovsid%3DPM_UID
Frame ID: 7076596CC2DC5A024374E6F2554601C0
Requests: 1 HTTP requests in this frame

Frame: https://contextual.media.net/cksync.html?cs=8&vsid=2793880847394129000V10&type=rkt&refUrl=&vid=63864873462793880847394129000V10&ovsid=978758875032371846
Frame ID: F20C3876114AC5E46CE571E5A94D9D6C
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=159463&userIdMacro=PM_UID&predirect=https%3A%2F%2Fcontextual.media.net%2Fcksync.php%3Fcs%3D8%26vsid%3D2793880847394129000V10%26type%3Dpba%26refUrl%3D%26vid%3D63864873462793880847394129000V10%26ovsid%3DPM_UID
Frame ID: 9AF2239948882AB63F096AA80797C108
Requests: 1 HTTP requests in this frame

Frame: https://contextual.media.net/cksync.html?cs=8&vsid=2793880847394129000V10&type=rkt&refUrl=&vid=63864873782793880847394129000V10&ovsid=978758875032371846
Frame ID: 67BA4C5E85B43A0B060E40730CC0EE13
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=159463&userIdMacro=PM_UID&predirect=https%3A%2F%2Fcontextual.media.net%2Fcksync.php%3Fcs%3D8%26vsid%3D2793880847394129000V10%26type%3Dpba%26refUrl%3D%26vid%3D63864873782793880847394129000V10%26ovsid%3DPM_UID
Frame ID: 5D6E17ED485B18CD5ACBB14CEBC9490D
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=159463&userIdMacro=PM_UID&predirect=https%3A%2F%2Fcontextual.media.net%2Fcksync.php%3Fcs%3D8%26vsid%3D2793880847394129000V10%26type%3Dpba%26refUrl%3D%26vid%3D63864874192793880847394129000V10%26ovsid%3DPM_UID
Frame ID: 8C05D0324E3AED85C96036982645D9B2
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 8B93D8217627863FFB0011CFA0798EE4
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 1D09D3C8017C98C6F74623057EE6EE0B
Requests: 3 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/lFqatAGMGI5ruFOuc2G8YqsaAHQUb5EGFuJALWeAUJk.js
Frame ID: 4F7813202BB787E5DA18B073B3CC7368
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=0&gdprConsent=
Frame ID: 6F531C57AE26B4EA734E45112BD2415B
Requests: 2 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usersync?b=ttd&i=bef21cd7-0fed-4f87-bc0f-da97b65f7cb9&t=1638978487
Frame ID: 3110A3B5CADCDDE600C08415DC20EDB3
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?p=gumgum
Frame ID: CE68D0755BBFCB976DF881F5A63B84A0
Requests: 2 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usersync?b=mmh&i=47ba6189-46b6-4f00-a922-0724bc220c16&gdpr=0&gdpr_consent=
Frame ID: C5410AAFF05EC1EC4FF0A4F63E21E354
Requests: 1 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usersync?b=atm&i=YYlGtQADCzBZAQAz&gdpr=0&gdpr_consent=
Frame ID: 9104C54566FF07424D638FC77B971E6C
Requests: 1 HTTP requests in this frame

Frame: https://cm.g.doubleclick.net/pixel?google_nid=gumgum_dbm&google_hm=dV9kNGQ3YmZmYi01ZTNlLTRiYTktOWIwMS1kMjU1NGYxYjUzMDY=&gdpr=0&gdpr_consent=
Frame ID: C75D1FE9B34EC680CBC80EE098494EE1
Requests: 1 HTTP requests in this frame

Frame: https://de.tynt.com/deb/?m=xch&rt=html&id=0013300001r0t9mAAA&ru=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dtta%26i%3D33XUSERID33X
Frame ID: 5540D690FEF82F12581788DF800ECCF0
Requests: 7 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usersync?b=emx&i=6624566760367890375brt76091636386488213196a6
Frame ID: F4486E25C100F37E95B7AC4951CECCFE
Requests: 1 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usersync?b=sus&i=YYlGuMCo8XwAAPByeu4AAAAA
Frame ID: 29F3BE4E1E0ADC0BE2944F8DE0D9356A
Requests: 1 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usersync?b=zet&i=978758875032371846
Frame ID: 6276EBEA5864A2D8E7B1AFDCB301733F
Requests: 1 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usersync?b=rth&i=tQ69bRhylMgWIwynDRVw&pi=gumgum
Frame ID: 7D3B3F00B53D7FA6CE1DA85413B1BADF
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?p=33across&endpoint=us-east&us_privacy=
Frame ID: 95DB5055DDF5F782974537EAD4903C4A
Requests: 3 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=0&gdprConsent=
Frame ID: 377DD888F547D76BFBE5E7CF13193CE8
Requests: 1 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usersync?b=ttd&i=bef21cd7-0fed-4f87-bc0f-da97b65f7cb9&t=1638978488
Frame ID: 71A24DEF104E64A576048CA8832A286E
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?p=gumgum
Frame ID: F096C71835ACCDC3DBCC38BF8184452A
Requests: 3 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usersync?b=mmh&i=47ba6189-46b6-4f00-a922-0724bc220c16&gdpr=0&gdpr_consent=
Frame ID: CB6B27D9F9922F3C7CB85E93741A7B42
Requests: 1 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usersync?b=atm&i=YYlGtQADCzBZAQAz&gdpr=0&gdpr_consent=
Frame ID: 8059E7336D4682EDDD3DF5A6FA55D1CC
Requests: 1 HTTP requests in this frame

Frame: https://cm.g.doubleclick.net/pixel?google_nid=gumgum_dbm&google_hm=dV9kNGQ3YmZmYi01ZTNlLTRiYTktOWIwMS1kMjU1NGYxYjUzMDY=&gdpr=0&gdpr_consent=
Frame ID: C67EECD6513E6DF8A159277F6435C8D2
Requests: 1 HTTP requests in this frame

Frame: https://de.tynt.com/deb/?m=xch&rt=html&id=0013300001r0t9mAAA&ru=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dtta%26i%3D33XUSERID33X
Frame ID: F4A6AAEF1F98C60884A45A3D4CBD903C
Requests: 6 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usersync?b=emx&i=6624566760367890375brt76091636386488213196a6
Frame ID: E368D9E18FF90AF0B486CD92A4627CF4
Requests: 1 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usersync?b=sus&i=YYlGuMCo8XwAAPByevcAAAAA
Frame ID: 0EE43B0CC7F7EB5C59EE78A44CD1074B
Requests: 1 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usersync?b=zet&i=978758875032371846
Frame ID: 313DC75BB74E353665F22BE7DD4A75A8
Requests: 1 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usersync?b=rth&i=tQ69bRhylMgWIwynDRVw&pi=gumgum
Frame ID: 1A7F345959EB90133F3A296CA1EF9BEB
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=0&gdprConsent=
Frame ID: F67B6383454110A8A59C9C470A32F012
Requests: 1 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usersync?b=ttd&i=bef21cd7-0fed-4f87-bc0f-da97b65f7cb9&t=1638978488
Frame ID: 743E571524BD9A4F0A1778728BE619AE
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?p=gumgum
Frame ID: C596087283D5324B0E73C6BCB7AA8F65
Requests: 2 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usersync?b=mmh&i=47ba6189-46b6-4f00-a922-0724bc220c16&gdpr=0&gdpr_consent=
Frame ID: FF56BC26FAA589D2D5AC624275A1AC01
Requests: 1 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usersync?b=atm&i=YYlGtQADCzBZAQAz&gdpr=0&gdpr_consent=
Frame ID: 0B6DF6B9D2EB74BC24E8EE63754FCB59
Requests: 1 HTTP requests in this frame

Frame: https://cm.g.doubleclick.net/pixel?google_nid=gumgum_dbm&google_hm=dV9kNGQ3YmZmYi01ZTNlLTRiYTktOWIwMS1kMjU1NGYxYjUzMDY=&gdpr=0&gdpr_consent=
Frame ID: 935A26DCF06C76B9544D7682834D96AB
Requests: 1 HTTP requests in this frame

Frame: https://de.tynt.com/deb/?m=xch&rt=html&id=0013300001r0t9mAAA&ru=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dtta%26i%3D33XUSERID33X
Frame ID: 0471591AA88467D9EC5745DC3AF65948
Requests: 6 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usersync?b=emx&i=6624566760367890375brt76091636386488213196a6
Frame ID: D030E82322A61797B1DEFF9D9898ADDD
Requests: 1 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usersync?b=sus&i=YYlGuMCo8X0AADSBN-UAAAAA
Frame ID: 3AF0A4C75B6E1F8C7139A18094CCB475
Requests: 1 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usersync?b=zet&i=978758875032371846
Frame ID: 997512F1C286C754399611205AD04667
Requests: 1 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usersync?b=rth&i=tQ69bRhylMgWIwynDRVw&pi=gumgum
Frame ID: 7C1F5A25CCD36F9F585E7A6C16C6A73F
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=0&gdprConsent=
Frame ID: 6B0678CA9F79F48A6DBEB32E9E5E0BF3
Requests: 1 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usersync?b=ttd&i=bef21cd7-0fed-4f87-bc0f-da97b65f7cb9&t=1638978488
Frame ID: 3C475334978693267B68DA35E416DD89
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?p=gumgum
Frame ID: 7BE23FFCA90C10D4C8E39100A2BF3C4E
Requests: 2 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usersync?b=mmh&i=47ba6189-46b6-4f00-a922-0724bc220c16&gdpr=0&gdpr_consent=
Frame ID: 7430C52B411D7AED13FC68D3EDC10A81
Requests: 1 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usersync?b=atm&i=YYlGtQADCzBZAQAz&gdpr=0&gdpr_consent=
Frame ID: 5474C17E0878325ACF3C798E91CD30D7
Requests: 1 HTTP requests in this frame

Frame: https://cm.g.doubleclick.net/pixel?google_nid=gumgum_dbm&google_hm=dV9kNGQ3YmZmYi01ZTNlLTRiYTktOWIwMS1kMjU1NGYxYjUzMDY=&gdpr=0&gdpr_consent=
Frame ID: 570AF871DBD47DA05CEB0982BDEADC94
Requests: 1 HTTP requests in this frame

Frame: https://de.tynt.com/deb/?m=xch&rt=html&id=0013300001r0t9mAAA&ru=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dtta%26i%3D33XUSERID33X
Frame ID: A0C420D1E85E15473A95C9A1DB5F4705
Requests: 6 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usersync?b=emx&i=6624566760367890375brt76091636386488213196a6
Frame ID: F89B3AE0091DA0C9EF06A82E210B6C3C
Requests: 1 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usersync?b=sus&i=YYlGuMCo8XsAAEen3NwAAAAA
Frame ID: 55540071841A4E444FDA55FCDB8FE364
Requests: 1 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usersync?b=zet&i=978758875032371846
Frame ID: D4EDDDD780F7061B5FBD1BFB6DA020C5
Requests: 1 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usersync?b=rth&i=tQ69bRhylMgWIwynDRVw&pi=gumgum
Frame ID: A978D4CF5DE7F7C6BCE584289D0B233D
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html
Frame ID: 0BCEC6B003A2F6A58B89FDC5123B4B6A
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 26A20A08C5B87C15C48C93C87A982C33
Requests: 2 HTTP requests in this frame

Frame: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDImdGw9MTI5NjAw&piggybackCookie=jrWsujeLCPKVSmSouUaJYQ
Frame ID: 4DFA52EA310882B64A562C431393483C
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzcmdGw9ODY0MDA=&piggybackCookie=uid:123372137146826
Frame ID: C4C18EB0E98B3825E6F0804E111C9015
Requests: 1 HTTP requests in this frame

Frame: https://csync.loopme.me/?redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzImdGw9MTI5NjAw&piggybackCookie={device_id}&gdpr=0&gdpr_consent=
Frame ID: DDA6B6D4008B124C9AB59F5A81CBD507
Requests: 1 HTTP requests in this frame

Frame: https://match.bnmla.com/usersync?sspid=10738&redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTI3NzUmdGw9MTI5NjAw%26piggybackCookie%3D%5BUUID%5D
Frame ID: 74D5E9B6EEBB03780403B111EB91B97D
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:961AF1076BCA42258C4489EC777AF824
Frame ID: 95A6376F11CEB852CF2A3E57B5E5621C
Requests: 1 HTTP requests in this frame

Frame: https://ce.lijit.com/merge?pid=71&3pid=909D4247-195C-4A1C-B725-510C1A2C19E4
Frame ID: A6CE78816282D45728749AB43DE13249
Requests: 1 HTTP requests in this frame

Frame: https://us-u.openx.net/w/1.0/cm?id=c6a5ba0d-ce02-41bd-a1ea-842c68bd5108&ph=8f5ed5d4-642c-4222-968a-d709c87ac3c8&us_privacy=&r=https%3A%2F%2Fcms-xch-chicago.33across.com%2Fmatch%3Fus_privacy%3D%26bidder_id%3D70%26external_user_id%3D
Frame ID: 40A16DEC3BC7D0CCF03073E67DCC65C5
Requests: 12 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html
Frame ID: 62B47498666BA43B511DAA18964AA44E
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 9288DB907A861C52222E894CD2B09A31
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html
Frame ID: 6CE47203CD462B3D24DC6C223BF87D60
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 1F1F53163574DA67045B306D8D80E87B
Requests: 2 HTTP requests in this frame

Frame: https://bcp.crwdcntrl.net/5/c=15238/rand=778027257/pv=y/amskip=Y/pltfrm=%23OpR%2399944%23ads.us.e-planning.net%20%3A%20Referral%20Site%20%3A%20securityaffairs.co/rt=ifr
Frame ID: 6145F0671549BB023821AECF084D4525
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

New Golang-based Crypto worm infects Windows and Linux serversSecurity Affairs

Page URL History Show full URLs

  1. https://t.co/ms2nVAhQmD Page URL
  2. https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html Page URL

Page Statistics

906
Requests

57 %
HTTPS

18 %
IPv6

136
Domains

223
Subdomains

123
IPs

11
Countries

4832 kB
Transfer

7925 kB
Size

347
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://t.co/ms2nVAhQmD Page URL
  2. https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 62
  • https://l.sharethis.com/pview?event=pview&version=st_insights.js&lang=en&sessionID=1636386484505.10662&hostname=securityaffairs.co&location=%2Fwordpress%2F112825%2Fmalware%2Fgolang-based-worm-windows-linux.html&product=simpleshare&fcmp=false&fcmpv2=false&publisher=4d48b7c5-0ae3-43d4-bfbe-3ff8c17a8ae6&refDomain=t.co&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F112825%2Fmalware%2Fgolang-based-worm-windows-linux.html&title=New%20Golang-based%20Crypto%20worm%20infects%20Windows%20and%20Linux%20serversSecurity%20Affairs&sop=false&description=Experts%20from%20Intezer%20discovered%20a%20new%20and%20self-spreading%20Golang-based%20malware%20that%20targets%20Windows%20and%20Linux%20servers.%20Experts%20from%20Intezer%20discovered%20a%20Golang-based%20worm%20that%20targets%20Windows%20and%20Linux%20servers.%20The%20malware%20has%20been%20active%20since%20early%20December%20targeting%20public-facing%20services%2C%20including%20MySQL%2C%20Tomcat%20admin%20panel%20and%20Jenkins%20that%20are%20protected%20with%20weak%20passwords.%20The%20worm%20%5B%E2%80%A6%5D HTTP 301
  • https://l.sharethis.com/sc?event=pview&version=st_insights.js&lang=en&sessionID=1636386484505.10662&hostname=securityaffairs.co&location=%2Fwordpress%2F112825%2Fmalware%2Fgolang-based-worm-windows-linux.html&product=simpleshare&fcmp=false&fcmpv2=false&publisher=4d48b7c5-0ae3-43d4-bfbe-3ff8c17a8ae6&refDomain=t.co&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F112825%2Fmalware%2Fgolang-based-worm-windows-linux.html&title=New%20Golang-based%20Crypto%20worm%20infects%20Windows%20and%20Linux%20serversSecurity%20Affairs&sop=false&description=Experts%20from%20Intezer%20discovered%20a%20new%20and%20self-spreading%20Golang-based%20malware%20that%20targets%20Windows%20and%20Linux%20servers.%20Experts%20from%20Intezer%20discovered%20a%20Golang-based%20worm%20that%20targets%20Windows%20and%20Linux%20servers.%20The%20malware%20has%20been%20active%20since%20early%20December%20targeting%20public-facing%20services%2C%20including%20MySQL%2C%20Tomcat%20admin%20panel%20and%20Jenkins%20that%20are%20protected%20with%20weak%20passwords.%20The%20worm%20%5B%E2%80%A6%5D&samesite=None
Request Chain 104
  • https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fsecurityaffairs.co%2F&domain=securityaffairs.co&cw=1&lsw=1 HTTP 302
  • https://mug.criteo.com/sid?cpp=PEVsF3xhNDBGbDl3VitHT3hhSkhHVVVmT0dydFc5MlhOV21GWXp6bVAwZHhvSnIzRGZ6K0dxK0RIOHd2K3hpUHJJNzFCMnVIdU53RTZJSlFoanRPalZPNFJBQVRaaFJ5TkpMRGdVcktoWHBadk1Qc0ZpcE5BckxFTjFUOGcyam1CcUNaVm1DbVdsVWVhbUJVM09ad0N0MFVzUDIrU3NVVTBFbDcxYmI4TlIwQjVmZDErWHBOQ0d5VEpIRFREVCt0TGVWUGJPTDNHdkN4VE96WHNTdHlIRGlqRnZkZHhRRUNWQ0JYOG01OEE4NXdscXMwPXw&cppv=2
Request Chain 108
  • https://secure.adnxs.com/seg?add=27578926%2C27578926&t=1 HTTP 307
  • https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D27578926%252C27578926%26t%3D1
Request Chain 109
  • https://secure.adnxs.com/seg?add=27578935%2C27578935&t=1 HTTP 307
  • https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D27578935%252C27578935%26t%3D1
Request Chain 168
  • https://ads.us.e-planning.net/uspd/1/?du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID HTTP 302
  • https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Request Chain 187
  • https://pixel.sitescout.com/dmp/pixelSync?network=EPLANNING&rurl=https%3A%2F%2Fu-iad04.e-planning.net%2Fum%3Fuid%3D%7BUSER_ID%7D%26dc%3D0abbcb4eba840e59%26fi%3Da925008edff725ea HTTP 302
  • https://pixel.sitescout.com/dmp/pixelSync?cookieQ=1&network=EPLANNING&rurl=https%3A%2F%2Fu-iad04.e-planning.net%2Fum%3Fuid%3D%7BUSER_ID%7D%26dc%3D0abbcb4eba840e59%26fi%3Da925008edff725ea HTTP 302
  • https://loadm.exelator.com/load/?p=204&g=700&j=r&buid=c5a8c34f-a2af-431f-bc5a-09806d7b694f-618946b5-4341&ru=https%3A%2F%2Fpixel.tapad.com%2Fidsync%2Fex%2Fpush%3Fpartner_id%3D2499%26partner_device_id%3Dc5a8c34f-a2af-431f-bc5a-09806d7b694f-618946b5-4341%26partner_url%3Dhttps%253A%252F%252Fu-iad04.e-planning.net%252Fum%253Fuid%253Dc5a8c34f-a2af-431f-bc5a-09806d7b694f-618946b5-4341%2526dc%253D0abbcb4eba840e59%2526fi%253Da925008edff725ea HTTP 302
  • https://loadm.exelator.com/load/?p=204&g=700&j=r&buid=c5a8c34f-a2af-431f-bc5a-09806d7b694f-618946b5-4341&ru=https%3A%2F%2Fpixel.tapad.com%2Fidsync%2Fex%2Fpush%3Fpartner_id%3D2499%26partner_device_id%3Dc5a8c34f-a2af-431f-bc5a-09806d7b694f-618946b5-4341%26partner_url%3Dhttps%253A%252F%252Fu-iad04.e-planning.net%252Fum%253Fuid%253Dc5a8c34f-a2af-431f-bc5a-09806d7b694f-618946b5-4341%2526dc%253D0abbcb4eba840e59%2526fi%253Da925008edff725ea&xl8blockcheck=1 HTTP 302
  • https://pixel.tapad.com/idsync/ex/push?partner_id=2499&partner_device_id=c5a8c34f-a2af-431f-bc5a-09806d7b694f-618946b5-4341&partner_url=https%3A%2F%2Fu-iad04.e-planning.net%2Fum%3Fuid%3Dc5a8c34f-a2af-431f-bc5a-09806d7b694f-618946b5-4341%26dc%3D0abbcb4eba840e59%26fi%3Da925008edff725ea HTTP 302
  • https://pixel.tapad.com/idsync/ex/push/check?partner_id=2499&partner_device_id=c5a8c34f-a2af-431f-bc5a-09806d7b694f-618946b5-4341&partner_url=https%3A%2F%2Fu-iad04.e-planning.net%2Fum%3Fuid%3Dc5a8c34f-a2af-431f-bc5a-09806d7b694f-618946b5-4341%26dc%3D0abbcb4eba840e59%26fi%3Da925008edff725ea HTTP 302
  • https://u-iad04.e-planning.net/um?uid=c5a8c34f-a2af-431f-bc5a-09806d7b694f-618946b5-4341&dc=0abbcb4eba840e59&fi=a925008edff725ea
Request Chain 188
  • https://sync.1rx.io/usersync2/eplanning HTTP 302
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=4824082051 HTTP 302
  • https://sync.1rx.io/usersync/tradedesk/bef21cd7-0fed-4f87-bc0f-da97b65f7cb9 HTTP 302
  • https://sync.targeting.unrulymedia.com/csync/RX-af56c6db-498f-42fc-9369-e44a2dbc1924-005?redir=https%3A%2F%2Fsync.e-planning.net%2Fum%3Fuid%3DRX-af56c6db-498f-42fc-9369-e44a2dbc1924-005%26dc%3D1079cc634ca638f8%26iss%3D1 HTTP 302
  • https://sync.e-planning.net/um?uid=RX-af56c6db-498f-42fc-9369-e44a2dbc1924-005&dc=1079cc634ca638f8&iss=1
Request Chain 191
  • https://rtb.openx.net/sync/prebid?r=https%3A%2F%2Fu-iad04.e-planning.net%2Fum%3Fdc%3Dff96d1aa62deeebd%26fi%3Da925008edff725ea%26uid%3D%24%7BUID%7D HTTP 302
  • https://u-iad04.e-planning.net/um?dc=ff96d1aa62deeebd&fi=a925008edff725ea&uid=8bf5fdb4-34f9-41fa-ba1f-8a2a28959897
Request Chain 194
  • https://prebid-match.dotomi.com/match/bounce/current?networkId=72582&version=1&rurl=https%3A%2F%2Fu-iad04.e-planning.net%2Fum%3Fdc%3Dfbb23d0ef33aad5d%26fi%3Da925008edff725ea%26uid%3D HTTP 302
  • https://prebid-match.dotomi.com/match/bounce/current?DotomiTest=7426990e44bc122e&is_secure=true&networkId=72582&version=1&rurl=https%3A%2F%2Fu-iad04.e-planning.net%2Fum%3Fdc%3Dfbb23d0ef33aad5d%26fi%3Da925008edff725ea%26uid%3D HTTP 302
  • https://u-iad04.e-planning.net/um?dc=fbb23d0ef33aad5d&fi=a925008edff725ea&uid=AAAGdRmRckESagNJKRDMAAAAAAA&expiration=1636472885&is_secure=true
Request Chain 195
  • https://sync.richaudience.com/f7872c90c5d3791e2b51f7edce1a0a5d/?p=25BiP9IMgN&r=https%3A%2F%2Fu-iad04.e-planning.net%2Fum%3Fuid%3D[PDID]%26dc%3Dfabfd6762b833237%26fi%3Da925008edff725ea HTTP 302
  • https://sync.richaudience.com/bf7c142f4339da0278e83698a02b0854/?consentString=&referrer=https%3A%2F%2Fads.us.e-planning.net%2F HTTP 302
  • https://sync.richaudience.com/bf7c142f4339da0278e83698a02b0854/?consentString=&referrer=https%3A%2F%2Fads.us.e-planning.net%2F&rd=1 HTTP 303
  • https://sync.smartadserver.com/getuid?url=https%3A%2F%2Fsync.richaudience.com%2F1a12a024f8f9561c49164bbaf87ed164%2F%3Fuid%3D[sas_uid]&gdpr_consent=&nwid=2441/ HTTP 302
  • https://sync.smartadserver.com/getuid?url=https://sync.richaudience.com/1a12a024f8f9561c49164bbaf87ed164/?uid=[sas_uid]&gdpr_consent=&nwid=2441/&cklb=1 HTTP 302
  • https://sync.richaudience.com/1a12a024f8f9561c49164bbaf87ed164/?uid=4168224421957587973
Request Chain 196
  • https://ib.adnxs.com/getuid?https%3A%2F%2Fu-iad04.e-planning.net%2Fum%3Fdc%3D8103fa85295fbe60%26fi%3Da925008edff725ea%26uid%3D%24UID HTTP 302
  • https://u-iad04.e-planning.net/um?dc=8103fa85295fbe60&fi=a925008edff725ea&uid=6624566760367890375
Request Chain 197
  • https://sync.go.sonobi.com/us?loc=%0A%0Ahttps%3A%2F%2Fu-iad04.e-planning.net%2Fum%3Fdc%3De52415579699e09f%26fi%3Da925008edff725ea%26uid%3D%5BUID%5D HTTP 302
  • https://u-iad04.e-planning.net/um?dc=e52415579699e09f&fi=a925008edff725ea&uid=f3bb0ca7-bd05-4942-8f6c-d6a9657e2b3f
Request Chain 198
  • https://ups.analytics.yahoo.com/ups/58414/occ HTTP 302
  • https://sync.e-planning.net/um?dc=d5ef3eaea371187e&iss=1&uid=y-DWGe3ZRE2uE9W5WwSA1PSFfWghO6_q_I9VNM3fQ-~A
Request Chain 199
  • https://cs.admanmedia.com/sync/eplanning?redir=https%3A%2F%2Fu-iad04.e-planning.net%2Fum%3Fdc%3D227acb3d18564968%26fi%3Da925008edff725ea%26uid%3D%7B%24UID%7D HTTP 302
  • https://u-iad04.e-planning.net/um?dc=227acb3d18564968&fi=a925008edff725ea&uid=8b9c57a28a641e890a1326df957fbbd9dbdd5e73
Request Chain 200
  • https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?&p=eplanning_east&endpoint=us-east HTTP 301
  • https://eus.rubiconproject.com/usync.html?&p=eplanning_east&endpoint=us-east
Request Chain 207
  • https://ssum.casalemedia.com/usermatch?s=190243&cb=https%3A%2F%2Fu-iad04.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3Da925008edff725ea%26uid%3D HTTP 302
  • https://ssum.casalemedia.com/usermatch?cb=https%3A%2F%2Fu-iad04.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3Da925008edff725ea%26uid%3D&s=190243&C=1
Request Chain 220
  • https://c1.adform.net/serving/cookie/match?party=14&cid=909D4247-195C-4A1C-B725-510C1A2C19E4 HTTP 302
  • https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=909D4247-195C-4A1C-B725-510C1A2C19E4
Request Chain 221
  • https://sync-tm.everesttech.net/upi/pid/b9pj45k4?redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%7D%26gdpr%3D0%26gdpr_consent%3D HTTP 302
  • https://sync-tm.everesttech.net/ct/upi/pid/b9pj45k4?redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%7D%26gdpr%3D0%26gdpr_consent%3D&_test=YYlGtQADCzBZAQAz HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=YYlGtQADCzBZAQAz&gdpr=0&gdpr_consent=&_test=YYlGtQADCzBZAQAz
Request Chain 222
  • https://match.prod.bidr.io/cookie-sync/pm&gdpr=0&gdpr_consent= HTTP 303
  • https://match.prod.bidr.io/cookie-sync/pm&gdpr=0&gdpr_consent=?_bee_ppp=1 HTTP 303
  • https://cm.g.doubleclick.net/pixel?google_nid=beeswaxio&google_sc=&google_hm=QUFDcURrN0RFbzBBQUJrZktRUHhLUQ&bee_sync_partners=pp%2Csas%2Csyn%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&bee_sync_hop_count=1 HTTP 302
  • https://match.prod.bidr.io/cookie-sync/adx?bee_sync_partners=pp%2Csas%2Csyn%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&bee_sync_hop_count=1
Request Chain 225
  • https://cm.adgrx.com/bridge?AG_PID=pubmatic&AG_SETCOOKIE&gdpr=0&gdpr_consent= HTTP 302
  • https://cm.adgrx.com/bridge.gif?AG_PID=pubmatic&gdpr=0&gdpr_consent= HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzMDEmdGw9MTI5NjAw&piggybackCookie=439792cc-40ab-11ec-918a-3b0a3813f2a6
Request Chain 226
  • https://pm.w55c.net/ping_match.gif?ei=PUBMATIC&rurl=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:_wfivefivec_&gdpr=0&gdpr_consent= HTTP 302
  • https://pm.w55c.net/ping_match.gif?scc=1&ei=PUBMATIC&rurl=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:_wfivefivec_&gdpr=0&gdpr_consent= HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:XuW5Oh981MK6Sp5&gdpr=0&gdpr_consent=
Request Chain 227
  • https://sync.srv.stackadapt.com/sync?nid=11 HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=hUTaF9LeQ2xNm_19Q3CPgCV4zZU
Request Chain 228
  • https://sync.1rx.io/usersync2/pubmatic&gdpr=0&gdpr_consent= HTTP 302
  • https://x.bidswitch.net/sync?ssp=adconductor&user_id=RX-af56c6db-498f-42fc-9369-e44a2dbc1924-005&rndcb=4977707178 HTTP 302
  • https://x.bidswitch.net/ul_cb/sync?ssp=adconductor&user_id=RX-af56c6db-498f-42fc-9369-e44a2dbc1924-005&rndcb=4977707178 HTTP 302
  • https://event.clientgear.com/cookie/bidswitch?partner=bidswitch&bidswitch_ssp_id=adconductor&bsw_custom_parameter=85c87065-7ef7-4b17-88e8-8c602c265f67 HTTP 302
  • https://x.bidswitch.net/sync?dsp_id=257&user_id=mk3b3536ea-2edf-49ca-9ae0-72ccb4dd4411&expires=7&user_group=5&ssp=adconductor&bsw_param=85c87065-7ef7-4b17-88e8-8c602c265f67 HTTP 302
  • https://sync.1rx.io/usersync/bidswitch/85c87065-7ef7-4b17-88e8-8c602c265f67?gdpr=&gdpr_consent= HTTP 302
  • https://sync.targeting.unrulymedia.com/csync/RX-af56c6db-498f-42fc-9369-e44a2dbc1924-005?redir=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dunruly%26uid%3DRX-af56c6db-498f-42fc-9369-e44a2dbc1924-005 HTTP 302
  • https://sync.quantumdex.io/setuid?bidder=unruly&uid=RX-af56c6db-498f-42fc-9369-e44a2dbc1924-005
Request Chain 229
  • https://a.tribalfusion.com/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID} HTTP 302
  • https://s.tribalfusion.com/z/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID}
Request Chain 230
  • https://px.owneriq.net/epm?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzMmdGw9MTI5NjAw&piggybackCookie=$UID HTTP 302
  • https://px.owneriq.net/ecc?redir=https%3a%2f%2fsimage2.pubmatic.com%2fAdServer%2fPug%3fvcode%3dbz0yJnR5cGU9MSZjb2RlPTMwNzMmdGw9MTI5NjAw%26piggybackCookie%3dQ6896728851048605046&uid=Q6896728851048605046&ref=%2Fepm HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzMmdGw9MTI5NjAw&piggybackCookie=Q6896728851048605046
Request Chain 231
  • https://ums.acuityplatform.com/tum?umid=6 HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI5NDcmdGw9MTI5NjAw&piggybackCookie=620923216780
Request Chain 232
  • https://trc.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw&piggybackCookie=uid:$UID HTTP 302
  • https://match.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&tbid=8fd59bcc-d66b-43c7-9a7e-bd761d6b0394-tuct882cc35&query=taboola_hm%3D1%26redir%3Dhttps%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw%26piggybackCookie%3Duid%3A%24UID&isDirect=0
Request Chain 234
  • https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=kJ1CRxlcShy3JVEMGiwZ5A%3D%3D HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=kJ1CRxlcShy3JVEMGiwZ5A%3D%3D&google_tc= HTTP 302
  • https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=
Request Chain 235
  • https://idsync.rlcdn.com/420486.gif?partner_uid=909D4247-195C-4A1C-B725-510C1A2C19E4 HTTP 307
  • https://idsync.rlcdn.com/1000.gif?memo=CIbVGRIwCiwIARCMowEaJDkwOUQ0MjQ3LTE5NUMtNEExQy1CNzI1LTUxMEMxQTJDMTlFNBAAGg0ItY2ljAYSBQjoBxAAQgBKAA HTTP 307
  • https://pippio.com/api/sync?pid=5324&it=1&iv=769dafaf4b42a5209f3ca325287365d05df3d17b41b63da5df0e5684efd6e152791426b5417dce21&_=2 HTTP 307
  • https://cm.g.doubleclick.net/pixel?google_nid=pippio_dmp&google_cm&google_no_sc&m=CMwpElsKVwgBEJInGlA3NjlkYWZhZjRiNDJhNTIwOWYzY2EzMjUyODczNjVkMDVkZjNkMTdiNDFiNjNkYTVkZjBlNTY4NGVmZDZlMTUyNzkxNDI2YjU0MTdkY2UyMRAAGgwIto2ljAYSBAgCEABCAEoA HTTP 302
  • https://pippio.com/api/sync/ddp?pid=2&m=CMwpElsKVwgBEJInGlA3NjlkYWZhZjRiNDJhNTIwOWYzY2EzMjUyODczNjVkMDVkZjNkMTdiNDFiNjNkYTVkZjBlNTY4NGVmZDZlMTUyNzkxNDI2YjU0MTdkY2UyMRAAGgwIto2ljAYSBAgCEABCAEoA&google_gid=CAESEH6NV9kEvgMhz7lvdA2yeYo&google_cver=1 HTTP 307
  • https://tags.rd.linksynergy.com/rcs?ns=lr&uid3= HTTP 303
  • https://idsync.rlcdn.com/458249.gif?partner_uid=24055759-e17a-4501-ab3c-6739b9b4c477
Request Chain 236
  • https://sync.mathtag.com/sync/img?mt_exid=3&redir=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3FpartnerID%3D27%26partnerUID%3D%5BMM_UUID%5D HTTP 302
  • https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=b6cf6189-46b6-4a00-b3d1-4eb45cd40869
Request Chain 237
  • https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=OTA5RDQyNDctMTk1Qy00QTFDLUI3MjUtNTEwQzFBMkMxOUU0&gdpr=0&gdpr_consent= HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=OTA5RDQyNDctMTk1Qy00QTFDLUI3MjUtNTEwQzFBMkMxOUU0&gdpr=0&gdpr_consent=&google_tc= HTTP 302
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
Request Chain 238
  • https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm&google_sc&gdpr=0&gdpr_consent= HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm=&google_sc=&gdpr=0&gdpr_consent=&google_tc= HTTP 302
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEHWrEwm--yYmr12Y-k6SOYA&google_cver=1
Request Chain 239
  • https://um.simpli.fi/pubmatic?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODA2JnRsPTUxODQwMA==&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent= HTTP 302
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTgwNiZ0bD01MTg0MDA=&piggybackCookie=uid:961AF1076BCA42258C4489EC777AF824
Request Chain 240
  • https://ad.turn.com/r/cs?pid=1&gdpr=0&gdpr_consent= HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=3101355994236352031&gdpr=0&gdpr_consent=&us_privacy=
Request Chain 241
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=pubmatic&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=bef21cd7-0fed-4f87-bc0f-da97b65f7cb9
Request Chain 242
  • https://sync.mathtag.com/sync/img?mt_exid=3&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA%3D%3D%26piggybackCookie%3Duid%3A%5BMM_UUID%5D HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA==&piggybackCookie=uid:47ba6189-46b6-4f00-a922-0724bc220c16&gdpr=0&gdpr_consent=
Request Chain 243
  • https://ups.analytics.yahoo.com/ups/58292/sync?_origin=1&uid=909D4247-195C-4A1C-B725-510C1A2C19E4&redir=true&gdpr=0&gdpr_consent= HTTP 302
  • https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-sr26K5hE2uU8.hgfrJxk0n5LRJ3TEc8-~A&gdpr=0&gdpr_consent=
Request Chain 245
  • https://ib.adnxs.com/getuid?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=$UID&gdpr=0&gdpr_consent= HTTP 302
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=6624566760367890375&gdpr=0&gdpr_consent=
Request Chain 247
  • https://pubmatic-match.dotomi.com/match/bounce/current?networkId=17100&version=1&nuid=909D4247-195C-4A1C-B725-510C1A2C19E4&gdpr=0&gdpr_consent= HTTP 302
  • https://pubmatic-match.dotomi.com/match/bounce/current?DotomiTest=49ee1423f9b7122e&is_secure=true&networkId=17100&version=1&nuid=909D4247-195C-4A1C-B725-510C1A2C19E4&gdpr=0&gdpr_consent= HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTQ2MSZ0bD0xMDA4MA==&piggybackCookie=AAAGdRmRckESgQMeIAmPAAAAAAA&expiration=1636472886&nuid=909D4247-195C-4A1C-B725-510C1A2C19E4&is_secure=true&gdpr_consent=&gdpr=0
Request Chain 248
  • https://sync.ipredictive.com/d/sync/cookie/generic?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzI1MCZ0bD0xMjk2MDA=&piggybackCookie=${ADELPHIC_CUID}&gdpr=0&gdpr_consent= HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzI1MCZ0bD0xMjk2MDA=&piggybackCookie=43ca9dab-40ab-11ec-9d66-2b2cac59886f&gdpr=0&gdpr_consent=
Request Chain 249
  • https://pixel-sync.sitescout.com/dmp/pixelSync?nid=3&gdpr=0&gdpr_consent= HTTP 302
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5NjkmdGw9MjU5MjAw=&piggybackCookie=c5a8c34f-a2af-431f-bc5a-09806d7b694f-618946b5-4341&gdpr=0&gdpr_consent=
Request Chain 250
  • https://pmp.mxptint.net/sn.ashx?&gdpr=0&gdpr_consent= HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjc0NCZ0bD0xNTc2ODAw&piggybackCookie=R1B331_E63D087A_53B0049B&r=https://pmp.mxptint.net/sn.ashx?ak=1 HTTP 302
  • https://pmp.mxptint.net/sn.ashx?ak=1
Request Chain 251
  • https://pixel.quantserve.com/pixel/p-5aWVS_roA1dVM.gif?idmatch=0&gdpr=0&gdpr_consent= HTTP 302
  • https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=U88XBlHITQlIyh0HUZ0CDlXHGA1IzBgOUs8nyYch
Request Chain 252
  • https://x.bidswitch.net/sync?ssp=pubmatic&gdpr=0&gdpr_consent= HTTP 302
  • https://rtb.adstanding.com/ssp/bidswitch/cookie?bidswitch_ssp_id=pubmatic&bidswitch_custom_parameter=85c87065-7ef7-4b17-88e8-8c602c265f67 HTTP 302
  • https://x.bidswitch.net/sync?dsp_id=317&user_id=3195ec6e475b4ca1064afc2e5639af18&expires=30&ssp=pubmatic&bsw_param=85c87065-7ef7-4b17-88e8-8c602c265f67 HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=85c87065-7ef7-4b17-88e8-8c602c265f67&gdpr=&gdpr_consent=&gdpr_pd=
Request Chain 253
  • https://sync.resetdigital.co:10001/csync/pubmatic HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MTgmdGw9NzIwMA==&piggybackCookie=000000885342A08A
Request Chain 254
  • https://c1.adform.net/serving/cookie/match?party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COOKIES%20HERE]&gdpr=0&gdpr_consent= HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=4632481810353762187
Request Chain 256
  • https://api.retargetly.com/api?id=1473&src=0&url=https%3A%2F%2Fsecurityaffairs.co%2F&browserUrl=https%3A%2F%2Fads.us.e-planning.net%2Fuspd%2F1%2F%3Fct%3D1%26du%3Dhttps%253A%252F%252Fprebidserver.pixfuture.com%253A8000%252Fsetuid%253Fbidder%253Deplanning%2526gdpr%253D%2526gdpr_consent%253D%2526f%253Db%2526uid%253D%2524UID&ref=https%3A%2F%2Fads.us.e-planning.net%2Fuspd%2F1%2F%3Fct%3D1%26du%3Dhttps%253A%252F%252Fprebidserver.pixfuture.com%253A8000%252Fsetuid%253Fbidder%253Deplanning%2526gdpr%253D%2526gdpr_consent%253D%2526f%253Db%2526uid%253D%2524UID&utmz=&n=&md=&mk=&il=1&limit_drop=&userid=0a2e2888-773d-4afd-bf1b-4c6e9c21042c&idx= HTTP 302
  • https://api.retargetly.com/api?id=1473&src=0&url=https%3A%2F%2Fsecurityaffairs.co%2F&browserUrl=https%3A%2F%2Fads.us.e-planning.net%2Fuspd%2F1%2F%3Fct%3D1%26du%3Dhttps%253A%252F%252Fprebidserver.pixfuture.com%253A8000%252Fsetuid%253Fbidder%253Deplanning%2526gdpr%253D%2526gdpr_consent%253D%2526f%253Db%2526uid%253D%2524UID&ref=https%3A%2F%2Fads.us.e-planning.net%2Fuspd%2F1%2F%3Fct%3D1%26du%3Dhttps%253A%252F%252Fprebidserver.pixfuture.com%253A8000%252Fsetuid%253Fbidder%253Deplanning%2526gdpr%253D%2526gdpr_consent%253D%2526f%253Db%2526uid%253D%2524UID&utmz=&n=&md=&mk=&il=1&limit_drop=&userid=0a2e2888-773d-4afd-bf1b-4c6e9c21042c&idx=&_rlid=0a2e2888-773d-4afd-bf1b-4c6e9c21042c
Request Chain 257
  • https://pixel-us-east.rubiconproject.com/exchange/sync.php?p=eplanning_east HTTP 302
  • https://sync.e-planning.net/um?uid=KVQU9H03-1P-5D30&dc=9bcc91305985f0db&iss=1
Request Chain 263
  • https://cm.g.doubleclick.net/pixel?google_nid=zeotap_ddp&google_cm&zpartnerid=1&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f0830e63-3c13-4bc2-5bbe-276457c3e442&reqId=9f19c3ca-11c3-4fb2-628c-957e8f7d28fa&zdid=1361 HTTP 302
  • https://mwzeom.zeotap.com/mw?google_gid=CAESEKRxaElRs1RZbCYNjV_zo-M&google_cver=1&zpartnerid=1&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f0830e63-3c13-4bc2-5bbe-276457c3e442&reqId=9f19c3ca-11c3-4fb2-628c-957e8f7d28fa&zdid=1361
Request Chain 264
  • https://pixel.tapad.com/idsync/ex/push?partner_url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BTA_DEVICE_ID%7D%26zpartnerid%3D5%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3Df0830e63-3c13-4bc2-5bbe-276457c3e442%26reqId%3D9f19c3ca-11c3-4fb2-628c-957e8f7d28fa%26zdid%3D1361 HTTP 302
  • https://pixel.tapad.com/idsync/ex/push/check?partner_url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BTA_DEVICE_ID%7D%26zpartnerid%3D5%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3Df0830e63-3c13-4bc2-5bbe-276457c3e442%26reqId%3D9f19c3ca-11c3-4fb2-628c-957e8f7d28fa%26zdid%3D1361 HTTP 302
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=tapad&ttd_tpi=1&ttd_puid=aec29ca0-3c0f-4554-9025-2ee595f559f2%252Chttps%253A%252F%252Fmwzeom.zeotap.com%252Fmw%253Fcid%253Daec29ca0-3c0f-4554-9025-2ee595f559f2%2526zpartnerid%253D5%2526env%253DmWeb%2526eventType%253Dmap%2526gdpr%253D1%2526gdpr_consent%253D%2526id_mid_4%253Df0830e63-3c13-4bc2-5bbe-276457c3e442%2526reqId%253D9f19c3ca-11c3-4fb2-628c-957e8f7d28fa%2526zdid%253D1361&gdpr=0&gdpr_consent= HTTP 302
  • https://pixel.tapad.com/idsync/ex/receive?partner_id=1830&partner_device_id=bef21cd7-0fed-4f87-bc0f-da97b65f7cb9&ttd_puid=aec29ca0-3c0f-4554-9025-2ee595f559f2%2Chttps%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3Daec29ca0-3c0f-4554-9025-2ee595f559f2%26zpartnerid%3D5%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3Df0830e63-3c13-4bc2-5bbe-276457c3e442%26reqId%3D9f19c3ca-11c3-4fb2-628c-957e8f7d28fa%26zdid%3D1361 HTTP 302
  • https://mwzeom.zeotap.com/mw?cid=aec29ca0-3c0f-4554-9025-2ee595f559f2&zpartnerid=5&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f0830e63-3c13-4bc2-5bbe-276457c3e442&reqId=9f19c3ca-11c3-4fb2-628c-957e8f7d28fa&zdid=1361
Request Chain 266
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=2xlgrzl&ttd_tpi=1&ttd_puid=env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3Df0830e63-3c13-4bc2-5bbe-276457c3e442%26reqId%3D9f19c3ca-11c3-4fb2-628c-957e8f7d28fa%26zdid%3D1361 HTTP 302
  • https://mwzeom.zeotap.com/mw?cid=bef21cd7-0fed-4f87-bc0f-da97b65f7cb9&zpartnerid=6&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f0830e63-3c13-4bc2-5bbe-276457c3e442&reqId=9f19c3ca-11c3-4fb2-628c-957e8f7d28fa&zdid=1361
Request Chain 269
  • https://image6.pubmatic.com/AdServer/UCookieSetPug?gdpr=0&gdpr_consent=&rd=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D1384%26env%3DmWeb%26cid%3D%23PM_USER_ID%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3Df0830e63-3c13-4bc2-5bbe-276457c3e442%26reqId%3D9f19c3ca-11c3-4fb2-628c-957e8f7d28fa%26zdid%3D1361 HTTP 302
  • https://mwzeom.zeotap.com/mw?zpartnerid=1384&env=mWeb&cid=909D4247-195C-4A1C-B725-510C1A2C19E4&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f0830e63-3c13-4bc2-5bbe-276457c3e442&reqId=9f19c3ca-11c3-4fb2-628c-957e8f7d28fa&zdid=1361
Request Chain 270
  • https://sync.tidaltv.com/genericusersync.ashx?dpid=3169&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f0830e63-3c13-4bc2-5bbe-276457c3e442&reqId=9f19c3ca-11c3-4fb2-628c-957e8f7d28fa&zdid=1361 HTTP 302
  • https://sync.tidaltv.com/genericusersync.ashx?dpid=3169&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f0830e63-3c13-4bc2-5bbe-276457c3e442&reqId=9f19c3ca-11c3-4fb2-628c-957e8f7d28fa&zdid=1361&s_h=1 HTTP 302
  • https://mwzeom.zeotap.com/mw?cid=23353786-7d43-4f07-83ef-59f3a06c3bb5&zpartnerid=317&gdpr=1&gdpr_consent=
Request Chain 271
  • https://dpm.demdex.net/ibs:dpid=199624&dpuuid=f0830e63-3c13-4bc2-5bbe-276457c3e442&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BDD_UUID%7D%26zpartnerid%3D314%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3Df0830e63-3c13-4bc2-5bbe-276457c3e442%26reqId%3D9f19c3ca-11c3-4fb2-628c-957e8f7d28fa%26zdid%3D1361 HTTP 302
  • https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=199624&dpuuid=f0830e63-3c13-4bc2-5bbe-276457c3e442&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BDD_UUID%7D%26zpartnerid%3D314%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3Df0830e63-3c13-4bc2-5bbe-276457c3e442%26reqId%3D9f19c3ca-11c3-4fb2-628c-957e8f7d28fa%26zdid%3D1361 HTTP 302
  • https://mwzeom.zeotap.com/mw?cid=64726530674853989592561403219984982038&zpartnerid=314&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f0830e63-3c13-4bc2-5bbe-276457c3e442&reqId=9f19c3ca-11c3-4fb2-628c-957e8f7d28fa&zdid=1361
Request Chain 272
  • https://dsp.adfarm1.adition.com/cookie/?redirect=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%25%25COOKIE%25%25%26env%3DmWeb%26zpartnerid%3D563%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3Df0830e63-3c13-4bc2-5bbe-276457c3e442%26reqId%3D9f19c3ca-11c3-4fb2-628c-957e8f7d28fa%26zdid%3D1361 HTTP 302
  • https://mwzeom.zeotap.com/mw?cid=7028226440993372315&env=mWeb&zpartnerid=563&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f0830e63-3c13-4bc2-5bbe-276457c3e442&reqId=9f19c3ca-11c3-4fb2-628c-957e8f7d28fa&zdid=1361
Request Chain 273
  • https://idsync.frontend.weborama.fr/ids?key=zeotap&value=f0830e63-3c13-4bc2-5bbe-276457c3e442&url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fwebouuid%3D%7BWEBO_CID%7D%26env%3DmWeb%26zpartnerid%3D431%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3Df0830e63-3c13-4bc2-5bbe-276457c3e442%26reqId%3D9f19c3ca-11c3-4fb2-628c-957e8f7d28fa%26zdid%3D1361 HTTP 302
  • https://idsync.frontend.weborama.fr/ids?key=zeotap&value=f0830e63-3c13-4bc2-5bbe-276457c3e442&url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fwebouuid%3D%7BWEBO_CID%7D%26env%3DmWeb%26zpartnerid%3D431%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3Df0830e63-3c13-4bc2-5bbe-276457c3e442%26reqId%3D9f19c3ca-11c3-4fb2-628c-957e8f7d28fa%26zdid%3D1361&bounce=1&random=488157151 HTTP 302
  • https://mwzeom.zeotap.com/mw?webouuid=eFY5CKnrQDDz8Rftw4B3Pe&env=mWeb&zpartnerid=431&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f0830e63-3c13-4bc2-5bbe-276457c3e442&reqId=9f19c3ca-11c3-4fb2-628c-957e8f7d28fa&zdid=1361
Request Chain 274
  • https://sync.smartadserver.com/getuid?gdpr=0&gdpr_consent=&url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D[sas_uid]%26zpartnerid%3D592%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3Df0830e63-3c13-4bc2-5bbe-276457c3e442%26reqId%3D9f19c3ca-11c3-4fb2-628c-957e8f7d28fa%26zdid%3D1361 HTTP 302
  • https://sync.smartadserver.com/getuid?gdpr=0&gdpr_consent=&url=https://mwzeom.zeotap.com/mw?cid=[sas_uid]&zpartnerid=592&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f0830e63-3c13-4bc2-5bbe-276457c3e442&reqId=9f19c3ca-11c3-4fb2-628c-957e8f7d28fa&zdid=1361&cklb=1 HTTP 302
  • https://mwzeom.zeotap.com/mw?cid=4432653193161462965
Request Chain 275
  • https://bcp.crwdcntrl.net/map/c=13620/tp=ZEOT/tpid=f0830e63-3c13-4bc2-5bbe-276457c3e442?https://mwzeom.zeotap.com/mw?pid=${profile_id}&zpartnerid=637&env=mWeb&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f0830e63-3c13-4bc2-5bbe-276457c3e442&reqId=9f19c3ca-11c3-4fb2-628c-957e8f7d28fa&zdid=1361 HTTP 302
  • https://bcp.crwdcntrl.net/map/ct=y/c=13620/tp=ZEOT/tpid=f0830e63-3c13-4bc2-5bbe-276457c3e442?https://mwzeom.zeotap.com/mw?pid=${profile_id}&zpartnerid=637&env=mWeb&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f0830e63-3c13-4bc2-5bbe-276457c3e442&reqId=9f19c3ca-11c3-4fb2-628c-957e8f7d28fa&zdid=1361 HTTP 302
  • https://mwzeom.zeotap.com/mw?pid=5570d12073d005d655e3b9671c26cbf9&zpartnerid=637&env=mWeb&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f0830e63-3c13-4bc2-5bbe-276457c3e442&reqId=9f19c3ca-11c3-4fb2-628c-957e8f7d28fa&zdid=1361
Request Chain 276
  • https://cms.analytics.yahoo.com/cms?partner_id=ZTAP HTTP 302
  • https://mwzeom.zeotap.com/mw?cid=y-IAky0axE2oppILIJGskF1MvbGAq1jFysuw--~A&zpartnerid=570&env=mWeb
Request Chain 277
  • https://aa.agkn.com/adscores/g.pixel?sid=9212299398&zctry=CAN&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f0830e63-3c13-4bc2-5bbe-276457c3e442&reqId=9f19c3ca-11c3-4fb2-628c-957e8f7d28fa&zdid=1361 HTTP 302
  • https://mwzeom.zeotap.com/mw?zpartnerid=660&env=mWeb&zctry=CAN&zdid=1361&cid=qI%2FVFV8XFInIz8qYprCvcT2aRuXp9skD%2BS41iYitP1U%3D
Request Chain 278
  • https://odr.mookie1.com/t/v2?tagid=V2_746632&src.visitorId=f0830e63-3c13-4bc2-5bbe-276457c3e442&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f0830e63-3c13-4bc2-5bbe-276457c3e442&reqId=9f19c3ca-11c3-4fb2-628c-957e8f7d28fa&zdid=1361 HTTP 302
  • https://mwzeom.zeotap.com/mw?zpartnerid=993&env=mWeb&cid=10600910574261568507&zdid=1361&reqId=9f19c3ca-11c3-4fb2-628c-957e8f7d28fa&w_k=${w_k}&user_zi=${user_zi}&optin=${optin}&uc=${uc}&z_p=${z_p}&gdpr=1&gdpr_consent=
Request Chain 280
  • https://sync-tm.everesttech.net/upi/pid/cQZGoH6Q?redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D876%26env%3DmWeb%26cid%3D${TM_USER_ID}%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3Df0830e63-3c13-4bc2-5bbe-276457c3e442%26reqId%3D9f19c3ca-11c3-4fb2-628c-957e8f7d28fa%26zdid%3D1361 HTTP 302
  • https://mwzeom.zeotap.com/mw?zpartnerid=876&env=mWeb&cid=YYlGtQADCzBZAQAz&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f0830e63-3c13-4bc2-5bbe-276457c3e442&reqId=9f19c3ca-11c3-4fb2-628c-957e8f7d28fa&zdid=1361
Request Chain 281
  • https://usermatch.krxd.net/um/v2?partner=zeotap&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f0830e63-3c13-4bc2-5bbe-276457c3e442&reqId=9f19c3ca-11c3-4fb2-628c-957e8f7d28fa&zdid=1361 HTTP 302
  • https://beacon.krxd.net/usermatch.gif?kuid_status=new&partner=zeotap&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f0830e63-3c13-4bc2-5bbe-276457c3e442&reqId=9f19c3ca-11c3-4fb2-628c-957e8f7d28fa&zdid=1361
Request Chain 282
  • https://s.amazon-adsystem.com/dcm?pid=39af290e-e48a-466a-ba7d-77872fa636b5&id=f0830e63-3c13-4bc2-5bbe-276457c3e442&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f0830e63-3c13-4bc2-5bbe-276457c3e442&reqId=9f19c3ca-11c3-4fb2-628c-957e8f7d28fa&zdid=1361 HTTP 302
  • https://s.amazon-adsystem.com/dcm?pid=39af290e-e48a-466a-ba7d-77872fa636b5&id=f0830e63-3c13-4bc2-5bbe-276457c3e442&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f0830e63-3c13-4bc2-5bbe-276457c3e442&reqId=9f19c3ca-11c3-4fb2-628c-957e8f7d28fa&zdid=1361&dcc=t
Request Chain 288
  • https://ib.adnxs.com/getuid?https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Danswermedia%26uid%3D%24UID HTTP 302
  • https://sync.quantumdex.io/setuid?bidder=answermedia&uid=6624566760367890375
Request Chain 289
  • https://id5-sync.com/i/495/0.gif?callback=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dinmobi%26uid%3D%7BID5UID%7D HTTP 302
  • https://sync.quantumdex.io/setuid?bidder=inmobi&uid=ID5-ZHMOgpMYU4Sy97VUWlx8FiFMQ8P0lOmI-7p-N1WlPw
Request Chain 290
  • https://sync.go.sonobi.com/us?loc=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dsonobi%26uid%3D%5BUID%5D HTTP 302
  • https://sync.quantumdex.io/setuid?bidder=sonobi&uid=f3bb0ca7-bd05-4942-8f6c-d6a9657e2b3f
Request Chain 291
  • https://ib.adnxs.com/getuid?https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dappnexus%26uid%3D%24UID HTTP 302
  • https://sync.quantumdex.io/setuid?bidder=appnexus&uid=6624566760367890375
Request Chain 292
  • https://ups.analytics.yahoo.com/ups/58424/occ HTTP 302
  • https://sync.quantumdex.io/setuid?bidder=verizon-display&uid=y-DWGe3ZRE2uE9W5WwSA1PSFfWghO6_q_I9VNM3fQ-~A
Request Chain 293
  • https://match.sharethrough.com/FGMrCMMc/v1?redirectUri=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dsharethrough%26uid%3D%24UID HTTP 302
  • https://sync.quantumdex.io/setuid?bidder=sharethrough&uid=76c2086f-ea18-48df-9400-9341ac1d465a
Request Chain 294
  • https://sync.1rx.io/usersync2/rmphb?redir=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dunruly%26uid%3D%5BRX_UUID%5D HTTP 302
  • https://x.bidswitch.net/sync?ssp=adconductor&user_id=RX-af56c6db-498f-42fc-9369-e44a2dbc1924-005&rndcb=5676723411 HTTP 302
  • https://a.sportradarserving.com/sync?ssp=bidswitch&bidswitch_ssp_id=adconductor HTTP 302
  • https://a.sportradarserving.com/ul_cb/sync?ssp=bidswitch&bidswitch_ssp_id=adconductor HTTP 302
  • https://x.bidswitch.net/sync?dsp_id=409&expires=14&user_group=1&user_id=969ab515-771e-4a36-b33b-f48fc2378c18&ssp=adconductor HTTP 302
  • https://sync.1rx.io/usersync/bidswitch/85c87065-7ef7-4b17-88e8-8c602c265f67?gdpr=&gdpr_consent= HTTP 302
  • https://sync.targeting.unrulymedia.com/csync/RX-af56c6db-498f-42fc-9369-e44a2dbc1924-005
Request Chain 300
  • https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm&google_sc HTTP 302
  • https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEPJsK0Yy7IOT86qirEHvsU8&google_cver=1
Request Chain 301
  • https://sync.mathtag.com/sync/img?mt_exid=9&redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D4222%26nid%3D1512%26put%3D%5BMM_UUID%5D HTTP 302
  • https://pixel.rubiconproject.com/tap.php?v=4222&nid=1512&put=47ba6189-46b6-4f00-a922-0724bc220c16&expires=28
Request Chain 303
  • https://sync-tm.everesttech.net/upi/pid/btu4jd3a?redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D191940%26nid%3D3778%26put%3D%24%7BUSER_ID%7D HTTP 302
  • https://pixel.rubiconproject.com/tap.php?v=191940&nid=3778&put=YYlGtQADCzBZAQAz
Request Chain 304
  • https://token.rubiconproject.com/token?pid=2249&pt=n HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=OTI5Yjk0NWMyYWU4ZWM5ZWIxOGQyMzE1ZDIzMTc5MDM4MTYwMDY3NQ
Request Chain 305
  • https://match.adsrvr.org/track/cmf/rubicon HTTP 302
  • https://pixel.rubiconproject.com/tap.php?v=8981&nid=2307&put=bef21cd7-0fed-4f87-bc0f-da97b65f7cb9&gdpr=0&gdpr_consent=&expires=30
Request Chain 306
  • https://token.rubiconproject.com/token?pid=25470 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1ZRVTlIMDMtMVAtNUQzMA==
Request Chain 307
  • https://token.rubiconproject.com/token?pid=2974&pt=n&a=1 HTTP 302
  • https://pr-bh.ybp.yahoo.com/sync/rubicon/alUxRz8jO92aCBpkGKrz_8n5EUdSAgOZEtemQ7w0kco?csrc= HTTP 302
  • https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=8029805308033783727
Request Chain 311
  • https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=YYlGtSCPhl8A5ZZDXjjRgQAAAd8AAAAB HTTP 302
  • https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=YYlGtSCPhl8A5ZZDXjjRgQAAAd8AAAAB&dcc=t
Request Chain 312
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=YYlGtSCPhl8A5ZZDXjjRgQAAAd8AAAAB&gdpr_consent=&us_privacy=&gdpr= HTTP 302
  • https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=&google_gid=CAESEH1sWt7_lsPxoCDM9lkRKYs&google_cver=1
Request Chain 313
  • https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=YYlGtSCPhl8A5ZZDXjjRgQAA HTTP 302
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEGK4bIgoKd_9lNiADEr1I_s&google_cver=1
Request Chain 314
  • https://match.adsrvr.org/track/cmf/casale HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=39&external_user_id=bef21cd7-0fed-4f87-bc0f-da97b65f7cb9&expiration=1638978486&gdpr=0&gdpr_consent=
Request Chain 316
  • https://p.rfihub.com/cm?in=1&pub=2079 HTTP 302
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=57&external_user_id=978758875032371846
Request Chain 317
  • https://secure.adnxs.com/getuid?https://dsum-sec.casalemedia.com/crum?cm_dsp_id=46&external_user_id=$UID HTTP 302
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=46&external_user_id=6624566760367890375
Request Chain 318
  • https://beacon.lynx.cognitivlabs.com/ix.gif HTTP 302
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=8&external_user_id=d94a373b-c211-44ba-8717-a80e29e0f3e1&expiration=1667922486
Request Chain 322
  • https://cm.g.doubleclick.net/pixel?google_nid=retargetly_ddp&google_hm=MGEyZTI4ODgtNzczZC00YWZkLWJmMWItNGM2ZTljMjEwNDJj&google_cm HTTP 302
  • https://app.retargetly.com/sync?pid=11&google_gid=CAESEKgazWiIrb2mZb9McGEYrBU&google_cver=1
Request Chain 324
  • https://pixel.tapad.com/idsync/ex/receive?partner_id=3012&partner_device_id=0a2e2888-773d-4afd-bf1b-4c6e9c21042c&_rand=1636386486033 HTTP 302
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=tapad&ttd_tpi=1&ttd_puid=aec29ca0-3c0f-4554-9025-2ee595f559f2%252C&gdpr=0&gdpr_consent= HTTP 302
  • https://pixel.tapad.com/idsync/ex/receive?partner_id=1830&partner_device_id=bef21cd7-0fed-4f87-bc0f-da97b65f7cb9&ttd_puid=aec29ca0-3c0f-4554-9025-2ee595f559f2%2C
Request Chain 325
  • https://tags.bluekai.com/site/28347?limit=0&id=0a2e2888-773d-4afd-bf1b-4c6e9c21042c&redir=https%3A%2F%2Fapp.retargetly.com%2Fsync%3Fsid%3D%24_BK_UUID%26pid%3D9 HTTP 302
  • https://app.retargetly.com/sync?sid=FaFD%2F999999Bv%2FkC&pid=9
Request Chain 326
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=83i98y4&ttd_tpi=1 HTTP 302
  • https://api.retargetly.com/sync?pid=13&sid=bef21cd7-0fed-4f87-bc0f-da97b65f7cb9
Request Chain 327
  • https://pixel-sync.sitescout.com/connectors/retargetly/usersync?redir=https%3A%2F%2Fapp.retargetly.com%2Fsync%3Fsid%3D%7BuserId%7D%26pid%3D23 HTTP 302
  • https://app.retargetly.com/sync?sid=c5a8c34f-a2af-431f-bc5a-09806d7b694f-618946b5-4341&pid=23
Request Chain 328
  • https://cms.analytics.yahoo.com/cms?partner_id=RTGLY HTTP 302
  • https://app.retargetly.com/sync?pid=22&sid=y-XkdWwu9E2oJh_i0Gm78c9IFaYeXUGvQ9OUU-~A
Request Chain 329
  • https://secure.adnxs.com/getuid?https://app.retargetly.com/sync?sid=$UID&pid=2 HTTP 302
  • https://app.retargetly.com/sync?sid=6624566760367890375&pid=2
Request Chain 330
  • https://trc.taboola.com/sg/retargetly/1/cm HTTP 302
  • https://app.retargetly.com/sync?pid=39&sid=8fd59bcc-d66b-43c7-9a7e-bd761d6b0394-tuct882cc35
Request Chain 331
  • https://image6.pubmatic.com/AdServer/UCookieSetPug?rd=https%3a%2f%2fapp.retargetly.com%2fsync%3fpid%3d14%26sid%3d%23PM_USER_ID HTTP 302
  • https://app.retargetly.com/sync?pid=14&sid=909D4247-195C-4A1C-B725-510C1A2C19E4
Request Chain 332
  • https://sync.smartadserver.com/getuid?gdpr=0&url=https%3A%2F%2Fapp.retargetly.com%2Fsync%3Fsid%3D%5Bsas_uid%5D%26pid%3D63 HTTP 302
  • https://sync.smartadserver.com/getuid?gdpr=0&url=https://app.retargetly.com/sync?sid=[sas_uid]&pid=63&cklb=1 HTTP 302
  • https://app.retargetly.com/sync?sid=487468390229988596
Request Chain 333
  • https://sync.teads.tv/rt/sync?vid=0a2e2888-773d-4afd-bf1b-4c6e9c21042c&gdpr=0&us_privacy=%221-N-%22 HTTP 302
  • https://app.retargetly.com/sync?pid=51&sid=0a2e2888-773d-4afd-bf1b-4c6e9c21042c
Request Chain 334
  • https://bcp.crwdcntrl.net/map/c=11530/tp=RTRG/tpid=0a2e2888-773d-4afd-bf1b-4c6e9c21042c HTTP 302
  • https://bcp.crwdcntrl.net/map/ct=y/c=11530/tp=RTRG/tpid=0a2e2888-773d-4afd-bf1b-4c6e9c21042c
Request Chain 338
  • https://sync-tm.everesttech.net/upi/pid/ZMAwryCI?redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Frum%3Fcm_dsp_id%3D88%26external_user_id%3D%24%7BTM_USER_ID%7D HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=88&external_user_id=YYlGtQADCzBZAQAz
Request Chain 339
  • https://sync.mathtag.com/sync/img?mt_exid=15&redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Fcrum%3Fcm_dsp_id%3D3%26external_user_id%3D%5BMM_UUID%5D HTTP 302
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=3&external_user_id=47ba6189-46b6-4f00-a922-0724bc220c16
Request Chain 340
  • https://nep.advangelists.com/xp/user-sync?acctid=405&redirect=https%3A%2F%2Fdsum-sec.casalemedia.com%2Fcrum%3Fcm_dsp_id%3D195%26external_user_id%3D%7BPARTNER_VISITOR_ID%7D%0A HTTP 302
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=195&external_user_id=av-5f78dc28-2a7a-4add-ba0e-548e7a2d227f
Request Chain 341
  • https://match.adsrvr.org/track/cmf/casale HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=39&external_user_id=bef21cd7-0fed-4f87-bc0f-da97b65f7cb9&expiration=1638978486&gdpr=0&gdpr_consent=
Request Chain 342
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=YYlGtSCPhl8A5ZZDXjjRgQAAAd8AAAAB&gdpr_consent=&us_privacy=&gdpr= HTTP 302
  • https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=&google_gid=CAESEH1sWt7_lsPxoCDM9lkRKYs&google_cver=1
Request Chain 343
  • https://um.simpli.fi/pm_match?https://dsum-sec.casalemedia.com/crum?cm_dsp_id=90&external_user_id=$UID HTTP 302
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=90&external_user_id=961AF1076BCA42258C4489EC777AF824
Request Chain 345
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=sonobi&ttd_tpi=1&ttd_puid=4d443a3ea2&gdpr=0&gdpr_consent= HTTP 302
  • https://sync.go.sonobi.com/us.gif?nw=td&nuid=bef21cd7-0fed-4f87-bc0f-da97b65f7cb9&pubid=4d443a3ea2
Request Chain 346
  • https://x.bidswitch.net/sync?ssp=sonobi&gdpr=0&gdpr_consent= HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=bidswitch_dbm&google_cm&google_sc&ssp=sonobi&bsw_param=85c87065-7ef7-4b17-88e8-8c602c265f67&google_hm=ODVjODcwNjUtN2VmNy00YjE3LTg4ZTgtOGM2MDJjMjY1ZjY3 HTTP 302
  • https://x.bidswitch.net/sync?dsp_id=16&user_id=CAESEGHyNX3Si-8-Wh6uFvekvZk&google_cver=1&ssp=sonobi&bsw_param=85c87065-7ef7-4b17-88e8-8c602c265f67 HTTP 302
  • https://sync.go.sonobi.com/us.gif?nw=bidswitch&nuid=85c87065-7ef7-4b17-88e8-8c602c265f67
Request Chain 347
  • https://sync.mathtag.com/sync/img?cs_wd_sy=1&dp=43&redir=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Dmediamath%26nuid%3D[MM_UUID] HTTP 302
  • https://sync.go.sonobi.com/us.gif?nw=mediamath&nuid=47ba6189-46b6-4f00-a922-0724bc220c16
Request Chain 348
  • https://bh.contextweb.com/bh/rtset?do=add&pid=560606&ev=f3bb0ca7-bd05-4942-8f6c-d6a9657e2b3f&daaqp=1&rurl=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Dpp%26nuid%3D%25%25VGUID%25%25 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=contextweb&google_cm&google_sc&google_hm=R2NDcVdlLXJ2X0FMQkNxQ3FBa0ZCZw&gdpr=&gdpr_consent= HTTP 302
  • https://bh.contextweb.com/bh/rtset?do=add&pid=547259&gdpr=&gdpr_consent=&ev=CAESENGwBjvJMhZSVJM7jnumHSc&google_cver=1 HTTP 302
  • https://sync.go.sonobi.com/us.gif?nw=pp&nuid=H8Pc5X87Q0ue
Request Chain 349
  • https://p.rfihub.com/cm?pub=35683&in=1 HTTP 302
  • https://sync.go.sonobi.com/us.gif?nw=zt&nuid=978758875032371846
Request Chain 350
  • https://pixel.tapad.com/idsync/ex/receive?partner_id=3061&partner_device_id=f3bb0ca7-bd05-4942-8f6c-d6a9657e2b3f HTTP 302
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=tapad&ttd_tpi=1&ttd_puid=aec29ca0-3c0f-4554-9025-2ee595f559f2%252C&gdpr=0&gdpr_consent= HTTP 302
  • https://pixel.tapad.com/idsync/ex/receive?partner_id=1830&partner_device_id=bef21cd7-0fed-4f87-bc0f-da97b65f7cb9&ttd_puid=aec29ca0-3c0f-4554-9025-2ee595f559f2%2C
Request Chain 351
  • https://api.intentiq.com/profiles_engine/ProfilesEngineServlet?at=39&mi=10&dpi=570392714&pt=17&dpn=1&dpt=&trid=&pcid=f3bb0ca7-bd05-4942-8f6c-d6a9657e2b3f HTTP 302
  • https://api.intentiq.com/profiles_engine/ProfilesEngineServlet?at=39&mi=10&dpi=570392714&pt=17&dpn=1&dpt=&trid=&pcid=f3bb0ca7-bd05-4942-8f6c-d6a9657e2b3f&ckls=true&ci=XnxJeeNw8N&nc=false&trid=1348526572 HTTP 302
  • https://ib.adnxs.com/getuid?https%3A%2F%2Fapi.intentiq.com%2Fprofiles_engine%2FProfilesEngineServlet%3Fat%3D20%26dpi%3D1709765917%26mi%3D10%26csh%3D570392714%26rnd%3D-1483788077&pcid=$UID HTTP 302
  • https://api.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&dpi=1709765917&mi=10&csh=570392714&rnd=-1483788077&pcid=6624566760367890375 HTTP 302
  • https://u.openx.net/w/1.0/cm?id=476b50d3-5ccf-49a1-89b8-1ddf8ea18042&r=https%3A%2F%2Fapi.intentiq.com%2Fprofiles_engine%2FProfilesEngineServlet%3Fat%3D20%26dpi%3D1486637409%26mi%3D10%26csh%3D570392714%3B1709765917%26rnd%3D-2038348771%26pcid%3D HTTP 302
  • https://api.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&dpi=1486637409&mi=10&csh=570392714;1709765917&rnd=-2038348771&pcid=458e94cb-c120-4ae0-95f6-dc1c4586190f HTTP 302
  • https://sync.search.spotxchange.com/partner?adv_id=8805&redir=https%3A%2F%2Fapi.intentiq.com%2Fprofiles_engine%2FProfilesEngineServlet%3Fat%3D20%26dpi%3D1072441116%26mi%3D10%26csh%3D570392714%3B1709765917%3B1486637409%26rnd%3D-34729989%26pcid%3D%24SPOTX_USER_ID HTTP 302
  • https://sync.search.spotxchange.com/partner?adv_id=8805&redir=https%3A%2F%2Fapi.intentiq.com%2Fprofiles_engine%2FProfilesEngineServlet%3Fat%3D20%26dpi%3D1072441116%26mi%3D10%26csh%3D570392714%3B1709765917%3B1486637409%26rnd%3D-34729989%26pcid%3D%24SPOTX_USER_ID&__user_check__=1&sync_id=44cea9ba-40ab-11ec-a825-15e8696a0103 HTTP 302
  • https://api.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&dpi=1072441116&mi=10&csh=570392714;1709765917;1486637409&rnd=-34729989&pcid=44cea979-40ab-11ec-a825-15e8696a0103 HTTP 302
  • https://image8.pubmatic.com/AdServer/ImgSync?p=156872&pu=https%3A%2F%2Fapi.intentiq.com%2Fprofiles_engine%2FProfilesEngineServlet%3Fat%3D20%26dpi%3D1402230080%26mi%3D10%26csh%3D570392714%3B1709765917%3B1486637409%3B1072441116%26rnd%3D1518932529%26pcid%3D%23PMUID HTTP 302
  • https://api.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&dpi=1402230080&mi=10&csh=570392714;1709765917;1486637409;1072441116&rnd=1518932529&pcid=909D4247-195C-4A1C-B725-510C1A2C19E4 HTTP 302
  • https://sync.mathtag.com/sync/img?mt_exid=10019&redir=https%3A%2F%2Fapi.intentiq.com%2Fprofiles_engine%2FProfilesEngineServlet%3Fat%3D20%26dpi%3D1678944572%26mi%3D10%26csh%3D570392714%3B1709765917%3B1486637409%3B1072441116%3B1402230080%26rnd%3D-1307652507%26pcid=[MM_UUID] HTTP 302
  • https://api.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&dpi=1678944572&mi=10&csh=570392714;1709765917;1486637409;1072441116;1402230080&rnd=-1307652507&pcid=47ba6189-46b6-4f00-a922-0724bc220c16 HTTP 302
  • https://pixel.rubiconproject.com/tap.php?v=12218&nid=2528&put=XnxJeeNw8N&expires=1825&rnd=2133504222
Request Chain 352
  • https://cm.g.doubleclick.net/pixel?google_nid=sonobi&google_cm&google_hm=ZjNiYjBjYTctYmQwNS00OTQyLThmNmMtZDZhOTY1N2UyYjNm HTTP 302
  • https://sync.go.sonobi.com/usg.gif?google_gid=CAESEF0CDKViprhr77i3Xyw8QKc&google_cver=1
Request Chain 353
  • https://id5-sync.com/s/434/9.gif?puid=f3bb0ca7-bd05-4942-8f6c-d6a9657e2b3f&gdpr=0&gdpr_consent= HTTP 302
  • https://ib.adnxs.com/getuid?https://id5-sync.com/c/434/2/8/2.gif?puid=$UID&gdpr=0&gdpr_consent= HTTP 302
  • https://id5-sync.com/c/434/2/8/2.gif?puid=6624566760367890375&gdpr=0&gdpr_consent= HTTP 302
  • https://sync.mathtag.com/sync/img?mt_exid=10089&mt_exuid=ID5-ZHMOgpMYU4Sy97VUWlx8FiFMQ8P0lOmI-7p-N1WlPw&redir=https%3A%2F%2Fid5-sync.com%2Fc%2F434%2F3%2F7%2F3.gif%3Fpuid%3D%5BUUID%5D%26gdpr%3D0%26gdpr_consent%3D&gdpr=0&gdpr_consent= HTTP 302
  • https://id5-sync.com/c/434/3/7/3.gif?puid=47ba6189-46b6-4f00-a922-0724bc220c16&gdpr=0&gdpr_consent= HTTP 302
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=8h9u11h&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
  • https://id5-sync.com/k/264.gif?puid=bef21cd7-0fed-4f87-bc0f-da97b65f7cb9&ttl=%%TTL%% HTTP 302
  • https://pixel.tapad.com/idsync/ex/push?partner_id=2922&partner_url=https%3A%2F%2Fid5-sync.com%2Fc%2F434%2F108%2F5%2F5.gif%3Fpuid%3D%24%7BTA_DEVICE_ID%7D%26gdpr%3D0%26gdpr_consent%3D&gdpr=0&gdpr_consent= HTTP 302
  • https://id5-sync.com/c/434/108/5/5.gif?puid=aec29ca0-3c0f-4554-9025-2ee595f559f2&gdpr=0&gdpr_consent= HTTP 302
  • https://rtd-tm.everesttech.net/upi/pid/dm4ha19W?redir=https%3A%2F%2Fid5-sync.com%2Fc%2F434%2F136%2F4%2F6.gif%3Fpuid%3D%24%7BTM_USER_ID%7D%26gdpr%3D0%26gdpr_consent%3D HTTP 302
  • https://id5-sync.com/c/434/136/4/6.gif?puid=YYlGtQADCzBZAQAz&gdpr=0&gdpr_consent= HTTP 302
  • https://cookie-matching.mediarithmics.com/v1/get_user_agent_id?dom_token=id517&sd=Y2FzY2FkZXNSZW1haW5pbmc9MyZjYXNjYWRlc0RvbmU9NyZpbml0aWF0aW5nUGFydG5lcj00MzQmZm9ybWF0PWdpZiY HTTP 303
  • https://cookie-matching.mediarithmics.com/v1/get_or_create?sd=Y2FzY2FkZXNSZW1haW5pbmc9MyZjYXNjYWRlc0RvbmU9NyZpbml0aWF0aW5nUGFydG5lcj00MzQmZm9ybWF0PWdpZiY&domid=1033 HTTP 303
  • https://cm.g.doubleclick.net/pixel?google_nid=medr&google_cm&key=GOO&sd=Y2FzY2FkZXNSZW1haW5pbmc9MyZjYXNjYWRlc0RvbmU9NyZpbml0aWF0aW5nUGFydG5lcj00MzQmZm9ybWF0PWdpZiY&action=GET_ID&opid=goo&etid=&domid=1033&ops=apx HTTP 302
  • https://cookie-matching.mediarithmics.com/input?key=GOO&key=GOO&sd=Y2FzY2FkZXNSZW1haW5pbmc9MyZjYXNjYWRlc0RvbmU9NyZpbml0aWF0aW5nUGFydG5lcj00MzQmZm9ybWF0PWdpZiY&action=GET_ID&opid=goo&etid=&domid=1033&ops=apx&google_gid=CAESECVbHaqeMk3pzXt9oSLe5qE&google_cver=1 HTTP 303
  • https://ib.adnxs.com/getuid?https://cookie-matching.mediarithmics.com/input?key=APX&apx_uid=$UID&opid=apx&ops=&utidl=tech:goo:CAESECVbHaqeMk3pzXt9oSLe5qE&sd=Y2FzY2FkZXNSZW1haW5pbmc9MyZjYXNjYWRlc0RvbmU9NyZpbml0aWF0aW5nUGFydG5lcj00MzQmZm9ybWF0PWdpZiY&action=GET_ID&etid=&domid=1033 HTTP 302
  • https://cookie-matching.mediarithmics.com/input?key=APX&apx_uid=6624566760367890375&opid=apx&ops=&utidl=tech:goo:CAESECVbHaqeMk3pzXt9oSLe5qE&sd=Y2FzY2FkZXNSZW1haW5pbmc9MyZjYXNjYWRlc0RvbmU9NyZpbml0aWF0aW5nUGFydG5lcj00MzQmZm9ybWF0PWdpZiY&action=GET_ID&etid=&domid=1033 HTTP 303
  • https://id5-sync.com/qp/18.gif?puid=vec%3A22332276496&sd=Y2FzY2FkZXNSZW1haW5pbmc9MyZjYXNjYWRlc0RvbmU9NyZpbml0aWF0aW5nUGFydG5lcj00MzQmZm9ybWF0PWdpZiY HTTP 302
  • https://sync.crwdcntrl.net/map/c=13953/tp=IDFI/gdpr=0/gdpr_consent=?https://id5-sync.com/c/434/19/2/8.gif?puid=${profile_id}&gdpr=0&gdpr_consent= HTTP 302
  • https://id5-sync.com/c/434/19/2/8.gif?puid=5570d12073d005d655e3b9671c26cbf9&gdpr=0&gdpr_consent= HTTP 302
  • https://ice.360yield.com/match?publisher_dsp_id=313&dsp_callback=1&external_user_id=ID5-ZHMOgpMYU4Sy97VUWlx8FiFMQ8P0lOmI-7p-N1WlPw&r=https%3A%2F%2Fid5-sync.com%2Fcq%2F434%2F916%2F1%2F9.gif%3Fpuid%3D%7BPUB_USER_ID%7D%26gdpr%3D0%26gdpr_consent%3D&gdpr=0&gdpr_consent=
Request Chain 370
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEI3JkYmOSl7hSERwyzWj0WI&google_cver=1
Request Chain 371
  • https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YYlGtSCPhl8A5ZZDXjjRgQAA HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEI3JkYmOSl7hSERwyzWj0WI&google_cver=1
Request Chain 372
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
  • https://ib.adnxs.com/setuid?entity=101&code=CAESEAqEpBpv-CC9gsVoKeI31Bw&google_cver=1
Request Chain 373
  • https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjYyNDU2Njc2MDM2Nzg5MDM3NQ%3D%3D
Request Chain 393
  • https://sync.mathtag.com/sync/img?cs_wd_sy=1&dp=43&redir=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Dmediamath%26nuid%3D[MM_UUID] HTTP 302
  • https://sync.go.sonobi.com/us.gif?nw=mediamath&nuid=47ba6189-46b6-4f00-a922-0724bc220c16
Request Chain 394
  • https://x.bidswitch.net/sync?ssp=sonobi&gdpr=0&gdpr_consent= HTTP 302
  • https://p.rfihub.com/cm?in=1&pub=20513&ssp=sonobi HTTP 302
  • https://x.bidswitch.net/sync?dsp_id=119&user_id=978758875032371846&expires=30&ssp=sonobi HTTP 302
  • https://sync.go.sonobi.com/us.gif?nw=bidswitch&nuid=85c87065-7ef7-4b17-88e8-8c602c265f67
Request Chain 395
  • https://cm.g.doubleclick.net/pixel?google_nid=sonobi&google_cm&google_hm=ZjNiYjBjYTctYmQwNS00OTQyLThmNmMtZDZhOTY1N2UyYjNm HTTP 302
  • https://sync.go.sonobi.com/usg.gif?google_gid=CAESELkQjHna8jnu1s_Adycsk7c&google_cver=1
Request Chain 396
  • https://p.rfihub.com/cm?pub=35683&in=1 HTTP 302
  • https://sync.go.sonobi.com/us.gif?nw=zt&nuid=978758875032371846
Request Chain 397
  • https://bh.contextweb.com/bh/rtset?do=add&pid=560606&ev=f3bb0ca7-bd05-4942-8f6c-d6a9657e2b3f&daaqp=1&rurl=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Dpp%26nuid%3D%25%25VGUID%25%25 HTTP 302
  • https://sync.go.sonobi.com/us.gif?nw=pp&nuid=H8Pc5X87Q0ue
Request Chain 402
  • https://ssc-cms.33across.com/ps/?m=xch&rt=html&ru=deb&id=azC7qard4r6OkMaKlId8sQ&gdpr_consent=undefined&us_privacy=undefined HTTP 302
  • https://de.tynt.com/deb/?m=xch&rt=html&ru=deb&id=azC7qard4r6OkMaKlId8sQ&gdpr_consent=undefined&us_privacy=undefined HTTP 307
  • https://de.tynt.com/deb/?m=xch&rt=html&ru=deb&id=azC7qard4r6OkMaKlId8sQ&gdpr_consent=undefined&us_privacy=undefined&b=1
Request Chain 420
  • https://bh.contextweb.com/bh/rtset?do=add&pid=560606&ev=2ea308b6-caf9-46ef-bcb9-6e411187dfed&daaqp=1&rurl=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Dpp%26nuid%3D%25%25VGUID%25%25 HTTP 302
  • https://sync.go.sonobi.com/us.gif?nw=pp&nuid=H8Pc5X87Q0ue
Request Chain 421
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=sonobi&ttd_tpi=1&ttd_puid=0b24fdfc82&gdpr=0&gdpr_consent= HTTP 302
  • https://sync.go.sonobi.com/us.gif?nw=td&nuid=bef21cd7-0fed-4f87-bc0f-da97b65f7cb9&pubid=0b24fdfc82
Request Chain 422
  • https://cm.g.doubleclick.net/pixel?google_nid=sonobi&google_cm&google_hm=MmVhMzA4YjYtY2FmOS00NmVmLWJjYjktNmU0MTExODdkZmVk HTTP 302
  • https://sync.go.sonobi.com/usg.gif?google_gid=CAESELkQjHna8jnu1s_Adycsk7c&google_cver=1
Request Chain 423
  • https://bh.contextweb.com/bh/rtset?do=add&pid=560606&ev=b2c7c4a6-7547-4f64-b78a-75f9b6229849&daaqp=1&rurl=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Dpp%26nuid%3D%25%25VGUID%25%25 HTTP 302
  • https://sync.go.sonobi.com/us.gif?nw=pp&nuid=H8Pc5X87Q0ue
Request Chain 424
  • https://cm.g.doubleclick.net/pixel?google_nid=sonobi&google_cm&google_hm=YjJjN2M0YTYtNzU0Ny00ZjY0LWI3OGEtNzVmOWI2MjI5ODQ5 HTTP 302
  • https://sync.go.sonobi.com/usg.gif?google_gid=CAESELkQjHna8jnu1s_Adycsk7c&google_cver=1
Request Chain 425
  • https://cm.g.doubleclick.net/pixel?google_nid=sonobi&google_cm&google_hm=ZTBiNzIzYzQtNTk1MC00MmQzLWIyNzItMDY1ZTJlZTA2YmU1 HTTP 302
  • https://sync.go.sonobi.com/usg.gif?google_gid=CAESELkQjHna8jnu1s_Adycsk7c&google_cver=1
Request Chain 426
  • https://bh.contextweb.com/bh/rtset?do=add&pid=560606&ev=e0b723c4-5950-42d3-b272-065e2ee06be5&daaqp=1&rurl=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Dpp%26nuid%3D%25%25VGUID%25%25 HTTP 302
  • https://sync.go.sonobi.com/us.gif?nw=pp&nuid=H8Pc5X87Q0ue
Request Chain 427
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEI3JkYmOSl7hSERwyzWj0WI&google_cver=1
Request Chain 428
  • https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YYlGtSCPhl8A5ZZDXjjRgQAA HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEI3JkYmOSl7hSERwyzWj0WI&google_cver=1
Request Chain 429
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
  • https://ib.adnxs.com/setuid?entity=101&code=CAESEAqEpBpv-CC9gsVoKeI31Bw&google_cver=1
Request Chain 430
  • https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjYyNDU2Njc2MDM2Nzg5MDM3NQ%3D%3D
Request Chain 438
  • https://www.google.com/pagead/drt/ui HTTP 302
  • https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Request Chain 440
  • https://match.prod.bidr.io/cookie-sync/svr?gdpr=0&gdpr_consent= HTTP 303
  • https://ce.lijit.com/merge?pid=85&3pid=AACqDk7DEo0AABkfKQPxKQ&gdpr=0
Request Chain 441
  • https://p.rfihub.com/cm?in=1&pub=1827&gdpr=0&gdpr_consent= HTTP 302
  • https://ce.lijit.com/merge?pid=10&3pid=978758875032371846
Request Chain 442
  • https://secure.adnxs.com/getuid?https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D12%263pid%3D%24UID&gdpr=0&gdpr_consent= HTTP 302
  • https://ce.lijit.com/merge?pid=12&3pid=6624566760367890375&gdpr=0&gdpr_consent=
Request Chain 443
  • https://ums.acuityplatform.com/tum?umid=27&uid=f184a978f0e8c2d1833e39ce&gdpr=0&gdpr_consent= HTTP 302
  • https://ce.lijit.com/merge?pid=66&3pid=620923216780
Request Chain 444
  • https://pixel-us-east.rubiconproject.com/exchange/sync.php?p=sovrn&gdpr=0&gdpr_consent= HTTP 302
  • https://ce.lijit.com/merge?pid=80&3pid=KVQU9H03-1P-5D30&gdpr=0
Request Chain 445
  • https://rtb.mfadsrvr.com/sync?ssp=sovrn&gdpr=0&gdpr_consent= HTTP 302
  • https://rtb.mfadsrvr.com/ul_cb/sync?ssp=sovrn&gdpr=0&gdpr_consent= HTTP 302
  • https://ce.lijit.com/merge?pid=87&3pid=26295e74-e49e-4fdb-bc3c-d6eea2adfd9f
Request Chain 446
  • https://data.adsrvr.org/track/cmf/generic?ttd_pid=federatedmedia&gdpr=0&gdpr_consent= HTTP 302
  • https://ce.lijit.com/merge?pid=27&3pid=bef21cd7-0fed-4f87-bc0f-da97b65f7cb9&gdpr=0&gdpr_consent=
Request Chain 447
  • https://pixel-eu.rubiconproject.com/exchange/sync.php?p=sovrn-onscroll&gdpr=0&gdpr_consent= HTTP 302
  • https://ce.lijit.com/merge?pid=83&3pid=KVQU9H03-1P-5D30&gdpr=0
Request Chain 448
  • https://bh.contextweb.com/bh/rtset?pid=558511&ev=1&rurl=https%3A%2F%2Fce.lijit.com/merge?pid=49&3pid=%%VGUID%%&gdpr=0&gdpr_consent= HTTP 302
  • https://ce.lijit.com/merge?pid=49&3pid=H8Pc5X87Q0ue&ev=1&pid=558511&gdpr_consent=&gdpr=0
Request Chain 449
  • https://sync.1rx.io/usersync2/sovrn?gdpr=0&gdpr_consent= HTTP 302
  • https://pixel-sync.sitescout.com/dmp/pixelSync?nid=110&redir=https%3A%2F%2Fsync.1rx.io%2Fusersync3%2Fcentro%2F2032%2F%7BuserId%7D%3Fzcc%3D0%26sspret%3D1&rndcb=5193799295 HTTP 302
  • https://sync.1rx.io/usersync3/centro/2032/c5a8c34f-a2af-431f-bc5a-09806d7b694f-618946b5-4341?zcc=0&sspret=1&rndcb=5193799295 HTTP 302
  • https://sync.targeting.unrulymedia.com/csync/RX-af56c6db-498f-42fc-9369-e44a2dbc1924-005?redir=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D56%263pid%3DRX-af56c6db-498f-42fc-9369-e44a2dbc1924-005 HTTP 302
  • https://ce.lijit.com/merge?pid=56&3pid=RX-af56c6db-498f-42fc-9369-e44a2dbc1924-005
Request Chain 451
  • https://px.owneriq.net/eucm/p/sv?gdpr=0&gdpr_consent= HTTP 302
  • https://px.owneriq.net/fr/epx.gif
Request Chain 452
  • https://x.bidswitch.net/sync?ssp=fmx&gdpr=0&gdpr_consent= HTTP 302
  • https://ads.creative-serving.com/bsw_sync?bidswitch_ssp_id=fmx&bsw_custom_parameter=85c87065-7ef7-4b17-88e8-8c602c265f67 HTTP 302
  • https://ads.creative-serving.com/ul_cb/bsw_sync?bidswitch_ssp_id=fmx&bsw_custom_parameter=85c87065-7ef7-4b17-88e8-8c602c265f67 HTTP 302
  • https://x.bidswitch.net/sync?dsp_id=4&user_id=acaccc5b-16df-46aa-89a5-cf714a54628c&ssp=fmx&expires=30&user_group=5&bsw_param=85c87065-7ef7-4b17-88e8-8c602c265f67 HTTP 302
  • https://ce.lijit.com/merge?pid=26&3pid=85c87065-7ef7-4b17-88e8-8c602c265f67
Request Chain 453
  • https://sync.mathtag.com/sync/img?mt_exid=17&mt_exuid=f184a978f0e8c2d1833e39ce&redirect=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D3%263pid%3D%5BUUID%5D&gdpr=0&gdpr_consent= HTTP 302
  • https://ce.lijit.com/merge?pid=3&3pid=47ba6189-46b6-4f00-a922-0724bc220c16&gdpr=0&gdpr_consent=
Request Chain 454
  • https://ap.lijit.com/dsp/google/cookiematch/dv?gdpr=0&gdpr_consent= HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=lijit_dbm&google_hm=ZjE4NGE5NzhmMGU4YzJkMTgzM2UzOWNl&gdpr=0
Request Chain 455
  • https://aorta.clickagy.com/pixel.gif?ch=185&cm=f184a978f0e8c2d1833e39ce&redir=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D84%263pid%3D%7Bvisitor_id%7D&gdpr=0&gdpr_consent= HTTP 302
  • https://ce.lijit.com/merge?pid=84&3pid=c:78971647e6cca795f33714a1b8203b60
Request Chain 456
  • https://pixel-sync.sitescout.com/dmp/pixelSync?nid=23&gdpr=0&gdpr_consent= HTTP 302
  • https://tags.bluekai.com/site/17724?id=c5a8c34f-a2af-431f-bc5a-09806d7b694f-618946b5-4341&redir=https%3A%2F%2Fbcp.crwdcntrl.net%2Fmap%2Fc%3D1389%2Ftp%3DSTSC%2Ftpid%3Dc5a8c34f-a2af-431f-bc5a-09806d7b694f-618946b5-4341%3Fhttps%253A%252F%252Fce.lijit.com%252Fmerge%253Fpid%253D16%25263pid%253Dc5a8c34f-a2af-431f-bc5a-09806d7b694f-618946b5-4341%2526gdpr%253D0%2526gdpr_consent%253D HTTP 302
  • https://bcp.crwdcntrl.net/map/c=1389/tp=STSC/tpid=c5a8c34f-a2af-431f-bc5a-09806d7b694f-618946b5-4341?https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D16%263pid%3Dc5a8c34f-a2af-431f-bc5a-09806d7b694f-618946b5-4341%26gdpr%3D0%26gdpr_consent%3D HTTP 302
  • https://ce.lijit.com/merge?pid=16&3pid=c5a8c34f-a2af-431f-bc5a-09806d7b694f-618946b5-4341&gdpr=0&gdpr_consent=
Request Chain 457
  • https://jadserve.postrelease.com/suid/101957?ntv_r=https://ce.lijit.com/merge?pid=90&3pid=NTV_USER_ID&gdpr=0&gdpr_consent= HTTP 302
  • https://ce.lijit.com/merge?pid=90&3pid=789d06c7-a154-4038-be75-24adf78e8e7e&gdpr=0&gdpr_consent=
Request Chain 458
  • https://um.simpli.fi/lj_match?r=1636386486584&gdpr=0&gdpr_consent= HTTP 302
  • https://ce.lijit.com/merge?pid=2&3pid=961AF1076BCA42258C4489EC777AF824
Request Chain 459
  • https://ap.lijit.com/dsp/google/cookiematch/beacon?gdpr=0&gdpr_consent= HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_hm=ZjE4NGE5NzhmMGU4YzJkMTgzM2UzOWNl&gdpr=0 HTTP 302
  • https://ap.lijit.com/dsp/google/reporting?gdpr=0
Request Chain 460
  • https://pixel.quantserve.com/pixel/p-CXt61zNBpKUt1.gif?idmatch=0&gdpr=0&gdpr_consent= HTTP 302
  • https://ce.lijit.com/merge?pid=43&gdpr=0&gdpr_consent=&us_privacy=&3pid=rqv37KysreO1rv3trPni5Kij-Oe1qPjkr6scz64_
Request Chain 461
  • https://creativecdn.com/cm-notify?pi=sovrn&gdpr=0&gdpr_consent= HTTP 302
  • https://creativecdn.com/cm-notify?pi=sovrn&gdpr=0&gdpr_consent=&tc=1 HTTP 302
  • https://ce.lijit.com/merge?pid=86&3pid=tQ69bRhylMgWIwynDRVw&pi=sovrn&gdpr_consent=&gdpr=0&tc=1
Request Chain 467
  • https://d.turn.com/r/dd/id/L21rdC8xMjcvY2lkLzI4NTUyOTczL3QvMg/url/https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D1%263pid%3D%24!%7BTURN_UUID%7D&gdpr=0&gdpr_consent= HTTP 302
  • https://ce.lijit.com/merge?pid=1&3pid=3101355994236352031&gdpr=0&gdpr_consent=
Request Chain 470
  • https://ad.turn.com/r/cs?pid=9&gdpr=0 HTTP 302
  • https://us-u.openx.net/w/1.0/sd?id=537073061&val=3101355994236352031&gdpr=0&gdpr_consent=&us_privacy=
Request Chain 471
  • https://sync-tm.everesttech.net/upi/pid/ny75r2x0?redir=https%3A%2F%2Fus-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537148856%26val%3D%24%7BTM_USER_ID%7D HTTP 302
  • https://us-u.openx.net/w/1.0/sd?id=537148856&val=YYlGtQADCzBZAQAz
Request Chain 473
  • https://match.adsrvr.org/track/cmf/openx?oxid=b22b727b-8d66-7213-d193-4a3fa9ce5a1a&gdpr=0 HTTP 302
  • https://us-u.openx.net/w/1.0/sd?id=537072971&val=bef21cd7-0fed-4f87-bc0f-da97b65f7cb9&ttd_puid=b22b727b-8d66-7213-d193-4a3fa9ce5a1a
Request Chain 475
  • https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc HTTP 302
  • https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEGqm2VVdeJoiFl1uZReuOcQ&google_cver=1
Request Chain 476
  • https://ad.turn.com/r/cs?pid=9&gdpr=0 HTTP 302
  • https://us-u.openx.net/w/1.0/sd?id=537073061&val=3101355994236352031&gdpr=0&gdpr_consent=&us_privacy=
Request Chain 477
  • https://sync-tm.everesttech.net/upi/pid/ny75r2x0?redir=https%3A%2F%2Fus-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537148856%26val%3D%24%7BTM_USER_ID%7D HTTP 302
  • https://us-u.openx.net/w/1.0/sd?id=537148856&val=YYlGtQADCzBZAQAz
Request Chain 479
  • https://match.adsrvr.org/track/cmf/openx?oxid=b22b727b-8d66-7213-d193-4a3fa9ce5a1a&gdpr=0 HTTP 302
  • https://us-u.openx.net/w/1.0/sd?id=537072971&val=bef21cd7-0fed-4f87-bc0f-da97b65f7cb9&ttd_puid=b22b727b-8d66-7213-d193-4a3fa9ce5a1a
Request Chain 481
  • https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc HTTP 302
  • https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEGqm2VVdeJoiFl1uZReuOcQ&google_cver=1
Request Chain 482
  • https://px.owneriq.net/eucm/p/sv?gdpr=0&gdpr_consent= HTTP 302
  • https://px.owneriq.net/fr/epx.gif
Request Chain 483
  • https://jadserve.postrelease.com/suid/101957?ntv_r=https://ce.lijit.com/merge?pid=90&3pid=NTV_USER_ID&gdpr=0&gdpr_consent= HTTP 302
  • https://ce.lijit.com/merge?pid=90&3pid=789d06c7-a154-4038-be75-24adf78e8e7e&gdpr=0&gdpr_consent=
Request Chain 484
  • https://bh.contextweb.com/bh/rtset?pid=558511&ev=1&rurl=https%3A%2F%2Fce.lijit.com/merge?pid=49&3pid=%%VGUID%%&gdpr=0&gdpr_consent= HTTP 302
  • https://ce.lijit.com/merge?pid=49&3pid=H8Pc5X87Q0ue&ev=1&pid=558511&gdpr_consent=&gdpr=0
Request Chain 485
  • https://pixel-us-east.rubiconproject.com/exchange/sync.php?p=sovrn&gdpr=0&gdpr_consent= HTTP 302
  • https://ce.lijit.com/merge?pid=80&3pid=KVQU9H03-1P-5D30&gdpr=0
Request Chain 487
  • https://x.bidswitch.net/sync?ssp=fmx&gdpr=0&gdpr_consent= HTTP 302
  • https://odr.mookie1.com/t/v2/sync?tagid=V2_790378&src.visitorId=85c87065-7ef7-4b17-88e8-8c602c265f67&ssp=fmx&gdpr=0&gdpr_consent= HTTP 302
  • https://pixel.tapad.com/idsync/ex/receive?partner_id=2910&partner_device_id=10600910574261568507&gdpr=0&gdpr_consent=&partner_url=https%3A%2F%2Fodr.mookie1.com%2Ft%2Fv2%3Ftagid%3DV2_948118%26src.visitorid%3D%24%7BTA_DEVICE_ID%7D%26ssp%3Dfmx%26gdpr_consent%3D%26gdpr%3D0 HTTP 302
  • https://odr.mookie1.com/t/v2?tagid=V2_948118&src.visitorid=aec29ca0-3c0f-4554-9025-2ee595f559f2&ssp=fmx&gdpr_consent=&gdpr=0 HTTP 302
  • https://aa.agkn.com/adscores/g.pixel?sid=9212302828&puid=[mPlatform_cookie_ID]&ssp=%3CSSP_VALUE%3E&gdpr=0&gdpr_consent= HTTP 302
  • https://odr.mookie1.com/t/v2?tagid=V2_785409&src.visitorId=205010203964021695505&ssp=%3CSSP_VALUE%3E&gdpr=0&gdpr_consent= HTTP 302
  • https://x.bidswitch.net/sync?dsp_id=419&user_id=10600910574261568507&ssp=%3CSSP_VALUE%3E&gdpr=0&gdpr_consent=
Request Chain 488
  • https://ap.lijit.com/dsp/google/cookiematch/beacon?gdpr=0&gdpr_consent= HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_hm=ZjE4NGE5NzhmMGU4YzJkMTgzM2UzOWNl&gdpr=0 HTTP 302
  • https://ap.lijit.com/dsp/google/reporting?gdpr=0
Request Chain 489
  • https://um.simpli.fi/lj_match?r=1636386486599&gdpr=0&gdpr_consent= HTTP 302
  • https://ce.lijit.com/merge?pid=2&3pid=961AF1076BCA42258C4489EC777AF824
Request Chain 490
  • https://creativecdn.com/cm-notify?pi=sovrn&gdpr=0&gdpr_consent= HTTP 302
  • https://creativecdn.com/cm-notify?pi=sovrn&gdpr=0&gdpr_consent=&tc=1 HTTP 302
  • https://ce.lijit.com/merge?pid=86&3pid=tQ69bRhylMgWIwynDRVw&pi=sovrn&gdpr_consent=&gdpr=0&tc=1
Request Chain 491
  • https://pixel-eu.rubiconproject.com/exchange/sync.php?p=sovrn-onscroll&gdpr=0&gdpr_consent= HTTP 302
  • https://ce.lijit.com/merge?pid=83&3pid=KVQU9H03-1P-5D30&gdpr=0
Request Chain 492
  • https://aorta.clickagy.com/pixel.gif?ch=185&cm=f184a978f0e8c2d1833e39ce&redir=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D84%263pid%3D%7Bvisitor_id%7D&gdpr=0&gdpr_consent= HTTP 302
  • https://ce.lijit.com/merge?pid=84&3pid=c:78971647e6cca795f33714a1b8203b60
Request Chain 493
  • https://sync.mathtag.com/sync/img?mt_exid=17&mt_exuid=f184a978f0e8c2d1833e39ce&redirect=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D3%263pid%3D%5BUUID%5D&gdpr=0&gdpr_consent= HTTP 302
  • https://ce.lijit.com/merge?pid=3&3pid=47ba6189-46b6-4f00-a922-0724bc220c16&gdpr=0&gdpr_consent=
Request Chain 494
  • https://rtb.mfadsrvr.com/sync?ssp=sovrn&gdpr=0&gdpr_consent= HTTP 302
  • https://ce.lijit.com/merge?pid=87&3pid=26295e74-e49e-4fdb-bc3c-d6eea2adfd9f
Request Chain 495
  • https://pixel-sync.sitescout.com/dmp/pixelSync?nid=23&gdpr=0&gdpr_consent= HTTP 302
  • https://ce.lijit.com/merge?pid=16&3pid=c5a8c34f-a2af-431f-bc5a-09806d7b694f-618946b5-4341&gdpr=0&gdpr_consent=
Request Chain 496
  • https://sync.1rx.io/usersync2/sovrn?gdpr=0&gdpr_consent= HTTP 302
  • https://pixel-sync.sitescout.com/dmp/pixelSync?nid=110&redir=https%3A%2F%2Fsync.1rx.io%2Fusersync3%2Fcentro%2F2032%2F%7BuserId%7D%3Fzcc%3D0%26sspret%3D1&rndcb=6463126803 HTTP 302
  • https://sync.1rx.io/usersync3/centro/2032/c5a8c34f-a2af-431f-bc5a-09806d7b694f-618946b5-4341?zcc=0&sspret=1&rndcb=6463126803 HTTP 302
  • https://sync.targeting.unrulymedia.com/csync/RX-af56c6db-498f-42fc-9369-e44a2dbc1924-005?redir=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D56%263pid%3DRX-af56c6db-498f-42fc-9369-e44a2dbc1924-005 HTTP 302
  • https://ce.lijit.com/merge?pid=56&3pid=RX-af56c6db-498f-42fc-9369-e44a2dbc1924-005
Request Chain 497
  • https://pixel.quantserve.com/pixel/p-CXt61zNBpKUt1.gif?idmatch=0&gdpr=0&gdpr_consent= HTTP 302
  • https://ce.lijit.com/merge?pid=43&gdpr=0&gdpr_consent=&us_privacy=&3pid=rqv37KysreO1rv3trPni5Kij-Oe1qPjkr6scz64_
Request Chain 498
  • https://p.rfihub.com/cm?in=1&pub=1827&gdpr=0&gdpr_consent= HTTP 302
  • https://ce.lijit.com/merge?pid=10&3pid=978758875032371846
Request Chain 499
  • https://ums.acuityplatform.com/tum?umid=27&uid=f184a978f0e8c2d1833e39ce&gdpr=0&gdpr_consent= HTTP 302
  • https://ce.lijit.com/merge?pid=66&3pid=620923216780
Request Chain 500
  • https://secure.adnxs.com/getuid?https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D12%263pid%3D%24UID&gdpr=0&gdpr_consent= HTTP 302
  • https://ce.lijit.com/merge?pid=12&3pid=6624566760367890375&gdpr=0&gdpr_consent=
Request Chain 501
  • https://ap.lijit.com/dsp/google/cookiematch/dv?gdpr=0&gdpr_consent= HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=lijit_dbm&google_hm=ZjE4NGE5NzhmMGU4YzJkMTgzM2UzOWNl&gdpr=0
Request Chain 502
  • https://match.prod.bidr.io/cookie-sync/svr?gdpr=0&gdpr_consent= HTTP 303
  • https://ce.lijit.com/merge?pid=85&3pid=AACqDk7DEo0AABkfKQPxKQ&gdpr=0
Request Chain 503
  • https://data.adsrvr.org/track/cmf/generic?ttd_pid=federatedmedia&gdpr=0&gdpr_consent= HTTP 302
  • https://ce.lijit.com/merge?pid=27&3pid=bef21cd7-0fed-4f87-bc0f-da97b65f7cb9&gdpr=0&gdpr_consent=
Request Chain 504
  • https://ad.turn.com/r/cs?pid=9&gdpr=0 HTTP 302
  • https://us-u.openx.net/w/1.0/sd?id=537073061&val=3101355994236352031&gdpr=0&gdpr_consent=&us_privacy=
Request Chain 505
  • https://sync-tm.everesttech.net/upi/pid/ny75r2x0?redir=https%3A%2F%2Fus-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537148856%26val%3D%24%7BTM_USER_ID%7D HTTP 302
  • https://us-u.openx.net/w/1.0/sd?id=537148856&val=YYlGtQADCzBZAQAz
Request Chain 507
  • https://match.adsrvr.org/track/cmf/openx?oxid=b22b727b-8d66-7213-d193-4a3fa9ce5a1a&gdpr=0 HTTP 302
  • https://us-u.openx.net/w/1.0/sd?id=537072971&val=bef21cd7-0fed-4f87-bc0f-da97b65f7cb9&ttd_puid=b22b727b-8d66-7213-d193-4a3fa9ce5a1a
Request Chain 509
  • https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc HTTP 302
  • https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEGqm2VVdeJoiFl1uZReuOcQ&google_cver=1
Request Chain 511
  • https://ad.turn.com/r/cs?pid=9&gdpr=0 HTTP 302
  • https://us-u.openx.net/w/1.0/sd?id=537073061&val=3101355994236352031&gdpr=0&gdpr_consent=&us_privacy=
Request Chain 512
  • https://sync-tm.everesttech.net/upi/pid/ny75r2x0?redir=https%3A%2F%2Fus-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537148856%26val%3D%24%7BTM_USER_ID%7D HTTP 302
  • https://us-u.openx.net/w/1.0/sd?id=537148856&val=YYlGtQADCzBZAQAz
Request Chain 514
  • https://match.adsrvr.org/track/cmf/openx?oxid=b22b727b-8d66-7213-d193-4a3fa9ce5a1a&gdpr=0 HTTP 302
  • https://us-u.openx.net/w/1.0/sd?id=537072971&val=bef21cd7-0fed-4f87-bc0f-da97b65f7cb9&ttd_puid=b22b727b-8d66-7213-d193-4a3fa9ce5a1a
Request Chain 516
  • https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc HTTP 302
  • https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEGqm2VVdeJoiFl1uZReuOcQ&google_cver=1
Request Chain 518
  • https://ums.acuityplatform.com/tum?umid=27&uid=f184a978f0e8c2d1833e39ce&gdpr=0&gdpr_consent= HTTP 302
  • https://ce.lijit.com/merge?pid=66&3pid=620923216780
Request Chain 519
  • https://pixel-eu.rubiconproject.com/exchange/sync.php?p=sovrn-onscroll&gdpr=0&gdpr_consent= HTTP 302
  • https://ce.lijit.com/merge?pid=83&3pid=KVQU9H03-1P-5D30&gdpr=0
Request Chain 520
  • https://sync.mathtag.com/sync/img?mt_exid=17&mt_exuid=f184a978f0e8c2d1833e39ce&redirect=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D3%263pid%3D%5BUUID%5D&gdpr=0&gdpr_consent= HTTP 302
  • https://ce.lijit.com/merge?pid=3&3pid=47ba6189-46b6-4f00-a922-0724bc220c16&gdpr=0&gdpr_consent=
Request Chain 521
  • https://bcp.crwdcntrl.net/5/c=5436/tp=SVRN/tpid=f184a978f0e8c2d1833e39ce/pv=y?https://ce.lijit.com%2Fmerge%3Fpid%3D5001%263pid%3D%24%7Bprofile_id%7D&gdpr=0&gdpr_consent= HTTP 302
  • https://ce.lijit.com/merge?pid=5001&3pid=5570d12073d005d655e3b9671c26cbf9&gdpr=0&gdpr_consent=
Request Chain 522
  • https://data.adsrvr.org/track/cmf/generic?ttd_pid=federatedmedia&gdpr=0&gdpr_consent= HTTP 302
  • https://ce.lijit.com/merge?pid=27&3pid=bef21cd7-0fed-4f87-bc0f-da97b65f7cb9&gdpr=0&gdpr_consent=
Request Chain 523
  • https://bh.contextweb.com/bh/rtset?pid=558511&ev=1&rurl=https%3A%2F%2Fce.lijit.com/merge?pid=49&3pid=%%VGUID%%&gdpr=0&gdpr_consent= HTTP 302
  • https://ce.lijit.com/merge?pid=49&3pid=H8Pc5X87Q0ue&ev=1&pid=558511&gdpr_consent=&gdpr=0
Request Chain 524
  • https://um.simpli.fi/lj_match?r=1636386486593&gdpr=0&gdpr_consent= HTTP 302
  • https://ce.lijit.com/merge?pid=2&3pid=961AF1076BCA42258C4489EC777AF824
Request Chain 525
  • https://pixel-sync.sitescout.com/dmp/pixelSync?nid=23&gdpr=0&gdpr_consent= HTTP 302
  • https://ce.lijit.com/merge?pid=16&3pid=c5a8c34f-a2af-431f-bc5a-09806d7b694f-618946b5-4341&gdpr=0&gdpr_consent=
Request Chain 526
  • https://pixel-us-east.rubiconproject.com/exchange/sync.php?p=sovrn&gdpr=0&gdpr_consent= HTTP 302
  • https://ce.lijit.com/merge?pid=80&3pid=KVQU9H03-1P-5D30&gdpr=0
Request Chain 527
  • https://match.prod.bidr.io/cookie-sync/svr?gdpr=0&gdpr_consent= HTTP 303
  • https://ce.lijit.com/merge?pid=85&3pid=AACqDk7DEo0AABkfKQPxKQ&gdpr=0
Request Chain 528
  • https://creativecdn.com/cm-notify?pi=sovrn&gdpr=0&gdpr_consent= HTTP 302
  • https://creativecdn.com/cm-notify?pi=sovrn&gdpr=0&gdpr_consent=&tc=1 HTTP 302
  • https://ce.lijit.com/merge?pid=86&3pid=tQ69bRhylMgWIwynDRVw&pi=sovrn&gdpr_consent=&gdpr=0&tc=1
Request Chain 529
  • https://x.bidswitch.net/sync?ssp=fmx&gdpr=0&gdpr_consent= HTTP 302
  • https://p.rfihub.com/cm?in=1&pub=20513&ssp=fmx HTTP 302
  • https://x.bidswitch.net/sync?dsp_id=119&user_id=978758875032371846&expires=30&ssp=fmx HTTP 302
  • https://ce.lijit.com/merge?pid=26&3pid=85c87065-7ef7-4b17-88e8-8c602c265f67
Request Chain 530
  • https://px.owneriq.net/eucm/p/sv?gdpr=0&gdpr_consent= HTTP 302
  • https://px.owneriq.net/fr/epx.gif
Request Chain 531
  • https://secure.adnxs.com/getuid?https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D12%263pid%3D%24UID&gdpr=0&gdpr_consent= HTTP 302
  • https://ce.lijit.com/merge?pid=12&3pid=6624566760367890375&gdpr=0&gdpr_consent=
Request Chain 532
  • https://aorta.clickagy.com/pixel.gif?ch=185&cm=f184a978f0e8c2d1833e39ce&redir=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D84%263pid%3D%7Bvisitor_id%7D&gdpr=0&gdpr_consent= HTTP 302
  • https://ce.lijit.com/merge?pid=84&3pid=c:78971647e6cca795f33714a1b8203b60
Request Chain 533
  • https://sync.1rx.io/usersync2/sovrn?gdpr=0&gdpr_consent= HTTP 302
  • https://ib.adnxs.com/getuid?https%3A%2F%2Fsync.1rx.io%2Fusersync3%2Fappnexus%2F2032%2F%24UID%3Fzcc%3D0%26sspret%3D1&rndcb=4115772403 HTTP 302
  • https://sync.1rx.io/usersync3/appnexus/2032/6624566760367890375?zcc=0&sspret=1&rndcb=4115772403 HTTP 302
  • https://sync.targeting.unrulymedia.com/csync/RX-af56c6db-498f-42fc-9369-e44a2dbc1924-005?redir=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D56%263pid%3DRX-af56c6db-498f-42fc-9369-e44a2dbc1924-005 HTTP 302
  • https://ce.lijit.com/merge?pid=56&3pid=RX-af56c6db-498f-42fc-9369-e44a2dbc1924-005
Request Chain 534
  • https://rtb.mfadsrvr.com/sync?ssp=sovrn&gdpr=0&gdpr_consent= HTTP 302
  • https://ce.lijit.com/merge?pid=87&3pid=26295e74-e49e-4fdb-bc3c-d6eea2adfd9f
Request Chain 536
  • https://pixel.quantserve.com/pixel/p-CXt61zNBpKUt1.gif?idmatch=0&gdpr=0&gdpr_consent= HTTP 302
  • https://ce.lijit.com/merge?pid=43&gdpr=0&gdpr_consent=&us_privacy=&3pid=rqv37KysreO1rv3trPni5Kij-Oe1qPjkr6scz64_
Request Chain 537
  • https://ap.lijit.com/dsp/google/cookiematch/beacon?gdpr=0&gdpr_consent= HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_hm=ZjE4NGE5NzhmMGU4YzJkMTgzM2UzOWNl&gdpr=0 HTTP 302
  • https://ap.lijit.com/dsp/google/reporting?gdpr=0
Request Chain 538
  • https://jadserve.postrelease.com/suid/101957?ntv_r=https://ce.lijit.com/merge?pid=90&3pid=NTV_USER_ID&gdpr=0&gdpr_consent= HTTP 302
  • https://ce.lijit.com/merge?pid=90&3pid=789d06c7-a154-4038-be75-24adf78e8e7e&gdpr=0&gdpr_consent=
Request Chain 539
  • https://ap.lijit.com/dsp/google/cookiematch/dv?gdpr=0&gdpr_consent= HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=lijit_dbm&google_hm=ZjE4NGE5NzhmMGU4YzJkMTgzM2UzOWNl&gdpr=0
Request Chain 541
  • https://p.rfihub.com/cm?in=1&pub=1827&gdpr=0&gdpr_consent= HTTP 302
  • https://ce.lijit.com/merge?pid=10&3pid=978758875032371846
Request Chain 542
  • https://sync.1rx.io/usersync2/sovrn?gdpr=0&gdpr_consent= HTTP 302
  • https://pixel-sync.sitescout.com/dmp/pixelSync?nid=110&redir=https%3A%2F%2Fsync.1rx.io%2Fusersync3%2Fcentro%2F2032%2F%7BuserId%7D%3Fzcc%3D0%26sspret%3D1&rndcb=1379673608 HTTP 302
  • https://sync.1rx.io/usersync3/centro/2032/c5a8c34f-a2af-431f-bc5a-09806d7b694f-618946b5-4341?zcc=0&sspret=1&rndcb=1379673608 HTTP 302
  • https://sync.targeting.unrulymedia.com/csync/RX-af56c6db-498f-42fc-9369-e44a2dbc1924-005?redir=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D56%263pid%3DRX-af56c6db-498f-42fc-9369-e44a2dbc1924-005 HTTP 302
  • https://ce.lijit.com/merge?pid=56&3pid=RX-af56c6db-498f-42fc-9369-e44a2dbc1924-005
Request Chain 543
  • https://pixel-sync.sitescout.com/dmp/pixelSync?nid=23&gdpr=0&gdpr_consent= HTTP 302
  • https://ce.lijit.com/merge?pid=16&3pid=c5a8c34f-a2af-431f-bc5a-09806d7b694f-618946b5-4341&gdpr=0&gdpr_consent=
Request Chain 544
  • https://ap.lijit.com/dsp/google/cookiematch/beacon?gdpr=0&gdpr_consent= HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_hm=ZjE4NGE5NzhmMGU4YzJkMTgzM2UzOWNl&gdpr=0 HTTP 302
  • https://ap.lijit.com/dsp/google/reporting?gdpr=0
Request Chain 545
  • https://p.rfihub.com/cm?in=1&pub=1827&gdpr=0&gdpr_consent= HTTP 302
  • https://ce.lijit.com/merge?pid=10&3pid=978758875032371846
Request Chain 546
  • https://um.simpli.fi/lj_match?r=1636386486588&gdpr=0&gdpr_consent= HTTP 302
  • https://ce.lijit.com/merge?pid=2&3pid=961AF1076BCA42258C4489EC777AF824
Request Chain 548
  • https://px.owneriq.net/eucm/p/sv?gdpr=0&gdpr_consent= HTTP 302
  • https://px.owneriq.net/fr/epx.gif
Request Chain 549
  • https://pixel-us-east.rubiconproject.com/exchange/sync.php?p=sovrn&gdpr=0&gdpr_consent= HTTP 302
  • https://ce.lijit.com/merge?pid=80&3pid=KVQU9H03-1P-5D30&gdpr=0
Request Chain 550
  • https://bcp.crwdcntrl.net/5/c=5436/tp=SVRN/tpid=f184a978f0e8c2d1833e39ce/pv=y?https://ce.lijit.com%2Fmerge%3Fpid%3D5001%263pid%3D%24%7Bprofile_id%7D&gdpr=0&gdpr_consent= HTTP 302
  • https://ce.lijit.com/merge?pid=5001&3pid=5570d12073d005d655e3b9671c26cbf9&gdpr=0&gdpr_consent=
Request Chain 551
  • https://aorta.clickagy.com/pixel.gif?ch=185&cm=f184a978f0e8c2d1833e39ce&redir=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D84%263pid%3D%7Bvisitor_id%7D&gdpr=0&gdpr_consent= HTTP 302
  • https://ce.lijit.com/merge?pid=84&3pid=c:78971647e6cca795f33714a1b8203b60
Request Chain 552
  • https://rtb.mfadsrvr.com/sync?ssp=sovrn&gdpr=0&gdpr_consent= HTTP 302
  • https://ce.lijit.com/merge?pid=87&3pid=26295e74-e49e-4fdb-bc3c-d6eea2adfd9f
Request Chain 553
  • https://sync.mathtag.com/sync/img?mt_exid=17&mt_exuid=f184a978f0e8c2d1833e39ce&redirect=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D3%263pid%3D%5BUUID%5D&gdpr=0&gdpr_consent= HTTP 302
  • https://ce.lijit.com/merge?pid=3&3pid=47ba6189-46b6-4f00-a922-0724bc220c16&gdpr=0&gdpr_consent=
Request Chain 554
  • https://match.prod.bidr.io/cookie-sync/svr?gdpr=0&gdpr_consent= HTTP 303
  • https://ce.lijit.com/merge?pid=85&3pid=AACqDk7DEo0AABkfKQPxKQ&gdpr=0
Request Chain 555
  • https://pixel-eu.rubiconproject.com/exchange/sync.php?p=sovrn-onscroll&gdpr=0&gdpr_consent= HTTP 302
  • https://ce.lijit.com/merge?pid=83&3pid=KVQU9H03-1P-5D30&gdpr=0
Request Chain 556
  • https://data.adsrvr.org/track/cmf/generic?ttd_pid=federatedmedia&gdpr=0&gdpr_consent= HTTP 302
  • https://ce.lijit.com/merge?pid=27&3pid=bef21cd7-0fed-4f87-bc0f-da97b65f7cb9&gdpr=0&gdpr_consent=
Request Chain 557
  • https://ums.acuityplatform.com/tum?umid=27&uid=f184a978f0e8c2d1833e39ce&gdpr=0&gdpr_consent= HTTP 302
  • https://ce.lijit.com/merge?pid=66&3pid=620923216780
Request Chain 558
  • https://creativecdn.com/cm-notify?pi=sovrn&gdpr=0&gdpr_consent= HTTP 302
  • https://ce.lijit.com/merge?pid=86&3pid=tQ69bRhylMgWIwynDRVw&pi=sovrn&gdpr_consent=&gdpr=0
Request Chain 559
  • https://jadserve.postrelease.com/suid/101957?ntv_r=https://ce.lijit.com/merge?pid=90&3pid=NTV_USER_ID&gdpr=0&gdpr_consent= HTTP 302
  • https://ce.lijit.com/merge?pid=90&3pid=789d06c7-a154-4038-be75-24adf78e8e7e&gdpr=0&gdpr_consent=
Request Chain 561
  • https://bh.contextweb.com/bh/rtset?pid=558511&ev=1&rurl=https%3A%2F%2Fce.lijit.com/merge?pid=49&3pid=%%VGUID%%&gdpr=0&gdpr_consent= HTTP 302
  • https://ce.lijit.com/merge?pid=49&3pid=H8Pc5X87Q0ue&ev=1&pid=558511&gdpr_consent=&gdpr=0
Request Chain 562
  • https://pixel.quantserve.com/pixel/p-CXt61zNBpKUt1.gif?idmatch=0&gdpr=0&gdpr_consent= HTTP 302
  • https://ce.lijit.com/merge?pid=43&gdpr=0&gdpr_consent=&us_privacy=&3pid=rqv37KysreO1rv3trPni5Kij-Oe1qPjkr6scz64_
Request Chain 563
  • https://ap.lijit.com/dsp/google/cookiematch/dv?gdpr=0&gdpr_consent= HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=lijit_dbm&google_hm=ZjE4NGE5NzhmMGU4YzJkMTgzM2UzOWNl&gdpr=0
Request Chain 564
  • https://secure.adnxs.com/getuid?https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D12%263pid%3D%24UID&gdpr=0&gdpr_consent= HTTP 302
  • https://ce.lijit.com/merge?pid=12&3pid=6624566760367890375&gdpr=0&gdpr_consent=
Request Chain 565
  • https://x.bidswitch.net/sync?ssp=fmx&gdpr=0&gdpr_consent= HTTP 302
  • https://rtb.mfadsrvr.com/sync?ssp=bidswitch&bidswitch_ssp_id=fmx&bsw_user_id=85c87065-7ef7-4b17-88e8-8c602c265f67 HTTP 302
  • https://x.bidswitch.net/sync?dsp_id=250&expires=14&user_id=26295e74-e49e-4fdb-bc3c-d6eea2adfd9f&ssp=fmx HTTP 302
  • https://ce.lijit.com/merge?pid=26&3pid=85c87065-7ef7-4b17-88e8-8c602c265f67
Request Chain 569
  • https://d.turn.com/r/dd/id/L21rdC8xMjcvY2lkLzI4NTUyOTczL3QvMg/url/https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D1%263pid%3D%24!%7BTURN_UUID%7D&gdpr=0&gdpr_consent= HTTP 302
  • https://ce.lijit.com/merge?pid=1&3pid=3101355994236352031&gdpr=0&gdpr_consent=
Request Chain 578
  • https://d.turn.com/r/dd/id/L21rdC8xMjcvY2lkLzI4NTUyOTczL3QvMg/url/https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D1%263pid%3D%24!%7BTURN_UUID%7D&gdpr=0&gdpr_consent= HTTP 302
  • https://ce.lijit.com/merge?pid=1&3pid=3101355994236352031&gdpr=0&gdpr_consent=
Request Chain 581
  • https://d.turn.com/r/dd/id/L21rdC8xMjcvY2lkLzI4NTUyOTczL3QvMg/url/https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D1%263pid%3D%24!%7BTURN_UUID%7D&gdpr=0&gdpr_consent= HTTP 302
  • https://ce.lijit.com/merge?pid=1&3pid=3101355994236352031&gdpr=0&gdpr_consent=
Request Chain 587
  • https://p.rfihub.com/cm?pub=19967&in=1&forward=https%3A%2F%2Fcontextual.media.net%2Fcksync.html%3Fcs%3D8%26vsid%3D2793880847394129000V10%26type%3Drkt%26refUrl%3D%26vid%3D63864872712793880847394129000V10%26ovsid%3D%7Buserid%7D HTTP 302
  • https://contextual.media.net/cksync.html?cs=8&vsid=2793880847394129000V10&type=rkt&refUrl=&vid=63864872712793880847394129000V10&ovsid=978758875032371846
Request Chain 589
  • https://sync.go.sonobi.com/us?https://contextual.media.net/cksync.php?cs=8&vsid=2793880847394129000V10&type=son&refUrl=&vid=63864872712793880847394129000V10&ovsid=[UID] HTTP 302
  • https://contextual.media.net/cksync.php?cs=8&vsid=2793880847394129000V10&type=son&refUrl=&vid=63864872712793880847394129000V10&ovsid=f3bb0ca7-bd05-4942-8f6c-d6a9657e2b3f
Request Chain 590
  • https://sync.1rx.io/usersync2/rmp1r1?sub=medianet&redir=https%3A%2F%2Fcontextual.media.net%2Fcksync.php%3Fcs%3D8%26vsid%3D2793880847394129000V10%26type%3Dr1%26refUrl%3D%26vid%3D63864872712793880847394129000V10%26ovsid%3D%5BRX_UUID%5D HTTP 302
  • https://pixel-sync.sitescout.com/dmp/pixelSync?nid=110&redir=https%3A%2F%2Fsync.1rx.io%2Fusersync3%2Fcentro%2F2057.4%2F%7BuserId%7D%3Fzcc%3D0%26sspret%3D1&rndcb=8932081801 HTTP 302
  • https://sync.1rx.io/usersync3/centro/2057.4/c5a8c34f-a2af-431f-bc5a-09806d7b694f-618946b5-4341?zcc=0&sspret=1&rndcb=8932081801
Request Chain 591
  • https://cm.g.doubleclick.net/pixel?cs=8&google_nid=media&google_cm=1&google_hm=Mjc5Mzg4MDg0NzM5NDEyOTAwMFYxMA%3D%3D&google_sc=1 HTTP 302
  • https://cs.media.net/cksync?type=g&cs=8&google_gid=CAESEBzLc6tc-k1Nt0oO8k_EncU&google_cver=1
Request Chain 592
  • https://pm.w55c.net/ping_match.gif?ei=MEDIANET&rurl=https%3A%2F%2Fcontextual.media.net%2Fcksync.php%3Fcs%3D8%26vsid%3D2793880847394129000V10%26type%3Ddxu%26refUrl%3D%26vid%3D63864872712793880847394129000V10%26ovsid%3D_wfivefivec_ HTTP 302
  • https://contextual.media.net/cksync.php?cs=8&vsid=2793880847394129000V10&type=dxu&refUrl=&vid=63864872712793880847394129000V10&ovsid=XuW5Oh981MK6Sp5
Request Chain 593
  • https://dis.criteo.com/dis/usersync.aspx?r=115&p=259&cp=medianet&cu=1&url=https%3A%2F%2Fcontextual.media.net%2Fcksync.php%3Fcs%3D1%26type%3Dcrt%26ovsid%3D%40%40CRITEO_USERID%40%40 HTTP 302
  • https://contextual.media.net/cksync.php?cs=1&type=crt&ovsid=5cba545f-43f7-4e60-9846-afe9aa88eb6c
Request Chain 594
  • https://x.bidswitch.net/sync?ssp=medianet&gdpr=0&gdpr_consent=&gdpr_pd=1 HTTP 302
  • https://rtb.mfadsrvr.com/sync?ssp=bidswitch&bidswitch_ssp_id=medianet&bsw_user_id=85c87065-7ef7-4b17-88e8-8c602c265f67 HTTP 302
  • https://x.bidswitch.net/sync?dsp_id=250&expires=14&user_id=26295e74-e49e-4fdb-bc3c-d6eea2adfd9f&ssp=medianet HTTP 302
  • https://contextual.media.net/cksync.php?cs=1&type=bs&ovsid=85c87065-7ef7-4b17-88e8-8c602c265f67&gdpr=&gdpr_consent=&gdpr_pd=
Request Chain 595
  • https://b1sync.zemanta.com/usersync/medianet/?cb=https%3A%2F%2Fcontextual.media.net%2Fcksync.php%3Fcs%3D8%26vsid%3D2793880847394129000V10%26type%3Dzem%26refUrl%3D%26vid%3D63864872712793880847394129000V10%26ovsid%3D__ZUID__ HTTP 302
  • https://stags.bluekai.com/site/23178?id=Gh7yPYuPo3KShf4_DFqa&redir=https%3A%2F%2Fb1sync.zemanta.com%2Fusersync%2Fbluekai%2Fcallback%2F%3Fd%3DNB2HI4DTHIXS6Y3PNZ2GK6DUOVQWYLTNMVSGSYJONZSXIL3DNNZXS3TDFZYGQ4B7MNZT2OBGMV4GG2DBNZTWKPLNMVSGSYLOMV2CM33WONUWIPKHNA3XSUCZOVIG6M2LKNUGMNC7IRDHCYJGOJSWMVLSNQ6SM5DZOBST26TFNUTHM2LEHU3DGOBWGQ4DOMRXGEZDOOJTHA4DAOBUG4ZTSNBRGI4TAMBQKYYTAJTWONUWIPJSG44TGOBYGA4DINZTHE2DCMRZGAYDAVRRGA HTTP 302
  • https://b1sync.zemanta.com/usersync/bluekai/callback/?d=NB2HI4DTHIXS6Y3PNZ2GK6DUOVQWYLTNMVSGSYJONZSXIL3DNNZXS3TDFZYGQ4B7MNZT2OBGMV4GG2DBNZTWKPLNMVSGSYLOMV2CM33WONUWIPKHNA3XSUCZOVIG6M2LKNUGMNC7IRDHCYJGOJSWMVLSNQ6SM5DZOBST26TFNUTHM2LEHU3DGOBWGQ4DOMRXGEZDOOJTHA4DAOBUG4ZTSNBRGI4TAMBQKYYTAJTWONUWIPJSG44TGOBYGA4DINZTHE2DCMRZGAYDAVRRGA HTTP 302
  • https://contextual.media.net/cksync.php?cs=8&ovsid=Gh7yPYuPo3KShf4_DFqa&refUrl=&type=zem&vid=63864872712793880847394129000V10&vsid=2793880847394129000V10
Request Chain 596
  • https://rtb.mfadsrvr.com/sync?ssp=medianet&ssp_user_id=2793880847394129000V10 HTTP 302
  • https://contextual.media.net/cksync.php?type=mf&ovsid=26295e74-e49e-4fdb-bc3c-d6eea2adfd9f&cs=1
Request Chain 597
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=8m33zk4&ttd_tpi=1 HTTP 302
  • https://cs.media.net/cksync?cs=1&type=ttd&ovsid=bef21cd7-0fed-4f87-bc0f-da97b65f7cb9
Request Chain 598
  • https://ad.turn.com/r/cs?pid=59&redir=https%3A%2F%2Fcontextual.media.net%2Fcksync.php%3Fcs%3D8%26vsid%3D2793880847394129000V10%26type%3Damb%26refUrl%3D%26vid%3D63864872712793880847394129000V10%26ovsid%3D%23USER_ID%23 HTTP 302
  • https://contextual.media.net/cksync.php?cs=8&vsid=2793880847394129000V10&type=amb&refUrl=&vid=63864872712793880847394129000V10&ovsid=3101355994236352031
Request Chain 600
  • https://cm.g.doubleclick.net/pixel?cs=8&google_nid=media&google_cm=1&google_hm=Mjc5Mzg4MDg0NzM5NDEyOTAwMFYxMA%3D%3D&google_sc=1 HTTP 302
  • https://cs.media.net/cksync?type=g&cs=8&google_gid=CAESEBzLc6tc-k1Nt0oO8k_EncU&google_cver=1
Request Chain 601
  • https://p.rfihub.com/cm?pub=19967&in=1&forward=https%3A%2F%2Fcontextual.media.net%2Fcksync.html%3Fcs%3D8%26vsid%3D2793880847394129000V10%26type%3Drkt%26refUrl%3D%26vid%3D63864873462793880847394129000V10%26ovsid%3D%7Buserid%7D HTTP 302
  • https://contextual.media.net/cksync.html?cs=8&vsid=2793880847394129000V10&type=rkt&refUrl=&vid=63864873462793880847394129000V10&ovsid=978758875032371846
Request Chain 602
  • https://dis.criteo.com/dis/usersync.aspx?r=115&p=259&cp=medianet&cu=1&url=https%3A%2F%2Fcontextual.media.net%2Fcksync.php%3Fcs%3D1%26type%3Dcrt%26ovsid%3D%40%40CRITEO_USERID%40%40 HTTP 302
  • https://contextual.media.net/cksync.php?cs=1&type=crt&ovsid=551ef6f7-5dc1-4e5f-9bfd-d061d6f90f5b
Request Chain 603
  • https://x.bidswitch.net/sync?ssp=medianet&gdpr=0&gdpr_consent=&gdpr_pd=1 HTTP 302
  • https://pr-bh.ybp.yahoo.com/sync/iponweb?bidswitch_ssp_id=medianet&ssp_user_id=85c87065-7ef7-4b17-88e8-8c602c265f67 HTTP 302
  • https://x.bidswitch.net/sync?dsp_id=74&&user_id=171118614&expires=5&ssp=medianet HTTP 302
  • https://contextual.media.net/cksync.php?cs=1&type=bs&ovsid=85c87065-7ef7-4b17-88e8-8c602c265f67&gdpr=&gdpr_consent=&gdpr_pd=
Request Chain 604
  • https://rtb.mfadsrvr.com/sync?ssp=medianet&ssp_user_id=2793880847394129000V10 HTTP 302
  • https://contextual.media.net/cksync.php?type=mf&ovsid=26295e74-e49e-4fdb-bc3c-d6eea2adfd9f&cs=1
Request Chain 605
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=8m33zk4&ttd_tpi=1 HTTP 302
  • https://cs.media.net/cksync?cs=1&type=ttd&ovsid=bef21cd7-0fed-4f87-bc0f-da97b65f7cb9
Request Chain 607
  • https://sync.go.sonobi.com/us?https://contextual.media.net/cksync.php?cs=8&vsid=2793880847394129000V10&type=son&refUrl=&vid=63864873462793880847394129000V10&ovsid=[UID] HTTP 302
  • https://contextual.media.net/cksync.php?cs=8&vsid=2793880847394129000V10&type=son&refUrl=&vid=63864873462793880847394129000V10&ovsid=f3bb0ca7-bd05-4942-8f6c-d6a9657e2b3f
Request Chain 608
  • https://sync.1rx.io/usersync2/rmp1r1?sub=medianet&redir=https%3A%2F%2Fcontextual.media.net%2Fcksync.php%3Fcs%3D8%26vsid%3D2793880847394129000V10%26type%3Dr1%26refUrl%3D%26vid%3D63864873462793880847394129000V10%26ovsid%3D%5BRX_UUID%5D HTTP 302
  • https://pixel-sync.sitescout.com/dmp/pixelSync?nid=110&redir=https%3A%2F%2Fsync.1rx.io%2Fusersync3%2Fcentro%2F2057.4%2F%7BuserId%7D%3Fzcc%3D0%26sspret%3D1&rndcb=7124866955 HTTP 302
  • https://sync.1rx.io/usersync3/centro/2057.4/c5a8c34f-a2af-431f-bc5a-09806d7b694f-618946b5-4341?zcc=0&sspret=1&rndcb=7124866955
Request Chain 609
  • https://pm.w55c.net/ping_match.gif?ei=MEDIANET&rurl=https%3A%2F%2Fcontextual.media.net%2Fcksync.php%3Fcs%3D8%26vsid%3D2793880847394129000V10%26type%3Ddxu%26refUrl%3D%26vid%3D63864873462793880847394129000V10%26ovsid%3D_wfivefivec_ HTTP 302
  • https://contextual.media.net/cksync.php?cs=8&vsid=2793880847394129000V10&type=dxu&refUrl=&vid=63864873462793880847394129000V10&ovsid=XuW5Oh981MK6Sp5
Request Chain 610
  • https://b1sync.zemanta.com/usersync/medianet/?cb=https%3A%2F%2Fcontextual.media.net%2Fcksync.php%3Fcs%3D8%26vsid%3D2793880847394129000V10%26type%3Dzem%26refUrl%3D%26vid%3D63864873462793880847394129000V10%26ovsid%3D__ZUID__ HTTP 302
  • https://stags.bluekai.com/site/23178?id=dc0acWdifNMAKMlxx4lt&redir=https%3A%2F%2Fb1sync.zemanta.com%2Fusersync%2Fbluekai%2Fcallback%2F%3Fd%3DNB2HI4DTHIXS6Y3PNZ2GK6DUOVQWYLTNMVSGSYJONZSXIL3DNNZXS3TDFZYGQ4B7MNZT2OBGMV4GG2DBNZTWKPLNMVSGSYLOMV2CM33WONUWIPLEMMYGCY2XMRUWMTSNIFFU23DYPA2GY5BGOJSWMVLSNQ6SM5DZOBST26TFNUTHM2LEHU3DGOBWGQ4DOMZUGYZDOOJTHA4DAOBUG4ZTSNBRGI4TAMBQKYYTAJTWONUWIPJSG44TGOBYGA4DINZTHE2DCMRZGAYDAVRRGA HTTP 302
  • https://b1sync.zemanta.com/usersync/bluekai/callback/?d=NB2HI4DTHIXS6Y3PNZ2GK6DUOVQWYLTNMVSGSYJONZSXIL3DNNZXS3TDFZYGQ4B7MNZT2OBGMV4GG2DBNZTWKPLNMVSGSYLOMV2CM33WONUWIPLEMMYGCY2XMRUWMTSNIFFU23DYPA2GY5BGOJSWMVLSNQ6SM5DZOBST26TFNUTHM2LEHU3DGOBWGQ4DOMZUGYZDOOJTHA4DAOBUG4ZTSNBRGI4TAMBQKYYTAJTWONUWIPJSG44TGOBYGA4DINZTHE2DCMRZGAYDAVRRGA HTTP 302
  • https://contextual.media.net/cksync.php?cs=8&ovsid=dc0acWdifNMAKMlxx4lt&refUrl=&type=zem&vid=63864873462793880847394129000V10&vsid=2793880847394129000V10
Request Chain 611
  • https://ad.turn.com/r/cs?pid=59&redir=https%3A%2F%2Fcontextual.media.net%2Fcksync.php%3Fcs%3D8%26vsid%3D2793880847394129000V10%26type%3Damb%26refUrl%3D%26vid%3D63864873462793880847394129000V10%26ovsid%3D%23USER_ID%23 HTTP 302
  • https://contextual.media.net/cksync.php?cs=8&vsid=2793880847394129000V10&type=amb&refUrl=&vid=63864873462793880847394129000V10&ovsid=3101355994236352031
Request Chain 613
  • https://cm.g.doubleclick.net/pixel?cs=8&google_nid=media&google_cm=1&google_hm=Mjc5Mzg4MDg0NzM5NDEyOTAwMFYxMA%3D%3D&google_sc=1 HTTP 302
  • https://cs.media.net/cksync?type=g&cs=8&google_gid=CAESEBzLc6tc-k1Nt0oO8k_EncU&google_cver=1
Request Chain 614
  • https://p.rfihub.com/cm?pub=19967&in=1&forward=https%3A%2F%2Fcontextual.media.net%2Fcksync.html%3Fcs%3D8%26vsid%3D2793880847394129000V10%26type%3Drkt%26refUrl%3D%26vid%3D63864873782793880847394129000V10%26ovsid%3D%7Buserid%7D HTTP 302
  • https://contextual.media.net/cksync.html?cs=8&vsid=2793880847394129000V10&type=rkt&refUrl=&vid=63864873782793880847394129000V10&ovsid=978758875032371846
Request Chain 615
  • https://dis.criteo.com/dis/usersync.aspx?r=115&p=259&cp=medianet&cu=1&url=https%3A%2F%2Fcontextual.media.net%2Fcksync.php%3Fcs%3D1%26type%3Dcrt%26ovsid%3D%40%40CRITEO_USERID%40%40 HTTP 302
  • https://contextual.media.net/cksync.php?cs=1&type=crt&ovsid=5cba545f-43f7-4e60-9846-afe9aa88eb6c
Request Chain 616
  • https://x.bidswitch.net/sync?ssp=medianet&gdpr=0&gdpr_consent=&gdpr_pd=1 HTTP 302
  • https://ads.betweendigital.com/match?bidder_id=43092&callback_url=https%3A%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D429%26user_id%3D%24%7BUSER_ID%7D%26ssp%3Dmedianet%26expires%3D30%26user_group%3D%24%7BUSER_GROUP%7D HTTP 302
  • https://ads.betweendigital.com/match?bidder_id=43092&callback_url=https%3A%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D429%26user_id%3D%24%7BUSER_ID%7D%26ssp%3Dmedianet%26expires%3D30%26user_group%3D%24%7BUSER_GROUP%7D&crf=1 HTTP 302
  • https://x.bidswitch.net/sync?dsp_id=429&user_id=fb460195-fc0b-5338-9e17-7d70ff9e3bc7&ssp=medianet&expires=30&user_group=1 HTTP 302
  • https://contextual.media.net/cksync.php?cs=1&type=bs&ovsid=85c87065-7ef7-4b17-88e8-8c602c265f67&gdpr=&gdpr_consent=&gdpr_pd=
Request Chain 617
  • https://rtb.mfadsrvr.com/sync?ssp=medianet&ssp_user_id=2793880847394129000V10 HTTP 302
  • https://contextual.media.net/cksync.php?type=mf&ovsid=26295e74-e49e-4fdb-bc3c-d6eea2adfd9f&cs=1
Request Chain 618
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=8m33zk4&ttd_tpi=1 HTTP 302
  • https://cs.media.net/cksync?cs=1&type=ttd&ovsid=bef21cd7-0fed-4f87-bc0f-da97b65f7cb9
Request Chain 620
  • https://sync.go.sonobi.com/us?https://contextual.media.net/cksync.php?cs=8&vsid=2793880847394129000V10&type=son&refUrl=&vid=63864873782793880847394129000V10&ovsid=[UID] HTTP 302
  • https://contextual.media.net/cksync.php?cs=8&vsid=2793880847394129000V10&type=son&refUrl=&vid=63864873782793880847394129000V10&ovsid=f3bb0ca7-bd05-4942-8f6c-d6a9657e2b3f
Request Chain 621
  • https://sync.1rx.io/usersync2/rmp1r1?sub=medianet&redir=https%3A%2F%2Fcontextual.media.net%2Fcksync.php%3Fcs%3D8%26vsid%3D2793880847394129000V10%26type%3Dr1%26refUrl%3D%26vid%3D63864873782793880847394129000V10%26ovsid%3D%5BRX_UUID%5D HTTP 302
  • https://pixel-sync.sitescout.com/dmp/pixelSync?nid=110&redir=https%3A%2F%2Fsync.1rx.io%2Fusersync3%2Fcentro%2F2057.4%2F%7BuserId%7D%3Fzcc%3D0%26sspret%3D1&rndcb=4503809472 HTTP 302
  • https://sync.1rx.io/usersync3/centro/2057.4/c5a8c34f-a2af-431f-bc5a-09806d7b694f-618946b5-4341?zcc=0&sspret=1&rndcb=4503809472
Request Chain 622
  • https://pm.w55c.net/ping_match.gif?ei=MEDIANET&rurl=https%3A%2F%2Fcontextual.media.net%2Fcksync.php%3Fcs%3D8%26vsid%3D2793880847394129000V10%26type%3Ddxu%26refUrl%3D%26vid%3D63864873782793880847394129000V10%26ovsid%3D_wfivefivec_ HTTP 302
  • https://contextual.media.net/cksync.php?cs=8&vsid=2793880847394129000V10&type=dxu&refUrl=&vid=63864873782793880847394129000V10&ovsid=XuW5Oh981MK6Sp5
Request Chain 623
  • https://b1sync.zemanta.com/usersync/medianet/?cb=https%3A%2F%2Fcontextual.media.net%2Fcksync.php%3Fcs%3D8%26vsid%3D2793880847394129000V10%26type%3Dzem%26refUrl%3D%26vid%3D63864873782793880847394129000V10%26ovsid%3D__ZUID__ HTTP 302
  • https://stags.bluekai.com/site/23178?id=CP1QBpRX3UdIKYUVX-Qx&redir=https%3A%2F%2Fb1sync.zemanta.com%2Fusersync%2Fbluekai%2Fcallback%2F%3Fd%3DNB2HI4DTHIXS6Y3PNZ2GK6DUOVQWYLTNMVSGSYJONZSXIL3DNNZXS3TDFZYGQ4B7MNZT2OBGMV4GG2DBNZTWKPLNMVSGSYLOMV2CM33WONUWIPKDKAYVCQTQKJMDGVLEJFFVSVKWLAWVC6BGOJSWMVLSNQ6SM5DZOBST26TFNUTHM2LEHU3DGOBWGQ4DOMZXHAZDOOJTHA4DAOBUG4ZTSNBRGI4TAMBQKYYTAJTWONUWIPJSG44TGOBYGA4DINZTHE2DCMRZGAYDAVRRGA HTTP 302
  • https://b1sync.zemanta.com/usersync/bluekai/callback/?d=NB2HI4DTHIXS6Y3PNZ2GK6DUOVQWYLTNMVSGSYJONZSXIL3DNNZXS3TDFZYGQ4B7MNZT2OBGMV4GG2DBNZTWKPLNMVSGSYLOMV2CM33WONUWIPKDKAYVCQTQKJMDGVLEJFFVSVKWLAWVC6BGOJSWMVLSNQ6SM5DZOBST26TFNUTHM2LEHU3DGOBWGQ4DOMZXHAZDOOJTHA4DAOBUG4ZTSNBRGI4TAMBQKYYTAJTWONUWIPJSG44TGOBYGA4DINZTHE2DCMRZGAYDAVRRGA HTTP 302
  • https://contextual.media.net/cksync.php?cs=8&ovsid=CP1QBpRX3UdIKYUVX-Qx&refUrl=&type=zem&vid=63864873782793880847394129000V10&vsid=2793880847394129000V10
Request Chain 624
  • https://ad.turn.com/r/cs?pid=59&redir=https%3A%2F%2Fcontextual.media.net%2Fcksync.php%3Fcs%3D8%26vsid%3D2793880847394129000V10%26type%3Damb%26refUrl%3D%26vid%3D63864873782793880847394129000V10%26ovsid%3D%23USER_ID%23 HTTP 302
  • https://contextual.media.net/cksync.php?cs=8&vsid=2793880847394129000V10&type=amb&refUrl=&vid=63864873782793880847394129000V10&ovsid=3101355994236352031
Request Chain 626
  • https://cm.g.doubleclick.net/pixel?cs=8&google_nid=media&google_cm=1&google_hm=Mjc5Mzg4MDg0NzM5NDEyOTAwMFYxMA%3D%3D&google_sc=1 HTTP 302
  • https://cs.media.net/cksync?type=g&cs=8&google_gid=CAESEBzLc6tc-k1Nt0oO8k_EncU&google_cver=1
Request Chain 627
  • https://dis.criteo.com/dis/usersync.aspx?r=115&p=259&cp=medianet&cu=1&url=https%3A%2F%2Fcontextual.media.net%2Fcksync.php%3Fcs%3D1%26type%3Dcrt%26ovsid%3D%40%40CRITEO_USERID%40%40 HTTP 302
  • https://contextual.media.net/cksync.php?cs=1&type=crt&ovsid=551ef6f7-5dc1-4e5f-9bfd-d061d6f90f5b
Request Chain 628
  • https://x.bidswitch.net/sync?ssp=medianet&gdpr=0&gdpr_consent=&gdpr_pd=1 HTTP 302
  • https://sync.mathtag.com/sync/img?mt_exid=46&redir=%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D80%26user_id%3D%5BUUID%5D%26expires%3D30%26ssp%3Dmedianet%26bsw_param%3D85c87065-7ef7-4b17-88e8-8c602c265f67&gdpr=0&gdpr_consent= HTTP 302
  • https://x.bidswitch.net/sync?dsp_id=80&user_id=47ba6189-46b6-4f00-a922-0724bc220c16&expires=30&ssp=medianet&bsw_param=85c87065-7ef7-4b17-88e8-8c602c265f67&gdpr=0&gdpr_consent= HTTP 302
  • https://contextual.media.net/cksync.php?cs=1&type=bs&ovsid=85c87065-7ef7-4b17-88e8-8c602c265f67&gdpr=0&gdpr_consent=&gdpr_pd=
Request Chain 629
  • https://rtb.mfadsrvr.com/sync?ssp=medianet&ssp_user_id=2793880847394129000V10 HTTP 302
  • https://contextual.media.net/cksync.php?type=mf&ovsid=26295e74-e49e-4fdb-bc3c-d6eea2adfd9f&cs=1
Request Chain 630
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=8m33zk4&ttd_tpi=1 HTTP 302
  • https://cs.media.net/cksync?cs=1&type=ttd&ovsid=bef21cd7-0fed-4f87-bc0f-da97b65f7cb9
Request Chain 632
  • https://sync.go.sonobi.com/us?https://contextual.media.net/cksync.php?cs=8&vsid=2793880847394129000V10&type=son&refUrl=&vid=63864874192793880847394129000V10&ovsid=[UID] HTTP 302
  • https://contextual.media.net/cksync.php?cs=8&vsid=2793880847394129000V10&type=son&refUrl=&vid=63864874192793880847394129000V10&ovsid=f3bb0ca7-bd05-4942-8f6c-d6a9657e2b3f
Request Chain 633
  • https://sync.1rx.io/usersync2/rmp1r1?sub=medianet&redir=https%3A%2F%2Fcontextual.media.net%2Fcksync.php%3Fcs%3D8%26vsid%3D2793880847394129000V10%26type%3Dr1%26refUrl%3D%26vid%3D63864874192793880847394129000V10%26ovsid%3D%5BRX_UUID%5D HTTP 302
  • https://pixel-sync.sitescout.com/dmp/pixelSync?nid=110&redir=https%3A%2F%2Fsync.1rx.io%2Fusersync3%2Fcentro%2F2057.4%2F%7BuserId%7D%3Fzcc%3D0%26sspret%3D1&rndcb=2044825393 HTTP 302
  • https://sync.1rx.io/usersync3/centro/2057.4/c5a8c34f-a2af-431f-bc5a-09806d7b694f-618946b5-4341?zcc=0&sspret=1&rndcb=2044825393
Request Chain 634
  • https://pm.w55c.net/ping_match.gif?ei=MEDIANET&rurl=https%3A%2F%2Fcontextual.media.net%2Fcksync.php%3Fcs%3D8%26vsid%3D2793880847394129000V10%26type%3Ddxu%26refUrl%3D%26vid%3D63864874192793880847394129000V10%26ovsid%3D_wfivefivec_ HTTP 302
  • https://contextual.media.net/cksync.php?cs=8&vsid=2793880847394129000V10&type=dxu&refUrl=&vid=63864874192793880847394129000V10&ovsid=XuW5Oh981MK6Sp5
Request Chain 635
  • https://b1sync.zemanta.com/usersync/medianet/?cb=https%3A%2F%2Fcontextual.media.net%2Fcksync.php%3Fcs%3D8%26vsid%3D2793880847394129000V10%26type%3Dzem%26refUrl%3D%26vid%3D63864874192793880847394129000V10%26ovsid%3D__ZUID__ HTTP 302
  • https://stags.bluekai.com/site/23178?id=P5m7GJPyKk1ysTdwS0Ap&redir=https%3A%2F%2Fb1sync.zemanta.com%2Fusersync%2Fbluekai%2Fcallback%2F%3Fd%3DNB2HI4DTHIXS6Y3PNZ2GK6DUOVQWYLTNMVSGSYJONZSXIL3DNNZXS3TDFZYGQ4B7MNZT2OBGMV4GG2DBNZTWKPLNMVSGSYLOMV2CM33WONUWIPKQGVWTOR2KKB4UW2ZRPFZVIZDXKMYEC4BGOJSWMVLSNQ6SM5DZOBST26TFNUTHM2LEHU3DGOBWGQ4DONBRHEZDOOJTHA4DAOBUG4ZTSNBRGI4TAMBQKYYTAJTWONUWIPJSG44TGOBYGA4DINZTHE2DCMRZGAYDAVRRGA HTTP 302
  • https://b1sync.zemanta.com/usersync/bluekai/callback/?d=NB2HI4DTHIXS6Y3PNZ2GK6DUOVQWYLTNMVSGSYJONZSXIL3DNNZXS3TDFZYGQ4B7MNZT2OBGMV4GG2DBNZTWKPLNMVSGSYLOMV2CM33WONUWIPKQGVWTOR2KKB4UW2ZRPFZVIZDXKMYEC4BGOJSWMVLSNQ6SM5DZOBST26TFNUTHM2LEHU3DGOBWGQ4DONBRHEZDOOJTHA4DAOBUG4ZTSNBRGI4TAMBQKYYTAJTWONUWIPJSG44TGOBYGA4DINZTHE2DCMRZGAYDAVRRGA HTTP 302
  • https://contextual.media.net/cksync.php?cs=8&ovsid=P5m7GJPyKk1ysTdwS0Ap&refUrl=&type=zem&vid=63864874192793880847394129000V10&vsid=2793880847394129000V10
Request Chain 636
  • https://ad.turn.com/r/cs?pid=59&redir=https%3A%2F%2Fcontextual.media.net%2Fcksync.php%3Fcs%3D8%26vsid%3D2793880847394129000V10%26type%3Damb%26refUrl%3D%26vid%3D63864874192793880847394129000V10%26ovsid%3D%23USER_ID%23 HTTP 302
  • https://contextual.media.net/cksync.php?cs=8&vsid=2793880847394129000V10&type=amb&refUrl=&vid=63864874192793880847394129000V10&ovsid=3101355994236352031
Request Chain 647
  • https://pixel-sync.sitescout.com/dmp/pixelSync?nid=4&gdpr=0 HTTP 302
  • https://us-u.openx.net/w/1.0/sd?id=537072977&val=c5a8c34f-a2af-431f-bc5a-09806d7b694f-618946b5-4341&gdpr=0&gdpr_consent=
Request Chain 649
  • https://us-u.openx.net/w/1.0/cm?id=9e0a35ea-c8e3-4b1b-9efa-4af6f54a373e&r=https://pixel.advertising.com/ups/58294/sync?_origin=1&uid={OPENX_ID} HTTP 302
  • https://pixel.advertising.com/ups/58294/sync?_origin=1&uid=9ceff1f2-550c-485a-82b4-8b353e6dae73 HTTP 302
  • https://ups.analytics.yahoo.com/ups/58294/sync?_origin=1&uid=9ceff1f2-550c-485a-82b4-8b353e6dae73&apid=UP44b8ce41-40ab-11ec-bb7b-02c4b955a223
Request Chain 650
  • https://us-u.openx.net/w/1.0/cm?id=e508c905-ddce-4732-92a4-0b0f5b72a28f&r=https%3A%2F%2Fid.rlcdn.com%2F464246.gif%3Fpartner_uid%3D HTTP 302
  • https://id.rlcdn.com/464246.gif?partner_uid=e7ed0d1d-4021-4473-8eea-cacc90553bc2 HTTP 307
  • https://pippio.com/api/sync?pid=5324&it=1&iv=769dafaf4b42a5209f3ca325287365d05df3d17b41b63da5df0e5684efd6e152791426b5417dce21&_=2 HTTP 307
  • https://p.adsymptotic.com/d/px?_pid=13553&_psign=9e62e5c043ecadc9479a0ccac401dd7d HTTP 302
  • https://p.adsymptotic.com/d/px?_pid=13553&_psign=9e62e5c043ecadc9479a0ccac401dd7d&_expected_cookie=6e89d44063c9dc34ed7aea95b573c19c
Request Chain 651
  • https://ib.adnxs.com/getuid?https://us-u.openx.net/w/1.0/sd?id=537072399&val=$UID HTTP 302
  • https://us-u.openx.net/w/1.0/sd?id=537072399&val=6624566760367890375
Request Chain 653
  • https://secure.adnxs.com/getuid?https://rtb.gumgum.com/usersync?b=apn&i=$UID HTTP 302
  • https://rtb.gumgum.com/usersync?b=apn&i=6624566760367890375
Request Chain 654
  • https://x.bidswitch.net/sync?ssp=gumgum2&user_id=u_d4d7bffb-5e3e-4ba9-9b01-d2554f1b5306&gdpr=0&gdpr_consent=&us_privacy= HTTP 302
  • https://c1.adform.net/serving/cookie/match/?party=24&bidswitch_ssp_id=gumgum2 HTTP 302
  • https://x.bidswitch.net/sync?dsp_id=70&user_id=4632481810353762187&ssp=gumgum2 HTTP 302
  • https://rtb.gumgum.com/usersync?b=bsw&i=85c87065-7ef7-4b17-88e8-8c602c265f67
Request Chain 655
  • https://sync.srv.stackadapt.com/sync?nid=1&gdpr=0&gdpr_consent= HTTP 302
  • https://rtb.gumgum.com/usersync?b=sta&i=0-8544da17-d2de-436c-4d9b-fd7d43708f80$ip$37.120.205.149
Request Chain 656
  • https://b1sync.zemanta.com/usersync/gumgum/?puid=u_d4d7bffb-5e3e-4ba9-9b01-d2554f1b5306&gdpr=0&gdpr_consent=&us_privacy= HTTP 302
  • https://stags.bluekai.com/site/23178?id=P5m7GJPyKk1ysTdwS0Ap&redir=https%3A%2F%2Fb1sync.zemanta.com%2Fusersync%2Fbluekai%2Fcallback%2F%3Fd%3DNB2HI4DTHIXS64TUMIXGO5LNM52W2LTDN5WS65LTMVZHG6LOMM7WEPL2MVWSMZLYMNUGC3THMU6WO5LNM52W2JTHMRYHEPJQEZUT2UBVNU3UOSSQPFFWWMLZONKGI52TGBAXA&gdpr=0 HTTP 302
  • https://b1sync.zemanta.com/usersync/bluekai/callback/?d=NB2HI4DTHIXS64TUMIXGO5LNM52W2LTDN5WS65LTMVZHG6LOMM7WEPL2MVWSMZLYMNUGC3THMU6WO5LNM52W2JTHMRYHEPJQEZUT2UBVNU3UOSSQPFFWWMLZONKGI52TGBAXA HTTP 302
  • https://rtb.gumgum.com/usersync?b=zem&gdpr=0&i=P5m7GJPyKk1ysTdwS0Ap
Request Chain 657
  • https://sync.1rx.io/usersync2/floor6&gdpr=0&gdpr_consent= HTTP 302
  • https://ib.adnxs.com/getuid?https%3A%2F%2Fsync.1rx.io%2Fusersync3%2Fappnexus%2F1506%2F%24UID%3Fzcc%3D0%26sspret%3D1&rndcb=5208571362 HTTP 302
  • https://sync.1rx.io/usersync3/appnexus/1506/6624566760367890375?zcc=0&sspret=1&rndcb=5208571362 HTTP 302
  • https://sync.targeting.unrulymedia.com/csync/RX-af56c6db-498f-42fc-9369-e44a2dbc1924-005?redir=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Drhy%26i%3DRX-af56c6db-498f-42fc-9369-e44a2dbc1924-005 HTTP 302
  • https://rtb.gumgum.com/usersync?b=rhy&i=RX-af56c6db-498f-42fc-9369-e44a2dbc1924-005
Request Chain 658
  • https://bh.contextweb.com/bh/rtset?pid=558355&ev=1&rurl=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dpln%26i%3D%25%25VGUID%25%25 HTTP 302
  • https://rtb.gumgum.com/usersync?b=pln&i=H8Pc5X87Q0ue&ev=1&pid=558355
Request Chain 659
  • https://sync.outbrain.com/redirectObuid?platformId=GUMGU18H7EL9NI653I7DPEH51&gdpr=0&gdprConsent=&platformRdUrl=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dobn%26i%3D%7BOB_UID%7D%26r%3D%7BobRdUrl%7D HTTP 302
  • https://rtb.gumgum.com/usersync?b=obn&i=ENC%28UiXTgp2gExnu1evYgEP77I_-3txF-_DMYRl8lXVUFRMxks7_SzK20NzkcwslqJTD%29&r=https%3A%2F%2Fsync.outbrain.com%2FsyncUser%3FplatformId%3D%7Bplatform_id%7D%26platformUid%3D%7Bplatform_uid%7D%26obuid%3DENC%28UiXTgp2gExnu1evYgEP77I_-3txF-_DMYRl8lXVUFRMxks7_SzK20NzkcwslqJTD%29 HTTP 302
  • https://sync.outbrain.com/syncUser?platformId=GUMGU18H7EL9NI653I7DPEH51&platformUid=u_d4d7bffb-5e3e-4ba9-9b01-d2554f1b5306&obuid=ENC(UiXTgp2gExnu1evYgEP77I_-3txF-_DMYRl8lXVUFRMxks7_SzK20NzkcwslqJTD) HTTP 302
  • https://sync.outbrain.com/syncPartner?platformId=GUMGU18H7EL9NI653I7DPEH51 HTTP 302
  • https://rtb.mfadsrvr.com/sync?ssp=outbrain&ssp_user_id=$D HTTP 302
  • https://sync.outbrain.com/cookie-sync?p=mediaforce&uid=26295e74-e49e-4fdb-bc3c-d6eea2adfd9f
Request Chain 660
  • https://us-u.openx.net/w/1.0/cm?_={CACHEBUSTER}&id=47f31213-389c-4904-aaa6-9b11aab9c211&gdpr=0&gdpr_consent=&us_privacy=&r=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dopx%26i%3D HTTP 302
  • https://rtb.gumgum.com/usersync?b=opx&i=4516d60b-a573-4a45-b6e8-5ad2619e5b5c
Request Chain 662
  • https://sync.ipredictive.com/d/sync/cookie/generic?partner=gumgum&cspid=9&append=1&cb=${ADELPHIC_CACHE_BUSTER}&gdpr=0&gdpr_consent=&us_privacy=&redirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dvnt%26i%3D HTTP 302
  • https://rtb.gumgum.com/usersync?b=vnt&i=43ca9dab-40ab-11ec-9d66-2b2cac59886f
Request Chain 663
  • https://sync.technoratimedia.com/services?srv=cs&pid=65&us_privacy=&cb=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dsnc%26i%3D%5BUSER_ID%5D HTTP 307
  • https://rtb.gumgum.com/usersync?b=snc&i=2C47274610954D7599D13DE37842E238
Request Chain 664
  • https://match.deepintent.com/usersync/142 HTTP 303
  • https://rtb.gumgum.com/usersync?b=dit&i=di_ea88ca4abc7e417ea04f8
Request Chain 665
  • https://ad.360yield.com/server_match?partner_id=N&r=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Didi%26i%3D%7BPUB_USER_ID%7D HTTP 302
  • https://ad.360yield.com/ul_cb/server_match?partner_id=N&r=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Didi%26i%3D%7BPUB_USER_ID%7D HTTP 302
  • https://rtb.gumgum.com/usersync?b=idi&i=f01c79f3-9500-4d87-8696-09efc50af0a6
Request Chain 668
  • https://px.owneriq.net/ecmg?google_gid=CAESEMNJaiBEQCnHLEyUt-LJLX8&google_cver=1&google_push=AYg5qPIiZHA7bHfZzgHxe--Ov8uyqAxAg7xHqGE7vJWUHMwXciELo8UlGdTcBWkYWZXhfaZbVpJt2ihTiWu0XlnuIE4Vy2on4ws8a4zr8PledDnzSaOrNHR2F6gAXD_ZR1kHqDlXNXiH6VKPDU4-MmsZ4CA HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=owneriq1&google_sc&google_push=AYg5qPIiZHA7bHfZzgHxe--Ov8uyqAxAg7xHqGE7vJWUHMwXciELo8UlGdTcBWkYWZXhfaZbVpJt2ihTiWu0XlnuIE4Vy2on4ws8a4zr8PledDnzSaOrNHR2F6gAXD_ZR1kHqDlXNXiH6VKPDU4-MmsZ4CA&google_cver=1&google_gid=CAESEMNJaiBEQCnHLEyUt-LJLX8&google_hm=UTY4OTY3Mjg4NTEwNDg2MDUwNDZQ
Request Chain 669
  • https://sync.extend.tv/r.gif?exchange=googleadx&google_gid=CAESEOm-u-CaCGw3Xj87yZll_Ig&google_cver=1&google_push=AYg5qPKm6cQZ-n06tHHjdT8M1_vggUo8_EZoqphj7w0wSVr_SAjprdAE8Y9JGX5_b2f5qyRg3UwKVgPnxNcOuo6cJ5WgZGCtDKUJEcPTFZiKoA-nFizVp1W4u5G2HMt9NU2Mcu53uUbHaYqD6lIEqiyFty0 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=extendtv&google_push=AYg5qPKm6cQZ-n06tHHjdT8M1_vggUo8_EZoqphj7w0wSVr_SAjprdAE8Y9JGX5_b2f5qyRg3UwKVgPnxNcOuo6cJ5WgZGCtDKUJEcPTFZiKoA-nFizVp1W4u5G2HMt9NU2Mcu53uUbHaYqD6lIEqiyFty0
Request Chain 671
  • https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEInc8U_xvsyPpcY_SJys-pE&google_cver=1&google_push=AYg5qPJWNPUB9_jAWIa9lNbVZed7ymW_8L6i4hflmV0TsZ7txKhkNlv8IgcWQbbmYhN59PtsnGHNRwNXPzidIFL0szEPsf8FuUVW2j6AgPsxjGVk9ufB8ba7OTjk7hQLqp10t703ppU6OKnzXfwkYNw-Uis HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=kJ1CRxlcShy3JVEMGiwZ5A%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPJWNPUB9_jAWIa9lNbVZed7ymW_8L6i4hflmV0TsZ7txKhkNlv8IgcWQbbmYhN59PtsnGHNRwNXPzidIFL0szEPsf8FuUVW2j6AgPsxjGVk9ufB8ba7OTjk7hQLqp10t703ppU6OKnzXfwkYNw-Uis
Request Chain 672
  • https://pixel.advertising.com/ups/58202/sync?gdpr=&gdpr_consent=&redir=true&google_gid=CAESEHcxf1X929TlITJiG_Ek30E&google_cver=1&google_push=AYg5qPL49ZEa_g_ehn7l29sOLT57IF8YkKagHCMatIeg7m4HyUqDXaDuYsNCaqD_5wEd2h4OUqey-pFSCWyntQJWKP79e5SjXLLixlEa67FUn8pwWkXmJAsIKa_cudg3seLEldluByL1ZxpHxEiM7xx0beE HTTP 302
  • https://pixel.advertising.com/ups/58202/sync?gdpr=&gdpr_consent=&redir=true&google_gid=CAESEHcxf1X929TlITJiG_Ek30E&google_cver=1&google_push=AYg5qPL49ZEa_g_ehn7l29sOLT57IF8YkKagHCMatIeg7m4HyUqDXaDuYsNCaqD_5wEd2h4OUqey-pFSCWyntQJWKP79e5SjXLLixlEa67FUn8pwWkXmJAsIKa_cudg3seLEldluByL1ZxpHxEiM7xx0beE&verify=true HTTP 302
  • https://ups.analytics.yahoo.com/ups/58202/sync?gdpr=&gdpr_consent=&redir=true&google_gid=CAESEHcxf1X929TlITJiG_Ek30E&google_cver=1&google_push=AYg5qPL49ZEa_g_ehn7l29sOLT57IF8YkKagHCMatIeg7m4HyUqDXaDuYsNCaqD_5wEd2h4OUqey-pFSCWyntQJWKP79e5SjXLLixlEa67FUn8pwWkXmJAsIKa_cudg3seLEldluByL1ZxpHxEiM7xx0beE&apid=UP44b8ce41-40ab-11ec-bb7b-02c4b955a223 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=oath_eb&google_hm=VVA0NGI4Y2U0MS00MGFiLTExZWMtYmI3Yi0wMmM0Yjk1NWEyMjM%3D&google_push=AYg5qPL49ZEa_g_ehn7l29sOLT57IF8YkKagHCMatIeg7m4HyUqDXaDuYsNCaqD_5wEd2h4OUqey-pFSCWyntQJWKP79e5SjXLLixlEa67FUn8pwWkXmJAsIKa_cudg3seLEldluByL1ZxpHxEiM7xx0beE
Request Chain 673
  • https://rtb.mfadsrvr.com/sync?ssp=google&ssp_init=step1&google_gid=CAESEKOE339-WwD4sDvXf4cLI-k&google_cver=1&google_push=AYg5qPI-Iw_KbRtybx7cc1ffIMbP4mPB7oBlGwn57qvVFaZ5bD--P-_PLUW1ad8Zhwvbv2ooZuhq6GeZFEmYE1pPSxw4q2z-rKYKaedEL2CZIO5aiWBSBM7TfL7bl14S-Tk8tzm4YGmHpCxGMUD-5tgnLOLz HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=media_force_communications_2007_ltd&google_hm=JiledOSeT9u8PNbuoq39nw==&no_redirect=1&google_push=AYg5qPI-Iw_KbRtybx7cc1ffIMbP4mPB7oBlGwn57qvVFaZ5bD--P-_PLUW1ad8Zhwvbv2ooZuhq6GeZFEmYE1pPSxw4q2z-rKYKaedEL2CZIO5aiWBSBM7TfL7bl14S-Tk8tzm4YGmHpCxGMUD-5tgnLOLz
Request Chain 678
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=gumgum&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
  • https://rtb.gumgum.com/usersync?b=ttd&i=bef21cd7-0fed-4f87-bc0f-da97b65f7cb9&t=1638978487
Request Chain 679
  • https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=gumgum HTTP 301
  • https://eus.rubiconproject.com/usync.html?p=gumgum
Request Chain 680
  • https://sync.mathtag.com/sync/img?mt_exid=71&gdpr=0&gdpr_consent=&redir=https%3a%2f%2frtb.gumgum.com%2fusersync%3fb%3dmmh%26i%3d%5bMM_UUID%5d HTTP 302
  • https://rtb.gumgum.com/usersync?b=mmh&i=47ba6189-46b6-4f00-a922-0724bc220c16&gdpr=0&gdpr_consent=
Request Chain 681
  • https://sync-tm.everesttech.net/upi/pid/URnmbSKM?redir=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Datm%26i%3D%24%7BTM_USER_ID%7D&gdpr=0&gdpr_consent= HTTP 302
  • https://rtb.gumgum.com/usersync?b=atm&i=YYlGtQADCzBZAQAz&gdpr=0&gdpr_consent=
Request Chain 683
  • https://ssc-cms.33across.com/ps/?m=xch&rt=html&id=0013300001r0t9mAAA&ru=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dtta%26i%3D33XUSERID33X HTTP 302
  • https://de.tynt.com/deb/?m=xch&rt=html&id=0013300001r0t9mAAA&ru=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dtta%26i%3D33XUSERID33X
Request Chain 684
  • https://cs.emxdgt.com/um?redirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Demx%26i%3D%24UID HTTP 302
  • https://ib.adnxs.com/getuid?https://cs.emxdgt.com/umcheck?apnxid=$UID&redirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Demx%26i%3D%24EMXUID&b64_redirect=aHR0cHM6Ly9ydGIuZ3VtZ3VtLmNvbS91c2Vyc3luYz9iPWVteCZpPSRFTVhVSUQ= HTTP 302
  • https://cs.emxdgt.com/umcheck?apnxid=6624566760367890375&redirect=https://rtb.gumgum.com/usersync?b=emx&i=$EMXUID&b64_redirect=aHR0cHM6Ly9ydGIuZ3VtZ3VtLmNvbS91c2Vyc3luYz9iPWVteCZpPSRFTVhVSUQ= HTTP 302
  • https://rtb.gumgum.com/usersync?b=emx&i=6624566760367890375brt76091636386488213196a6
Request Chain 685
  • https://tg.socdm.com/aux/idsync?proto=gumgum HTTP 302
  • https://rtb.gumgum.com/usersync?b=sus&i=YYlGuMCo8XwAAPByeu4AAAAA
Request Chain 686
  • https://p.rfihub.com/cm?pub=42796&in=1 HTTP 302
  • https://rtb.gumgum.com/usersync?b=zet&i=978758875032371846
Request Chain 687
  • https://creativecdn.com/cm-notify?pi=gumgum HTTP 302
  • https://rtb.gumgum.com/usersync?b=rth&i=tQ69bRhylMgWIwynDRVw&pi=gumgum
Request Chain 689
  • https://um.simpli.fi/ox_match HTTP 302
  • https://us-u.openx.net/w/1.0/sd?id=537072966&val=961AF1076BCA42258C4489EC777AF824
Request Chain 690
  • https://i.liadm.com/s/57424?bidder_id=206088&bidder_uuid=b29daeff-babc-4862-9315-b63923589bf5 HTTP 303
  • https://i.liadm.com/s/57424?bidder_id=206088&bidder_uuid=b29daeff-babc-4862-9315-b63923589bf5&_li_chk=true&previous_uuid=e8a522baae4c4000a288b0f0fb28dc1d HTTP 303
  • https://i.liadm.com/s/64716?md5=&sha1=&sha2=&bidder_id=206088&bidder_uuid=b29daeff-babc-4862-9315-b63923589bf5&previous_uuid=bfd238fe80bf4ae3bed5bb0ab4ca9fcd HTTP 303
  • https://i6.liadm.com/s/64716?sha1=&bidder_id=206088&sha2=&bidder_uuid=b29daeff-babc-4862-9315-b63923589bf5&md5=
Request Chain 692
  • https://rtb.openx.net/sync/dds HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=open&google_hm=bX34RyTgyz035waIetdgoA==&ox_sc=1&ox_init=1 HTTP 302
  • https://rtb.openx.net/sync/dds?ox_sc=1&ox_init=1
Request Chain 693
  • https://sync.mathtag.com/sync/img?mt_exid=5&redir=https%3A%2F%2Fus-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D536872786%26val%3D%5BMM_UUID%5D HTTP 302
  • https://us-u.openx.net/w/1.0/sd?id=536872786&val=47ba6189-46b6-4f00-a922-0724bc220c16
Request Chain 694
  • https://sync.ipredictive.com/d/sync/cookie/generic?https://us-u.openx.net/w/1.0/sd?id=537073028&val=${ADELPHIC_CUID} HTTP 302
  • https://us-u.openx.net/w/1.0/sd?id=537073028&val=43ca9dab-40ab-11ec-9d66-2b2cac59886f
Request Chain 695
  • https://secure.adnxs.com/getuid?https://rtb.gumgum.com/usersync?b=apn&i=$UID HTTP 302
  • https://rtb.gumgum.com/usersync?b=apn&i=6624566760367890375
Request Chain 696
  • https://x.bidswitch.net/sync?ssp=gumgum2&user_id=u_d4d7bffb-5e3e-4ba9-9b01-d2554f1b5306&gdpr=0&gdpr_consent=&us_privacy= HTTP 302
  • https://ads.creative-serving.com/bsw_sync?bidswitch_ssp_id=gumgum2&bsw_custom_parameter=85c87065-7ef7-4b17-88e8-8c602c265f67 HTTP 302
  • https://x.bidswitch.net/sync?dsp_id=4&user_id=acaccc5b-16df-46aa-89a5-cf714a54628c&ssp=gumgum2&expires=30&user_group=5&bsw_param=85c87065-7ef7-4b17-88e8-8c602c265f67 HTTP 302
  • https://rtb.gumgum.com/usersync?b=bsw&i=85c87065-7ef7-4b17-88e8-8c602c265f67
Request Chain 697
  • https://sync.srv.stackadapt.com/sync?nid=1&gdpr=0&gdpr_consent= HTTP 302
  • https://rtb.gumgum.com/usersync?b=sta&i=0-8544da17-d2de-436c-4d9b-fd7d43708f80$ip$37.120.205.149
Request Chain 698
  • https://b1sync.zemanta.com/usersync/gumgum/?puid=u_d4d7bffb-5e3e-4ba9-9b01-d2554f1b5306&gdpr=0&gdpr_consent=&us_privacy= HTTP 302
  • https://stags.bluekai.com/site/23178?id=P5m7GJPyKk1ysTdwS0Ap&redir=https%3A%2F%2Fb1sync.zemanta.com%2Fusersync%2Fbluekai%2Fcallback%2F%3Fd%3DNB2HI4DTHIXS64TUMIXGO5LNM52W2LTDN5WS65LTMVZHG6LOMM7WEPL2MVWSMZLYMNUGC3THMU6WO5LNM52W2JTHMRYHEPJQEZUT2UBVNU3UOSSQPFFWWMLZONKGI52TGBAXA&gdpr=0 HTTP 302
  • https://b1sync.zemanta.com/usersync/bluekai/callback/?d=NB2HI4DTHIXS64TUMIXGO5LNM52W2LTDN5WS65LTMVZHG6LOMM7WEPL2MVWSMZLYMNUGC3THMU6WO5LNM52W2JTHMRYHEPJQEZUT2UBVNU3UOSSQPFFWWMLZONKGI52TGBAXA HTTP 302
  • https://rtb.gumgum.com/usersync?b=zem&gdpr=0&i=P5m7GJPyKk1ysTdwS0Ap
Request Chain 699
  • https://sync.1rx.io/usersync2/floor6&gdpr=0&gdpr_consent= HTTP 302
  • https://ib.adnxs.com/getuid?https%3A%2F%2Fsync.1rx.io%2Fusersync3%2Fappnexus%2F1506%2F%24UID%3Fzcc%3D0%26sspret%3D1&rndcb=3457058896 HTTP 302
  • https://sync.1rx.io/usersync3/appnexus/1506/6624566760367890375?zcc=0&sspret=1&rndcb=3457058896 HTTP 302
  • https://sync.targeting.unrulymedia.com/csync/RX-af56c6db-498f-42fc-9369-e44a2dbc1924-005?redir=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Drhy%26i%3DRX-af56c6db-498f-42fc-9369-e44a2dbc1924-005 HTTP 302
  • https://rtb.gumgum.com/usersync?b=rhy&i=RX-af56c6db-498f-42fc-9369-e44a2dbc1924-005
Request Chain 700
  • https://bh.contextweb.com/bh/rtset?pid=558355&ev=1&rurl=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dpln%26i%3D%25%25VGUID%25%25 HTTP 302
  • https://rtb.gumgum.com/usersync?b=pln&i=H8Pc5X87Q0ue&ev=1&pid=558355
Request Chain 701
  • https://sync.outbrain.com/redirectObuid?platformId=GUMGU18H7EL9NI653I7DPEH51&gdpr=0&gdprConsent=&platformRdUrl=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dobn%26i%3D%7BOB_UID%7D%26r%3D%7BobRdUrl%7D HTTP 302
  • https://rtb.gumgum.com/usersync?b=obn&i=ENC%28IjBUqzGdQ88nJzSoDi74I71rDkt5-CXPVfn8gpdtbygGFtZj4pdzbBJCggCmbAzf%29&r=https%3A%2F%2Fsync.outbrain.com%2FsyncUser%3FplatformId%3D%7Bplatform_id%7D%26platformUid%3D%7Bplatform_uid%7D%26obuid%3DENC%28IjBUqzGdQ88nJzSoDi74I71rDkt5-CXPVfn8gpdtbygGFtZj4pdzbBJCggCmbAzf%29 HTTP 302
  • https://sync.outbrain.com/syncUser?platformId=GUMGU18H7EL9NI653I7DPEH51&platformUid=u_d4d7bffb-5e3e-4ba9-9b01-d2554f1b5306&obuid=ENC(IjBUqzGdQ88nJzSoDi74I71rDkt5-CXPVfn8gpdtbygGFtZj4pdzbBJCggCmbAzf) HTTP 302
  • https://sync.outbrain.com/syncPartner?platformId=GUMGU18H7EL9NI653I7DPEH51 HTTP 302
  • https://b1sync.zemanta.com/usersync/outbrain/?puid=x6GjSS4Hc3J8eeGrV2Y86pVa6DEoT4nlDxD88HWhT8f95UEHpx0iva5rrLsFSylJ HTTP 302
  • https://sync.outbrain.com/cookie-sync?p=zemanta&uid=P5m7GJPyKk1ysTdwS0Ap
Request Chain 702
  • https://us-u.openx.net/w/1.0/cm?_={CACHEBUSTER}&id=47f31213-389c-4904-aaa6-9b11aab9c211&gdpr=0&gdpr_consent=&us_privacy=&r=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dopx%26i%3D HTTP 302
  • https://rtb.gumgum.com/usersync?b=opx&i=4516d60b-a573-4a45-b6e8-5ad2619e5b5c
Request Chain 704
  • https://sync.ipredictive.com/d/sync/cookie/generic?partner=gumgum&cspid=9&append=1&cb=${ADELPHIC_CACHE_BUSTER}&gdpr=0&gdpr_consent=&us_privacy=&redirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dvnt%26i%3D HTTP 302
  • https://rtb.gumgum.com/usersync?b=vnt&i=43ca9dab-40ab-11ec-9d66-2b2cac59886f
Request Chain 705
  • https://sync.technoratimedia.com/services?srv=cs&pid=65&us_privacy=&cb=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dsnc%26i%3D%5BUSER_ID%5D HTTP 307
  • https://rtb.gumgum.com/usersync?b=snc&i=C1885AA0E2F44867B9B646ED34305A2C
Request Chain 706
  • https://match.deepintent.com/usersync/142 HTTP 303
  • https://rtb.gumgum.com/usersync?b=dit&i=di_ea88ca4abc7e417ea04f8
Request Chain 707
  • https://ad.360yield.com/server_match?partner_id=N&r=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Didi%26i%3D%7BPUB_USER_ID%7D HTTP 302
  • https://ad.360yield.com/ul_cb/server_match?partner_id=N&r=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Didi%26i%3D%7BPUB_USER_ID%7D HTTP 302
  • https://rtb.gumgum.com/usersync?b=idi&i=f01c79f3-9500-4d87-8696-09efc50af0a6
Request Chain 711
  • https://secure.adnxs.com/getuid?https://rtb.gumgum.com/usersync?b=apn&i=$UID HTTP 302
  • https://rtb.gumgum.com/usersync?b=apn&i=6624566760367890375
Request Chain 712
  • https://x.bidswitch.net/sync?ssp=gumgum2&user_id=u_d4d7bffb-5e3e-4ba9-9b01-d2554f1b5306&gdpr=0&gdpr_consent=&us_privacy= HTTP 302
  • https://a.sportradarserving.com/sync?ssp=bidswitch&bidswitch_ssp_id=gumgum2 HTTP 302
  • https://x.bidswitch.net/sync?dsp_id=409&expires=14&user_group=1&user_id=969ab515-771e-4a36-b33b-f48fc2378c18&ssp=gumgum2 HTTP 302
  • https://rtb.gumgum.com/usersync?b=bsw&i=85c87065-7ef7-4b17-88e8-8c602c265f67
Request Chain 713
  • https://sync.srv.stackadapt.com/sync?nid=1&gdpr=0&gdpr_consent= HTTP 302
  • https://rtb.gumgum.com/usersync?b=sta&i=0-8544da17-d2de-436c-4d9b-fd7d43708f80$ip$37.120.205.149
Request Chain 714
  • https://b1sync.zemanta.com/usersync/gumgum/?puid=u_d4d7bffb-5e3e-4ba9-9b01-d2554f1b5306&gdpr=0&gdpr_consent=&us_privacy= HTTP 302
  • https://stags.bluekai.com/site/23178?id=P5m7GJPyKk1ysTdwS0Ap&redir=https%3A%2F%2Fb1sync.zemanta.com%2Fusersync%2Fbluekai%2Fcallback%2F%3Fd%3DNB2HI4DTHIXS64TUMIXGO5LNM52W2LTDN5WS65LTMVZHG6LOMM7WEPL2MVWSMZLYMNUGC3THMU6WO5LNM52W2JTHMRYHEPJQEZUT2UBVNU3UOSSQPFFWWMLZONKGI52TGBAXA&gdpr=0 HTTP 302
  • https://b1sync.zemanta.com/usersync/bluekai/callback/?d=NB2HI4DTHIXS64TUMIXGO5LNM52W2LTDN5WS65LTMVZHG6LOMM7WEPL2MVWSMZLYMNUGC3THMU6WO5LNM52W2JTHMRYHEPJQEZUT2UBVNU3UOSSQPFFWWMLZONKGI52TGBAXA HTTP 302
  • https://rtb.gumgum.com/usersync?b=zem&gdpr=0&i=P5m7GJPyKk1ysTdwS0Ap
Request Chain 715
  • https://sync.1rx.io/usersync2/floor6&gdpr=0&gdpr_consent= HTTP 302
  • https://match.prod.bidr.io/cookie-sync/ro?rndcb=4271847622 HTTP 303
  • https://sync.1rx.io/usersync/beeswax/AACqDk7DEo0AABkfKQPxKQ HTTP 302
  • https://sync.targeting.unrulymedia.com/csync/RX-af56c6db-498f-42fc-9369-e44a2dbc1924-005
Request Chain 716
  • https://bh.contextweb.com/bh/rtset?pid=558355&ev=1&rurl=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dpln%26i%3D%25%25VGUID%25%25 HTTP 302
  • https://rtb.gumgum.com/usersync?b=pln&i=H8Pc5X87Q0ue&ev=1&pid=558355
Request Chain 717
  • https://sync.outbrain.com/redirectObuid?platformId=GUMGU18H7EL9NI653I7DPEH51&gdpr=0&gdprConsent=&platformRdUrl=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dobn%26i%3D%7BOB_UID%7D%26r%3D%7BobRdUrl%7D HTTP 302
  • https://rtb.gumgum.com/usersync?b=obn&i=ENC%28x6GjSS4Hc3J8eeGrV2Y86pVa6DEoT4nlDxD88HWhT8f95UEHpx0iva5rrLsFSylJ%29&r=https%3A%2F%2Fsync.outbrain.com%2FsyncUser%3FplatformId%3D%7Bplatform_id%7D%26platformUid%3D%7Bplatform_uid%7D%26obuid%3DENC%28x6GjSS4Hc3J8eeGrV2Y86pVa6DEoT4nlDxD88HWhT8f95UEHpx0iva5rrLsFSylJ%29 HTTP 302
  • https://sync.outbrain.com/syncUser?platformId=GUMGU18H7EL9NI653I7DPEH51&platformUid=u_d4d7bffb-5e3e-4ba9-9b01-d2554f1b5306&obuid=ENC(x6GjSS4Hc3J8eeGrV2Y86pVa6DEoT4nlDxD88HWhT8f95UEHpx0iva5rrLsFSylJ) HTTP 302
  • https://sync.outbrain.com/syncPartner?platformId=GUMGU18H7EL9NI653I7DPEH51 HTTP 302
  • https://dis.criteo.com/dis/usersync.aspx?r=74&p=126&cp=outbrain&cu=1&url=https%3A%2F%2Fsync.outbrain.com%2Fcookie-sync%3Fp%3Dcriteo%26uid%3D%40%40CRITEO_USERID%40%40%26obUid%3Dx6GjSS4Hc3J8eeGrV2Y86pVa6DEoT4nlDxD88HWhT8f95UEHpx0iva5rrLsFSylJ%26platformId%3DGUMGU18H7EL9NI653I7DPEH51%0A%0A HTTP 302
  • https://sync.outbrain.com/cookie-sync?p=criteo&uid=551ef6f7-5dc1-4e5f-9bfd-d061d6f90f5b&obUid=x6GjSS4Hc3J8eeGrV2Y86pVa6DEoT4nlDxD88HWhT8f95UEHpx0iva5rrLsFSylJ&platformId=GUMGU18H7EL9NI653I7DPEH51
Request Chain 718
  • https://us-u.openx.net/w/1.0/cm?_={CACHEBUSTER}&id=47f31213-389c-4904-aaa6-9b11aab9c211&gdpr=0&gdpr_consent=&us_privacy=&r=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dopx%26i%3D HTTP 302
  • https://rtb.gumgum.com/usersync?b=opx&i=4516d60b-a573-4a45-b6e8-5ad2619e5b5c
Request Chain 720
  • https://sync.ipredictive.com/d/sync/cookie/generic?partner=gumgum&cspid=9&append=1&cb=${ADELPHIC_CACHE_BUSTER}&gdpr=0&gdpr_consent=&us_privacy=&redirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dvnt%26i%3D HTTP 302
  • https://rtb.gumgum.com/usersync?b=vnt&i=43ca9dab-40ab-11ec-9d66-2b2cac59886f
Request Chain 721
  • https://sync.technoratimedia.com/services?srv=cs&pid=65&us_privacy=&cb=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dsnc%26i%3D%5BUSER_ID%5D HTTP 307
  • https://rtb.gumgum.com/usersync?b=snc&i=C1885AA0E2F44867B9B646ED34305A2C
Request Chain 722
  • https://match.deepintent.com/usersync/142 HTTP 303
  • https://rtb.gumgum.com/usersync?b=dit&i=di_ea88ca4abc7e417ea04f8
Request Chain 723
  • https://ad.360yield.com/server_match?partner_id=N&r=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Didi%26i%3D%7BPUB_USER_ID%7D HTTP 302
  • https://rtb.gumgum.com/usersync?b=idi&i=e22edfdb-d81a-49ad-8ca2-a8d9eb0f683c
Request Chain 726
  • https://secure.adnxs.com/getuid?https://rtb.gumgum.com/usersync?b=apn&i=$UID HTTP 302
  • https://rtb.gumgum.com/usersync?b=apn&i=6624566760367890375
Request Chain 727
  • https://x.bidswitch.net/sync?ssp=gumgum2&user_id=u_d4d7bffb-5e3e-4ba9-9b01-d2554f1b5306&gdpr=0&gdpr_consent=&us_privacy= HTTP 302
  • https://server.cpmstar.com/usersync.aspx?bsw_custom_parameter=85c87065-7ef7-4b17-88e8-8c602c265f67&gdpr=0&gdpr_consent=&us_privacy=&redirect=https%3A%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D440%26ssp%3Dgumgum2%26user_id%3D%24UID HTTP 302
  • https://x.bidswitch.net/sync?dsp_id=440&ssp=gumgum2&user_id=K6q0d52KgScZ-WnzZ8sS0 HTTP 302
  • https://rtb.gumgum.com/usersync?b=bsw&i=85c87065-7ef7-4b17-88e8-8c602c265f67
Request Chain 728
  • https://sync.srv.stackadapt.com/sync?nid=1&gdpr=0&gdpr_consent= HTTP 302
  • https://rtb.gumgum.com/usersync?b=sta&i=0-8544da17-d2de-436c-4d9b-fd7d43708f80$ip$37.120.205.149
Request Chain 729
  • https://b1sync.zemanta.com/usersync/gumgum/?puid=u_d4d7bffb-5e3e-4ba9-9b01-d2554f1b5306&gdpr=0&gdpr_consent=&us_privacy= HTTP 302
  • https://stags.bluekai.com/site/23178?id=P5m7GJPyKk1ysTdwS0Ap&redir=https%3A%2F%2Fb1sync.zemanta.com%2Fusersync%2Fbluekai%2Fcallback%2F%3Fd%3DNB2HI4DTHIXS64TUMIXGO5LNM52W2LTDN5WS65LTMVZHG6LOMM7WEPL2MVWSMZLYMNUGC3THMU6WO5LNM52W2JTHMRYHEPJQEZUT2UBVNU3UOSSQPFFWWMLZONKGI52TGBAXA&gdpr=0 HTTP 302
  • https://b1sync.zemanta.com/usersync/bluekai/callback/?d=NB2HI4DTHIXS64TUMIXGO5LNM52W2LTDN5WS65LTMVZHG6LOMM7WEPL2MVWSMZLYMNUGC3THMU6WO5LNM52W2JTHMRYHEPJQEZUT2UBVNU3UOSSQPFFWWMLZONKGI52TGBAXA HTTP 302
  • https://rtb.gumgum.com/usersync?b=zem&gdpr=0&i=P5m7GJPyKk1ysTdwS0Ap
Request Chain 730
  • https://sync.1rx.io/usersync2/floor6&gdpr=0&gdpr_consent= HTTP 302
  • https://match.prod.bidr.io/cookie-sync/ro?rndcb=1576270219 HTTP 303
  • https://sync.1rx.io/usersync/beeswax/AACqDk7DEo0AABkfKQPxKQ HTTP 302
  • https://sync.targeting.unrulymedia.com/csync/RX-af56c6db-498f-42fc-9369-e44a2dbc1924-005
Request Chain 731
  • https://bh.contextweb.com/bh/rtset?pid=558355&ev=1&rurl=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dpln%26i%3D%25%25VGUID%25%25 HTTP 302
  • https://rtb.gumgum.com/usersync?b=pln&i=H8Pc5X87Q0ue&ev=1&pid=558355
Request Chain 732
  • https://sync.outbrain.com/redirectObuid?platformId=GUMGU18H7EL9NI653I7DPEH51&gdpr=0&gdprConsent=&platformRdUrl=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dobn%26i%3D%7BOB_UID%7D%26r%3D%7BobRdUrl%7D HTTP 302
  • https://rtb.gumgum.com/usersync?b=obn&i=ENC%28UiXTgp2gExnu1evYgEP77I_-3txF-_DMYRl8lXVUFRMxks7_SzK20NzkcwslqJTD%29&r=https%3A%2F%2Fsync.outbrain.com%2FsyncUser%3FplatformId%3D%7Bplatform_id%7D%26platformUid%3D%7Bplatform_uid%7D%26obuid%3DENC%28UiXTgp2gExnu1evYgEP77I_-3txF-_DMYRl8lXVUFRMxks7_SzK20NzkcwslqJTD%29 HTTP 302
  • https://sync.outbrain.com/syncUser?platformId=GUMGU18H7EL9NI653I7DPEH51&platformUid=u_d4d7bffb-5e3e-4ba9-9b01-d2554f1b5306&obuid=ENC(UiXTgp2gExnu1evYgEP77I_-3txF-_DMYRl8lXVUFRMxks7_SzK20NzkcwslqJTD) HTTP 302
  • https://sync.outbrain.com/syncPartner?platformId=GUMGU18H7EL9NI653I7DPEH51 HTTP 302
  • https://sync.search.spotxchange.com/partner?adv_id=8862&redir=https%3A%2F%2Fsync.outbrain.com%2Fcookie-sync%3Fp%3Dspotx%26uid%3D%24SPOTX_USER_ID%26obUid%3Dx6GjSS4Hc3J8eeGrV2Y86pVa6DEoT4nlDxD88HWhT8f95UEHpx0iva5rrLsFSylJ HTTP 302
  • https://sync.outbrain.com/cookie-sync?p=spotx&uid=44cea979-40ab-11ec-a825-15e8696a0103&obUid=x6GjSS4Hc3J8eeGrV2Y86pVa6DEoT4nlDxD88HWhT8f95UEHpx0iva5rrLsFSylJ
Request Chain 733
  • https://us-u.openx.net/w/1.0/cm?_={CACHEBUSTER}&id=47f31213-389c-4904-aaa6-9b11aab9c211&gdpr=0&gdpr_consent=&us_privacy=&r=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dopx%26i%3D HTTP 302
  • https://rtb.gumgum.com/usersync?b=opx&i=4516d60b-a573-4a45-b6e8-5ad2619e5b5c
Request Chain 735
  • https://sync.ipredictive.com/d/sync/cookie/generic?partner=gumgum&cspid=9&append=1&cb=${ADELPHIC_CACHE_BUSTER}&gdpr=0&gdpr_consent=&us_privacy=&redirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dvnt%26i%3D HTTP 302
  • https://rtb.gumgum.com/usersync?b=vnt&i=43ca9dab-40ab-11ec-9d66-2b2cac59886f
Request Chain 736
  • https://sync.technoratimedia.com/services?srv=cs&pid=65&us_privacy=&cb=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dsnc%26i%3D%5BUSER_ID%5D HTTP 307
  • https://rtb.gumgum.com/usersync?b=snc&i=C1885AA0E2F44867B9B646ED34305A2C
Request Chain 737
  • https://match.deepintent.com/usersync/142 HTTP 303
  • https://rtb.gumgum.com/usersync?b=dit&i=di_ea88ca4abc7e417ea04f8
Request Chain 738
  • https://ad.360yield.com/server_match?partner_id=N&r=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Didi%26i%3D%7BPUB_USER_ID%7D HTTP 302
  • https://rtb.gumgum.com/usersync?b=idi&i=f01c79f3-9500-4d87-8696-09efc50af0a6
Request Chain 743
  • https://i.w55c.net/ping_match.gif?ei=OPENX&rurl=https%3A%2F%2Fus-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537072979%26val%3D_wfivefivec_ HTTP 302
  • https://us-u.openx.net/w/1.0/sd?id=537072979&val=XuW5Oh981MK6Sp5
Request Chain 744
  • https://c1.adform.net/serving/cookie/match?party=22 HTTP 302
  • https://eu-u.openx.net/w/1.0/sd?id=537113484&val=4632481810353762187
Request Chain 745
  • https://pixel.quantserve.com/pixel/p-25CIknq_eSg16.gif?idmatch=0&gdpr=0 HTTP 302
  • https://us-u.openx.net/w/1.0/sd?id=537072956&gdpr=0&val=fT-k8H84_v9mOq7xf22x-Hs3q_tmPKv4fD8U-6K-
Request Chain 746
  • https://x.bidswitch.net/sync?ssp=openx HTTP 302
  • https://sync.srv.stackadapt.com/sync?nid=50&gdpr=&gdpr_consent=&gdpr_pd=&ssp=openx HTTP 302
  • https://x.bidswitch.net/sync?dsp_id=188&user_id=hUTaF9LeQ2xNm_19Q3CPgCV4zZU&user_group=1&ssp=openx HTTP 302
  • https://us-u.openx.net/w/1.0/sd?id=537072968&val=85c87065-7ef7-4b17-88e8-8c602c265f67
Request Chain 747
  • https://p.rfihub.com/cm?pub=25&in=1 HTTP 302
  • https://us-u.openx.net/w/1.0/sd?id=537073062&val=978758875032371846
Request Chain 750
  • https://i.w55c.net/ping_match.gif?ei=OPENX&rurl=https%3A%2F%2Fus-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537072979%26val%3D_wfivefivec_ HTTP 302
  • https://us-u.openx.net/w/1.0/sd?id=537072979&val=XuW5Oh981MK6Sp5
Request Chain 751
  • https://c1.adform.net/serving/cookie/match?party=22 HTTP 302
  • https://eu-u.openx.net/w/1.0/sd?id=537113484&val=4632481810353762187
Request Chain 752
  • https://pixel.quantserve.com/pixel/p-25CIknq_eSg16.gif?idmatch=0&gdpr=0 HTTP 302
  • https://us-u.openx.net/w/1.0/sd?id=537072956&gdpr=0&val=fT-k8H84_v9mOq7xf22x-Hs3q_tmPKv4fD8U-6K-
Request Chain 753
  • https://x.bidswitch.net/sync?ssp=openx HTTP 302
  • https://sync.srv.stackadapt.com/sync?nid=50&gdpr=&gdpr_consent=&gdpr_pd=&ssp=openx HTTP 302
  • https://x.bidswitch.net/sync?dsp_id=188&user_id=hUTaF9LeQ2xNm_19Q3CPgCV4zZU&user_group=1&ssp=openx HTTP 302
  • https://us-u.openx.net/w/1.0/sd?id=537072968&val=85c87065-7ef7-4b17-88e8-8c602c265f67
Request Chain 754
  • https://p.rfihub.com/cm?pub=25&in=1 HTTP 302
  • https://us-u.openx.net/w/1.0/sd?id=537073062&val=978758875032371846
Request Chain 757
  • https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=33across&endpoint=us-east&us_privacy= HTTP 301
  • https://eus.rubiconproject.com/usync.html?p=33across&endpoint=us-east&us_privacy=
Request Chain 758
  • https://x.bidswitch.net/sync?ssp=the33across&us_privacy= HTTP 302
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=bidswitch&ttd_tpi=1&ttd_puid=the33across&gdpr=&gdpr_consent= HTTP 302
  • https://x.bidswitch.net/sync?dsp_id=93&user_id=bef21cd7-0fed-4f87-bc0f-da97b65f7cb9&expires=30&ssp=the33across&gdpr=${GDPR}&gdpr_consent=${GDPR_CONSENT_21} HTTP 302
  • https://ssc-cms.33across.com/ps/?gdpr_consent=&ri=10&ru=https%3A%2F%2Fcms-xch.33across.com%2Fmatch%3Fgdpr_58%3D%24gdpr_58%26gdpr%3D%24%7Bgdpr%7D%26gdpr_consent%3D%24%7Bgdpr_consent%7D%26bidder_id%3D10%26external_user_id%3D85c87065-7ef7-4b17-88e8-8c602c265f67 HTTP 302
  • https://cms-xch.33across.com/match?gdpr_58=&gdpr=0&gdpr_consent=&bidder_id=10&external_user_id=85c87065-7ef7-4b17-88e8-8c602c265f67 HTTP 301
  • https://cms-xch-chicago.33across.com/match?gdpr_58=&gdpr=0&gdpr_consent=&bidder_id=10&external_user_id=85c87065-7ef7-4b17-88e8-8c602c265f67
Request Chain 759
  • https://ssc-cms.33across.com/ps/?us_privacy=&ts=1636386487120.3&ri=1&ru=https%3A%2F%2Fsync.mathtag.com%2Fsync%2Fimg%3Fus_privacy%3D%24%7BUS_PRIVACY%7D%26mt_exid%3D73%26redir%3Dhttps%253A%252F%252Fcms-xch-chicago.33across.com%252Fmatch%253Fus_privacy%253D%24%7BUS_PRIVACY%7D%2526bidder_id%253D1%2526external_user_id%253D%255BMM_UUID%255D HTTP 302
  • https://sync.mathtag.com/sync/img?us_privacy=&mt_exid=73&redir=https%3A%2F%2Fcms-xch-chicago.33across.com%2Fmatch%3Fus_privacy%3D%26bidder_id%3D1%26external_user_id%3D%5BMM_UUID%5D HTTP 302
  • https://cms-xch-chicago.33across.com/match?us_privacy=&bidder_id=1&external_user_id=47ba6189-46b6-4f00-a922-0724bc220c16
Request Chain 760
  • https://ups.analytics.yahoo.com/ups/58350/sync?redir=true HTTP 302
  • https://ssc-cms.33across.com/ps/?xi=99&us_privacy=&xu=y-fwmeWOBE2uE1ko6kZlrw3r9Fzq76nnie~A HTTP 302
  • https://cms-xch-chicago.33across.com/match?bidder_id=99&external_user_id=y-fwmeWOBE2uE1ko6kZlrw3r9Fzq76nnie%7EA&ts=1636386488&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=
Request Chain 761
  • https://33across-match.dotomi.com/match/bounce/current?networkId=78390&version=1&us_privacy= HTTP 302
  • https://33across-match.dotomi.com/match/bounce/current?DotomiTest=600cf18479f1230&is_secure=true&networkId=78390&version=1&us_privacy= HTTP 302
  • https://ssc-cms.33across.com/ps?xi=64&xu=AAAGdc93lGWA0wM5aFpeAAAAAAA&expiration=1636472888&is_secure=true&us_privacy= HTTP 302
  • https://cms-xch-chicago.33across.com/match?bidder_id=64&external_user_id=AAAGdc93lGWA0wM5aFpeAAAAAAA&ts=1636386488&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=
Request Chain 762
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=f0v35ew&ttd_tpi=1&us_privacy= HTTP 302
  • https://ssc-cms.33across.com/ps/?ri=102&ru=https%3A%2F%2Fcms-xch-chicago.33across.com%2Fmatch%3Fbidder_id%3D102%26ttl%3D1638978487%26external_user_id%3Dbef21cd7-0fed-4f87-bc0f-da97b65f7cb9 HTTP 302
  • https://cms-xch-chicago.33across.com/match?bidder_id=102&ttl=1638978487&external_user_id=bef21cd7-0fed-4f87-bc0f-da97b65f7cb9
Request Chain 766
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=gumgum&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
  • https://rtb.gumgum.com/usersync?b=ttd&i=bef21cd7-0fed-4f87-bc0f-da97b65f7cb9&t=1638978488
Request Chain 767
  • https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=gumgum HTTP 301
  • https://eus.rubiconproject.com/usync.html?p=gumgum
Request Chain 768
  • https://sync.mathtag.com/sync/img?mt_exid=71&gdpr=0&gdpr_consent=&redir=https%3a%2f%2frtb.gumgum.com%2fusersync%3fb%3dmmh%26i%3d%5bMM_UUID%5d HTTP 302
  • https://rtb.gumgum.com/usersync?b=mmh&i=47ba6189-46b6-4f00-a922-0724bc220c16&gdpr=0&gdpr_consent=
Request Chain 769
  • https://sync-tm.everesttech.net/upi/pid/URnmbSKM?redir=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Datm%26i%3D%24%7BTM_USER_ID%7D&gdpr=0&gdpr_consent= HTTP 302
  • https://rtb.gumgum.com/usersync?b=atm&i=YYlGtQADCzBZAQAz&gdpr=0&gdpr_consent=
Request Chain 771
  • https://ssc-cms.33across.com/ps/?m=xch&rt=html&id=0013300001r0t9mAAA&ru=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dtta%26i%3D33XUSERID33X HTTP 302
  • https://de.tynt.com/deb/?m=xch&rt=html&id=0013300001r0t9mAAA&ru=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dtta%26i%3D33XUSERID33X
Request Chain 772
  • https://cs.emxdgt.com/um?redirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Demx%26i%3D%24UID HTTP 302
  • https://ib.adnxs.com/getuid?https://cs.emxdgt.com/umcheck?apnxid=$UID&redirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Demx%26i%3D%24EMXUID&b64_redirect=aHR0cHM6Ly9ydGIuZ3VtZ3VtLmNvbS91c2Vyc3luYz9iPWVteCZpPSRFTVhVSUQ= HTTP 302
  • https://cs.emxdgt.com/umcheck?apnxid=6624566760367890375&redirect=https://rtb.gumgum.com/usersync?b=emx&i=$EMXUID&b64_redirect=aHR0cHM6Ly9ydGIuZ3VtZ3VtLmNvbS91c2Vyc3luYz9iPWVteCZpPSRFTVhVSUQ= HTTP 302
  • https://rtb.gumgum.com/usersync?b=emx&i=6624566760367890375brt76091636386488213196a6
Request Chain 773
  • https://tg.socdm.com/aux/idsync?proto=gumgum HTTP 302
  • https://rtb.gumgum.com/usersync?b=sus&i=YYlGuMCo8XwAAPByevcAAAAA
Request Chain 774
  • https://p.rfihub.com/cm?pub=42796&in=1 HTTP 302
  • https://rtb.gumgum.com/usersync?b=zet&i=978758875032371846
Request Chain 775
  • https://creativecdn.com/cm-notify?pi=gumgum HTTP 302
  • https://rtb.gumgum.com/usersync?b=rth&i=tQ69bRhylMgWIwynDRVw&pi=gumgum
Request Chain 777
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=gumgum&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
  • https://rtb.gumgum.com/usersync?b=ttd&i=bef21cd7-0fed-4f87-bc0f-da97b65f7cb9&t=1638978488
Request Chain 778
  • https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=gumgum HTTP 301
  • https://eus.rubiconproject.com/usync.html?p=gumgum
Request Chain 779
  • https://sync.mathtag.com/sync/img?mt_exid=71&gdpr=0&gdpr_consent=&redir=https%3a%2f%2frtb.gumgum.com%2fusersync%3fb%3dmmh%26i%3d%5bMM_UUID%5d HTTP 302
  • https://rtb.gumgum.com/usersync?b=mmh&i=47ba6189-46b6-4f00-a922-0724bc220c16&gdpr=0&gdpr_consent=
Request Chain 780
  • https://sync-tm.everesttech.net/upi/pid/URnmbSKM?redir=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Datm%26i%3D%24%7BTM_USER_ID%7D&gdpr=0&gdpr_consent= HTTP 302
  • https://rtb.gumgum.com/usersync?b=atm&i=YYlGtQADCzBZAQAz&gdpr=0&gdpr_consent=
Request Chain 782
  • https://ssc-cms.33across.com/ps/?m=xch&rt=html&id=0013300001r0t9mAAA&ru=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dtta%26i%3D33XUSERID33X HTTP 302
  • https://de.tynt.com/deb/?m=xch&rt=html&id=0013300001r0t9mAAA&ru=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dtta%26i%3D33XUSERID33X
Request Chain 783
  • https://cs.emxdgt.com/um?redirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Demx%26i%3D%24UID HTTP 302
  • https://ib.adnxs.com/getuid?https://rtb.gumgum.com/usersync?b=emx&i=$UIDbrt76091636386488213196a6 HTTP 302
  • https://rtb.gumgum.com/usersync?b=emx&i=6624566760367890375brt76091636386488213196a6
Request Chain 784
  • https://tg.socdm.com/aux/idsync?proto=gumgum HTTP 302
  • https://rtb.gumgum.com/usersync?b=sus&i=YYlGuMCo8X0AADSBN-UAAAAA
Request Chain 785
  • https://p.rfihub.com/cm?pub=42796&in=1 HTTP 302
  • https://rtb.gumgum.com/usersync?b=zet&i=978758875032371846
Request Chain 786
  • https://creativecdn.com/cm-notify?pi=gumgum HTTP 302
  • https://rtb.gumgum.com/usersync?b=rth&i=tQ69bRhylMgWIwynDRVw&pi=gumgum
Request Chain 788
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=gumgum&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
  • https://rtb.gumgum.com/usersync?b=ttd&i=bef21cd7-0fed-4f87-bc0f-da97b65f7cb9&t=1638978488
Request Chain 789
  • https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=gumgum HTTP 301
  • https://eus.rubiconproject.com/usync.html?p=gumgum
Request Chain 790
  • https://sync.mathtag.com/sync/img?mt_exid=71&gdpr=0&gdpr_consent=&redir=https%3a%2f%2frtb.gumgum.com%2fusersync%3fb%3dmmh%26i%3d%5bMM_UUID%5d HTTP 302
  • https://rtb.gumgum.com/usersync?b=mmh&i=47ba6189-46b6-4f00-a922-0724bc220c16&gdpr=0&gdpr_consent=
Request Chain 791
  • https://sync-tm.everesttech.net/upi/pid/URnmbSKM?redir=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Datm%26i%3D%24%7BTM_USER_ID%7D&gdpr=0&gdpr_consent= HTTP 302
  • https://rtb.gumgum.com/usersync?b=atm&i=YYlGtQADCzBZAQAz&gdpr=0&gdpr_consent=
Request Chain 793
  • https://ssc-cms.33across.com/ps/?m=xch&rt=html&id=0013300001r0t9mAAA&ru=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dtta%26i%3D33XUSERID33X HTTP 302
  • https://de.tynt.com/deb/?m=xch&rt=html&id=0013300001r0t9mAAA&ru=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dtta%26i%3D33XUSERID33X
Request Chain 794
  • https://cs.emxdgt.com/um?redirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Demx%26i%3D%24UID HTTP 302
  • https://ib.adnxs.com/getuid?https://rtb.gumgum.com/usersync?b=emx&i=$UIDbrt76091636386488213196a6 HTTP 302
  • https://rtb.gumgum.com/usersync?b=emx&i=6624566760367890375brt76091636386488213196a6
Request Chain 795
  • https://tg.socdm.com/aux/idsync?proto=gumgum HTTP 302
  • https://rtb.gumgum.com/usersync?b=sus&i=YYlGuMCo8XsAAEen3NwAAAAA
Request Chain 796
  • https://p.rfihub.com/cm?pub=42796&in=1 HTTP 302
  • https://rtb.gumgum.com/usersync?b=zet&i=978758875032371846
Request Chain 797
  • https://creativecdn.com/cm-notify?pi=gumgum HTTP 302
  • https://rtb.gumgum.com/usersync?b=rth&i=tQ69bRhylMgWIwynDRVw&pi=gumgum
Request Chain 808
  • https://ad.turn.com/r/cs?pid=3&google_gid=CAESENpaun1e469EtCuQFS1pUAI&google_cver=1&google_push=AYg5qPIRiP--IusgpCVxE153MC3GFunRMAHz_yh8AN7Jgi8XA9AoSbOMrBeCd5Rl9AzYgueVUmva1ISeCySsnoyd967CZ1oD2IuIUG_wE7czUXC_3kv1AlSAltkMk-_Zp2CRFtkH9h9hq61LusN-8wLhRjk HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=MzEwMTM1NTk5NDIzNjM1MjAzMQ==&gdpr=0&gdpr_consent= HTTP 302
  • https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=0&gdpr_consent=&google_gid=CAESENpaun1e469EtCuQFS1pUAI&google_cver=1
Request Chain 809
  • https://aep.mxptint.net/sn.ashx?google_gid=CAESEAc66tTT3v5i9gkhFU0vOCo&google_cver=1&google_push=AYg5qPLrJM-77vFEAP0ZGVKlxB5ze2PrYNaK5Zhuw5CFyjhwWWVsodCQ7g5ELEw2cPCtThGwfK8JBC93ETa0Gtm_gqIkEr1QpU51fornnz_oDNIC2g8tP1yGRzI1PvyUnFMmiJhcs2CTfrAZLdmJNv2WUHY HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=pf8b3zh4kyw&google_push=AYg5qPLrJM-77vFEAP0ZGVKlxB5ze2PrYNaK5Zhuw5CFyjhwWWVsodCQ7g5ELEw2cPCtThGwfK8JBC93ETa0Gtm_gqIkEr1QpU51fornnz_oDNIC2g8tP1yGRzI1PvyUnFMmiJhcs2CTfrAZLdmJNv2WUHY&google_hm=UjFCMzMxX0U2M0QwODdBXzUzQjAwNDlC
Request Chain 810
  • https://match.adsrvr.org/track/cmf/google?google_gid=CAESEE8Tvg9wJacfLy5HJDFO-pA&google_cver=1&google_push=AYg5qPIw1Wa_gNySVaSLg5JZinx9D7uRHWCB4ENCQtIkpbA26bFBcT28n-OHAJ3rvp_aMOh7To6ZkkB7OYZCcpYM9RvFAhCbPR31bqpA148xvng1K_2iv5Jnmf-xDXOvQRJ-AeLZFAvXnKdbu-BzBRyrtNg HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=TheTradeDesk&google_hm=YmVmMjFjZDctMGZlZC00Zjg3LWJjMGYtZGE5N2I2NWY3Y2I5&google_push&gdpr=0&gdpr_consent=&ttd_tdid=bef21cd7-0fed-4f87-bc0f-da97b65f7cb9
Request Chain 812
  • https://sync.1rx.io/usersync2/rmpssp?sub=google&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3D%5BRX_SPD%5D%26google_hm%3D%5BRX_UUID_B64_BIN%5D&google_gid=CAESEC29fQ4iUzgQokLVMLRFZpA&google_cver=1&google_push=AYg5qPIEbpYPiVXqpMsu7NqDAVikhHztXDossCc3MmIk6NHDwyRyiBH7EhDbT0pWDW6aFlZWj4yoiMoMbhAjUGQSghXl3Sd_hHXNps6eKU9hbk3tCCPaTSauRuwDbuVUGRUfqo257nq-an5LOBB_gf3RI5w HTTP 302
  • https://sync.targeting.unrulymedia.com/csync/RX-af56c6db-498f-42fc-9369-e44a2dbc1924-005?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3DAYg5qPIEbpYPiVXqpMsu7NqDAVikhHztXDossCc3MmIk6NHDwyRyiBH7EhDbT0pWDW6aFlZWj4yoiMoMbhAjUGQSghXl3Sd_hHXNps6eKU9hbk3tCCPaTSauRuwDbuVUGRUfqo257nq-an5LOBB_gf3RI5w%26google_hm%3DBa9WxttJj0L8k2nkSi28GSQ HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AYg5qPIEbpYPiVXqpMsu7NqDAVikhHztXDossCc3MmIk6NHDwyRyiBH7EhDbT0pWDW6aFlZWj4yoiMoMbhAjUGQSghXl3Sd_hHXNps6eKU9hbk3tCCPaTSauRuwDbuVUGRUfqo257nq-an5LOBB_gf3RI5w&google_hm=Ba9WxttJj0L8k2nkSi28GSQ
Request Chain 813
  • https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEM02ax1GW7MtKi0ZD8HZ7yY&google_cver=1&google_push=AYg5qPIfWVn3bRwgcT26fUNpK0SI2HLpJRtgpKdEJDTRjjNx3IdZgSLILJcUc_xRFWnAdY8SZyTOotxHMge6VOzc7p7NJSaK9Nn_jrfp0kdyAASaTRGJeg8hBjZ_zKdo6J4QyyfHP-pHkhit6Sqy-WD8Ql25 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS1Pbi5xdDBKRTJ1SDNYR29KLldFXzkzT211VHhIS1p6NH5B&google_push=AYg5qPIfWVn3bRwgcT26fUNpK0SI2HLpJRtgpKdEJDTRjjNx3IdZgSLILJcUc_xRFWnAdY8SZyTOotxHMge6VOzc7p7NJSaK9Nn_jrfp0kdyAASaTRGJeg8hBjZ_zKdo6J4QyyfHP-pHkhit6Sqy-WD8Ql25
Request Chain 816
  • https://gocm.c.appier.net/pubmatic HTTP 302
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDImdGw9MTI5NjAw&piggybackCookie=jrWsujeLCPKVSmSouUaJYQ
Request Chain 817
  • https://core.iprom.net/cookiesync HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzcmdGw9ODY0MDA=&piggybackCookie=uid:123372137146826
Request Chain 820
  • https://um.simpli.fi/pm_match?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:$UID HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:961AF1076BCA42258C4489EC777AF824
Request Chain 822
  • https://pixel.onaudience.com/?partner=214&mapped=909D4247-195C-4A1C-B725-510C1A2C19E4 HTTP 302
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=xksw9la&ttd_tpi=1 HTTP 302
  • https://pixel.onaudience.com/?partner=147&mapped=bef21cd7-0fed-4f87-bc0f-da97b65f7cb9&icm HTTP 302
  • https://sync.crwdcntrl.net/map/c=8587/tp=CLOD?https%3A%2F%2Fpixel.onaudience.com%2F%3Fpartner%3D104%26icm%26cver%26mapped%3D%24%7Bprofile_id%7D HTTP 302
  • https://pixel.onaudience.com/?partner=104&icm&cver&mapped=5570d12073d005d655e3b9671c26cbf9 HTTP 302
  • https://spl.zeotap.com/?zdid=1332&zcluid=dd810367ff00673b
Request Chain 823
  • https://visitor.fiftyt.com/p.gif?ev=sync&p=pm&pm_uid=909D4247-195C-4A1C-B725-510C1A2C19E4&gdpr= HTTP 302
  • https://visitor.fiftyt.com/p.gif?ev=sync&p=pm&pm_uid=909D4247-195C-4A1C-B725-510C1A2C19E4&gdpr=&fbounce=1
Request Chain 825
  • https://io.narrative.io/?companyId=673&id=pubmatic_id:909D4247-195C-4A1C-B725-510C1A2C19E4 HTTP 302
  • https://io.narrative.io/?io.narrative.guid.v2=458b38e0-40ab-11ec-b070-0a4515f2e365&companyId=673&id=pubmatic_id:909D4247-195C-4A1C-B725-510C1A2C19E4
Request Chain 826
  • https://ads.playground.xyz/usersync/apn?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=$UID HTTP 302
  • https://secure.adnxs.com/getuid?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=$UID HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=6624566760367890375 HTTP 302
  • https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent= HTTP 302
  • https://api.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&dpi=1402230080&mi=10&csh=570392714;1709765917;1486637409;1072441116&rnd=1518932529&pcid=909D4247-195C-4A1C-B725-510C1A2C19E4 HTTP 302
  • https://sync.mathtag.com/sync/img?mt_exid=10019&redir=https%3A%2F%2Fapi.intentiq.com%2Fprofiles_engine%2FProfilesEngineServlet%3Fat%3D20%26dpi%3D1678944572%26mi%3D10%26csh%3D570392714%3B1709765917%3B1486637409%3B1072441116%3B1402230080%26rnd%3D-1077633958%26pcid=[MM_UUID] HTTP 302
  • https://api.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&dpi=1678944572&mi=10&csh=570392714;1709765917;1486637409;1072441116;1402230080&rnd=-1077633958&pcid=47ba6189-46b6-4f00-a922-0724bc220c16 HTTP 302
  • https://pixel.rubiconproject.com/tap.php?v=12218&nid=2528&put=XnxJeeNw8N&expires=1825&rnd=2077848381
Request Chain 827
  • https://match.adsby.bidtheatre.com/pubmaticmatch?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent= HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?piggybackCookie=uid:6137bad5-e581-42e8-a17f-612ea8692574&vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw
Request Chain 838
  • https://ssc-cms.33across.com/ps/?us_privacy=&ts=1636386488191.4&ri=70&ru=https%3A%2F%2Fus-u.openx.net%2Fw%2F1.0%2Fcm%3Fid%3Dc6a5ba0d-ce02-41bd-a1ea-842c68bd5108%26ph%3D8f5ed5d4-642c-4222-968a-d709c87ac3c8%26us_privacy%3D%24%7BUS_PRIVACY%7D%26r%3Dhttps%253A%252F%252Fcms-xch-chicago.33across.com%252Fmatch%253Fus_privacy%253D%24%7BUS_PRIVACY%7D%2526bidder_id%253D70%2526external_user_id%253D HTTP 302
  • https://us-u.openx.net/w/1.0/cm?id=c6a5ba0d-ce02-41bd-a1ea-842c68bd5108&ph=8f5ed5d4-642c-4222-968a-d709c87ac3c8&us_privacy=&r=https%3A%2F%2Fcms-xch-chicago.33across.com%2Fmatch%3Fus_privacy%3D%26bidder_id%3D70%26external_user_id%3D
Request Chain 839
  • https://ssc-cms.33across.com/ps/?_=1636386488191.&ri=0013300001r0t9mAAA&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=&ru=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dtta%26i%3D33XUSERID33X HTTP 302
  • https://rtb.gumgum.com/usersync?b=tta&i=118767487923505
Request Chain 840
  • https://ssc-cms.33across.com/ps/?us_privacy=&ts=1636386488191.2&ri=2&ru=https%3A%2F%2Fssum-sec.casalemedia.com%2Fusermatchredir%3Fs%3D191740%26us_privacy%3D%24%7BUS_PRIVACY%7D%26cb%3Dhttps%253A%252F%252Fcms-xch-chicago.33across.com%252Fmatch%253Fus_privacy%253D%24%7BUS_PRIVACY%7D%2526bidder_id%253D2%2526external_user_id%253D HTTP 302
  • https://ssum-sec.casalemedia.com/usermatchredir?s=191740&us_privacy=&cb=https%3A%2F%2Fcms-xch-chicago.33across.com%2Fmatch%3Fus_privacy%3D%26bidder_id%3D2%26external_user_id%3D HTTP 302
  • https://cms-xch-chicago.33across.com/match?us_privacy=&bidder_id=2&external_user_id=YYlGtSCPhl8A5ZZDXjjRgQAA%26479
Request Chain 841
  • https://ssc-cms.33across.com/ps/?us_privacy=&ts=1636386488191.3&ri=45&ru=https%3A%2F%2Fpixel-sync.sitescout.com%2Fdmp%2FpixelSync%3Fnid%3D104%26us_privacy%3D%24%7BUS_PRIVACY%7D%26redir%3Dhttps%253A%252F%252Fcms-xch-chicago.33across.com%252Fmatch%253Fus_privacy%253D%24%7BUS_PRIVACY%7D%2526bidder_id%253D45%2526external_user_id%253D%257BuserId%257D HTTP 302
  • https://pixel-sync.sitescout.com/dmp/pixelSync?nid=104&us_privacy=&redir=https%3A%2F%2Fcms-xch-chicago.33across.com%2Fmatch%3Fus_privacy%3D%26bidder_id%3D45%26external_user_id%3D%7BuserId%7D HTTP 302
  • https://cms-xch-chicago.33across.com/match?us_privacy=&bidder_id=45&external_user_id=c5a8c34f-a2af-431f-bc5a-09806d7b694f-618946b5-4341
Request Chain 842
  • https://ssc-cms.33across.com/ps/?us_privacy=&ts=1636386488191.5&ri=90&ru=https%3A%2F%2Fib.adnxs.com%2Fgetuid%3Fhttps%253A%252F%252Fcms-xch-chicago.33across.com%252Fmatch%253Fus_privacy%253D%24%7BUS_PRIVACY%7D%2526bidder_id%253D90%2526external_user_id%253D%2524UID HTTP 302
  • https://ib.adnxs.com/getuid?https%3A%2F%2Fcms-xch-chicago.33across.com%2Fmatch%3Fus_privacy%3D%26bidder_id%3D90%26external_user_id%3D%24UID HTTP 302
  • https://cms-xch-chicago.33across.com/match?us_privacy=&bidder_id=90&external_user_id=6624566760367890375
Request Chain 843
  • https://bttrack.com/pixel/cookiesync?source=2c3b95b9-6513-42b2-beb7-260851c73b75&secure=1&us_privacy=&cb=1636386488191.6 HTTP 302
  • https://ssc-cms.33across.com/ps/?xi=66&us_privacy=&xu=b5a15e19-2aa1-4108-b786-bdbca5b08fdd HTTP 302
  • https://cms-xch-chicago.33across.com/match?bidder_id=66&external_user_id=b5a15e19-2aa1-4108-b786-bdbca5b08fdd&ts=1636386489&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=
Request Chain 844
  • https://p.rfihub.com/cm?pub=35686&in=1&us_privacy=&lexicon_id=gg837c91b6dda57 HTTP 302
  • https://ssc-cms.33across.com/ps/?xi=93&xu=978758875032371846&us_privacy= HTTP 302
  • https://cms-xch-chicago.33across.com/match?bidder_id=93&external_user_id=978758875032371846&ts=1636386489&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=
Request Chain 845
  • https://ssc-cms.33across.com/ps/?_=1636386488322.&ri=0013300001r0t9mAAA&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=&ru=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dtta%26i%3D33XUSERID33X HTTP 302
  • https://rtb.gumgum.com/usersync?b=tta&i=118767487923505
Request Chain 846
  • https://e.serverbid.com/udb/9969/match?redir=https%3A%2F%2Fssc-cms.33across.com%2Fps%2F%3Fxi%3D107%26xu%3D HTTP 302
  • https://ssc-cms.33across.com/ps/?xi=107&xu=ue1-sb1-95be7682-44f5-4f7d-92c1-e6300ddea10d HTTP 302
  • https://cms-xch-chicago.33across.com/match?bidder_id=107&external_user_id=ue1-sb1-95be7682-44f5-4f7d-92c1-e6300ddea10d&ts=1636386489&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=
Request Chain 847
  • https://pixel.advertising.com/ups/58410/sync?gdpr=&gdpr_consent=&redir=true&us_privacy= HTTP 302
  • https://ups.analytics.yahoo.com/ups/58410/sync?gdpr=&gdpr_consent=&redir=true&us_privacy=&apid=UP44b8ce41-40ab-11ec-bb7b-02c4b955a223 HTTP 302
  • https://ssc-cms.33across.com/ps/?xi=108&xu=UP44b8ce41-40ab-11ec-bb7b-02c4b955a223 HTTP 302
  • https://cms-xch-chicago.33across.com/match?bidder_id=108&external_user_id=UP44b8ce41-40ab-11ec-bb7b-02c4b955a223&ts=1636386489&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=
Request Chain 849
  • https://pixel.tapad.com/idsync/ex/receive?partner_id=1388&partner_device_id=hPS7qGGJRrcR45bsJK7TYw%3D%3D&us_privacy=&random=1636386488322.5&redirect=https%3A%2F%2Fthinkcxad.azurewebsites.net%2Fapi%2Fpixel%3Fid%3D%24%7BTA_DEVICE_ID%7D%26partner%3DTAPAD HTTP 302
  • https://secure.adnxs.com/getuid?https%3A%2F%2Fpixel.tapad.com%2Fidsync%2Fex%2Freceive%3Fpartner_id%3DAPPNEXUS%26partner_device_id%3D%24UID%26pt%3Daec29ca0-3c0f-4554-9025-2ee595f559f2%252Chttps%253A%252F%252Fusermatch.krxd.net%252Fum%252Fv2%253Fpartner%253Dtapad HTTP 302
  • https://pixel.tapad.com/idsync/ex/receive?partner_id=APPNEXUS&partner_device_id=6624566760367890375&pt=aec29ca0-3c0f-4554-9025-2ee595f559f2%2Chttps%3A%2F%2Fusermatch.krxd.net%2Fum%2Fv2%3Fpartner%3Dtapad HTTP 302
  • https://usermatch.krxd.net/um/v2?partner=tapad HTTP 302
  • https://pixel.tapad.com/idsync/ex/receive?partner_id=1969&partner_device_id=OeEHC_iZ&partner_url=https://beacon.krxd.net/usermatch.gif?partner%3Dtapad%26partner_uid%3D$%7BTA_DEVICE_ID%7D HTTP 302
  • https://beacon.krxd.net/usermatch.gif?partner=tapad&partner_uid=aec29ca0-3c0f-4554-9025-2ee595f559f2
Request Chain 850
  • https://e.serverbid.com/udb/9969/match?redir=https%3A%2F%2Fssc-cms.33across.com%2Fps%2F%3Fxi%3D107%26xu%3D HTTP 302
  • https://ssc-cms.33across.com/ps/?xi=107&xu=ue1-sb1-6f3fcf90-08fa-4fe3-b170-bd10b0eda633 HTTP 302
  • https://cms-xch-chicago.33across.com/match?bidder_id=107&external_user_id=ue1-sb1-6f3fcf90-08fa-4fe3-b170-bd10b0eda633&ts=1636386489&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=
Request Chain 851
  • https://pixel.advertising.com/ups/58410/sync?gdpr=&gdpr_consent=&redir=true&us_privacy= HTTP 302
  • https://ups.analytics.yahoo.com/ups/58410/sync?gdpr=&gdpr_consent=&redir=true&us_privacy=&apid=UP44b8ce41-40ab-11ec-bb7b-02c4b955a223 HTTP 302
  • https://ssc-cms.33across.com/ps/?xi=108&xu=UP44b8ce41-40ab-11ec-bb7b-02c4b955a223 HTTP 302
  • https://cms-xch-chicago.33across.com/match?bidder_id=108&external_user_id=UP44b8ce41-40ab-11ec-bb7b-02c4b955a223&ts=1636386489&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=
Request Chain 852
  • https://ssc-cms.33across.com/ps/?_=1636386488370.&ri=0013300001r0t9mAAA&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=&ru=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dtta%26i%3D33XUSERID33X HTTP 302
  • https://rtb.gumgum.com/usersync?b=tta&i=118767487923505
Request Chain 854
  • https://pixel.tapad.com/idsync/ex/receive?partner_id=1388&partner_device_id=hPS7qGGJRrcR45bsJK7TYw%3D%3D&us_privacy=&random=1636386488370.5&redirect=https%3A%2F%2Fthinkcxad.azurewebsites.net%2Fapi%2Fpixel%3Fid%3D%24%7BTA_DEVICE_ID%7D%26partner%3DTAPAD HTTP 302
  • https://secure.adnxs.com/getuid?https%3A%2F%2Fpixel.tapad.com%2Fidsync%2Fex%2Freceive%3Fpartner_id%3DAPPNEXUS%26partner_device_id%3D%24UID%26pt%3Daec29ca0-3c0f-4554-9025-2ee595f559f2%252Chttps%253A%252F%252Fusermatch.krxd.net%252Fum%252Fv2%253Fpartner%253Dtapad HTTP 302
  • https://pixel.tapad.com/idsync/ex/receive?partner_id=APPNEXUS&partner_device_id=6624566760367890375&pt=aec29ca0-3c0f-4554-9025-2ee595f559f2%2Chttps%3A%2F%2Fusermatch.krxd.net%2Fum%2Fv2%3Fpartner%3Dtapad HTTP 302
  • https://usermatch.krxd.net/um/v2?partner=tapad HTTP 302
  • https://pixel.tapad.com/idsync/ex/receive?partner_id=1969&partner_device_id=OeEHC_iZ&partner_url=https://beacon.krxd.net/usermatch.gif?partner%3Dtapad%26partner_uid%3D$%7BTA_DEVICE_ID%7D HTTP 302
  • https://beacon.krxd.net/usermatch.gif?partner=tapad&partner_uid=aec29ca0-3c0f-4554-9025-2ee595f559f2
Request Chain 855
  • https://e.serverbid.com/udb/9969/match?redir=https%3A%2F%2Fssc-cms.33across.com%2Fps%2F%3Fxi%3D107%26xu%3D HTTP 302
  • https://ssc-cms.33across.com/ps/?xi=107&xu=ue1-sb1-aac4b4ad-72e2-4304-9ea7-b6e578416ced HTTP 302
  • https://cms-xch-chicago.33across.com/match?bidder_id=107&external_user_id=ue1-sb1-aac4b4ad-72e2-4304-9ea7-b6e578416ced&ts=1636386489&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=
Request Chain 856
  • https://pixel.advertising.com/ups/58410/sync?gdpr=&gdpr_consent=&redir=true&us_privacy= HTTP 302
  • https://ups.analytics.yahoo.com/ups/58410/sync?gdpr=&gdpr_consent=&redir=true&us_privacy=&apid=UP44b8ce41-40ab-11ec-bb7b-02c4b955a223 HTTP 302
  • https://ssc-cms.33across.com/ps/?xi=108&xu=UP44b8ce41-40ab-11ec-bb7b-02c4b955a223 HTTP 302
  • https://cms-xch-chicago.33across.com/match?bidder_id=108&external_user_id=UP44b8ce41-40ab-11ec-bb7b-02c4b955a223&ts=1636386489&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=
Request Chain 857
  • https://ssc-cms.33across.com/ps/?_=1636386488375.&ri=0013300001r0t9mAAA&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=&ru=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dtta%26i%3D33XUSERID33X HTTP 302
  • https://rtb.gumgum.com/usersync?b=tta&i=118767487923505
Request Chain 859
  • https://pixel.tapad.com/idsync/ex/receive?partner_id=1388&partner_device_id=hPS7qGGJRrcR45bsJK7TYw%3D%3D&us_privacy=&random=1636386488375.5&redirect=https%3A%2F%2Fthinkcxad.azurewebsites.net%2Fapi%2Fpixel%3Fid%3D%24%7BTA_DEVICE_ID%7D%26partner%3DTAPAD HTTP 302
  • https://secure.adnxs.com/getuid?https%3A%2F%2Fpixel.tapad.com%2Fidsync%2Fex%2Freceive%3Fpartner_id%3DAPPNEXUS%26partner_device_id%3D%24UID%26pt%3Daec29ca0-3c0f-4554-9025-2ee595f559f2%252Chttps%253A%252F%252Fusermatch.krxd.net%252Fum%252Fv2%253Fpartner%253Dtapad HTTP 302
  • https://pixel.tapad.com/idsync/ex/receive?partner_id=APPNEXUS&partner_device_id=6624566760367890375&pt=aec29ca0-3c0f-4554-9025-2ee595f559f2%2Chttps%3A%2F%2Fusermatch.krxd.net%2Fum%2Fv2%3Fpartner%3Dtapad HTTP 302
  • https://usermatch.krxd.net/um/v2?partner=tapad HTTP 302
  • https://pixel.tapad.com/idsync/ex/receive?partner_id=1969&partner_device_id=OeEHC_iZ&partner_url=https://beacon.krxd.net/usermatch.gif?partner%3Dtapad%26partner_uid%3D$%7BTA_DEVICE_ID%7D HTTP 302
  • https://beacon.krxd.net/usermatch.gif?partner=tapad&partner_uid=aec29ca0-3c0f-4554-9025-2ee595f559f2
Request Chain 861
  • https://pixel-us-east.rubiconproject.com/exchange/sync.php?p=33across&us_privacy= HTTP 302
  • https://ssc-cms.33across.com/ps/?xi=1&xu=KVQU9H03-1P-5D30 HTTP 302
  • https://cms-xch-chicago.33across.com/match?bidder_id=30&external_user_id=KVQU9H03-1P-5D30&ts=1636386489&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=
Request Chain 862
  • https://pixel.rubiconproject.com/exchange/sync.php?p=gumgum HTTP 302
  • https://rtb.gumgum.com/usersync?b=mag&i=KVQU9H03-1P-5D30
Request Chain 867
  • https://openx2-match.dotomi.com/match/bounce/current?networkId=15900&version=1&nuid={OX_USER_ID} HTTP 302
  • https://openx2-match.dotomi.com/match/bounce/current?DotomiTest=105dec247a91122e&is_secure=true&networkId=15900&version=1&nuid=%7BOX_USER_ID%7D HTTP 302
  • https://us-u.openx.net/w/1.0/sd?id=537072954&val=AAAGdRmRckETjwNOjBjIAAAAAAA&expiration=1636472889&nuid={OX_USER_ID}&is_secure=true
Request Chain 868
  • https://px.owneriq.net/eox HTTP 302
  • https://us-u.openx.net/w/1.0/sd?id=537073059&val=Q6896728851048605046P
Request Chain 871
  • https://us-u.openx.net/w/1.0/cm?id=b9f5c7de-85f6-48cc-ba86-351b90373b6b&r=https%3A%2F%2Fa.tribalfusion.com%2Fi.match%3Fp%3Db12%26redirect%3Dhttps%253A%252F%252Fus-u.openx.net%252Fw%252F1.0%252Fsd%253Fid%253D537141727%2526val%253D%2524TF_USER_ID_ENC%2524%26u%3D HTTP 302
  • https://a.tribalfusion.com/i.match?p=b12&redirect=https%3A%2F%2Fus-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537141727%26val%3D%24TF_USER_ID_ENC%24&u=bb1003c6-1819-4b8d-a6c8-f4d85b10a226 HTTP 302
  • https://us-u.openx.net/w/1.0/sd?id=537141727&val=18072662304193162968
Request Chain 872
  • https://sync.1rx.io/usersync/openx/211d6219-f6d3-4078-817e-13d70f761666 HTTP 302
  • https://sync.targeting.unrulymedia.com/csync/RX-af56c6db-498f-42fc-9369-e44a2dbc1924-005
Request Chain 873
  • https://match.prod.bidr.io/cookie-sync/ox HTTP 303
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyOTcmdGw9MTI5NjAw&piggybackCookie=AACqDk7DEo0AABkfKQPxKQ&r=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dsas%252Csyn%252Cpp%252Cox%26bee_sync_current_partner%3Dpm%26bee_sync_initiator%3Dox%26bee_sync_hop_count%3D1 HTTP 302
  • https://match.prod.bidr.io/cookie-sync?bee_sync_partners=sas%2Csyn%2Cpp%2Cox&bee_sync_current_partner=pm&bee_sync_initiator=ox&bee_sync_hop_count=1
Request Chain 875
  • https://oxp.mxptint.net/OpenX.ashx HTTP 302
  • https://us-u.openx.net/w/1.0/sd?id=537116306&val=R1B331_E63D087A_53B0049B
Request Chain 892
  • https://pixfuture-inv-nyc.admixer.net/adxcm.aspx?gdpr=&gdpr_consent=&us_privacy=&redir=1&rurl=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Dadmixeropenrtb%26gdpr%3D%26gdpr_consent%3D%26f%3Di%26uid%3D%24%24visitor_cookie%24%24 HTTP 302
  • https://prebidserver.pixfuture.com:8000/setuid?bidder=admixeropenrtb&gdpr=&gdpr_consent=&f=i&uid=4531b6f0825142aea016f01dfd7f8c3e
Request Chain 895
  • https://sync-tm.everesttech.net/upi/pid/bsTd8NdE?redir=https%3A%2F%2Fsync.crwdcntrl.net%2Fmap%2Fc%3D1811%2Ftp%3DTBMG%2Ftpid%3D%24%7BTM_USER_ID%7D HTTP 302
  • https://sync.crwdcntrl.net/map/c=1811/tp=TBMG/tpid=YYlGtQADCzBZAQAz
Request Chain 896
  • https://d.turn.com/r/dd/id/L2NzaWQvMS9jaWQvMzQ4ODM4MC90LzI/dpuid/5570d12073d005d655e3b9671c26cbf9/url/https://sync.crwdcntrl.net/map/c=10915/tp=TRNN/tpid=$!%7BTURN_UUID%7D HTTP 302
  • https://sync.crwdcntrl.net/map/c=10915/tp=TRNN/tpid=3101355994236352031
Request Chain 897
  • https://sync.mathtag.com/sync/img?sync=auto&mt_exid=10040&redir=https%3A%2F%2Fsync.crwdcntrl.net%2Fqmap%3Fc%3D4735%26tp%3DMDMA%26tpid%3D%5BMM_UUID%5D HTTP 302
  • https://sync.crwdcntrl.net/qmap?c=4735&tp=MDMA&tpid=47ba6189-46b6-4f00-a922-0724bc220c16
Request Chain 898
  • https://global.ib-ibi.com/image.sbxx?go=262106&pid=420&xid=5570d12073d005d655e3b9671c26cbf9 HTTP 302
  • https://ib.mookie1.com/image.sbxx?go=262106&pid=420&xid=5570d12073d005d655e3b9671c26cbf9
Request Chain 899
  • https://pixel.tapad.com/idsync/ex/receive?partner_id=LOTAME&partner_device_id=5570d12073d005d655e3b9671c26cbf9&gdpr=0&partner_url=https%3A%2F%2Fsync.crwdcntrl.net%2Fmap%2Fc%3D10158%2Ftp%3DTPAD%2Ftpid%3D%24%7BTA_DEVICE_ID%7D HTTP 302
  • https://dpm.demdex.net/ibs:dpid=540&dpuuid=aec29ca0-3c0f-4554-9025-2ee595f559f2&redir=https%3A%2F%2Fpixel.tapad.com%2Fidsync%2Fex%2Freceive%3Fpartner_id%3DADB%26partner_device_id%3D%24%7BDD_UUID%7D%26pt%3Daec29ca0-3c0f-4554-9025-2ee595f559f2%252Chttps%253A%252F%252Fsync.crwdcntrl.net%252Fmap%252Fc%253D10158%252Ftp%253DTPAD%252Ftpid%253Daec29ca0-3c0f-4554-9025-2ee595f559f2 HTTP 302
  • https://pixel.tapad.com/idsync/ex/receive?partner_id=ADB&partner_device_id=64726530674853989592561403219984982038&pt=aec29ca0-3c0f-4554-9025-2ee595f559f2%2Chttps%3A%2F%2Fsync.crwdcntrl.net%2Fmap%2Fc%3D10158%2Ftp%3DTPAD%2Ftpid%3Daec29ca0-3c0f-4554-9025-2ee595f559f2 HTTP 302
  • https://sync.crwdcntrl.net/map/c=10158/tp=TPAD/tpid=aec29ca0-3c0f-4554-9025-2ee595f559f2
Request Chain 901
  • https://dmp.adform.net/serving/cookie/match/?party=1003&gdpr=0&gdpr_consent= HTTP 302
  • https://a.audrte.com/a?adform_uid=4632481810353762187 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=ar101281&google_cm&red=eyJ1IjoiaHR0cHM6Ly9hLmF1ZHJ0ZS5jb206NDQzL3AiLCJkIjpbeyJuYW1lIjoiZXllb3RhIn1dfQ%3D%3D&gdpr=0&gdpr_consent= HTTP 302
  • https://a.audrte.com/g?red=eyJ1IjoiaHR0cHM6Ly9hLmF1ZHJ0ZS5jb206NDQzL3AiLCJkIjpbeyJuYW1lIjoiZXllb3RhIn1dfQ%3D%3D&gdpr=0&gdpr_consent=&google_gid=CAESEBgzdWek5j7WERnJEKP6-L4&google_cver=1 HTTP 302
  • https://ps.eyeota.net/match?bid=kh51m51&uid=cilEvucxbC8TKWVP5WiP8KMYQ&gdpr=0&gdpr_consent=
Request Chain 902
  • https://cm.g.doubleclick.net/pixel?google_nid=ar101281&google_cm&red=eyJ1IjoiaHR0cHM6Ly9hLmF1ZHJ0ZS5jb206NDQzL3AiLCJkIjpbXX0%3D&ar_id=cilEvucxbC8TKWVP5WiP8KMYQ&gdpr=0&gdpr_consent= HTTP 302
  • https://a.audrte.com/g?red=eyJ1IjoiaHR0cHM6Ly9hLmF1ZHJ0ZS5jb206NDQzL3AiLCJkIjpbXX0%3D&ar_id=cilEvucxbC8TKWVP5WiP8KMYQ&gdpr=0&gdpr_consent=&google_gid=CAESEBgzdWek5j7WERnJEKP6-L4&google_cver=1 HTTP 302
  • https://a.audrte.com/p

906 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
ms2nVAhQmD
t.co/ 		422 B
666 B 		Document
General
Check archive.org
Download Go to
Full URL
https://t.co/ms2nVAhQmD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.244.42.133 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_b /
Resource Hash
55d8b7ff6d1b91ce802dd52df0b3e868db35968c2f99bb1acbfd7dfba447b4a2
Security Headers
Name Value
Strict-Transport-Security max-age=0
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
en-CA,en;q=0.9

Response headers

date
Mon, 08 Nov 2021 15:48:00 GMT
vary
Origin
server
tsa_b
expires
Mon, 08 Nov 2021 15:53:01 GMT
content-type
text/html; charset=utf-8
cache-control
private,max-age=300
content-length
232
content-encoding
gzip
x-xss-protection
0
strict-transport-security
max-age=0
x-response-time
23
x-connection-hash
dcbaa2e5f6ce9ecd1fc8fcb025ec6d35e32adfc8c5472a44f54542dc719e3c44
Primary Request golang-based-worm-windows-linux.html
securityaffairs.co/wordpress/112825/malware/ 		93 KB
25 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html
Requested by
Host: t.co
URL: https://t.co/ms2nVAhQmD
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
256419b7fb90970b8d38d8ed93f019058c1cba33b45fd55b12cdd3cbcc8c4273

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://t.co/

Response headers

content-type
text/html; charset=UTF-8
date
Mon, 08 Nov 2021 15:48:01 GMT
server
Apache
x-pingback
https://securityaffairs.co/wordpress/xmlrpc.php
link
<https://securityaffairs.co/wordpress/wp-json/>; rel="https://api.w.org/", <https://securityaffairs.co/wordpress/wp-json/wp/v2/posts/112825>; rel="alternate"; type="application/json", <https://securityaffairs.co/wordpress/?p=112825>; rel=shortlink
content-encoding
gzip
js
www.googletagmanager.com/gtag/ 		89 KB
36 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=UA-59069958-1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80c::2008 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
eb1585ad47dc4de0b5593f74beb232a46e949c662d8701678b46f212ced7094f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:03 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
35869
x-xss-protection
0
last-modified
Mon, 08 Nov 2021 15:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Mon, 08 Nov 2021 15:48:03 GMT
style.css
securityaffairs.co/wordpress/wp-includes/css/dist/block-library/ 		91 KB
91 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-includes/css/dist/block-library/style.css?ver=4e9fb397a60a1f94ccb51524dee6bbf2
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
175437ab2d5703d39c01d0f479b19f9b1569bfb2cf43dca8cbf30ff962f0f48b

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:03 GMT
last-modified
Fri, 23 Jul 2021 22:11:52 GMT
server
Apache
accept-ranges
bytes
etag
"16cb1-5c7d1b0db415e"
content-length
93361
content-type
text/css
mediaelementplayer-legacy.min.css
securityaffairs.co/wordpress/wp-includes/js/mediaelement/ 		11 KB
11 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css?ver=4.2.16
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
b7908a015a567ec2363011df2475368dbff34360e9da3fdff50604d6395fb646

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:03 GMT
last-modified
Wed, 09 Dec 2020 23:31:00 GMT
server
Apache
accept-ranges
bytes
etag
"2bf8-5b61073af996a"
content-length
11256
content-type
text/css
wp-mediaelement.css
securityaffairs.co/wordpress/wp-includes/js/mediaelement/ 		5 KB
5 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-includes/js/mediaelement/wp-mediaelement.css?ver=4e9fb397a60a1f94ccb51524dee6bbf2
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
6d9f061cba81145d9bab0964192d66cb2e13a71591482cdfaf5b718341171da1

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:03 GMT
last-modified
Wed, 13 Nov 2019 23:52:08 GMT
server
Apache
accept-ranges
bytes
etag
"1360-597430d7ee92b"
content-length
4960
content-type
text/css
cookie-law-info-public.css
securityaffairs.co/wordpress/wp-content/plugins/cookie-law-info/public/css/ 		3 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/plugins/cookie-law-info/public/css/cookie-law-info-public.css?ver=2.0.6
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
b8fa20af264fcdd99621fc4e3a770927452b0fe382599e0d890a3bfa31152f80

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:03 GMT
last-modified
Wed, 29 Sep 2021 22:16:12 GMT
server
Apache
accept-ranges
bytes
etag
"c25-5cd29ad8a380c"
content-length
3109
content-type
text/css
cookie-law-info-gdpr.css
securityaffairs.co/wordpress/wp-content/plugins/cookie-law-info/public/css/ 		28 KB
28 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/plugins/cookie-law-info/public/css/cookie-law-info-gdpr.css?ver=2.0.6
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
1523ddaa632d195a1240668fb5c6870519e3cdfeabd5a346141bcbb03222e2e7

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:03 GMT
last-modified
Wed, 29 Sep 2021 22:16:12 GMT
server
Apache
accept-ranges
bytes
etag
"7045-5cd29ad8a380c"
content-length
28741
content-type
text/css
font-awesome.min.css
maxcdn.bootstrapcdn.com/font-awesome/4.3.0/css/ 		23 KB
6 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://maxcdn.bootstrapcdn.com/font-awesome/4.3.0/css/font-awesome.min.css?ver=4e9fb397a60a1f94ccb51524dee6bbf2
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:acf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
541ac58217a8ade1a5e292a65a0661dc9db7a49ae13654943817a4fbc6761afd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:03 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
cdn-edgestorageid
617, 617
age
2075637
cdn-cachedat
2021-06-08 14:24:33
cdn-pullzone
252412
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
timing-allow-origin
*
access-control-allow-origin
*
last-modified
Mon, 25 Jan 2021 22:04:54 GMT
server
cloudflare
cdn-requestpullcode
200
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/css; charset=utf-8
cdn-cache
HIT
vary
Accept-Encoding
cache-control
public, max-age=31919000
cdn-uid
b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestid
82275b94124b90c531a8315b39d5d0dc
cf-ray
6aaff1802f1a7139-YUL
cdn-requestcountrycode
US
cdn-status
200
cdn-requestpullsuccess
True
custom.css
securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/jqueryui/ 		19 KB
20 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/jqueryui/custom.css?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
e89bbc7723c5114f9cf138c6019bbca4e4f5e13f6b9febaa38c92c4c3584a964

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:03 GMT
last-modified
Wed, 16 Dec 2015 13:54:59 GMT
server
Apache
accept-ranges
bytes
etag
"4d92-52704407f72c0"
content-length
19858
content-type
text/css
tipsy.css
securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/ 		539 B
683 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/tipsy.css?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
8d732b3483eb44546a848a82cc9d6a584c81860aae7255f7ac589dcb3f130535

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:03 GMT
last-modified
Wed, 16 Dec 2015 06:58:04 GMT
server
Apache
accept-ranges
bytes
etag
"21b-526fe6d7cd700"
content-length
539
content-type
text/css
flexslider.css
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/flexslider/ 		6 KB
6 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/flexslider/flexslider.css?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
759949fb0ffaa47eb3755d704adfee7be3ab4fd3d3fa2f37381ca6ea8b9506b1

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:03 GMT
last-modified
Wed, 16 Dec 2015 13:55:09 GMT
server
Apache
accept-ranges
bytes
etag
"1851-5270441180940"
content-length
6225
content-type
text/css
animation.css
securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/ 		2 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/animation.css?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
2333802e4a0c86b4cc4c71b376fc0aedc3b03039bfc777d96105f82231215732

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:03 GMT
last-modified
Wed, 16 Dec 2015 06:58:02 GMT
server
Apache
accept-ranges
bytes
etag
"6b4-526fe6d5e5280"
content-length
1716
content-type
text/css
font-awesome.min.css
securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/ 		17 KB
18 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/font-awesome.min.css?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
b12c1cd811f54d11bfdcb5e235e73934a8b8a7a85eafb8529117f9a5bb64ccf8

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:03 GMT
last-modified
Wed, 16 Dec 2015 06:58:02 GMT
server
Apache
accept-ranges
bytes
etag
"4574-526fe6d5e5280"
content-length
17780
content-type
text/css
swipebox.css
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/ 		4 KB
5 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/swipebox.css?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
9a47abcc220084cd32dd51bd76f84ff7839e2dbf1a132fb970e8a1437f03726b

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:03 GMT
last-modified
Wed, 16 Dec 2015 06:58:18 GMT
server
Apache
accept-ranges
bytes
etag
"118d-526fe6e527680"
content-length
4493
content-type
text/css
jquery.circliful.css
securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/ 		334 B
478 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/jquery.circliful.css?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
7478123ab457a28ecf9df78f2832fbdbefc205eaef0930b4f6666903e756be46

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:03 GMT
last-modified
Wed, 16 Dec 2015 06:58:02 GMT
server
Apache
accept-ranges
bytes
etag
"14e-526fe6d5e5280"
content-length
334
content-type
text/css
screen.css
securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/ 		110 KB
110 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/screen.css?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
13b61826fde5b78966364a0bfe1f2309da1f0ccd75923528a5014978b7276742

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:03 GMT
last-modified
Wed, 16 Dec 2015 06:58:04 GMT
server
Apache
accept-ranges
bytes
etag
"1b844-526fe6d7cd700"
content-length
112708
content-type
text/css
custom-css.php
securityaffairs.co/wordpress/wp-content/themes/rigel_old/templates/ 		12 KB
12 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/templates/custom-css.php?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
18d61b5ee68a57bd7a4733f776f9f8aa5c353e7f35a420881523b6edbf7c6b19

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:03 GMT
content-type
text/css; charset: UTF-8;charset=UTF-8
server
Apache
grid.css
securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/ 		49 KB
50 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/grid.css?ver=4e9fb397a60a1f94ccb51524dee6bbf2
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
00d534b6d1d7adf2faa7861ce9557403c3c08304e2791fd4301029b0e142c286

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:03 GMT
last-modified
Wed, 16 Dec 2015 06:58:03 GMT
server
Apache
accept-ranges
bytes
etag
"c5f2-526fe6d6d94c0"
content-length
50674
content-type
text/css
sharing.css
securityaffairs.co/wordpress/wp-content/plugins/jetpack/modules/sharedaddy/ 		19 KB
19 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/plugins/jetpack/modules/sharedaddy/sharing.css?ver=10.3
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
8e6479cd4913a87170eb62978960f57a2966a67fe1ce10ece3cbf9ee4097aa70

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:03 GMT
last-modified
Tue, 02 Nov 2021 22:42:56 GMT
server
Apache
accept-ranges
bytes
etag
"4cb9-5cfd603c190ea"
content-length
19641
content-type
text/css
social-logos.css
securityaffairs.co/wordpress/wp-content/plugins/jetpack/_inc/social-logos/ 		12 KB
12 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/plugins/jetpack/_inc/social-logos/social-logos.css?ver=10.3
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
4cdecc62f5b2c8e9f7cf7b14b9fd42e0c4787d912c1b71426cdfbe0144cede46

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:03 GMT
last-modified
Tue, 02 Nov 2021 22:42:55 GMT
server
Apache
accept-ranges
bytes
etag
"312f-5cfd603af31d5"
content-length
12591
content-type
text/css
frontend-gtag.js
securityaffairs.co/wordpress/wp-content/plugins/google-analytics-dashboard-for-wp/assets/js/ 		28 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/plugins/google-analytics-dashboard-for-wp/assets/js/frontend-gtag.js?ver=1636386482
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
b0534210815c3c9ee7e1df828e0916d2997bf39db55466c2cb7353e423db4499

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:03 GMT
last-modified
Wed, 29 Sep 2021 22:16:15 GMT
server
Apache
accept-ranges
bytes
etag
"6ffc-5cd29adbd0faf"
content-length
28668
content-type
application/javascript
jquery.js
securityaffairs.co/wordpress/wp-includes/js/jquery/ 		282 KB
282 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-includes/js/jquery/jquery.js?ver=3.6.0
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
8c3010509fc7480b59413a90d69e9fafcb3d5aa202faf7862466f6bb8be1a335

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:03 GMT
last-modified
Fri, 23 Jul 2021 22:11:53 GMT
server
Apache
accept-ranges
bytes
etag
"46758-5c7d1b0e12d00"
content-length
288600
content-type
application/javascript
jquery-migrate.js
securityaffairs.co/wordpress/wp-includes/js/jquery/ 		25 KB
25 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-includes/js/jquery/jquery-migrate.js?ver=3.3.2
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
9c062d10663416484b5a59bb47a0308526bec56cc69e9f3499fa087d8eae5c7a

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:03 GMT
last-modified
Wed, 09 Dec 2020 23:31:00 GMT
server
Apache
accept-ranges
bytes
etag
"62d4-5b61073af5aea"
content-length
25300
content-type
application/javascript
cookie-law-info-public.js
securityaffairs.co/wordpress/wp-content/plugins/cookie-law-info/public/js/ 		34 KB
35 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/plugins/cookie-law-info/public/js/cookie-law-info-public.js?ver=2.0.6
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
7739eefcdee8afcb00fbe9a35cc795fff0cff7092b10d56c4190484d42892433

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:03 GMT
last-modified
Wed, 29 Sep 2021 22:16:12 GMT
server
Apache
accept-ranges
bytes
etag
"8960-5cd29ad8a47ac"
content-length
35168
content-type
application/javascript
medianetAdInjector.js
securityaffairs.co/wordpress/wp-content/plugins/media-net-ads-manager/js/ 		562 B
716 B 		Script
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/plugins/media-net-ads-manager/js/medianetAdInjector.js?ver=2.10.13
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
37d925559381e9d5388c4a096fe1383570546b7b11548d7d6a7e560adcc24e5d

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:03 GMT
last-modified
Sat, 08 May 2021 23:27:41 GMT
server
Apache
accept-ranges
bytes
etag
"232-5c1d9e407bb22"
content-length
562
content-type
application/javascript
st_insights.js
ws.sharethis.com/button/ 		26 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ws.sharethis.com/button/st_insights.js?publisher=4d48b7c5-0ae3-43d4-bfbe-3ff8c17a8ae6&product=simpleshare
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:211c:4e00:3:c04e:c780:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.20.1 /
Resource Hash
149bccf7e467541fc83e870e967ac322b26065e5d6797169c8a677a67db07e60

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Sat, 06 Nov 2021 13:49:33 GMT
content-encoding
gzip
server
nginx/1.20.1
age
179910
etag
W/"6179dc14-6746"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
via
1.1 5454d86d310d617ffa6cdf566f06caaf.cloudfront.net (CloudFront)
cache-control
max-age=259200
x-amz-cf-pop
ATL50-C1
x-robots-tag
noindex, nofollow
content-length
7654
x-amz-cf-id
8gjIofohch6FeIFwhbKvUTj3fCUeVvB77OQJxMubxyvysQhDSHTb4Q==
expires
Tue, 09 Nov 2021 13:49:33 GMT
sharethis.js
platform-api.sharethis.com/js/ 		183 KB
41 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://platform-api.sharethis.com/js/sharethis.js
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.249.109.18 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-249-109-18.atl50.r.cloudfront.net
Software
/
Resource Hash
b3dca6992b4f8770bc3dba5f82f6325a82d2adabf685da88d950f6fe87b16716

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:42:19 GMT
content-encoding
gzip
age
344
etag
W/"2dcf1-RQaJcGO9+DuZ32kDJGMESLkOoPg"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/javascript; charset=utf-8
via
1.1 ac6d3ab4aab5e523a11b2a06316d1043.cloudfront.net (CloudFront)
edge-control
cache-maxage=60m,downstream-ttl=60m
cache-control
max-age=600, public
x-amz-cf-pop
ATL50-C1
x-amz-cf-id
RsTQUNkwMdkfpT46hKFOL_rSjFeHwRp1jf1cxnJzL2sbIPaiMduLEA==
dmedianet.js
contextual.media.net/ 		159 KB
54 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://contextual.media.net/dmedianet.js?cid=8CU5BD6EW
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.205.72.10 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-205-72-10.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
d830f72f45dfe720fbb241bac171d7bc6068c4d8fc8447fd8c50e66d3b678bdc
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

x-mnt-h
8-9
content-encoding
gzip
server
Apache
etag
"c992a0e077b5b9ea91fd8b2bba7a535a"
vary
Accept-Encoding
content-type
text/javascript; charset=utf-8
cache-control
max-age=300
date
Mon, 08 Nov 2021 15:48:04 GMT
strict-transport-security
max-age=604800
x-mnt-w
8-12
expires
Mon, 08 Nov 2021 15:53:04 GMT
logo_SecurityAffairs.png
securityaffairs.co/wordpress/wp-content/uploads/2015/12/ 		44 KB
44 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://securityaffairs.co/wordpress/wp-content/uploads/2015/12/logo_SecurityAffairs.png
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
00f28fdb987ce0f9edc935ffe381123a2e1f79fcc0f55759a7bb4a83b4a88584

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:04 GMT
last-modified
Wed, 16 Dec 2015 17:30:42 GMT
server
Apache
accept-ranges
bytes
etag
"b0e9-5270743f5f480"
content-length
45289
content-type
image/png
headerbid.js
served-by.pixfuture.com/www/delivery/ 		973 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://served-by.pixfuture.com/www/delivery/headerbid.js
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
d490f2efc64637640a21c5282a89dd22344e58974641bc7bbbfa4c7e4dc8648e

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:04 GMT
last-modified
Tue, 02 Mar 2021 20:36:48 GMT
server
nginx/1.10.3 (Ubuntu)
etag
"603ea1e0-3cd"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=172800, public, no-transform
access-control-allow-credentials
true
accept-ranges
bytes
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length
973
expires
Wed, 10 Nov 2021 15:48:04 GMT
facebook.png
i0.wp.com/securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/ 		514 B
672 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i0.wp.com/securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/facebook.png?ssl=1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.2 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
i0.wp.com
Software
nginx /
Resource Hash
2bae9fc3e57c860103d1e03360ba3246e3b6c5bcaa6f3183ce8066cc69843a5d
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

x-nc
HIT yyz 1
date
Mon, 08 Nov 2021 15:48:04 GMT
x-content-type-options
nosniff
last-modified
Wed, 21 Jul 2021 21:48:44 GMT
server
nginx
etag
"4014833baabd47c5"
vary
Accept
access-control-allow-methods
GET, HEAD
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=63115200
timing-allow-origin
*
link
<https://securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/facebook.png>; rel="canonical"
content-length
514
expires
Sat, 22 Jul 2023 09:48:44 GMT
sdk.js
connect.facebook.net/en_US/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/sdk.js
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
816b387ca3b21f93ed65ca4cc8195ad660608a5c36bbc8875904b4eba630bffb
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
content-md5
8yBSdgDHKZfDhvdfGzaCJw==
cross-origin-resource-policy
cross-origin
expires
Mon, 08 Nov 2021 15:56:24 GMT
alt-svc
h3=":443"; ma=3600,h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
1688
x-fb-rlafr
0
x-fb-debug
MXnxO8q+kxOQKYdgMvwtgSwk9dqkuZcBMkCjKZzyDu9fw7x/OXQyjdMW37yre219TdYyUZGkO0af9O/S6SQHEg==
x-fb-trip-id
1512268381
x-fb-content-md5
b0baf08f0e72cd9b56dc96e7f48c5cb9
cross-origin-opener-policy
same-origin-allow-popups
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
date
Mon, 08 Nov 2021 15:48:04 GMT
x-frame-options
DENY
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public,max-age=1200,stale-while-revalidate=3600
etag
"7b463b8e0b6cfc8e5b96b91441a5a53e"
timing-allow-origin
*
access-control-expose-headers
X-FB-Content-MD5
twemoji.js
securityaffairs.co/wordpress/wp-includes/js/ 		31 KB
31 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-includes/js/twemoji.js?ver=4e9fb397a60a1f94ccb51524dee6bbf2
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
f9fae20d30474c95bf8745df26cfa5c62803462a9ee57dd710c8266d7ece3f3e

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:04 GMT
last-modified
Fri, 23 Jul 2021 22:11:53 GMT
server
Apache
accept-ranges
bytes
etag
"7cdc-5c7d1b0e301c1"
content-length
31964
content-type
application/javascript
wp-emoji.js
securityaffairs.co/wordpress/wp-includes/js/ 		9 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-includes/js/wp-emoji.js?ver=4e9fb397a60a1f94ccb51524dee6bbf2
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
e503c59c36fc19803b2e9572b10e7c06236bda692aebd97f29e2a5a96f9aa5b6

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:04 GMT
last-modified
Tue, 31 Mar 2020 22:49:14 GMT
server
Apache
accept-ranges
bytes
etag
"231d-5a22e608152f1"
content-length
8989
content-type
application/javascript
css
fonts.googleapis.com/ 		0
0
css
fonts.googleapis.com/ 		0
0
css
fonts.googleapis.com/ 		0
0
css
fonts.googleapis.com/ 		0
0
twitter.png
i1.wp.com/securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/ 		672 B
1015 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i1.wp.com/securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/twitter.png?ssl=1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.2 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
i0.wp.com
Software
nginx /
Resource Hash
c0515f174257e5e8c2b69445e28f1cca8792be06d315b7772fc16234937d5cde
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

x-nc
HIT yyz 4
date
Mon, 08 Nov 2021 15:48:04 GMT
x-content-type-options
nosniff
last-modified
Wed, 21 Jul 2021 21:48:44 GMT
server
nginx
etag
"0e73f38e80c9c716"
vary
Accept
access-control-allow-methods
GET, HEAD
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=63115200
timing-allow-origin
*
link
<https://securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/twitter.png>; rel="canonical"
content-length
672
expires
Sat, 22 Jul 2023 09:48:44 GMT
linkedin.png
i1.wp.com/securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i1.wp.com/securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/linkedin.png?ssl=1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.2 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
i0.wp.com
Software
nginx /
Resource Hash
b97d80b9eedfeb29936f0d7f89afbdd425ef8d930d09fa1f98030ceb8b26cabd
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

x-nc
HIT yyz 4
date
Mon, 08 Nov 2021 15:48:04 GMT
x-content-type-options
nosniff
last-modified
Mon, 02 Mar 2020 01:17:02 GMT
server
nginx
etag
"bf70173b0780c66f"
vary
Accept
access-control-allow-methods
GET, HEAD
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=63115200
timing-allow-origin
*
link
<https://securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/linkedin.png>; rel="canonical"
content-length
1184
expires
Wed, 02 Mar 2022 13:17:02 GMT
healthcare-MedicalData-breach.jpg
securityaffairs.co/wordpress/wp-content/uploads/2015/03/ 		29 KB
29 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://securityaffairs.co/wordpress/wp-content/uploads/2015/03/healthcare-MedicalData-breach.jpg
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
d43993db4451098683408e1ab4b6d21938a60291c146c15a379cabfc0c1cb38f

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:04 GMT
last-modified
Wed, 16 Dec 2015 11:48:23 GMT
server
Apache
accept-ranges
bytes
etag
"7325-527027bbdafc0"
content-length
29477
content-type
image/jpeg
CLOP-ransomware-arrest.jpg
securityaffairs.co/wordpress/wp-content/uploads/2021/06/ 		241 KB
242 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://securityaffairs.co/wordpress/wp-content/uploads/2021/06/CLOP-ransomware-arrest.jpg
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
c0475c55484f66ab99b89eb8cfe543c6371f6ad73cfe08489cdff78bfb6c15f2

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:04 GMT
last-modified
Wed, 16 Jun 2021 20:36:19 GMT
server
Apache
accept-ranges
bytes
etag
"3c459-5c4e80aff80f9"
content-length
246873
content-type
image/jpeg
December-Emotet-Redacted_wm.png
i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2020/12/ 		11 KB
11 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2020/12/December-Emotet-Redacted_wm.png?resize=300%2C300&ssl=1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.2 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
i0.wp.com
Software
nginx /
Resource Hash
92bfb76bb5e4dd62fb0cf65969471456d1c34ffcfb1637c154ce818f7cad4a4c
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

x-nc
MISS yyz 1
date
Mon, 08 Nov 2021 15:48:04 GMT
x-content-type-options
nosniff
last-modified
Mon, 08 Nov 2021 15:48:04 GMT
server
nginx
etag
"ce2a429312688ce1"
vary
Accept
access-control-allow-methods
GET, HEAD
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=63115200
timing-allow-origin
*
link
<https://securityaffairs.co/wordpress/wp-content/uploads/2020/12/December-Emotet-Redacted_wm.png>; rel="canonical"
content-length
11174
expires
Thu, 09 Nov 2023 03:48:04 GMT
ssba.css
securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/css/ 		156 KB
157 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/css/ssba.css?ver=4e9fb397a60a1f94ccb51524dee6bbf2
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
1cc4f4c92b087dcaf73fae7b25faeb55c5b3399e5ccf1d8ac5dbc01231fdb61a

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:04 GMT
last-modified
Wed, 06 Oct 2021 04:54:36 GMT
server
Apache
accept-ranges
bytes
etag
"2719b-5cda7f1621c10"
content-length
160155
content-type
text/css
photon.js
securityaffairs.co/wordpress/wp-content/plugins/jetpack/modules/photon/ 		2 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/plugins/jetpack/modules/photon/photon.js?ver=20191001
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
e2dc35b0dbaa16b45d96eb3691927df48e091f4983ed2cc079568b789f9559da

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:04 GMT
last-modified
Tue, 02 Nov 2021 22:42:56 GMT
server
Apache
accept-ranges
bytes
etag
"6e0-5cfd603be358c"
content-length
1760
content-type
application/javascript
jquery.adrotate.clicktracker.js
securityaffairs.co/wordpress/wp-content/plugins/adrotate/library/ 		365 B
519 B 		Script
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/plugins/adrotate/library/jquery.adrotate.clicktracker.js
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
65cfa6801a0886fab249b224e8a6982b4740fe7879fce99ff13ddaac9aaca01a

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:04 GMT
last-modified
Sun, 05 Sep 2021 22:22:00 GMT
server
Apache
accept-ranges
bytes
etag
"16d-5cb46f619b099"
content-length
365
content-type
application/javascript
ssba.js
securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/js/ 		2 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/js/ssba.js?ver=4e9fb397a60a1f94ccb51524dee6bbf2
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
76a18f5f0637e0d73ce1afece898ce8b0fa75bb6b1c1990ae4a7ac6b083045ce

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:04 GMT
last-modified
Wed, 06 Oct 2021 04:54:36 GMT
server
Apache
accept-ranges
bytes
etag
"792-5cda7f1635491"
content-length
1938
content-type
application/javascript
hint.js
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/ 		987 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/hint.js?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
d99ea9db1da8549489666d36c9e3fb717842550eed1554e96860af8d30c3b008

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:04 GMT
last-modified
Wed, 16 Dec 2015 06:58:17 GMT
server
Apache
accept-ranges
bytes
etag
"3db-526fe6e433440"
content-length
987
content-type
application/javascript
jquery.tipsy.js
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/ 		4 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/jquery.tipsy.js?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
0e53466218d7ff174e0a083ecce89b1c090c67ccbe55775eddca03e930ff9e35

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:04 GMT
last-modified
Wed, 16 Dec 2015 06:58:17 GMT
server
Apache
accept-ranges
bytes
etag
"1113-526fe6e433440"
content-length
4371
content-type
application/javascript
jquery.easing.js
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/ 		8 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/jquery.easing.js?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
0757f7ff6e5f6a581922a5e2d42c5e0cf7475d880885a9802e8bdd5e4188dd34

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:04 GMT
last-modified
Wed, 16 Dec 2015 06:58:17 GMT
server
Apache
accept-ranges
bytes
etag
"1fa1-526fe6e433440"
content-length
8097
content-type
application/javascript
browser.js
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/ 		3 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/browser.js?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
1aaab3c3d6f974416ae34893cebe3a544aea17931439b2449ec392061d11ec82

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:04 GMT
last-modified
Wed, 16 Dec 2015 06:58:16 GMT
server
Apache
accept-ranges
bytes
etag
"a36-526fe6e33f200"
content-length
2614
content-type
application/javascript
jquery.flexslider-min.js
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/flexslider/ 		21 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/flexslider/jquery.flexslider-min.js?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
45185c8f6cd2f9b42e3a02b78af40edc7d61328fac3167a0490c9c69bbecaaa6

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:04 GMT
last-modified
Wed, 16 Dec 2015 13:55:10 GMT
server
Apache
accept-ranges
bytes
etag
"53ae-5270441274b80"
content-length
21422
content-type
application/javascript
waypoints.min.js
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/ 		8 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/waypoints.min.js?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
a0fded691aed767f851011cd3185b928619298a21a0fbdad4808a9e88b490833

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:04 GMT
last-modified
Wed, 16 Dec 2015 06:58:18 GMT
server
Apache
accept-ranges
bytes
etag
"1f6c-526fe6e527680"
content-length
8044
content-type
application/javascript
mediaelement-and-player.min.js
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/mediaelement/ 		69 KB
70 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/mediaelement/mediaelement-and-player.min.js?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
f0c6d2d27de284102b03e30cd74be808801ec53ca49f30b4d15620ee84ea39f5

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:04 GMT
last-modified
Wed, 16 Dec 2015 13:55:14 GMT
server
Apache
accept-ranges
bytes
etag
"11571-5270441645480"
content-length
71025
content-type
application/javascript
jquery.swipebox.min.js
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/ 		11 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/jquery.swipebox.min.js?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
2199990352edbb7ec586e01d26e2f6a7010a2fce1517711019b614dcec353ba3

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:04 GMT
last-modified
Wed, 16 Dec 2015 06:58:17 GMT
server
Apache
accept-ranges
bytes
etag
"2a67-526fe6e433440"
content-length
10855
content-type
application/javascript
jquery.circliful.min.js
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/ 		3 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/jquery.circliful.min.js?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
1832a6ee34745b08b1fcae42c24468086358b43071d7679a738951aa7dc243ea

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:04 GMT
last-modified
Wed, 16 Dec 2015 06:58:17 GMT
server
Apache
accept-ranges
bytes
etag
"c18-526fe6e433440"
content-length
3096
content-type
application/javascript
jquery.smarticker.min.js
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/ 		13 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/jquery.smarticker.min.js?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
5525d57ced576560de8777ea78e4bc0c9d55396c0b668a7563b354de9c165aee

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:04 GMT
last-modified
Wed, 16 Dec 2015 06:58:17 GMT
server
Apache
accept-ranges
bytes
etag
"3225-526fe6e433440"
content-length
12837
content-type
application/javascript
custom.js
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/ 		12 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/custom.js?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
0c27a9c1aee9eacb73655f930a6bbf9ec721006695e5c38405296081cdbcb878

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:04 GMT
last-modified
Wed, 16 Dec 2015 06:58:16 GMT
server
Apache
accept-ranges
bytes
etag
"31d4-526fe6e33f200"
content-length
12756
content-type
application/javascript
wp-embed.js
securityaffairs.co/wordpress/wp-includes/js/ 		3 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-includes/js/wp-embed.js?ver=4e9fb397a60a1f94ccb51524dee6bbf2
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
d931ba2089021a1357761939c18bcc09aa856d39be2a707ea450333f5b3443c4

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:04 GMT
last-modified
Thu, 21 Feb 2019 22:56:38 GMT
server
Apache
accept-ranges
bytes
etag
"c8e-5826f6315ef61"
content-length
3214
content-type
application/javascript
sharing.js
securityaffairs.co/wordpress/wp-content/plugins/jetpack/modules/sharedaddy/ 		23 KB
23 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/plugins/jetpack/modules/sharedaddy/sharing.js?ver=10.3
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
bc29c34d0738c5cb3f96585219667566799d9e142699e982f9406d5b04fa9794

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:04 GMT
last-modified
Tue, 02 Nov 2021 22:42:56 GMT
server
Apache
accept-ranges
bytes
etag
"5a9e-5cfd603c190ea"
content-length
23198
content-type
application/javascript
e-202145.js
stats.wp.com/ 		9 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://stats.wp.com/e-202145.js
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.76.3 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
0ebbc7fba9a50d36ef5422345f624431710db4528f25749d1d438c2c10bb69f2

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

x-nc
HIT yyz
date
Mon, 08 Nov 2021 15:48:04 GMT
content-encoding
gzip
server
nginx
etag
W/"5c6340e3-350a"
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=31536000
expires
Mon, 31 Oct 2022 02:13:45 GMT
analytics.js
www.google-analytics.com/ 		48 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-59069958-1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:823::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
fd222137f245c06ddb4c4d44db41f12138dad6cf8ef5d4d4a5e500f38f0c8c62
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 26 Oct 2021 23:24:02 GMT
server
Golfe2
age
2502
date
Mon, 08 Nov 2021 15:06:22 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
19747
expires
Mon, 08 Nov 2021 17:06:22 GMT
sc
l.sharethis.com/
Redirect Chain
  • https://l.sharethis.com/pview?event=pview&version=st_insights.js&lang=en&sessionID=1636386484505.10662&hostname=securityaffairs.co&location=%2Fwordpress%2F112825%2Fmalware%2Fgolang-based-worm-windo...
  • https://l.sharethis.com/sc?event=pview&version=st_insights.js&lang=en&sessionID=1636386484505.10662&hostname=securityaffairs.co&location=%2Fwordpress%2F112825%2Fmalware%2Fgolang-based-worm-windows-...
160 B
619 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://l.sharethis.com/sc?event=pview&version=st_insights.js&lang=en&sessionID=1636386484505.10662&hostname=securityaffairs.co&location=%2Fwordpress%2F112825%2Fmalware%2Fgolang-based-worm-windows-linux.html&product=simpleshare&fcmp=false&fcmpv2=false&publisher=4d48b7c5-0ae3-43d4-bfbe-3ff8c17a8ae6&refDomain=t.co&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F112825%2Fmalware%2Fgolang-based-worm-windows-linux.html&title=New%20Golang-based%20Crypto%20worm%20infects%20Windows%20and%20Linux%20serversSecurity%20Affairs&sop=false&description=Experts%20from%20Intezer%20discovered%20a%20new%20and%20self-spreading%20Golang-based%20malware%20that%20targets%20Windows%20and%20Linux%20servers.%20Experts%20from%20Intezer%20discovered%20a%20Golang-based%20worm%20that%20targets%20Windows%20and%20Linux%20servers.%20The%20malware%20has%20been%20active%20since%20early%20December%20targeting%20public-facing%20services%2C%20including%20MySQL%2C%20Tomcat%20admin%20panel%20and%20Jenkins%20that%20are%20protected%20with%20weak%20passwords.%20The%20worm%20%5B%E2%80%A6%5D&samesite=None
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html
Protocol
HTTP/1.1
Server
54.161.247.27 , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-161-247-27.compute-1.amazonaws.com
Software
/
Resource Hash
9ef6aba04e9faa760fe071252f511306b16527f4ef75f7db5aa306a067b7c4f8

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date
Mon, 08 Nov 2021 15:48:04 GMT
Access-Control-Max-Age
1728000
Content-Type
text/plain; charset=utf-8
Access-Control-Allow-Origin
https://securityaffairs.co
Access-Control-Expose-Headers
stid
Cache-Control
no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
X-Robots-Tag
noindex, nofollow
Access-Control-Allow-Headers
*
Content-Length
160
Stid
ZGUAB2GJRrQAAAAIDpiQAw==

Redirect headers

Date
Mon, 08 Nov 2021 15:48:04 GMT
Content-Type
text/html; charset=utf-8
Access-Control-Allow-Origin
https://securityaffairs.co
Access-Control-Max-Age
1728000
P3p
policyref="/w3c/p3p.xml", CP="ALL DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT DEM"
Location
/sc?event=pview&version=st_insights.js&lang=en&sessionID=1636386484505.10662&hostname=securityaffairs.co&location=%2Fwordpress%2F112825%2Fmalware%2Fgolang-based-worm-windows-linux.html&product=simpleshare&fcmp=false&fcmpv2=false&publisher=4d48b7c5-0ae3-43d4-bfbe-3ff8c17a8ae6&refDomain=t.co&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F112825%2Fmalware%2Fgolang-based-worm-windows-linux.html&title=New%20Golang-based%20Crypto%20worm%20infects%20Windows%20and%20Linux%20serversSecurity%20Affairs&sop=false&description=Experts%20from%20Intezer%20discovered%20a%20new%20and%20self-spreading%20Golang-based%20malware%20that%20targets%20Windows%20and%20Linux%20servers.%20Experts%20from%20Intezer%20discovered%20a%20Golang-based%20worm%20that%20targets%20Windows%20and%20Linux%20servers.%20The%20malware%20has%20been%20active%20since%20early%20December%20targeting%20public-facing%20services%2C%20including%20MySQL%2C%20Tomcat%20admin%20panel%20and%20Jenkins%20that%20are%20protected%20with%20weak%20passwords.%20The%20worm%20%5B%E2%80%A6%5D&samesite=None
Access-Control-Expose-Headers
stid
Cache-Control
no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
X-Robots-Tag
noindex, nofollow
Access-Control-Allow-Headers
*
Content-Length
1151
Stid
ZGUAB2GJRrQAAAAIDpiQAw==
log
l.sharethis.com/ 		0
739 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://l.sharethis.com/log?event=ibl&url=https://t.co/&description=Experts%20from%20Intezer%20discovered%20a%20new%20and%20self-spreading%20Golang-based%20malware%20that%20targets%20Windows%20and%20Linux%20servers.%20Experts%20from%20Intezer%20discovered%20a%20Golang-based%20worm%20that%20targets%20Windows%20and%20Linux%20servers.%20The%20malware%20has%20been%20active%20since%20early%20December%20targeting%20public-facing%20services%2C%20including%20MySQL%2C%20Tomcat%20admin%20panel%20and%20Jenkins%20that%20are%20protected%20with%20weak%20passwords.%20The%20worm%20%5B%E2%80%A6%5D&img_pview=true
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.161.247.27 , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-161-247-27.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date
Mon, 08 Nov 2021 15:48:04 GMT
Access-Control-Max-Age
1728000
P3p
policyref="/w3c/p3p.xml", CP="ALL DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT DEM"
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
stid
Cache-Control
no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
X-Robots-Tag
noindex, nofollow
Access-Control-Allow-Headers
*
Stid
ZGUABWGJRrQAAAAIFBrzAw==
5b71b64b04b9a500117b1015.js
buttons-config.sharethis.com/js/ 		30 B
375 B 		Script
General
Check archive.org
Download Go to
Full URL
https://buttons-config.sharethis.com/js/5b71b64b04b9a500117b1015.js
Requested by
Host: platform-api.sharethis.com
URL: https://platform-api.sharethis.com/js/sharethis.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:211c:c600:c:abe:f440:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
2c29defe29114d0e8b948e78d50ebb281035df53a9167089deb1e77e801bbd2f

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:06 GMT
via
1.1 de1264a3a3f48b4a1df5ca71a9838a48.cloudfront.net (CloudFront)
last-modified
Mon, 13 Aug 2018 16:48:12 GMT
server
AmazonS3
x-amz-cf-pop
ATL50-C1
etag
"e6e1643313740711175f51662a65b42f"
x-cache
Miss from cloudfront
content-type
text/javascript
cache-control
max-age=60,public
accept-ranges
bytes
content-length
30
x-amz-cf-id
g48RJGMZ-LCGZyLIZyZ2f__LCibty5P0U-oAP80m5U5dDRr5Spdwew==
analytics.js
google-analytics.com/ 		48 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://google-analytics.com/analytics.js
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:824::2004 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
fd222137f245c06ddb4c4d44db41f12138dad6cf8ef5d4d4a5e500f38f0c8c62
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 26 Oct 2021 23:24:02 GMT
server
Golfe2
age
535
date
Mon, 08 Nov 2021 15:39:09 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
19747
expires
Mon, 08 Nov 2021 17:39:09 GMT
fontawesome-webfont.woff
securityaffairs.co/wordpress/wp-content/themes/rigel_old/fonts/ 		43 KB
44 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/fonts/fontawesome-webfont.woff?v=4.0.3
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/font-awesome.min.css?ver=1.4.1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
0fd28fece9ebd606b8b071460ebd3fc2ed7bc7a66ef91c8834f11dfacab4a849

Request headers

Referer
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/font-awesome.min.css?ver=1.4.1
Origin
https://securityaffairs.co
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:04 GMT
last-modified
Wed, 16 Dec 2015 06:58:09 GMT
server
Apache
accept-ranges
bytes
etag
"ad90-526fe6dc92240"
content-length
44432
content-type
application/font-woff
GoLang-based-worm.png
i2.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2020/12/ 		102 KB
102 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i2.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2020/12/GoLang-based-worm.png?w=1006&ssl=1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.2 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
i0.wp.com
Software
nginx /
Resource Hash
3bd77576df66f3e27de9a7e73556433f75d6446051495cdc46b229a4b54474bd
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

x-nc
MISS yyz 4
date
Mon, 08 Nov 2021 15:48:04 GMT
x-content-type-options
nosniff
last-modified
Mon, 08 Nov 2021 15:48:04 GMT
server
nginx
etag
"ca7dab299657fee1"
vary
Accept
access-control-allow-methods
GET, HEAD
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=63115200
timing-allow-origin
*
link
<https://securityaffairs.co/wordpress/wp-content/uploads/2020/12/GoLang-based-worm.png>; rel="canonical"
content-length
104366
expires
Thu, 09 Nov 2023 03:48:04 GMT
f00db26378ef7df7c440a8ee60ead62b
secure.gravatar.com/avatar/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://secure.gravatar.com/avatar/f00db26378ef7df7c440a8ee60ead62b?s=60&d=mm&r=g
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:fa87:fffe::c000:4902 , Ireland, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
5cbf31f01d7d1ce4853bcd6cc64dbfd103d412ec14d8bcc4ebca3b35dc3f3b74

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

x-nc
HIT yyz 1
date
Mon, 08 Nov 2021 15:48:04 GMT
last-modified
Wed, 11 Jan 1984 08:00:00 GMT
server
nginx
content-type
image/jpeg
access-control-allow-origin
*
cache-control
max-age=300
content-disposition
inline; filename="f00db26378ef7df7c440a8ee60ead62b.png"
accept-ranges
bytes
link
<https://www.gravatar.com/avatar/f00db26378ef7df7c440a8ee60ead62b?s=60&d=mm&r=g>; rel="canonical"
content-length
1186
expires
Mon, 08 Nov 2021 15:53:04 GMT
Digging-The-Deep-Web.png
i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2018/03/ 		30 KB
30 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2018/03/Digging-The-Deep-Web.png?resize=236%2C300&ssl=1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.2 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
i0.wp.com
Software
nginx /
Resource Hash
e2a3522e6e082fa56d0eb9bf893a6bddc957911a05ff9a35a1c5e6982abe583e
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

x-nc
HIT yyz 3
date
Mon, 08 Nov 2021 15:48:04 GMT
x-content-type-options
nosniff
last-modified
Wed, 21 Jul 2021 21:52:20 GMT
server
nginx
etag
"d48eabdda4b96424"
vary
Accept
access-control-allow-methods
GET, HEAD
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=63115200
timing-allow-origin
*
link
<https://securityaffairs.co/wordpress/wp-content/uploads/2018/03/Digging-The-Deep-Web.png>; rel="canonical"
content-length
30524
expires
Sat, 22 Jul 2023 09:52:20 GMT
securityaffairs-best-european-blog2.png
i2.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2020/06/ 		63 KB
64 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i2.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2020/06/securityaffairs-best-european-blog2.png?resize=300%2C217&ssl=1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.2 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
i0.wp.com
Software
nginx /
Resource Hash
bc1790fd7912b9fd329447505a8248b380576af8c87c0d98a93cf20a41ef6066
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

x-nc
HIT yyz 2
date
Mon, 08 Nov 2021 15:48:04 GMT
x-content-type-options
nosniff
last-modified
Wed, 21 Jul 2021 21:52:20 GMT
server
nginx
etag
"17e134319cf07b1d"
vary
Accept
access-control-allow-methods
GET, HEAD
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=63115200
timing-allow-origin
*
link
<https://securityaffairs.co/wordpress/wp-content/uploads/2020/06/securityaffairs-best-european-blog2.png>; rel="canonical"
content-length
64820
expires
Sat, 22 Jul 2023 09:52:20 GMT
logo-center-for-cybersecurity.jpg
i1.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2020/10/ 		7 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i1.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2020/10/logo-center-for-cybersecurity.jpg?resize=290%2C300&ssl=1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.2 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
i0.wp.com
Software
nginx /
Resource Hash
12e29fa8c4f9d7702cdea6663458a4084007fe4521117610c456c54e6644e07c
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

x-nc
HIT yyz 2
date
Mon, 08 Nov 2021 15:48:04 GMT
x-content-type-options
nosniff
last-modified
Wed, 21 Jul 2021 21:52:20 GMT
server
nginx
etag
"888bd266d499cfbb"
vary
Accept
access-control-allow-methods
GET, HEAD
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=63115200
timing-allow-origin
*
link
<https://securityaffairs.co/wordpress/wp-content/uploads/2020/10/logo-center-for-cybersecurity.jpg>; rel="canonical"
content-length
7234
expires
Sat, 22 Jul 2023 09:52:20 GMT
newsletter.png
i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2015/03/ 		19 KB
19 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2015/03/newsletter.png?resize=300%2C207&ssl=1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.2 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
i0.wp.com
Software
nginx /
Resource Hash
167bdead3314274ec6816ae851d767dd0ca9d1f9a2858b8ed0f1820657096097
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

x-nc
HIT yyz 4
date
Mon, 08 Nov 2021 15:48:04 GMT
x-content-type-options
nosniff
last-modified
Wed, 21 Jul 2021 21:52:20 GMT
server
nginx
etag
"24ec3785c027f2f5"
vary
Accept
access-control-allow-methods
GET, HEAD
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=63115200
timing-allow-origin
*
link
<https://securityaffairs.co/wordpress/wp-content/uploads/2015/03/newsletter.png>; rel="canonical"
content-length
18968
expires
Sat, 22 Jul 2023 09:52:20 GMT
sdk.js
connect.facebook.net/en_US/ 		266 KB
76 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/sdk.js?hash=8d925fa2c637c549007b7814761ffcdd
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
02b68946ed6d42f94f14cb051ad4e820776a5cfc7e20444869fd37bca432fa92
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://securityaffairs.co/
Origin
https://securityaffairs.co
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
content-md5
190nEYOec9vC9ZEI5iYxJQ==
cross-origin-resource-policy
cross-origin
expires
Tue, 08 Nov 2022 13:03:32 GMT
alt-svc
h3=":443"; ma=3600,h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
76609
x-fb-rlafr
0
x-fb-debug
vwDR0RT/lQHpNNMInjM99yNuJCSD2PxYOcCQz+0dHp2LBxpn38xkn2oZZmnkycy9kkzGv3Yejg9BNhyMuTkuSg==
x-fb-trip-id
2050670934
x-fb-content-md5
41204ed39bab0bef29f636950dfb1b15
cross-origin-opener-policy
same-origin-allow-popups
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
date
Mon, 08 Nov 2021 15:48:04 GMT
x-frame-options
DENY
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public,max-age=31536000,stale-while-revalidate=3600,immutable
etag
"b8f09f6b5a66485ec25de67f14b6ffb8"
timing-allow-origin
*
priority
u=3,i
access-control-expose-headers
X-FB-Content-MD5
collect
www.google-analytics.com/j/ 		1 B
207 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j93&a=649659822&t=pageview&_s=1&dl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F112825%2Fmalware%2Fgolang-based-worm-windows-linux.html&dr=https%3A%2F%2Ft.co%2F&ul=en-us&de=UTF-8&dt=New%20Golang-based%20Crypto%20worm%20infects%20Windows%20and%20Linux%20serversSecurity%20Affairs&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAUABAAAAAC~&jid=680227996&gjid=1121434265&cid=826445048.1636386485&tid=UA-59069958-1&_gid=1085941347.1636386485&_r=1&gtm=2ouar0&did=dNDMyYj&z=53602574
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:823::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://securityaffairs.co/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:04 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://securityaffairs.co
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/j/ 		2 B
69 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j93&a=649659822&t=pageview&_s=1&dl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F112825%2Fmalware%2Fgolang-based-worm-windows-linux.html&dr=https%3A%2F%2Ft.co%2F&ul=en-us&de=UTF-8&dt=New%20Golang-based%20Crypto%20worm%20infects%20Windows%20and%20Linux%20serversSecurity%20Affairs&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEDAAUABAAAAAC~&jid=187943474&gjid=522126173&cid=826445048.1636386485&tid=UA-59069958-1&_gid=1085941347.1636386485&_r=1&_slc=1&z=1384978449
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:823::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://securityaffairs.co/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:04 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://securityaffairs.co
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2
expires
Fri, 01 Jan 1990 00:00:00 GMT
hb_v2.js
cdn.pixfuture.com/ 		33 KB
34 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.pixfuture.com/hb_v2.js
Requested by
Host: served-by.pixfuture.com
URL: https://served-by.pixfuture.com/www/delivery/headerbid.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:b9c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
45df10c585e01c07a3602ed16c1c6842d2572d6b15bceff9cb1f58256d330e31

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:04 GMT
cf-cache-status
HIT
last-modified
Tue, 28 Sep 2021 15:09:43 GMT
server
cloudflare
age
83799
etag
W/"61533037-84f5"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ryahAKEgnmq2ZMUmqP%2BFZTavmGwxt2syfNBmlEKjl3la72SnEAzXnmR4lY%2BCKMrFXPHM%2F4gMqaFtt7PxZt7JMjJIJRCIKORX5UQVR07xLyDULFMvZYCCsRAfr1b7ymdvn3Gwc0CR2xUsCy1M1ng9"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
expires
Tue, 09 Nov 2021 16:31:03 GMT
cache-control
public, max-age=2678400, no-transform
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
6aaff189ea287148-YUL
cf-bgj
minify
browserfp.min.js
pxlclnmdecom-a.akamaihd.net/javascripts/ 		109 KB
34 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pxlclnmdecom-a.akamaihd.net/javascripts/browserfp.min.js?templateId=3&customerId=8CU5BD6EW
Requested by
Host: contextual.media.net
URL: https://contextual.media.net/dmedianet.js?cid=8CU5BD6EW
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
23.215.130.91 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-215-130-91.deploy.static.akamaitechnologies.com
Software
/ Express
Resource Hash
1c7d6ffdb728fe6c2270a5f33a340f4322cea6d96440cbde15c51fe4cda9b97c

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date
Mon, 08 Nov 2021 15:48:04 GMT
Content-Encoding
gzip
X-Powered-By
Express
Vary
Accept-Encoding
Access-Control-Allow-Methods
GET
Content-Type
text/javascript; charset=utf-8
Access-Control-Allow-Origin
*
Access-Control-Max-Age
1800
Cache-Control
max-age=1800
Connection
keep-alive
Content-Length
34277
Expires
Mon, 08 Nov 2021 16:18:04 GMT
fcmain.js
contextual.media.net/1017354394/ 		77 KB
24 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://contextual.media.net/1017354394/fcmain.js?cb=window._mNDetails.initAd&&gdpr=0&cid=8CU5BD6EW&cpcd=RlAcVccC-RdUYIl-LjF9ag%3D%3D&crid=816788371&size=300x250&cc=CA&https=1&vif=1&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F112825%2Fmalware%2Fgolang-based-worm-windows-linux.html&kwrf=https%3A%2F%2Ft.co&nse=5&vi=1636386484338537045&lw=1&ugd=4&nb=1
Requested by
Host: contextual.media.net
URL: https://contextual.media.net/dmedianet.js?cid=8CU5BD6EW
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.205.72.10 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-205-72-10.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
834ef1c433178b2156fe2eccc8baa606fca6986aa8273a90b25cb8babc4c2ce8
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=604800
content-encoding
gzip
server
Apache
p3p
CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
x-mnt-hl2
10-6
vary
Accept-Encoding
content-type
text/javascript
cache-control
max-age=0, no-cache, no-store
date
Mon, 08 Nov 2021 15:48:05 GMT
x-mnt-w
22-21h7, 22-fbg3
content-length
24577
expires
Mon, 08 Nov 2021 15:48:05 GMT
fcmain.js
contextual.media.net/1017354394/ 		77 KB
24 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://contextual.media.net/1017354394/fcmain.js?cb=window._mNDetails.initAd&&gdpr=0&cid=8CU5BD6EW&cpcd=RlAcVccC-RdUYIl-LjF9ag%3D%3D&crid=816788371&size=300x250&cc=CA&https=1&vif=1&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F112825%2Fmalware%2Fgolang-based-worm-windows-linux.html&kwrf=https%3A%2F%2Ft.co&nse=5&vi=1636386484777536428&lw=1&ugd=4&nb=1
Requested by
Host: contextual.media.net
URL: https://contextual.media.net/dmedianet.js?cid=8CU5BD6EW
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.205.72.10 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-205-72-10.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
33b9397cb9cb04ba605309ea2bb1a681e92421ba1ab31442b1a5b5772328ef3f
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=604800
content-encoding
gzip
server
Apache
p3p
CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
x-mnt-hl2
10-6
vary
Accept-Encoding
content-type
text/javascript
cache-control
max-age=0, no-cache, no-store
date
Mon, 08 Nov 2021 15:48:05 GMT
x-mnt-w
22-8jf0, 22-fbg3
content-length
24575
expires
Mon, 08 Nov 2021 15:48:05 GMT
fcmain.js
contextual.media.net/1017354394/ 		76 KB
24 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://contextual.media.net/1017354394/fcmain.js?cb=window._mNDetails.initAd&&gdpr=0&cid=8CU5BD6EW&cpcd=RlAcVccC-RdUYIl-LjF9ag%3D%3D&crid=184323154&size=300x250&cc=CA&https=1&vif=1&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F112825%2Fmalware%2Fgolang-based-worm-windows-linux.html&kwrf=https%3A%2F%2Ft.co&nse=5&vi=1636386484245624938&lw=1&ugd=4&nb=1
Requested by
Host: contextual.media.net
URL: https://contextual.media.net/dmedianet.js?cid=8CU5BD6EW
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.205.72.10 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-205-72-10.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
c997bd58f90495d7cae559a68a0b7b02f33dbd22c6f4e01e47709df7def40e76
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=604800
content-encoding
gzip
server
Apache
p3p
CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
x-mnt-hl2
10-6
vary
Accept-Encoding
content-type
text/javascript
cache-control
max-age=0, no-cache, no-store
date
Mon, 08 Nov 2021 15:48:05 GMT
x-mnt-w
21-0dq4, 21-s3q9
content-length
24572
expires
Mon, 08 Nov 2021 15:48:05 GMT
fcmain.js
contextual.media.net/1017354394/ 		74 KB
24 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://contextual.media.net/1017354394/fcmain.js?cb=window._mNDetails.initAd&&gdpr=0&cid=8CU5BD6EW&cpcd=RlAcVccC-RdUYIl-LjF9ag%3D%3D&crid=647633027&size=300x250&cc=CA&https=1&vif=1&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F112825%2Fmalware%2Fgolang-based-worm-windows-linux.html&kwrf=https%3A%2F%2Ft.co&nse=5&vi=1636386484363765772&lw=1&ugd=4&nb=1
Requested by
Host: contextual.media.net
URL: https://contextual.media.net/dmedianet.js?cid=8CU5BD6EW
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.205.72.10 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-205-72-10.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
243b2a6b65dc42ece74a2fd2e28712274472971c0333b1c09fe63b747c51c532
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=604800
content-encoding
gzip
server
Apache
p3p
CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
x-mnt-hl2
10-6
vary
Accept-Encoding
content-type
text/javascript
cache-control
max-age=0, no-cache, no-store
date
Mon, 08 Nov 2021 15:48:05 GMT
x-mnt-w
8-9, 8-33
content-length
24193
expires
Mon, 08 Nov 2021 15:48:05 GMT
videoAds.js
adservetx.media.net/ 		6 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://adservetx.media.net/videoAds.js?cid=8CU5BD6EW&crid=126440378&dn=securityaffairs.co&https=1
Requested by
Host: contextual.media.net
URL: https://contextual.media.net/dmedianet.js?cid=8CU5BD6EW
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.38.2.151 Paris, France, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-38-2-151.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
05042b0284f10e38dc5d11912481a6603e400514d9e4d6628478f615acd183d3

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date
Mon, 08 Nov 2021 15:48:05 GMT
Content-Encoding
gzip
Server
nginx
Vary
Accept-Encoding
Content-Type
text/javascript
Cache-Control
max-age=300
Connection
keep-alive
Content-Length
2708
Expires
Mon, 08 Nov 2021 15:53:05 GMT
bping.php
lg3.media.net/ 		35 B
189 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lg3.media.net/bping.php?&gdpr=0&prid=8PRHGG6T9&cid=8CU5BD6EW&crid=816788371&vi=1636386484338537045&ugd=4&lf=6&kwrf=https%3A%2F%2Ft.co&cc=CA&sc=QC&lper=100&wsip=2886781043&r=1636386484781&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F112825%2Fmalware%2Fgolang-based-worm-windows-linux.html&vgd_l2type=setting&vgd_sbSup=1&vgd_is_amp=0&vgd_asn=9009&vgd_rakh=1636386484160257449&vgd_l1rhst=contextual.media.net&vgd_rpth=%2Fdmedianet.js&vgd_pgid=p1490451350t202111081548&vgd_pgids=1&vgd_uspa=0&hvsid=00001636386484772006286739413192&gdpr=0&vgd_end=1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.205.72.10 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-205-72-10.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
0915fad60bc9b61b6dcd82d05da7ec4bc0232a647e75b8507c3cba6d4d6602f9
Security Headers
Name Value
Strict-Transport-Security max-age=21600

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=21600
server
Apache
date
Mon, 08 Nov 2021 15:48:04 GMT
content-type
image/gif
cache-control
max-age=0, no-cache, no-store
content-length
35
expires
Mon, 08 Nov 2021 15:48:04 GMT
bping.php
lg3.media.net/ 		35 B
189 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lg3.media.net/bping.php?&gdpr=0&prid=8PRHGG6T9&cid=8CU5BD6EW&crid=816788371&vi=1636386484777536428&ugd=4&lf=6&kwrf=https%3A%2F%2Ft.co&cc=CA&sc=QC&lper=100&wsip=2886781043&r=1636386484788&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F112825%2Fmalware%2Fgolang-based-worm-windows-linux.html&vgd_l2type=setting&vgd_sbSup=1&vgd_is_amp=0&vgd_asn=9009&vgd_rakh=1636386484160257449&vgd_l1rhst=contextual.media.net&vgd_rpth=%2Fdmedianet.js&vgd_pgid=p1490451350t202111081548&vgd_pgids=2&vgd_uspa=0&hvsid=00001636386484772006286739413192&gdpr=0&vgd_end=1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.205.72.10 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-205-72-10.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
0915fad60bc9b61b6dcd82d05da7ec4bc0232a647e75b8507c3cba6d4d6602f9
Security Headers
Name Value
Strict-Transport-Security max-age=21600

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=21600
server
Apache
date
Mon, 08 Nov 2021 15:48:04 GMT
content-type
image/gif
cache-control
max-age=0, no-cache, no-store
content-length
35
expires
Mon, 08 Nov 2021 15:48:04 GMT
bping.php
lg3.media.net/ 		35 B
189 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lg3.media.net/bping.php?&gdpr=0&prid=8PRHGG6T9&cid=8CU5BD6EW&crid=184323154&vi=1636386484245624938&ugd=4&lf=6&kwrf=https%3A%2F%2Ft.co&cc=CA&sc=QC&wsip=2886781043&r=1636386484792&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F112825%2Fmalware%2Fgolang-based-worm-windows-linux.html&vgd_l2type=setting&vgd_sbSup=1&vgd_is_amp=0&vgd_asn=9009&vgd_rakh=1636386484160257449&vgd_l1rhst=contextual.media.net&vgd_rpth=%2Fdmedianet.js&vgd_pgid=p1490451350t202111081548&vgd_pgids=2&vgd_uspa=0&hvsid=00001636386484790006286739412714&gdpr=0&vgd_end=1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.205.72.10 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-205-72-10.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
0915fad60bc9b61b6dcd82d05da7ec4bc0232a647e75b8507c3cba6d4d6602f9
Security Headers
Name Value
Strict-Transport-Security max-age=21600

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=21600
server
Apache
date
Mon, 08 Nov 2021 15:48:04 GMT
content-type
image/gif
cache-control
max-age=0, no-cache, no-store
content-length
35
expires
Mon, 08 Nov 2021 15:48:04 GMT
bping.php
lg3.media.net/ 		35 B
189 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lg3.media.net/bping.php?&gdpr=0&prid=8PRHGG6T9&cid=8CU5BD6EW&crid=647633027&vi=1636386484363765772&ugd=4&lf=6&kwrf=https%3A%2F%2Ft.co&cc=CA&sc=QC&lper=100&wsip=2886781043&r=1636386484796&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F112825%2Fmalware%2Fgolang-based-worm-windows-linux.html&vgd_l2type=setting&vgd_sbSup=1&vgd_is_amp=0&vgd_asn=9009&vgd_rakh=1636386484160257449&vgd_l1rhst=contextual.media.net&vgd_rpth=%2Fdmedianet.js&vgd_pgid=p1490451350t202111081548&vgd_pgids=2&vgd_uspa=0&hvsid=00001636386484794006286739413397&gdpr=0&vgd_end=1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.205.72.10 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-205-72-10.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
0915fad60bc9b61b6dcd82d05da7ec4bc0232a647e75b8507c3cba6d4d6602f9
Security Headers
Name Value
Strict-Transport-Security max-age=21600

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=21600
server
Apache
date
Mon, 08 Nov 2021 15:48:04 GMT
content-type
image/gif
cache-control
max-age=0, no-cache, no-store
content-length
35
expires
Mon, 08 Nov 2021 15:48:04 GMT
g.gif
pixel.wp.com/ 		50 B
93 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.wp.com/g.gif?v=ext&j=1%3A10.3&blog=29506073&post=112825&tz=0&srv=securityaffairs.co&host=securityaffairs.co&ref=https%3A%2F%2Ft.co%2F&fcp=3350&rand=0.0869294595440313
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.76.3 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

access-control-allow-origin
*
date
Mon, 08 Nov 2021 15:48:04 GMT
cache-control
no-cache
server
nginx
content-length
50
content-type
image/gif
/
graph.facebook.com/ 		244 B
677 B 		Script
General
Check archive.org
Download Go to
Full URL
https://graph.facebook.com/?callback=WPCOMSharing.update_facebook_count&ids=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F112825%2Fmalware%2Fgolang-based-worm-windows-linux.html
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/wp-content/plugins/jetpack/modules/sharedaddy/sharing.js?ver=10.3
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f012:1:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
c7d737cd9ae148258b2962220574316d705c0f8daec061f863f3896f7356f1de
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; preload

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

strict-transport-security
max-age=15552000; preload
content-encoding
br
www-authenticate
OAuth "Facebook Platform" "invalid_request" "(#2) Service temporarily unavailable"
x-fb-rev
1004688426
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
184
x-fb-rlafr
0
pragma
no-cache
x-fb-debug
4RhlIDrkCsvuY6k9nbFCRqRqM0Co8Yqg9Lfm9RUZrXGlmJqeo2c6p0WV1S9yevEBI2gSEtojq4pKqSkInq/8Yw==
x-fb-trace-id
FWQtRu0Fmch
date
Mon, 08 Nov 2021 15:48:04 GMT
vary
Origin, Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
x-fb-request-id
AM5flGJ0-LFwZmoDsebCsXG
cache-control
no-store
facebook-api-version
v5.0
priority
u=3,i
expires
Sat, 01 Jan 2000 00:00:00 GMT
g.gif
pixel.wp.com/ 		50 B
75 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.wp.com/g.gif?v=wpcom-no-pv&x_sharing-count-request=facebook&r=0.9411867711342015
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.76.3 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

access-control-allow-origin
*
date
Mon, 08 Nov 2021 15:48:04 GMT
cache-control
no-cache
server
nginx
content-length
50
content-type
image/gif
pbix.js
cdn.pixfuture.com/ 		423 KB
424 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.pixfuture.com/pbix.js
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:b9c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
536386f4e5a08dcde004ad0d24c4ea816a2054ba53f5da25ebb12fa4493f693f

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:04 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
83796
cf-polished
origSize=433266
cf-bgj
minify
last-modified
Mon, 23 Aug 2021 13:19:22 GMT
server
cloudflare
etag
W/"6123a05a-69c72"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LqfBAk7EM6vTC4iZHFGfoPw0pB8L92YMho13%2FubK49fFX93t2KwbqBic4z05uH6UtdGimdTLn8RfgZctvhrSGzY8Ypb%2FnS0amBQSIYG2Kcq2Uka90SYijuPvBkUBhV0j0EjGWSRzaCbArEl6wjCq"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=2678400, no-transform
cf-ray
6aaff18abbb37148-YUL
expires
Tue, 09 Nov 2021 16:31:03 GMT
r.js
aa.agkn.com/adscores/ 		0
668 B 		Script
General
Check archive.org
Download Go to
Full URL
https://aa.agkn.com/adscores/r.js?sid=9112309848
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
156.154.200.36 , United States, ASN19907 (NEUSTAR-AS6, US),
Reverse DNS
Software
AAWebServer /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:03 GMT
Server
AAWebServer
Access-Control-Allow-Methods
GET, POST, OPTIONS
P3P
policyref="https://www.agkn.com/p3p/p3p.xml",CP="NOI NID"
Access-Control-Allow-Origin
*
Cache-Control
no-cache, no-store, must-revalidate
Connection
close
Content-Type
application/javascript;charset=iso-8859-1
Access-Control-Allow-Headers
accept, cache-control, origin, x-requested-with, x-file-name, content-type
Content-Length
0
Expires
0
hb_v2.php
served-by.pixfuture.com/www/delivery/ 		11 KB
11 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://served-by.pixfuture.com/www/delivery/hb_v2.php?dat=24274x728x90x4142x_ADSLOT1&keywords=new,golangbased,crypto,worm,infects,windows,linux,serverssecurity,affairs&refUrl=https://t.co/&refresh=false&innerWidth=1600
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
fb341d032923270c2097928803e11a567c7111c9c1b9964afac532a888a82cfe

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:05 GMT
server
nginx/1.10.3 (Ubuntu)
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
*
cache-control
max-age=172800, public, no-transform
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
expires
Wed, 10 Nov 2021 15:48:05 GMT
hb_v2.php
served-by.pixfuture.com/www/delivery/ 		9 KB
9 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://served-by.pixfuture.com/www/delivery/hb_v2.php?dat=24272x320x50x4142x_ADSLOT1&keywords=new,golangbased,crypto,worm,infects,windows,linux,serverssecurity,affairs&refUrl=https://t.co/&refresh=false&innerWidth=1600
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
a08e9751797499f970ef806586b1dbba22dc20a93a590c763018c07d40caf67b

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:05 GMT
server
nginx/1.10.3 (Ubuntu)
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
*
cache-control
max-age=172800, public, no-transform
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
expires
Wed, 10 Nov 2021 15:48:05 GMT
hb_v2.php
served-by.pixfuture.com/www/delivery/ 		9 KB
9 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://served-by.pixfuture.com/www/delivery/hb_v2.php?dat=24272x320x50x4142x_ADSLOT1&keywords=new,golangbased,crypto,worm,infects,windows,linux,serverssecurity,affairs&refUrl=https://t.co/&refresh=false&innerWidth=1600
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
a08e9751797499f970ef806586b1dbba22dc20a93a590c763018c07d40caf67b

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:05 GMT
server
nginx/1.10.3 (Ubuntu)
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
*
cache-control
max-age=172800, public, no-transform
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
expires
Wed, 10 Nov 2021 15:48:05 GMT
hb_v2.php
served-by.pixfuture.com/www/delivery/ 		9 KB
9 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://served-by.pixfuture.com/www/delivery/hb_v2.php?dat=24270x300x250x4142x_ADSLOT1&keywords=new,golangbased,crypto,worm,infects,windows,linux,serverssecurity,affairs&refUrl=https://t.co/&refresh=false&innerWidth=1600
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
35f21538baceb8193d01700790a2c1daded79c6cb953805fe3f70ec1d897c7e0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:05 GMT
server
nginx/1.10.3 (Ubuntu)
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
*
cache-control
max-age=172800, public, no-transform
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
expires
Wed, 10 Nov 2021 15:48:05 GMT
bfp_ssn.js
pxlclnmdecom-a.akamaihd.net/javascripts/ Frame 8F75 		12 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://pxlclnmdecom-a.akamaihd.net/javascripts/bfp_ssn.js?templateId=3
Requested by
Host: pxlclnmdecom-a.akamaihd.net
URL: https://pxlclnmdecom-a.akamaihd.net/javascripts/browserfp.min.js?templateId=3&customerId=8CU5BD6EW
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
23.215.130.91 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-215-130-91.deploy.static.akamaitechnologies.com
Software
/ Express
Resource Hash
7ec5561af74114c3b4b8e0a3e4e2d6f0718e60449f99d4266d8c026bfba8ddcc

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://securityaffairs.co/

Response headers

Content-Type
text/html; charset=utf-8
X-Powered-By
Express
Vary
Accept-Encoding
Access-Control-Max-Age
1800
Access-Control-Allow-Methods
GET
Access-Control-Allow-Origin
*
Content-Encoding
gzip
Cache-Control
max-age=1800
Expires
Mon, 08 Nov 2021 16:18:05 GMT
Date
Mon, 08 Nov 2021 15:48:05 GMT
Content-Length
3751
Connection
keep-alive
ptmdP
dt.clnmde.com/ 		7 B
328 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://dt.clnmde.com/ptmdP
Requested by
Host: pxlclnmdecom-a.akamaihd.net
URL: https://pxlclnmdecom-a.akamaihd.net/javascripts/browserfp.min.js?templateId=3&customerId=8CU5BD6EW
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.211.217.109 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-18-211-217-109.compute-1.amazonaws.com
Software
/ Express
Resource Hash
aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27

Request headers

Referer
https://securityaffairs.co/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Mon, 08 Nov 2021 15:48:05 GMT
vary
Accept-Encoding
x-powered-by
Express
etag
W/"7-Jgyp3YpFd/wAt71YECmAdg"
access-control-max-age
1800
access-control-allow-methods
GET,PUT,POST,DELETE,OPTIONS
content-type
text/html; charset=utf-8
access-control-allow-origin
*
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Bafp-Eg, Bafp-Ec, Bafp-Eg-T, Bafp-Ec-T
content-length
7
cenw.js
dt.clnmde.com/ 		36 B
360 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://dt.clnmde.com/cenw.js?identifier=bafp
Requested by
Host: pxlclnmdecom-a.akamaihd.net
URL: https://pxlclnmdecom-a.akamaihd.net/javascripts/browserfp.min.js?templateId=3&customerId=8CU5BD6EW
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.211.217.109 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-18-211-217-109.compute-1.amazonaws.com
Software
/ Express
Resource Hash
c96948201ea77c7cb2993f844fb3554e92b69391355d3808b0868c1ef1f659ca

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:05 GMT
vary
Accept-Encoding
x-powered-by
Express
etag
W/"24-D2Dh0VSuSBRmz51ExlGmvA"
access-control-max-age
1800
access-control-allow-methods
GET,PUT,POST,DELETE,OPTIONS
content-type
text/html; charset=utf-8
access-control-allow-origin
*
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Bafp-Eg, Bafp-Ec, Bafp-Eg-T, Bafp-Ec-T
content-length
36
ptmdDual
dt6.clnmde.com/ 		70 B
331 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dt6.clnmde.com/ptmdDual?t=%7B%22gh%22%3A%2216363864849763280910398%22%2C%22za%22%3A1%2C%22gcd%22%3A1636386484998%2C%22al%22%3A3%2C%22bcnd%22%3A1%7D
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f18:42df:3a00:f366:a1cd:7aa0:18c2 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
/ Express
Resource Hash
c414cd0e204de974f73753c7e28d7638e7b3691bb8b1a2bab6b25bb7fed7ce77

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

access-control-allow-origin
*
date
Mon, 08 Nov 2021 15:48:05 GMT
x-powered-by
Express
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Bafp-Eg, Bafp-Ec, Bafp-Eg-T, Bafp-Ec-T
access-control-max-age
1800
access-control-allow-methods
GET,PUT,POST,DELETE,OPTIONS
content-type
image/gif
ptmd
dt.clnmde.com/ 		70 B
331 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dt.clnmde.com/ptmd?t=16363864849763280910398_N4IgxmAWDWIFwG0QA4CMA2A7M5BmTqIANCKsgCy4BMuqArOcShtngSALokAOAlgCYAXeEgAMTcSXFcQAJwCmAMwCqsgDbDEISIMHcAzgFJcAQUNUAYuYuCAdGAD2THXqOnr1u4+e6Dxs5ae9k4y+rJgqhoi2r5uAVaW+vJgAK6yvIIAngCGiorZvLL6wdYA7g6y-NwK+kaWqKhUyFR01gC22Wql2QrWAOYOatkAdn0AtABG2Un8Y+WybXO8w-wOpfpjasspAB62Om1qPq7+HonJaRk5eQVFJZbzVTV1Fg1NLe2d3b2WA0Ojk2m8lm80WpWWq3Wm22ewORxkADd9AB9ASaBDDFJqNRETHYmSQJGooTRURk0QYXDoXDIdDkCiYTBUMnoJpYXAATnIqFoHKoEnJlOptPp5EwHPJrNpmE53KoBEYMlS+kExPRKAAwso6AAhAAi6AAogB1JjILW6g0mzgkMCyBHRYAAHWYWBw+FQLrgzpAWW48i9LrtxJdRBdCN4IfgLqFNLpFFwNLo+FE5DooZdhJRAkDIHJFOpwvjYqZLLZMq5PNQfJdAF9a0wfWRKDR6OQvT6-QHo+BZFGwyAI1G4DHC3HRVQ06zyByaRntEScz387GRQyJWXpbLGgq6w3QoJsoIUvoROQiImL+fcHQL+gL5gL8gLxyiNfcFeL7eqQ+ny+3xeH64OQMgAF7ZPAqA8H08CDkw8jDA6cAgNwTB9JAsGrsWHKYNSTSiByqCiJyyBMIIp7Iag5BUByyCiJg5CsnQdCkSQSKwegtiiLY5DckwnTwB+ICKGA8BjFBIDyIIvCYWOa6MCQKowXAoiKbAlFycWyJoHydCiOgojvKxkm8KhyH4LYjTccydCWTOTAIvIsiwdUDj8PBKQQXAEkpDJKkkPICJHIgoDDNkbTyLBEwCPwTnEkw-BHl5oDRfwsV9gI8B4jig6RplGlUuOCZJimaYgPWRCheFkXIal6XxSQiWHvAKUxXF+XZWxeXuQVRYTlOk6zqR9YyNw7GIKEagqrJhXyRy6AckwaiKJBXXxb1RUlpgyZ0k0TDKqq+Watq+pGqaJB9KJ3mafSemNCQACONUSYoflULWQA
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.211.217.109 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-18-211-217-109.compute-1.amazonaws.com
Software
/ Express
Resource Hash
c414cd0e204de974f73753c7e28d7638e7b3691bb8b1a2bab6b25bb7fed7ce77

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

access-control-allow-origin
*
date
Mon, 08 Nov 2021 15:48:05 GMT
x-powered-by
Express
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Bafp-Eg, Bafp-Ec, Bafp-Eg-T, Bafp-Ec-T
access-control-max-age
1800
access-control-allow-methods
GET,PUT,POST,DELETE,OPTIONS
content-type
image/gif
ptmd
dt.clnmde.com/ 		70 B
330 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dt.clnmde.com/ptmd?t=16363864849763280910398_N4IgzgTgxgqhA2AXEAuA2iAFoxAHMApAMwCCBATAGIWVgCmUArhAJaICeAhgGbecsQwAOigB7GgHdREACa4IdMISoBGFeQAc5AKw0Atp3gTOCmgHNR8TgDszAWgBGnejLtSIety2szREsHbw3owAHkLYevAgADRYOPjEZFQ09EysHDx8AsJiktJyCko0apo6+obGplQWVraOznSu7p4S3r7+gcFhEVGx2HiEpDQpDMxsXLz8giLiVO4FisqUJVq6VAZGJnTmljb2Ti5u0i1tfgFB1qHhiJEgALqxAG5gAPosMsjol-DwD1jPbw+qAwAAYwSCVAA2IjQjSQgAsGnhAHZkeQwZDNJDkUQAJzwlREFS48j3WJMMCIQGfDAaADCMG0ACEACKQgCiAHUySAoBBHsCQMAADogDRQ5EaDREZEqUUoEUgDi4Ojy0V8wGi6Kix4sTWoUVQmFEOGIlGo7Qw+GaLWizAA95qkDgiHQ2EIpGo9EgzFwnH4wnE8iigC+IZ5UCgmAA1oKEcjoUQQeRkTzcO8ac6eQpuHAkIL+gkhskqIgZjzKZxEIwwMCiNpojDG8jGxpG7jovDG0RG-C-gAvTioFSxXBmVAgAWxOjWAUoEC4GIgMyYCdG91m3EJoiaEG4lQgvEaJeIWvzlTW3EaEHI+GY7TaY9PM8gSFCEFCeEEpeGVA9kDcFAqB2COIB0IgLBrm6JoevCS6UuOKAgrEYCxue0GmkiLziiS2g+smWhPmBLCLvOMpCOoH7otoFHwriS6PHQEATvIogyEudCMEOKCgYwkFIdOjxROgoDWJweh0BODjvDITGAkuMhVtxoDSTIskQPJKDfPATx6u8UHGph8JECalrIiC8LaCAYbRKJ4mSfOqnqfJsSKYgykgE5cn6VpjA-LpmkgOuMFmuQlmYnRJrWSGtkgGJElSTJ3nsa5SmoCpSUaT52kBT5QUYbBqLIpaCKaNFfy4M8wJ-GA8CUgZG5IrikL0bE8DcMOuXsehhmwcaCbaF6S4UlSeX0oyrIctysRmEBPEFYieEqG2IAAI4OaB3D8UQIZAA
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.211.217.109 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-18-211-217-109.compute-1.amazonaws.com
Software
/ Express
Resource Hash
c414cd0e204de974f73753c7e28d7638e7b3691bb8b1a2bab6b25bb7fed7ce77

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

access-control-allow-origin
*
date
Mon, 08 Nov 2021 15:48:05 GMT
x-powered-by
Express
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Bafp-Eg, Bafp-Ec, Bafp-Eg-T, Bafp-Ec-T
access-control-max-age
1800
access-control-allow-methods
GET,PUT,POST,DELETE,OPTIONS
content-type
image/gif
cenw.js
dt.clnmde.com/ Frame 8F75 		36 B
359 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://dt.clnmde.com/cenw.js
Requested by
Host: pxlclnmdecom-a.akamaihd.net
URL: https://pxlclnmdecom-a.akamaihd.net/javascripts/bfp_ssn.js?templateId=3
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.211.217.109 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-18-211-217-109.compute-1.amazonaws.com
Software
/ Express
Resource Hash
979eca747f465dabb43510faea2aa8e2361a340e91b0db37943623ef2045eab1

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://pxlclnmdecom-a.akamaihd.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:05 GMT
vary
Accept-Encoding
x-powered-by
Express
etag
W/"24-0fN5A8PYpQfDeZVthTeaNA"
access-control-max-age
1800
access-control-allow-methods
GET,PUT,POST,DELETE,OPTIONS
content-type
text/html; charset=utf-8
access-control-allow-origin
*
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Bafp-Eg, Bafp-Ec, Bafp-Eg-T, Bafp-Ec-T
content-length
36
json
gum.criteo.com/sid/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fsecurityaffairs.co%2F&domain=securityaffairs.co&cw=1&lsw=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2620:100:a001::c , United States, ASN19750 (AS-CRITEO, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Accept
*/*
Access-Control-Request-Method
GET
Access-Control-Request-Headers
content-type
Origin
https://securityaffairs.co
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
content-type
application/json; charset=utf-8
expires
0
strict-transport-security
max-age=31536000
access-control-allow-origin
https://securityaffairs.co
access-control-allow-headers
content-type
access-control-allow-credentials
true
access-control-allow-methods
GET
server-processing-duration-in-ticks
1590
date
Mon, 08 Nov 2021 15:48:04 GMT
content-encoding
gzip
vary
Accept-Encoding
sid
mug.criteo.com/
Redirect Chain
  • https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fsecurityaffairs.co%2F&domain=securityaffairs.co&cw=1&lsw=1
  • https://mug.criteo.com/sid?cpp=PEVsF3xhNDBGbDl3VitHT3hhSkhHVVVmT0dydFc5MlhOV21GWXp6bVAwZHhvSnIzRGZ6K0dxK0RIOHd2K3hpUHJJNzFCMnVIdU53RTZJSlFoanRPalZPNFJBQVRaaFJ5TkpMRGdVcktoWHBadk1Qc0ZpcE5BckxFTjFUOG...
353 B
611 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://mug.criteo.com/sid?cpp=PEVsF3xhNDBGbDl3VitHT3hhSkhHVVVmT0dydFc5MlhOV21GWXp6bVAwZHhvSnIzRGZ6K0dxK0RIOHd2K3hpUHJJNzFCMnVIdU53RTZJSlFoanRPalZPNFJBQVRaaFJ5TkpMRGdVcktoWHBadk1Qc0ZpcE5BckxFTjFUOGcyam1CcUNaVm1DbVdsVWVhbUJVM09ad0N0MFVzUDIrU3NVVTBFbDcxYmI4TlIwQjVmZDErWHBOQ0d5VEpIRFREVCt0TGVWUGJPTDNHdkN4VE96WHNTdHlIRGlqRnZkZHhRRUNWQ0JYOG01OEE4NXdscXMwPXw&cppv=2
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html
Protocol
H2
Server
74.119.119.139 , United States, ASN19750 (AS-CRITEO, US),
Reverse DNS
Software
/
Resource Hash
48e9f46ec1bed8a3588375159ac0b207abf94ef34524e4699dca69387e39e27a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=31536000
content-encoding
gzip
date
Mon, 08 Nov 2021 15:48:05 GMT
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/json; charset=utf-8
access-control-allow-origin
null
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
server-processing-duration-in-ticks
2689
expires
0

Redirect headers

pragma
no-cache
strict-transport-security
max-age=31536000
date
Mon, 08 Nov 2021 15:48:04 GMT
location
https://mug.criteo.com/sid?cpp=PEVsF3xhNDBGbDl3VitHT3hhSkhHVVVmT0dydFc5MlhOV21GWXp6bVAwZHhvSnIzRGZ6K0dxK0RIOHd2K3hpUHJJNzFCMnVIdU53RTZJSlFoanRPalZPNFJBQVRaaFJ5TkpMRGdVcktoWHBadk1Qc0ZpcE5BckxFTjFUOGcyam1CcUNaVm1DbVdsVWVhbUJVM09ad0N0MFVzUDIrU3NVVTBFbDcxYmI4TlIwQjVmZDErWHBOQ0d5VEpIRFREVCt0TGVWUGJPTDNHdkN4VE96WHNTdHlIRGlqRnZkZHhRRUNWQ0JYOG01OEE4NXdscXMwPXw&cppv=2
access-control-allow-methods
GET
content-type
text/html; charset=utf-8
access-control-allow-origin
https://securityaffairs.co
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
server-processing-duration-in-ticks
2379
content-length
482
expires
0
529.json
id5-sync.com/g/v2/ 		452 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://id5-sync.com/g/v2/529.json
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
51.89.42.88 London, United Kingdom, ASN16276 (OVH, FR),
Reverse DNS
p27.id5-sync.com
Software
/
Resource Hash
96f668c50a50b574c076ad3594aef652875a79642c7e1953572327cb37e00c55
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Referer
https://securityaffairs.co/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type
text/plain

Response headers

Date
Mon, 08 Nov 2021 15:47:58 GMT
Vary
Origin
P3P
CP="CAO PSA OUR"
Access-Control-Allow-Origin
https://securityaffairs.co
Access-Control-Allow-Credentials
true
Strict-Transport-Security
max-age=63072000; includeSubDomains; preload
Content-Type
application/json;charset=UTF-8
Transfer-Encoding
chunked
envelope
api.rlcdn.com/api/identity/ 		0
0
rid
match.adsrvr.org/track/ 		109 B
545 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://match.adsrvr.org/track/rid?ttd_pid=yoni5uv&fmt=json
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
15.197.193.217 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a12b7a488abeaa9e4.awsglobalaccelerator.com
Software
/
Resource Hash
eb3f5d35bb3f49c0057dd24c966bbbe98c7507e1e633cef8d09fd8255124c104

Request headers

Referer
https://securityaffairs.co/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type
text/plain

Response headers

date
Mon, 08 Nov 2021 15:48:05 GMT
x-aspnet-version
4.0.30319
vary
Origin
content-type
application/json; charset=utf-8
access-control-allow-origin
https://securityaffairs.co
cache-control
private
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Content-Length, Content-Encoding, Vary, Cache-Control, Accept
content-length
109
expires
Wed, 08 Dec 2021 15:48:05 GMT
bounce
secure.adnxs.com/
Redirect Chain
  • https://secure.adnxs.com/seg?add=27578926%2C27578926&t=1
  • https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D27578926%252C27578926%26t%3D1
0
1007 B 		Script
General
Check archive.org
Download Go to
Full URL
https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D27578926%252C27578926%26t%3D1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html
Protocol
HTTP/1.1
Server
68.67.179.135 Secaucus, United States, ASN29990 (ASN-APPNEX, US),
Reverse DNS
550.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net
Software
nginx/1.17.9 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:05 GMT
X-Proxy-Origin
37.120.205.149; 37.120.205.149; 550.bm-nginx-loadbalancer.mgmt.nym2; adnxs.com
AN-X-Request-Uuid
10fe0811-3c41-41f4-a7a9-e5dc35a0b466
Server
nginx/1.17.9
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
*
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/javascript; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:05 GMT
X-Proxy-Origin
37.120.205.149; 37.120.205.149; 550.bm-nginx-loadbalancer.mgmt.nym2; adnxs.com
AN-X-Request-Uuid
d9387e82-40ec-4a7e-bad5-19351fad36a0
Server
nginx/1.17.9
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D27578926%252C27578926%26t%3D1
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
bounce
secure.adnxs.com/
Redirect Chain
  • https://secure.adnxs.com/seg?add=27578935%2C27578935&t=1
  • https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D27578935%252C27578935%26t%3D1
0
1007 B 		Script
General
Check archive.org
Download Go to
Full URL
https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D27578935%252C27578935%26t%3D1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html
Protocol
HTTP/1.1
Server
68.67.179.135 Secaucus, United States, ASN29990 (ASN-APPNEX, US),
Reverse DNS
550.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net
Software
nginx/1.17.9 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:05 GMT
X-Proxy-Origin
37.120.205.149; 37.120.205.149; 550.bm-nginx-loadbalancer.mgmt.nym2; adnxs.com
AN-X-Request-Uuid
a1d0833a-4967-40ac-a0eb-dd688e9a11fa
Server
nginx/1.17.9
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
*
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/javascript; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:05 GMT
X-Proxy-Origin
37.120.205.149; 37.120.205.149; 550.bm-nginx-loadbalancer.mgmt.nym2; adnxs.com
AN-X-Request-Uuid
7cb26fcb-fe7b-4317-b3f0-8d6aa136afb7
Server
nginx/1.17.9
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D27578935%252C27578935%26t%3D1
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
cookie_sync
prebidserver.pixfuture.com/ 		620 B
992 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://prebidserver.pixfuture.com/cookie_sync
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
157.245.94.128 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
119f16a48ee60048587f6148ccd7b4d166b5f77d22ac11c87d665f5dee82fc78

Request headers

Referer
https://securityaffairs.co/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:05 GMT
Server
nginx/1.14.0 (Ubuntu)
Vary
Origin
Content-Type
application/json; charset=utf-8
Access-Control-Allow-Origin
https://securityaffairs.co
Cache-Control
no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
620
Expires
0
auction
prebidserver.pixfuture.com/openrtb2/ 		311 B
668 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://prebidserver.pixfuture.com/openrtb2/auction
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
157.245.94.128 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
a7bee3d8fdca1d4f777f71c50af5492b0f72bbe6f2ea46cb59260738bdb88400

Request headers

Referer
https://securityaffairs.co/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:05 GMT
Server
nginx/1.14.0 (Ubuntu)
Vary
Origin
Content-Type
application/json
Access-Control-Allow-Origin
https://securityaffairs.co
Cache-Control
no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
311
Expires
0
prebid
ib.adnxs.com/ut/v3/ 		138 B
822 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
68.67.161.183 New York, United States, ASN29990 (ASN-APPNEX, US),
Reverse DNS
803.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net
Software
nginx/1.17.9 /
Resource Hash
a3558dfcc4869ed0597c57c829383dc2f61b3de12467dc05428e36ca78bbfe47
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://securityaffairs.co/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:05 GMT
X-Proxy-Origin
37.120.205.149; 37.120.205.149; 803.bm-nginx-loadbalancer.mgmt.nym2; adnxs.com
AN-X-Request-Uuid
6d6d83a0-1dc4-4768-b183-426132bd70e8
Server
nginx/1.17.9
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
https://securityaffairs.co
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json; charset=utf-8
Content-Length
138
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
prebid
prebid.media.net/rtb/ 		1 KB
670 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://prebid.media.net/rtb/prebid?cid=8CUIUMTP7
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.107.148.139 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
139.148.107.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
46d7a7c1e3f4138c9bcb153915820ed145358d5eb4e8b5ccfc321bdfc4ae30b5

Request headers

Referer
https://securityaffairs.co/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:05 GMT
content-encoding
gzip
server
nginx
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://securityaffairs.co
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
alt-svc
clear
via
1.1 google
trinity.json
apex.go.sonobi.com/ 		979 B
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://apex.go.sonobi.com/trinity.json?key_maker=%7B%221086176461d66d6%22%3A%22833199e4bd4003904bc3%7C300x250%7Cf%3D0.3%22%7D&ref=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F112825%2Fmalware%2Fgolang-based-worm-windows-linux.html&s=bec78ccc-7afc-489a-850c-4ddf7bbee655&pv=70cd24f5-799a-4308-92a0-754e64eb032f&vp=desktop&lib_name=prebid&lib_v=5.9.0-pre&us=0&ius=1&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22pixfuture.com%22%2C%22sid%22%3A%224142%22%2C%22hp%22%3A1%7D%5D%7D&kw=new%2Cgolangbased%2Ccrypto%2Cworm%2Cinfects%2Cwindows%2Clinux%2Cserverssecurity%2Caffairs&coppa=0
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
69.166.1.14 , United States, ASN27630 (AS-XFERNET, US),
Reverse DNS
Software
sonobi-go /
Resource Hash
89d9051ab90ff1daae409dbccb1898ada616671246df6b6697268cf0e2813e61
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://securityaffairs.co/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:05 GMT
Content-Encoding
gzip
Server
sonobi-go
Vary
negotiate,Accept-Encoding
X-Go-Server
go-iad-2-5-91
P3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin
https://securityaffairs.co
Cache-Control
no-cache, no-store, private
Access-Control-Allow-Credentials
true
Tcn
Choice
Content-Type
application/json
Content-Length
577
X-Xss-Protection
0
Expires
Sat, 26 Jul 1997 05:00:00 GMT
fastlane.json
fastlane.rubiconproject.com/a/api/ 		241 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=23564&site_id=378734&zone_id=2094440&size_id=15&p_pos=atf&rp_schain=1.0,1!pixfuture.com,4142,1,,,&rf=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F112825%2Fmalware%2Fgolang-based-worm-windows-linux.html&tk_flint=pbjs_lite_v5.9.0-pre&x_source.tid=9ac6c515-5fd4-4771-a636-ab878cdea064&p_screen_res=1600x1200&rp_floor=0.1&rp_secure=1&rp_maxbids=1&slots=1&rand=0.8055458301646661
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
2602:803:c002:200::43 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.16.0 /
Resource Hash
ca546d26b13dff301c0fe4299dc7b7d112a78421184d7fb13df45fb43b88b46f

Request headers

Referer
https://securityaffairs.co/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:05 GMT
Server
nginx/1.16.0
Vary
Accept-Encoding
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin
https://securityaffairs.co
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json
Content-Length
241
Expires
Wed, 17 Sep 1975 21:32:10 GMT
translator
hbopenbid.pubmatic.com/ 		0
61 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.36.115.111 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://securityaffairs.co/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://securityaffairs.co
date
Mon, 08 Nov 2021 15:48:05 GMT
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
arj
pixfuture2-d.openx.net/w/1.0/ 		174 B
357 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://pixfuture2-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F112825%2Fmalware%2Fgolang-based-worm-windows-linux.html&ch=UTF-8&res=1600x1200x24&ifr=false&tz=0&tws=1600x1200&be=1&bc=hb_pb_3.0.3&dddid=9ac6c515-5fd4-4771-a636-ab878cdea064&nocache=1636386485138&pubcid=61874d22-24e1-4de4-8b45-82d7cde969e7&schain=1.0%2C1!pixfuture.com%2C4142%2C1%2C%2C%2C&aus=300x250&divids=24270x300x250x4142x_ADSLOT1&aucs=&auid=540580840&tps=bXlrZXl3b3JkPW5ldyxnb2xhbmdiYXNlZCxjcnlwdG8sd29ybSxpbmZlY3RzLHdpbmRvd3MsbGludXgsc2VydmVyc3NlY3VyaXR5LGFmZmFpcnMmbXlvdGhlcmtleXdvcmQ9bmV3LGdvbGFuZ2Jhc2VkLGNyeXB0byx3b3JtLGluZmVjdHMsd2luZG93cyxsaW51eCxzZXJ2ZXJzc2VjdXJpdHksYWZmYWlycw%3D%3D
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
8.159.244.35.bc.googleusercontent.com
Software
OXGW/16.218.0 /
Resource Hash
f2910156ea994e4b98c3bdd6e95f691c78c55970d940a9a6da1f8aac25bd5d4b

Request headers

Referer
https://securityaffairs.co/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:05 GMT
content-encoding
gzip
server
OXGW/16.218.0
vary
Accept, Accept-Encoding
p3p
CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin
https://securityaffairs.co
cache-control
private, max-age=0, no-cache
access-control-allow-credentials
true
content-type
application/json
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
164
via
1.1 google
expires
Mon, 26 Jul 1997 05:00:00 GMT
bid
ap.lijit.com/rtb/ 		94 B
744 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ap.lijit.com/rtb/bid?src=prebid_prebid_5.9.0-pre
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
69.175.41.32 Downers Grove, United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
sovrn-193627-chi03-placeholder
Software
/
Resource Hash
5704638c6dbcf7969743e8b137b34eb2655039c6ff5c63a0e9f9016730ec5fa3

Request headers

Referer
https://securityaffairs.co/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type
text/plain

Response headers

Date
Mon, 08 Nov 2021 15:48:05 GMT
Content-Encoding
gzip
Vary
Accept-Encoding, User-Agent
Access-Control-Allow-Methods
GET, POST, DELETE, PUT
Content-Type
application/json
Access-Control-Allow-Origin
https://securityaffairs.co
Access-Control-Allow-Credentials
true
X-Sovrn-Pod
ad_ap3ord1
Access-Control-Allow-Headers
X-Requested-With, Content-Type
Content-Length
97
v1
btlr.sharethrough.com/WYu2BXv1/ 		0
199 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://btlr.sharethrough.com/WYu2BXv1/v1
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.224.137.182 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-224-137-182.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://securityaffairs.co/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type
text/plain

Response headers

Access-Control-Allow-Origin
https://securityaffairs.co
Date
Mon, 08 Nov 2021 15:48:05 GMT
Access-Control-Allow-Credentials
true
Connection
keep-alive
Vary
Origin
hb
ssc.33across.com/api/v1/ 		118 B
196 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ssc.33across.com/api/v1/hb?guid=azC7qard4r6OkMaKlId8sQ
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.149.20.76 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
76.20.149.34.bc.googleusercontent.com
Software
/ 33Across
Resource Hash
099ae6a4a5807b70bed41a46d80462e7ea70eaed8a6fc90b4a8ba804a00c029f

Request headers

Referer
https://securityaffairs.co/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type
text/plain

Response headers

date
Mon, 08 Nov 2021 15:48:05 GMT
content-encoding
gzip
status
200 OK
x-powered-by
33Across
vary
Accept-Encoding, Origin
content-type
application/json; charset=utf-8
access-control-allow-origin
https://securityaffairs.co
access-control-allow-credentials
true
alt-svc
clear
via
1.1 google
bidRequest
c2shb.ssp.yahoo.com/ 		62 B
545 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a969105017575db4f32dc2eda5c0067&pos=pixfuture_network_news_300x250&cmd=bid&secure=1
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.4.33.45 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-4-33-45.compute-1.amazonaws.com
Software
ATS/9.1.0.33 /
Resource Hash
1571164d558704327d27cca5b4ec8ac6c2e53a34b69a738b37a9cead3f62ff80

Request headers

Referer
https://securityaffairs.co/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type
text/plain

Response headers

date
Mon, 08 Nov 2021 15:48:05 GMT
server
ATS/9.1.0.33
age
0
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods
POST,GET,HEAD,OPTIONS
content-type
application/json;charset=utf-8
access-control-allow-origin
https://securityaffairs.co
access-control-allow-credentials
true
content-length
62
auction
prebidserver.pixfuture.com/openrtb2/ 		310 B
667 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://prebidserver.pixfuture.com/openrtb2/auction
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
157.245.94.128 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
87b0fbe3561e8227506326034df0ac098e2596c71967fcc427515e4969f98d8f

Request headers

Referer
https://securityaffairs.co/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:05 GMT
Server
nginx/1.14.0 (Ubuntu)
Vary
Origin
Content-Type
application/json
Access-Control-Allow-Origin
https://securityaffairs.co
Cache-Control
no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
310
Expires
0
v1
btlr.sharethrough.com/WYu2BXv1/ 		0
199 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://btlr.sharethrough.com/WYu2BXv1/v1
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.224.137.182 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-224-137-182.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://securityaffairs.co/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type
text/plain

Response headers

Access-Control-Allow-Origin
https://securityaffairs.co
Date
Mon, 08 Nov 2021 15:48:05 GMT
Access-Control-Allow-Credentials
true
Connection
keep-alive
Vary
Origin
hb
ssc.33across.com/api/v1/ 		118 B
345 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ssc.33across.com/api/v1/hb?guid=azC7qard4r6OkMaKlId8sQ
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.149.20.76 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
76.20.149.34.bc.googleusercontent.com
Software
/ 33Across
Resource Hash
fd48790ee5e41e49833236acfc14f3cabed815a7d04713ad5e6cfedb5773d8a5

Request headers

Referer
https://securityaffairs.co/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type
text/plain

Response headers

date
Mon, 08 Nov 2021 15:48:05 GMT
content-encoding
gzip
status
200 OK
x-powered-by
33Across
vary
Accept-Encoding, Origin
content-type
application/json; charset=utf-8
access-control-allow-origin
https://securityaffairs.co
access-control-allow-credentials
true
alt-svc
clear
via
1.1 google
translator
hbopenbid.pubmatic.com/ 		0
61 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.36.115.111 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://securityaffairs.co/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://securityaffairs.co
date
Mon, 08 Nov 2021 15:48:05 GMT
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
bid
ap.lijit.com/rtb/ 		94 B
746 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ap.lijit.com/rtb/bid?src=prebid_prebid_5.9.0-pre
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
69.175.41.32 Downers Grove, United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
sovrn-193627-chi03-placeholder
Software
/
Resource Hash
34a1f24c7e257a159d1e393a1b7971e2d8d579d49db0413209c3bbb8cc510170

Request headers

Referer
https://securityaffairs.co/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type
text/plain

Response headers

Date
Mon, 08 Nov 2021 15:48:05 GMT
Content-Encoding
gzip
Vary
Accept-Encoding, User-Agent
Access-Control-Allow-Methods
GET, POST, DELETE, PUT
Content-Type
application/json
Access-Control-Allow-Origin
https://securityaffairs.co
Access-Control-Allow-Credentials
true
X-Sovrn-Pod
ad_ap3ord1
Access-Control-Allow-Headers
X-Requested-With, Content-Type
Content-Length
99
fastlane.json
fastlane.rubiconproject.com/a/api/ 		241 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=23564&site_id=378734&zone_id=2094440&size_id=43&p_pos=atf&rp_schain=1.0,1!pixfuture.com,4142,1,,,&rf=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F112825%2Fmalware%2Fgolang-based-worm-windows-linux.html&tk_flint=pbjs_lite_v5.9.0-pre&x_source.tid=cec237f0-19f2-43a6-a6a7-b25870790c42&p_screen_res=1600x1200&rp_floor=0.1&rp_secure=1&rp_maxbids=1&slots=1&rand=0.7973332739547121
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
2602:803:c002:200::43 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.16.0 /
Resource Hash
0eb508c8ca0a1459e32275d7ddd40e17b6fc213a592ab4d9f511416b352d499b

Request headers

Referer
https://securityaffairs.co/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:05 GMT
Server
nginx/1.16.0
Vary
Accept-Encoding
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin
https://securityaffairs.co
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json
Content-Length
241
Expires
Wed, 17 Sep 1975 21:32:10 GMT
prebid
ib.adnxs.com/ut/v3/ 		139 B
823 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
68.67.161.183 New York, United States, ASN29990 (ASN-APPNEX, US),
Reverse DNS
803.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net
Software
nginx/1.17.9 /
Resource Hash
978613804efdb1eb5bfa4998ded39720ad9c6126f3229ee6ad57b1617ea72f80
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://securityaffairs.co/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:05 GMT
X-Proxy-Origin
37.120.205.149; 37.120.205.149; 803.bm-nginx-loadbalancer.mgmt.nym2; adnxs.com
AN-X-Request-Uuid
c4c8de55-6804-4619-a0c7-391511f41bc1
Server
nginx/1.17.9
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
https://securityaffairs.co
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json; charset=utf-8
Content-Length
139
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
prebid
prebid.media.net/rtb/ 		1 KB
671 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://prebid.media.net/rtb/prebid?cid=8CUIUMTP7
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.107.148.139 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
139.148.107.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
9580a3ac828ddce2c4e6c7e3a596a075b4877ece9ae336ad95fda54d6f2cb019

Request headers

Referer
https://securityaffairs.co/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:05 GMT
content-encoding
gzip
server
nginx
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://securityaffairs.co
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
alt-svc
clear
via
1.1 google
trinity.json
apex.go.sonobi.com/ 		979 B
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://apex.go.sonobi.com/trinity.json?key_maker=%7B%22459162b75982e82%22%3A%22277a716b3c3b01668abf%7C320x50%7Cf%3D0.3%22%7D&ref=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F112825%2Fmalware%2Fgolang-based-worm-windows-linux.html&s=b85dcd4c-1142-4cff-bc9e-a62a45816907&pv=70cd24f5-799a-4308-92a0-754e64eb032f&vp=desktop&lib_name=prebid&lib_v=5.9.0-pre&us=0&ius=1&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22pixfuture.com%22%2C%22sid%22%3A%224142%22%2C%22hp%22%3A1%7D%5D%7D&kw=new%2Cgolangbased%2Ccrypto%2Cworm%2Cinfects%2Cwindows%2Clinux%2Cserverssecurity%2Caffairs&coppa=0
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
69.166.1.14 , United States, ASN27630 (AS-XFERNET, US),
Reverse DNS
Software
sonobi-go /
Resource Hash
5d3d6dd3bba0a1c3b1aef74b0763c1b072a8b9f5714e61c4fe3ff29c5c35e563
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://securityaffairs.co/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:05 GMT
Content-Encoding
gzip
Server
sonobi-go
Vary
negotiate,Accept-Encoding
X-Go-Server
go-iad-2-5-28
P3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin
https://securityaffairs.co
Cache-Control
no-cache, no-store, private
Access-Control-Allow-Credentials
true
Tcn
Choice
Content-Type
application/json
Content-Length
573
X-Xss-Protection
0
Expires
Sat, 26 Jul 1997 05:00:00 GMT
arj
pixfuture2-d.openx.net/w/1.0/ 		174 B
357 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://pixfuture2-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F112825%2Fmalware%2Fgolang-based-worm-windows-linux.html&ch=UTF-8&res=1600x1200x24&ifr=false&tz=0&tws=1600x1200&be=1&bc=hb_pb_3.0.3&dddid=cec237f0-19f2-43a6-a6a7-b25870790c42&nocache=1636386485153&pubcid=61874d22-24e1-4de4-8b45-82d7cde969e7&schain=1.0%2C1!pixfuture.com%2C4142%2C1%2C%2C%2C&aus=320x50&divids=24272x320x50x4142x_ADSLOT1&aucs=&auid=540580841&tps=bXlrZXl3b3JkPW5ldyxnb2xhbmdiYXNlZCxjcnlwdG8sd29ybSxpbmZlY3RzLHdpbmRvd3MsbGludXgsc2VydmVyc3NlY3VyaXR5LGFmZmFpcnMmbXlvdGhlcmtleXdvcmQ9bmV3LGdvbGFuZ2Jhc2VkLGNyeXB0byx3b3JtLGluZmVjdHMsd2luZG93cyxsaW51eCxzZXJ2ZXJzc2VjdXJpdHksYWZmYWlycw%3D%3D
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
8.159.244.35.bc.googleusercontent.com
Software
OXGW/16.218.0 /
Resource Hash
a11755d3e7548454580cb97c3e4ffb2d29b87e5e6334bcce33ca71085fe79e78

Request headers

Referer
https://securityaffairs.co/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:05 GMT
content-encoding
gzip
server
OXGW/16.218.0
vary
Accept, Accept-Encoding
p3p
CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin
https://securityaffairs.co
cache-control
private, max-age=0, no-cache
access-control-allow-credentials
true
content-type
application/json
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
164
via
1.1 google
expires
Mon, 26 Jul 1997 05:00:00 GMT
auction
prebidserver.pixfuture.com/openrtb2/ 		174 B
531 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://prebidserver.pixfuture.com/openrtb2/auction
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
157.245.94.128 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
019703aabfd53ae35be0f3b0374fb6c08bde0fbf74745226513110d4cd00121d

Request headers

Referer
https://securityaffairs.co/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:05 GMT
Server
nginx/1.14.0 (Ubuntu)
Vary
Origin
Content-Type
application/json
Access-Control-Allow-Origin
https://securityaffairs.co
Cache-Control
no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
174
Expires
0
translator
hbopenbid.pubmatic.com/ 		0
117 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.36.115.111 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://securityaffairs.co/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://securityaffairs.co
date
Mon, 08 Nov 2021 15:48:05 GMT
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
fastlane.json
fastlane.rubiconproject.com/a/api/ 		241 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=23564&site_id=378734&zone_id=2094440&size_id=43&p_pos=atf&rp_schain=1.0,1!pixfuture.com,4142,1,,,&rf=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F112825%2Fmalware%2Fgolang-based-worm-windows-linux.html&tk_flint=pbjs_lite_v5.9.0-pre&x_source.tid=36b31fb3-62c6-4492-84bf-3104bfc4ef93&p_screen_res=1600x1200&rp_floor=0.1&rp_secure=1&rp_maxbids=1&slots=1&rand=0.4186176221068838
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
2602:803:c002:200::43 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.16.0 /
Resource Hash
6b05d95c69ce52973451a4083fedf78e8da15ad839d56880ea143d8814e7b6e7

Request headers

Referer
https://securityaffairs.co/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:05 GMT
Server
nginx/1.16.0
Vary
Accept-Encoding
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin
https://securityaffairs.co
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json
Content-Length
241
Expires
Wed, 17 Sep 1975 21:32:10 GMT
prebid
prebid.media.net/rtb/ 		1 KB
810 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://prebid.media.net/rtb/prebid?cid=8CUIUMTP7
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.107.148.139 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
139.148.107.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
c9cadf1d26121954b58d54577d85df3bf40f3fce3493d965fed2b4b55155d8f6

Request headers

Referer
https://securityaffairs.co/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:05 GMT
content-encoding
gzip
server
nginx
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://securityaffairs.co
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
alt-svc
clear
via
1.1 google
hb
ssc.33across.com/api/v1/ 		118 B
204 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ssc.33across.com/api/v1/hb?guid=azC7qard4r6OkMaKlId8sQ
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.149.20.76 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
76.20.149.34.bc.googleusercontent.com
Software
/ 33Across
Resource Hash
a78f2daec021e8814ef51f47697bfdf84b774064114b3fd0f1b28c969941679d

Request headers

Referer
https://securityaffairs.co/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type
text/plain

Response headers

date
Mon, 08 Nov 2021 15:48:05 GMT
content-encoding
gzip
status
200 OK
x-powered-by
33Across
vary
Accept-Encoding, Origin
content-type
application/json; charset=utf-8
access-control-allow-origin
https://securityaffairs.co
access-control-allow-credentials
true
alt-svc
clear
via
1.1 google
bid
ap.lijit.com/rtb/ 		94 B
746 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ap.lijit.com/rtb/bid?src=prebid_prebid_5.9.0-pre
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
69.175.41.32 Downers Grove, United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
sovrn-193627-chi03-placeholder
Software
/
Resource Hash
1cf004685c32d9f1895d8e9f6aba75d0dba191708e294289879f0c5dd6cf6bdc

Request headers

Referer
https://securityaffairs.co/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type
text/plain

Response headers

Date
Mon, 08 Nov 2021 15:48:05 GMT
Content-Encoding
gzip
Vary
Accept-Encoding, User-Agent
Access-Control-Allow-Methods
GET, POST, DELETE, PUT
Content-Type
application/json
Access-Control-Allow-Origin
https://securityaffairs.co
Access-Control-Allow-Credentials
true
X-Sovrn-Pod
ad_ap3ord1
Access-Control-Allow-Headers
X-Requested-With, Content-Type
Content-Length
99
arj
pixfuture2-d.openx.net/w/1.0/ 		174 B
357 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://pixfuture2-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F112825%2Fmalware%2Fgolang-based-worm-windows-linux.html&ch=UTF-8&res=1600x1200x24&ifr=false&tz=0&tws=1600x1200&be=1&bc=hb_pb_3.0.3&dddid=36b31fb3-62c6-4492-84bf-3104bfc4ef93&nocache=1636386485161&pubcid=61874d22-24e1-4de4-8b45-82d7cde969e7&schain=1.0%2C1!pixfuture.com%2C4142%2C1%2C%2C%2C&aus=320x50&divids=24272x320x50x4142x_ADSLOT1&aucs=&auid=540580841&tps=bXlrZXl3b3JkPW5ldyxnb2xhbmdiYXNlZCxjcnlwdG8sd29ybSxpbmZlY3RzLHdpbmRvd3MsbGludXgsc2VydmVyc3NlY3VyaXR5LGFmZmFpcnMmbXlvdGhlcmtleXdvcmQ9bmV3LGdvbGFuZ2Jhc2VkLGNyeXB0byx3b3JtLGluZmVjdHMsd2luZG93cyxsaW51eCxzZXJ2ZXJzc2VjdXJpdHksYWZmYWlycw%3D%3D
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
8.159.244.35.bc.googleusercontent.com
Software
OXGW/16.218.0 /
Resource Hash
dd89bfea5dd89719f31edbbad76c487a98d0cd2d61228781789530723b04701a

Request headers

Referer
https://securityaffairs.co/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:05 GMT
content-encoding
gzip
server
OXGW/16.218.0
vary
Accept, Accept-Encoding
p3p
CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin
https://securityaffairs.co
cache-control
private, max-age=0, no-cache
access-control-allow-credentials
true
content-type
application/json
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
164
via
1.1 google
expires
Mon, 26 Jul 1997 05:00:00 GMT
prebid
ib.adnxs.com/ut/v3/ 		139 B
823 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
68.67.161.183 New York, United States, ASN29990 (ASN-APPNEX, US),
Reverse DNS
803.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net
Software
nginx/1.17.9 /
Resource Hash
40e1b6af169aaaf2dfafe3044562ac0fbe1ad82905e4758cab67509836067191
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://securityaffairs.co/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:05 GMT
X-Proxy-Origin
37.120.205.149; 37.120.205.149; 803.bm-nginx-loadbalancer.mgmt.nym2; adnxs.com
AN-X-Request-Uuid
f999a5cf-5ad4-4bea-a5ec-dc659fe10bf5
Server
nginx/1.17.9
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
https://securityaffairs.co
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json; charset=utf-8
Content-Length
139
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
v1
btlr.sharethrough.com/WYu2BXv1/ 		0
199 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://btlr.sharethrough.com/WYu2BXv1/v1
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.224.137.182 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-224-137-182.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://securityaffairs.co/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type
text/plain

Response headers

Access-Control-Allow-Origin
https://securityaffairs.co
Date
Mon, 08 Nov 2021 15:48:05 GMT
Access-Control-Allow-Credentials
true
Connection
keep-alive
Vary
Origin
trinity.json
apex.go.sonobi.com/ 		979 B
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://apex.go.sonobi.com/trinity.json?key_maker=%7B%22704cbe6f8d7319b%22%3A%22277a716b3c3b01668abf%7C320x50%7Cf%3D0.3%22%7D&ref=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F112825%2Fmalware%2Fgolang-based-worm-windows-linux.html&s=e7ddee05-63bd-4e36-9d03-c3cb05b81f45&pv=70cd24f5-799a-4308-92a0-754e64eb032f&vp=desktop&lib_name=prebid&lib_v=5.9.0-pre&us=0&ius=1&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22pixfuture.com%22%2C%22sid%22%3A%224142%22%2C%22hp%22%3A1%7D%5D%7D&kw=new%2Cgolangbased%2Ccrypto%2Cworm%2Cinfects%2Cwindows%2Clinux%2Cserverssecurity%2Caffairs&coppa=0
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
69.166.1.14 , United States, ASN27630 (AS-XFERNET, US),
Reverse DNS
Software
sonobi-go /
Resource Hash
9e57f7818649575f5dd38aa747647c1109e46764cda5a805dbc0c9253df9eccd
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://securityaffairs.co/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:05 GMT
Content-Encoding
gzip
Server
sonobi-go
Vary
negotiate,Accept-Encoding
X-Go-Server
go-iad-2-5-91
P3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin
https://securityaffairs.co
Cache-Control
no-cache, no-store, private
Access-Control-Allow-Credentials
true
Tcn
Choice
Content-Type
application/json
Content-Length
574
X-Xss-Protection
0
Expires
Sat, 26 Jul 1997 05:00:00 GMT
log
qsearch-a.akamaihd.net/ 		35 B
329 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://qsearch-a.akamaihd.net/log?logid=kfk&evtid=videoerror&cid=8CU5BD6EW&crid=null&dn=securityaffairs.co&REASON=33&ACTION=0&visitorId=DefVid&dc=0&adtagId=126440378&bidder_id=99999&biddertagid=99999&bsr=Chrome_95&dt=desktop&os=WIN&id=00001636386485188017612641654789&purl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F112825%2Fmalware%2Fgolang-based-worm-windows-linux.html&requrl=https%3A%2F%2Ft.co%2F
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
184.51.146.145 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a184-51-146-145.deploy.static.akamaitechnologies.com
Software
Jetty(9.4.35.v20201120) /
Resource Hash
796c46ec10bc9105545f6f90d51593921b69956bd9087eb72bee83f40ad86f90

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:05 GMT
Server
Jetty(9.4.35.v20201120)
Content-Type
image/gif
Access-Control-Allow-Origin
*
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Length
35
Expires
Mon, 08 Nov 2021 15:48:05 GMT
auction
prebidserver.pixfuture.com/openrtb2/ 		312 B
669 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://prebidserver.pixfuture.com/openrtb2/auction
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
157.245.94.128 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
5e64c4fe02b81567b406aeaa3e3283f0c879bbe605a181c70dd8e386dd187a1f

Request headers

Referer
https://securityaffairs.co/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:05 GMT
Server
nginx/1.14.0 (Ubuntu)
Vary
Origin
Content-Type
application/json
Access-Control-Allow-Origin
https://securityaffairs.co
Cache-Control
no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
312
Expires
0
bid
ap.lijit.com/rtb/ 		94 B
746 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ap.lijit.com/rtb/bid?src=prebid_prebid_5.9.0-pre
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
69.175.41.32 Downers Grove, United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
sovrn-193627-chi03-placeholder
Software
/
Resource Hash
04e21d20f328c0ee5a990394a59a3c4ff33b3e0c4b0009f747af75018af1dc96

Request headers

Referer
https://securityaffairs.co/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type
text/plain

Response headers

Date
Mon, 08 Nov 2021 15:48:05 GMT
Content-Encoding
gzip
Vary
Accept-Encoding, User-Agent
Access-Control-Allow-Methods
GET, POST, DELETE, PUT
Content-Type
application/json
Access-Control-Allow-Origin
https://securityaffairs.co
Access-Control-Allow-Credentials
true
X-Sovrn-Pod
ad_ap3ord1
Access-Control-Allow-Headers
X-Requested-With, Content-Type
Content-Length
99
bidRequest
c2shb.ssp.yahoo.com/ 		62 B
344 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a969105017575db4f32dc2eda5c0067&pos=pixfuture_network_news_728x90&cmd=bid&secure=1
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.4.33.45 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-4-33-45.compute-1.amazonaws.com
Software
ATS/9.1.0.33 /
Resource Hash
ff46e8e9c5af218fcf5a190b941cef2980057d50f9a1b7d5fd7757433e00f059

Request headers

Referer
https://securityaffairs.co/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type
text/plain

Response headers

date
Mon, 08 Nov 2021 15:48:05 GMT
server
ATS/9.1.0.33
age
0
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods
POST,GET,HEAD,OPTIONS
content-type
application/json;charset=utf-8
access-control-allow-origin
https://securityaffairs.co
access-control-allow-credentials
true
content-length
62
prebid
prebid.media.net/rtb/ 		1 KB
681 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://prebid.media.net/rtb/prebid?cid=8CUIUMTP7
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.107.148.139 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
139.148.107.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
c4776ba5f20d325e56e32546fff207574362793fe903a5a2562914bafae23dd6

Request headers

Referer
https://securityaffairs.co/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:05 GMT
content-encoding
gzip
server
nginx
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://securityaffairs.co
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
alt-svc
clear
via
1.1 google
prebid
ib.adnxs.com/ut/v3/ 		139 B
823 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
68.67.161.183 New York, United States, ASN29990 (ASN-APPNEX, US),
Reverse DNS
803.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net
Software
nginx/1.17.9 /
Resource Hash
9f940c3ff73eda67ecaf03b567f1b709caa697cf79152ddb94298bba5c394f5b
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://securityaffairs.co/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:05 GMT
X-Proxy-Origin
37.120.205.149; 37.120.205.149; 803.bm-nginx-loadbalancer.mgmt.nym2; adnxs.com
AN-X-Request-Uuid
9ff24143-5c0f-4c9b-9d78-3b3af3bce5b8
Server
nginx/1.17.9
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
https://securityaffairs.co
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json; charset=utf-8
Content-Length
139
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
trinity.json
apex.go.sonobi.com/ 		979 B
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://apex.go.sonobi.com/trinity.json?key_maker=%7B%2285883a371451185%22%3A%22951d83dd852c9348161e%7C728x90%7Cf%3D0.3%22%7D&ref=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F112825%2Fmalware%2Fgolang-based-worm-windows-linux.html&s=a8a479ef-7ae5-4256-a6d7-a2644a20dd13&pv=70cd24f5-799a-4308-92a0-754e64eb032f&vp=desktop&lib_name=prebid&lib_v=5.9.0-pre&us=0&ius=1&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22pixfuture.com%22%2C%22sid%22%3A%224142%22%2C%22hp%22%3A1%7D%5D%7D&kw=new%2Cgolangbased%2Ccrypto%2Cworm%2Cinfects%2Cwindows%2Clinux%2Cserverssecurity%2Caffairs&coppa=0
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
69.166.1.14 , United States, ASN27630 (AS-XFERNET, US),
Reverse DNS
Software
sonobi-go /
Resource Hash
99d6b69393da784dfa6eaea91c3d03caf158d21a0d75e8c0104fa0b49d6abaf0
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://securityaffairs.co/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:05 GMT
Content-Encoding
gzip
Server
sonobi-go
Vary
negotiate,Accept-Encoding
X-Go-Server
go-iad-2-7-13
P3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin
https://securityaffairs.co
Cache-Control
no-cache, no-store, private
Access-Control-Allow-Credentials
true
Tcn
Choice
Content-Type
application/json
Content-Length
576
X-Xss-Protection
0
Expires
Sat, 26 Jul 1997 05:00:00 GMT
translator
hbopenbid.pubmatic.com/ 		0
61 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.36.115.111 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://securityaffairs.co/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://securityaffairs.co
date
Mon, 08 Nov 2021 15:48:05 GMT
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
arj
pixfuture2-d.openx.net/w/1.0/ 		174 B
594 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://pixfuture2-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F112825%2Fmalware%2Fgolang-based-worm-windows-linux.html&ch=UTF-8&res=1600x1200x24&ifr=false&tz=0&tws=1600x1200&be=1&bc=hb_pb_3.0.3&dddid=2352b81e-1fec-49a8-8ac3-9680e710f8bc&nocache=1636386485220&pubcid=61874d22-24e1-4de4-8b45-82d7cde969e7&schain=1.0%2C1!pixfuture.com%2C4142%2C1%2C%2C%2C&aus=728x90&divids=24274x728x90x4142x_ADSLOT1&aucs=&auid=540580842&tps=bXlrZXl3b3JkPW5ldyxnb2xhbmdiYXNlZCxjcnlwdG8sd29ybSxpbmZlY3RzLHdpbmRvd3MsbGludXgsc2VydmVyc3NlY3VyaXR5LGFmZmFpcnMmbXlvdGhlcmtleXdvcmQ9bmV3LGdvbGFuZ2Jhc2VkLGNyeXB0byx3b3JtLGluZmVjdHMsd2luZG93cyxsaW51eCxzZXJ2ZXJzc2VjdXJpdHksYWZmYWlycw%3D%3D
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
8.159.244.35.bc.googleusercontent.com
Software
OXGW/16.218.0 /
Resource Hash
8347aba6b19aca193d1c275b6f2860407dcf14b933873d47b6d53a8dae46bfbf

Request headers

Referer
https://securityaffairs.co/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:05 GMT
content-encoding
gzip
server
OXGW/16.218.0
vary
Accept, Accept-Encoding
p3p
CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin
https://securityaffairs.co
cache-control
private, max-age=0, no-cache
access-control-allow-credentials
true
content-type
application/json
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
164
via
1.1 google
expires
Mon, 26 Jul 1997 05:00:00 GMT
hb
ssc.33across.com/api/v1/ 		118 B
196 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ssc.33across.com/api/v1/hb?guid=azC7qard4r6OkMaKlId8sQ
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.149.20.76 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
76.20.149.34.bc.googleusercontent.com
Software
/ 33Across
Resource Hash
5eec30cadd6feed16fedc341e865d305b9357fb60bced49dac83e04e7ff7ae08

Request headers

Referer
https://securityaffairs.co/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type
text/plain

Response headers

date
Mon, 08 Nov 2021 15:48:05 GMT
content-encoding
gzip
status
200 OK
x-powered-by
33Across
vary
Accept-Encoding, Origin
content-type
application/json; charset=utf-8
access-control-allow-origin
https://securityaffairs.co
access-control-allow-credentials
true
alt-svc
clear
via
1.1 google
fastlane.json
fastlane.rubiconproject.com/a/api/ 		240 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=23564&site_id=378734&zone_id=2094440&size_id=2&p_pos=atf&rp_schain=1.0,1!pixfuture.com,4142,1,,,&rf=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F112825%2Fmalware%2Fgolang-based-worm-windows-linux.html&tk_flint=pbjs_lite_v5.9.0-pre&x_source.tid=2352b81e-1fec-49a8-8ac3-9680e710f8bc&p_screen_res=1600x1200&rp_floor=0.1&rp_secure=1&rp_maxbids=1&slots=1&rand=0.38729018899501266
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
2602:803:c002:200::43 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.16.0 /
Resource Hash
7bb18d7f96f84c2abd16941c6b18a1c0b6ffcda6e893b54e7414f5ca872506d1

Request headers

Referer
https://securityaffairs.co/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:05 GMT
Server
nginx/1.16.0
Vary
Accept-Encoding
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin
https://securityaffairs.co
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json
Content-Length
240
Expires
Wed, 17 Sep 1975 21:32:10 GMT
nrrV8478.js
contextual.media.net/4a/ Frame C053 		92 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://contextual.media.net/4a/nrrV8478.js
Requested by
Host: contextual.media.net
URL: https://contextual.media.net/dmedianet.js?cid=8CU5BD6EW
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.205.72.10 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-205-72-10.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
cdb9759596043346743671cdf793ade8c57fda225006d6da0dc813c62fbd27a2
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
max-age=2592000
strict-transport-security
max-age=604800
content-encoding
gzip
server
Apache
etag
"d828725179d622a56f951e527a966ed7"
vary
Accept-Encoding
x-mnet-h
8-7
content-type
text/javascript; charset=utf-8
cache-control
max-age=1209600
date
Mon, 08 Nov 2021 15:48:05 GMT
content-length
30223
expires
Mon, 22 Nov 2021 15:48:05 GMT
truncated
/ Frame C053 		4 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
326c32d7ffbd04762a10cf5bb37441d418397959381d3893c9e9a48217aa5347

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ Frame C053 		2 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
b00af338864761a37a208806e2e8815b46327a5e7e47bf141f4fbdf6d1fd3bcc

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Content-Type
image/png
Oswald-Regular.woff
contextual.media.net/__media__/fonts/Oswald-Regular/ Frame C053 		27 KB
27 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://contextual.media.net/__media__/fonts/Oswald-Regular/Oswald-Regular.woff
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.205.72.10 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-205-72-10.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
a8451c3757b0729edcecf6edb54abacce58e3773b0e228073658377931523c29
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Referer
https://securityaffairs.co/
Origin
https://securityaffairs.co
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:05 GMT
last-modified
Mon, 16 May 2016 10:39:41 GMT
server
Apache
strict-transport-security
max-age=604800
content-type
application/font-woff
access-control-allow-origin
*
cache-control
max-age=86400
accept-ranges
bytes
content-length
27164
expires
Tue, 09 Nov 2021 15:48:05 GMT
bullet16.woff
contextual.media.net/__media__/fonts/bullet16/ Frame C053 		2 KB
2 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://contextual.media.net/__media__/fonts/bullet16/bullet16.woff
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.205.72.10 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-205-72-10.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
6c567f5f0ea4a8f2b5ef941a4b6b4d4d616e8198a96b6fab88df74a5bc3b5dce
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Referer
https://securityaffairs.co/
Origin
https://securityaffairs.co
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:05 GMT
last-modified
Mon, 16 May 2016 10:39:41 GMT
server
Apache
strict-transport-security
max-age=604800
content-type
application/font-woff
access-control-allow-origin
*
cache-control
max-age=86400
accept-ranges
bytes
content-length
2000
expires
Tue, 09 Nov 2021 15:48:05 GMT
nrrV8478.js
contextual.media.net/4a/ Frame B594 		92 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://contextual.media.net/4a/nrrV8478.js
Requested by
Host: contextual.media.net
URL: https://contextual.media.net/dmedianet.js?cid=8CU5BD6EW
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.205.72.10 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-205-72-10.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
cdb9759596043346743671cdf793ade8c57fda225006d6da0dc813c62fbd27a2
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
max-age=2592000
strict-transport-security
max-age=604800
content-encoding
gzip
server
Apache
etag
"d828725179d622a56f951e527a966ed7"
vary
Accept-Encoding
x-mnet-h
8-7
content-type
text/javascript; charset=utf-8
cache-control
max-age=1209600
date
Mon, 08 Nov 2021 15:48:05 GMT
content-length
30223
expires
Mon, 22 Nov 2021 15:48:05 GMT
truncated
/ Frame B594 		4 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
326c32d7ffbd04762a10cf5bb37441d418397959381d3893c9e9a48217aa5347

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ Frame B594 		2 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
b00af338864761a37a208806e2e8815b46327a5e7e47bf141f4fbdf6d1fd3bcc

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Content-Type
image/png
Lato-Regular.woff
contextual.media.net/__media__/fonts/Lato-Regular/ Frame B594 		37 KB
38 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://contextual.media.net/__media__/fonts/Lato-Regular/Lato-Regular.woff
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.205.72.10 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-205-72-10.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b7c2309c6e08de495b618ca1d7325a767ce1f1921447efad9eb29fb42824d611
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Referer
https://securityaffairs.co/
Origin
https://securityaffairs.co
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:05 GMT
last-modified
Mon, 16 May 2016 10:39:41 GMT
server
Apache
strict-transport-security
max-age=604800
content-type
font/woff
access-control-allow-origin
*
cache-control
max-age=86400
accept-ranges
bytes
content-length
38240
expires
Tue, 09 Nov 2021 15:48:05 GMT
bullet16.woff
contextual.media.net/__media__/fonts/bullet16/ Frame B594 		2 KB
2 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://contextual.media.net/__media__/fonts/bullet16/bullet16.woff
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.205.72.10 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-205-72-10.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
6c567f5f0ea4a8f2b5ef941a4b6b4d4d616e8198a96b6fab88df74a5bc3b5dce
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Referer
https://securityaffairs.co/
Origin
https://securityaffairs.co
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:05 GMT
last-modified
Mon, 16 May 2016 10:39:41 GMT
server
Apache
strict-transport-security
max-age=604800
content-type
application/font-woff
access-control-allow-origin
*
cache-control
max-age=86400
accept-ranges
bytes
content-length
2000
expires
Tue, 09 Nov 2021 15:48:05 GMT
nrrV8478.js
contextual.media.net/4a/ Frame C8CE 		92 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://contextual.media.net/4a/nrrV8478.js
Requested by
Host: contextual.media.net
URL: https://contextual.media.net/dmedianet.js?cid=8CU5BD6EW
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.205.72.10 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-205-72-10.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
cdb9759596043346743671cdf793ade8c57fda225006d6da0dc813c62fbd27a2
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
max-age=2592000
strict-transport-security
max-age=604800
content-encoding
gzip
server
Apache
etag
"d828725179d622a56f951e527a966ed7"
vary
Accept-Encoding
x-mnet-h
8-7
content-type
text/javascript; charset=utf-8
cache-control
max-age=1209600
date
Mon, 08 Nov 2021 15:48:05 GMT
content-length
30223
expires
Mon, 22 Nov 2021 15:48:05 GMT
truncated
/ Frame C8CE 		4 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
326c32d7ffbd04762a10cf5bb37441d418397959381d3893c9e9a48217aa5347

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ Frame C8CE 		2 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
b00af338864761a37a208806e2e8815b46327a5e7e47bf141f4fbdf6d1fd3bcc

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Content-Type
image/png
Oswald-Regular.woff
contextual.media.net/__media__/fonts/Oswald-Regular/ Frame C8CE 		27 KB
27 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://contextual.media.net/__media__/fonts/Oswald-Regular/Oswald-Regular.woff
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.205.72.10 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-205-72-10.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
a8451c3757b0729edcecf6edb54abacce58e3773b0e228073658377931523c29
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Referer
https://securityaffairs.co/
Origin
https://securityaffairs.co
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:05 GMT
last-modified
Mon, 16 May 2016 10:39:41 GMT
server
Apache
strict-transport-security
max-age=604800
content-type
application/font-woff
access-control-allow-origin
*
cache-control
max-age=86400
accept-ranges
bytes
content-length
27164
expires
Tue, 09 Nov 2021 15:48:05 GMT
bullet16.woff
contextual.media.net/__media__/fonts/bullet16/ Frame C8CE 		2 KB
2 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://contextual.media.net/__media__/fonts/bullet16/bullet16.woff
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.205.72.10 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-205-72-10.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
6c567f5f0ea4a8f2b5ef941a4b6b4d4d616e8198a96b6fab88df74a5bc3b5dce
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Referer
https://securityaffairs.co/
Origin
https://securityaffairs.co
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:05 GMT
last-modified
Mon, 16 May 2016 10:39:41 GMT
server
Apache
strict-transport-security
max-age=604800
content-type
application/font-woff
access-control-allow-origin
*
cache-control
max-age=86400
accept-ranges
bytes
content-length
2000
expires
Tue, 09 Nov 2021 15:48:05 GMT
/
ads.us.e-planning.net/uspd/1/ Frame A012
Redirect Chain
  • https://ads.us.e-planning.net/uspd/1/?du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
  • https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
3 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
172.98.26.125 , United States, ASN399668 (E-PLANNING-, US),
Reverse DNS
ads.us.e-planning.net
Software
openresty /
Resource Hash
2c1b96e53cc04a115b7c5fb6b63ff1f0d82a144e0530d4c28ffd2590092e5542

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://securityaffairs.co/

Response headers

server
openresty
date
Mon, 08 Nov 2021 15:48:05 GMT
content-type
text/html
cache-control
max-age=0, no-cache
p3p
policyref="http://ads.us.e-planning.net/p3p/eplanning.p3p", CP="NOI DSP COR NID CURa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV"
expires
Mon, 08 Nov 2021 15:48:05 GMT
x-sid
IAD-1213
content-encoding
gzip

Redirect headers

server
openresty
date
Mon, 08 Nov 2021 15:48:05 GMT
content-type
text/html; charset=iso-8859-1
p3p
policyref="http://ads.us.e-planning.net/p3p/eplanning.p3p", CP="NOI DSP COR NID CURa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV"
location
/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
x-sid
IAD-1213
nrrV8478.js
contextual.media.net/4a/ Frame B2BD 		92 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://contextual.media.net/4a/nrrV8478.js
Requested by
Host: contextual.media.net
URL: https://contextual.media.net/dmedianet.js?cid=8CU5BD6EW
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.205.72.10 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-205-72-10.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
cdb9759596043346743671cdf793ade8c57fda225006d6da0dc813c62fbd27a2
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
max-age=2592000
strict-transport-security
max-age=604800
content-encoding
gzip
server
Apache
etag
"d828725179d622a56f951e527a966ed7"
vary
Accept-Encoding
x-mnet-h
8-7
content-type
text/javascript; charset=utf-8
cache-control
max-age=1209600
date
Mon, 08 Nov 2021 15:48:05 GMT
content-length
30223
expires
Mon, 22 Nov 2021 15:48:05 GMT
truncated
/ Frame B2BD 		4 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
326c32d7ffbd04762a10cf5bb37441d418397959381d3893c9e9a48217aa5347

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ Frame B2BD 		2 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
b00af338864761a37a208806e2e8815b46327a5e7e47bf141f4fbdf6d1fd3bcc

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Content-Type
image/png
ptmd
dt.clnmde.com/ 		70 B
330 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dt.clnmde.com/ptmd?t=16363864849763280910398_N4IgzgTgxgqhA2AXEAuA2iAFoxAHMApAMwCCBATAGIWVgCmUArhAJaICeAhgGbecsQwAOigB7GgHdREACa4IdMISoBGFeQAc5AKw0Atp3gTOCmgHNR8TgDszAWgBGnejLtSIety2szREsHbw3owAHkLYevAgADRYOPjEZFQ09EysHDx8AsJiktJyCko0apo6+obGplQWVraOznSu7p4S3r7+gcFhEVGx2HiEpDQpDMxsXLz8giLiVO4FisqUJVq6VAZGJnTmljb2Ti5u0i1tfgFB1qHhiJExcQOJw1SpYxmT2TN5svKLxeqr5U2VUoNT29UOzS8PjOnUu3RuUQAurEAG5gAD6LBkyHQl3g8GRWDRmOxqAwAAZKeSVAA2Ih0jQ0gAsGiZAHYAJxMyk0zQ0tlELkqIiCtkgQlMMCIEk4jAaADCMG0ACEACI0gCiAHVxbEoBAUWSQMAADogZlsulEcnkNlmlCmkAcXB0e1m-Uks3RM0olie1Bm2n0oiMllM4OW7RstnkL1mzDErFukBU6l0hnM1mc7nk3mMgVCkUcu0gAC+pd1IGsnDJTPIXI5-PIzOiwu5GjZ5MF0W01vJrI01sJ1bAqHrsRYnD0ZPJhMno5QGliAGsaygQOGVFBOBy6OS7NzOA47GoGI4oFu7F3tGpo1yZFBuHdlw5UCpYlLOIhGAu0ERtNE9KAWygFLt244coSABea7viAuBmKgICGrEdDWIa664HcZiYEhQYZmGxZ0po5IcioXYchodyIAuIAqHWlHkmyTK8to2hUaitE0kI5JCEyTIqHchioEQsTcFAqAnqhiAsHh6YhpmTJ3FKiEoOSH7LnJwahqy6IaCoHI6LmNpaBxIB0CwWHrkQbJCOovHkOS2h2UyHJ3CidAQEh8iiDIdx0IwsGxIwslqahKJROgoDVnodBIQ4WIyJ5JJ3DIX5rqACUyElEApSgeLwKifpYlpBGsiKGi9p2TLaGWpbRNFU5xeuWU5SlsRpYgGUgK1yUlfljD4kVeV0fJOl1jVvKuSGdUNVWTXxYlfV+R16WoJlS25f1BXDf1o3aYp0Zsr2zKaLNjWxYt2XLala0Oj1m15TtyHFX5674QpYYRjSUYxnVhK4GiZKEmA8BSqVn2so2bmxPAT4oHBvojR943fb95B3JK0p7QqSpqpqOqxGYEkI2Nma9ho6kgAAjs1cHcKFTKlkAA
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.211.217.109 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-18-211-217-109.compute-1.amazonaws.com
Software
/ Express
Resource Hash
c414cd0e204de974f73753c7e28d7638e7b3691bb8b1a2bab6b25bb7fed7ce77

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

access-control-allow-origin
*
date
Mon, 08 Nov 2021 15:48:05 GMT
x-powered-by
Express
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Bafp-Eg, Bafp-Ec, Bafp-Eg-T, Bafp-Ec-T
access-control-max-age
1800
access-control-allow-methods
GET,PUT,POST,DELETE,OPTIONS
content-type
image/gif
sid
mug.criteo.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://mug.criteo.com/sid?cpp=PEVsF3xhNDBGbDl3VitHT3hhSkhHVVVmT0dydFc5MlhOV21GWXp6bVAwZHhvSnIzRGZ6K0dxK0RIOHd2K3hpUHJJNzFCMnVIdU53RTZJSlFoanRPalZPNFJBQVRaaFJ5TkpMRGdVcktoWHBadk1Qc0ZpcE5BckxFTjFUOGcyam1CcUNaVm1DbVdsVWVhbUJVM09ad0N0MFVzUDIrU3NVVTBFbDcxYmI4TlIwQjVmZDErWHBOQ0d5VEpIRFREVCt0TGVWUGJPTDNHdkN4VE96WHNTdHlIRGlqRnZkZHhRRUNWQ0JYOG01OEE4NXdscXMwPXw&cppv=2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
74.119.119.139 , United States, ASN19750 (AS-CRITEO, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Accept
*/*
Access-Control-Request-Method
GET
Access-Control-Request-Headers
content-type
Origin
null
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
content-type
application/json; charset=utf-8
expires
0
strict-transport-security
max-age=31536000
access-control-allow-origin
null
access-control-allow-headers
content-type
access-control-allow-credentials
true
access-control-allow-methods
GET
server-processing-duration-in-ticks
1171
date
Mon, 08 Nov 2021 15:48:04 GMT
content-encoding
gzip
vary
Accept-Encoding
bql.php
lg3.media.net/ Frame B2BD 		15 B
216 B 		Script
General
Check archive.org
Download Go to
Full URL
https://lg3.media.net/bql.php?&vgd_l2type=setting&v=1&gdpr=0&hvsid=00001636386484794006286739413397&geo=45.50|-73.58&dlper=25&lper=100&fp=EIMN-ehR7Pps_CSyS_Yzo-2i1OixKc5bcJvKkD7oNWATQGXYvCMCRLKVdh2eukso_f6pP4e5IzyvbPnHKl9LHoAJDEvSwEvhnvfJ_srsglKn4P4qzixuG99PgHwSultOIX0j1tL8NA8%3D&lpid=&tsid=1&q=&prv=&type=&ps=&cme=QBtmEwQY_KMOzeEqgwW_kcFlHv2Ot35dAo2l2YuTfiRnopykPLBDOmN5joqjwGaYMhu52qIeb75rz3C5r8AIeCglJpuROnOejeWr7chnkzFzwfBbpkQ9vRkOKc2m2T6-pbZHwyLzkQFnv9ND1On5h86zu--tFuk8_fmSXfm-t9JYKAZJ9RgF_5_4XgKDxqDBL8ruoB28q23MKMAWYm2r3oL8cd4-s0jP%7C%7CNDHRnZ9Gz3KXlI-i9OnZqQ%3D%3D%7C5gDUJdTGiJzedmq9hanWYg%3D%3D%7Cy2SqoJcE0s-9IUO1sSido6Y3VR48iOc4%7CRcpmkYFUEad4UGjcl9oeyAEaTNDbRNEIks4wTgyNZ4FJcEQB3h8DiHcXjG9zXgBwuQ-iD5hpeAGJnqqwfaxa2rBJ8DpAn-oVHvtLs36MZgRQv3XJnx3Jdw%3D%3D%7CN7fu2vKt8_s%3D%7CzeQrVoT0xVHm4BTDBEC_rHN8lIYC3mBhRhvCQ_rWvUbEfj2Wnok-p5oFiQ9kNQt8nGmzH640gWn7Lx9BU5MBRL75S1XUmQh8bz0jWTQFyV3fvTriAueZSVi4F_jsHBHY3fGYCXp405nHF_XoZoUL1NByunLIQgAVp5d0jRusVRvirQGEhf5ccrXNfTsS7gliOYhiDc5aSYk1Y3QZlLY0poh0cERna27X%7C&hint=&td=&cc=CA&wsip=2886781035&bca=0&ugd=4&vgd_chost=contextual.media.net&vgd_fcic=1&vgde_kbbh=WoNWNY&vgde_setid=NW&&rc=0&ksu=207&oref=https%3A%2F%2Ft.co&fdkt=232&kwd[]=Refinance%20Home%20Mortgage%20Rates&kwt[]=232&kbc[]=e824e04e23680a67a8f7c3c119c78baa.d2s&kwp[]=1&kid[]=24069650&kbc2[]=0%7C%7Cps%3D0.953%7C%7Crpc%3D1.57%7C%7Clvl%3D1.00&ktd[]=274911854848&kwd[]=Big%20Data%20Trends%20for%202021&kwt[]=232&kbc[]=e824e04e23680a67a8f7c3c119c78baa.d2s&kwp[]=2&kid[]=330153821&kbc2[]=0%7C%7Cps%3D0.953%7C%7Crpc%3D0.15%7C%7Clvl%3D1.00&ktd[]=274895077632&kwd[]=10%20Top%20Rated%20VPN&kwt[]=232&kbc[]=e824e04e23680a67a8f7c3c119c78baa.d2s&kwp[]=3&kid[]=329969288&kbc2[]=0%7C%7Cps%3D0.953%7C%7Crpc%3D0.89%7C%7Clvl%3D1.29&ktd[]=1126174801920256&kwd[]=Internet%20Malware%20Security%20Protection%20Endpoint%20Softwares&kwt[]=232&kbc[]=e824e04e23680a67a8f7c3c119c78baa.d2s&kwp[]=4&kid[]=330036340&kbc2[]=0%7C%7Cps%3D0.953%7C%7Crpc%3D0.74%7C%7Clvl%3D1.00&ktd[]=274895077632&kwd[]=Senior%27s%20Cell%20Phone%20Deals&kwt[]=232&kbc[]=e824e04e23680a67a8f7c3c119c78baa.d2s&kwp[]=5&kid[]=324601591&kbc2[]=0%7C%7Cps%3D0.953%7C%7Crpc%3D0.31%7C%7Clvl%3D3.33&ktd[]=274911854848&rand=1636386485443&cid=8CU5BD6EW&vwid=1636386484363765772&vi=1636386484363765772&l3ch=0&slnkp=no&tdAdd[]=ib=0&vgd_uspa=0&vgd_sc=QC&vgd_l1rakh=1636386484160257449&vgd_l1rhst=contextual.media.net&vgd_lhl=1001&tdAdd[]=%7C%40%7Csde%3D1%7C%40%7Cadepth%3D1%7C%40%7Cddepth%3D1%7C%40%7Cfsap%3D1%7C%40%7Clsat%3D3&vgd_ifrmode=00&sttm=1636386484794&upk=1636386485.674&hvsid=00001636386484794006286739413397&verid=3121199&kbbq=%26sde%3D1%26adepth%3D1%26ddepth%3D1%26asn%3D9009&vgd_isiolc=1&npgv=1&pid=8PO9OT5EW&katen=1&pc=38&vgd_pgid=p1490451350t202111081548&matm=1636386485450&vgd_ltime=660&vgd_ltimesrc=2&abpl=2&tdAdd[]=nw%3DNone&tdAdd[]=nwType%3DNone&tdAdd[]=asnum%3D9009&tdAdd[]=proxy%3DNone&tdAdd[]=comp%3DNone&vgd_l3_sc=QC&vgd_l1ch=1&vgd_refdomain=t.co&vgd_katid=807619790&vgd_katbid=-21&vgd_kals=ttype%3D10002%7C%7Cpc%3D38&vgd_kasts=tstype%3D-10408%7C%7Cgbid%3D-1&vgd_altbql=sb&vgd_pdtid=1&vgd_implt=3&vgd_sbSup=1&vgd_l2wsip=2886994110&vgd_nrrsf=nrr&vgd_nrrv=8478&vgd_nrrs=8478&vgd_nrrmf=4a&vgd_cntrdt=AS%7CDIV-647633027%7CDIV&vgd_x_pos=980&vgd_y_pos=723&vgd_ren_page_h=4544&vgd_cty=MONTREAL&vgd_l1hcsd=A9%7C7476&vgd_sethcsd=N6%7C7396&vgd_cfud=200219&vgd_is_amp=0&vgd_optout=0&vgd_l2ch=0&vgd_ect=4g&vgd_rensize=300_250&vgd_scr_h=1200&vgd_scr_w=1600&vgd_mbr=1&vgd_l1rpth=%2Fdmedianet.js&vgd_pgids=2&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F112825%2Fmalware%2Fgolang-based-worm-windows-linux.html&oRurl=http%3A%2F%2Fcdn3%2Fmediamain.html%3F%26nb%3D1%26settings%3D1%26%26cc%3DCA%26isOffice%3D0%26fvips%3D0%26vi%3D1636386484363765772%26lw%3D1%26esi%3D1%26size%3D300x250%26crid%3D647633027%26vpf%3D000%26kwrf%3Dhttps%253a%252f%252ft.co%26cid%3D8CU5BD6EW%26ugd%3D4%26chost%3Dcontextual.media.net%26vif%3D1%26blacpfl%3D1%26https%3D1%26blapd%3D0%26nse%3D5%26baeFlag%3D1%26cpcd%3DRlAcVccC-RdUYIl-LjF9ag%253d%253d%26nb%3D1%26cb%3Dwindow._mNDetails.initAd%26gdpr%3D0%26pid%3D8PO9OT5EW%26requrl%3Dhttps%253a%252f%252fsecurityaffairs.co%252fwordpress%252f112825%252fmalware%252fgolang-based-worm-windows-linux.html%26%26katid%3D807619790%26katen%3D1%26katbid%3D-21&tdAdd[]=uiparams%3D%3Brend_w%3A300%3Brend_h%3A250%3Bwin_w%3A1600%3Bwin_h%3A1200%3Bkwd_scnt%3A5&vgd_crefurl=https://t.co/&vgd_end=1
Requested by
Host: contextual.media.net
URL: https://contextual.media.net/4a/nrrV8478.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.205.72.10 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-205-72-10.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
c787e9dd6dc8ea3c935f5f0f30e3b9e4a3e066b4619bb244f569883f8e318a24
Security Headers
Name Value
Strict-Transport-Security max-age=21600

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=21600
server
Apache
date
Mon, 08 Nov 2021 15:48:05 GMT
ntcoent-length
15
vary
Accept-Encoding
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
*
cache-control
max-age=0, no-cache, no-store
content-length
15
expires
Mon, 08 Nov 2021 15:48:05 GMT
log
navvy.media.net/ Frame B2BD 		35 B
207 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://navvy.media.net/log
Requested by
Host: contextual.media.net
URL: https://contextual.media.net/4a/nrrV8478.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.102.149.62 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
62.149.102.34.bc.googleusercontent.com
Software
Jetty(9.4.7.v20170914) /
Resource Hash
796c46ec10bc9105545f6f90d51593921b69956bd9087eb72bee83f40ad86f90

Request headers

Referer
https://securityaffairs.co/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:05 GMT
via
1.1 google
server
Jetty(9.4.7.v20170914)
content-type
image/gif
access-control-allow-origin
*
cache-control
max-age=0, no-cache,no-store
alt-svc
clear
content-length
35
expires
Mon, 08 Nov 2021 15:48:05 GMT
bql.php
lg3.media.net/ Frame C053 		15 B
216 B 		Script
General
Check archive.org
Download Go to
Full URL
https://lg3.media.net/bql.php?&vgd_l2type=setting&v=1&gdpr=0&hvsid=00001636386484772006286739413192&geo=45.50|-73.58&dlper=25&lper=100&fp=nUk68iMZrfa9ZC9t8LGdlqJ1ViLsmJq304IiFmEAdnQzWB4Vk_zchAUo5RUZLNL39J3hoXhQ31IhmhZUfHRTUAWhs-q0Qy1rWMG9DqvbPSf8TyzevDW5ozM2DhdDYvfk&lpid=&tsid=1&q=&prv=&type=&ps=&cme=-qkzMpzS_SK_hAaJzXys_HB8tu1kJeCuRagw9HO6wNzPdDoQ7LlO03jw2x4OqyEywgQitwxDN7YEVdqwOZKIpkBatWLB7X22miqo_bJF8GBtCk1LJAehjnyjt9bBledWcRHwmoQ-N4_iWCX5QjmdVdn9T0Ca7UVIARhXnh4K0irUhs9Ut1OstYIsxE4_BWLjOL_CEn5OXt93SVQek3bvC2atmniyz44VFbXq5jsWtsk%3D%7C%7CNDHRnZ9Gz3KXlI-i9OnZqQ%3D%3D%7C5gDUJdTGiJzedmq9hanWYg%3D%3D%7Cy2SqoJcE0s-9IUO1sSido6Y3VR48iOc4%7CRcpmkYFUEad4UGjcl9oeyAEaTNDbRNEIks4wTgyNZ4FJcEQB3h8DiHcXjG9zXgBwuQ-iD5hpeAGJnqqwfaxa2rBJ8DpAn-oVHvtLs36MZgRQv3XJnx3Jdw%3D%3D%7CN7fu2vKt8_s%3D%7CtC4Sp9xoD5Ed-8Unle16MLcUbwZEv0U6MuIFOmA_fpAzuEtl3McMqTjGFFs64_6K7cZaD6yhgc2lP9XPGGZVc5bhvDlOelcONE7xVQ73b3f-uMGFBUzhy4Nmf8pbqjWfCLcJErD8l8YSR5gWSBYiaYwXBdqx7B_r3UG3rsbdy7lrC3wj9w8o9OpgzOcLByuU8Lxiu_KuBuNMU1ii3daEuTLfvoofHo72%7C&hint=&td=&cc=CA&wsip=170785125&bca=0&ugd=4&vgd_chost=contextual.media.net&vgd_fcic=1&vgde_kbbh=ffoyxQJuO&vgde_setid=Nff&&rc=0&ksu=207&oref=https%3A%2F%2Ft.co&fdkt=232&kwd[]=Best%20Antivirus%20Software%20of%202021&kwt[]=232&kbc[]=e824e04e23680a67a8f7c3c119c78baa.d2s&kwp[]=1&kid[]=330153303&kbc2[]=0%7C%7Cps%3D0.953%7C%7Crpc%3D1.13%7C%7Clvl%3D2.13&ktd[]=1126174801920256&kwd[]=Refinance%20Home%20Mortgage%20Rates&kwt[]=232&kbc[]=e824e04e23680a67a8f7c3c119c78baa.d2s&kwp[]=2&kid[]=24069650&kbc2[]=0%7C%7Cps%3D0.953%7C%7Crpc%3D1.57%7C%7Clvl%3D1.00&ktd[]=274911854848&kwd[]=Network%20Vulnerability%20Scanner&kwt[]=232&kbc[]=e824e04e23680a67a8f7c3c119c78baa.d2s&kwp[]=3&kid[]=20332811&kbc2[]=0%7C%7Cps%3D0.953%7C%7Crpc%3D0.49%7C%7Clvl%3D1.00&ktd[]=274895077632&kwd[]=Coding%20for%20Beginners&kwt[]=232&kbc[]=e824e04e23680a67a8f7c3c119c78baa.d2s&kwp[]=4&kid[]=63048165&kbc2[]=0%7C%7Cps%3D0.953%7C%7Crpc%3D0.42%7C%7Clvl%3D3.14&ktd[]=274895077632&kwd[]=10%20Best%20Computer%20Security%20Tools&kwt[]=232&kbc[]=e824e04e23680a67a8f7c3c119c78baa.d2s&kwp[]=5&kid[]=329829519&kbc2[]=0%7C%7Cps%3D0.953%7C%7Crpc%3D1.90%7C%7Clvl%3D1.00&ktd[]=274895077632&rand=1636386485317&cid=8CU5BD6EW&vwid=1636386484777536428&vi=1636386484777536428&l3ch=0&slnkp=no&tdAdd[]=ib=0&vgd_uspa=0&vgd_sc=QC&vgd_l1rakh=1636386484160257449&vgd_l1rhst=contextual.media.net&vgd_lhl=1000&tdAdd[]=%7C%40%7Csde%3D1%7C%40%7Cadepth%3D2%7C%40%7Cddepth%3D1%7C%40%7Cfsap%3D1%7C%40%7Clsat%3D3&vgd_ifrmode=00&sttm=1636386484785&upk=1636386485.674&hvsid=00001636386484772006286739413192&verid=3121199&kbbq=%26sde%3D1%26adepth%3D2%26ddepth%3D1%26asn%3D9009&vgd_isiolc=1&npgv=1&pid=8PO9OT5EW&katen=1&pc=67&vgd_pgid=p1490451350t202111081548&matm=1636386485324&vgd_ltime=679&vgd_ltimesrc=2&abpl=2&tdAdd[]=nw%3DNone&tdAdd[]=nwType%3DNone&tdAdd[]=asnum%3D9009&tdAdd[]=proxy%3DNone&tdAdd[]=comp%3DNone&vgd_l3_sc=QC&vgd_l1ch=1&vgd_refdomain=t.co&vgd_katid=807619784&vgd_katbid=-21&vgd_kals=ttype%3D10002%7C%7Cpc%3D67&vgd_kasts=tstype%3D-10408%7C%7Cgbid%3D-1&vgd_altbql=sb&vgd_pdtid=1&vgd_implt=3&vgd_sbSup=1&vgd_l2wsip=170785125&vgd_nrrsf=nrr&vgd_nrrv=8478&vgd_nrrs=8478&vgd_nrrmf=4a&vgd_cntrdt=AS%7CDIV-816788371%7CDIV&vgd_x_pos=325&vgd_y_pos=2341&vgd_ren_page_h=4544&vgd_cty=MONTREAL&vgd_l1hcsd=A9%7C7476&vgd_sethcsd=N6%7C7396&vgd_cfud=200309&vgd_is_amp=0&vgd_icat=-1&vgd_spcat=-1&vgd_optout=0&vgd_l2ch=0&vgd_ect=4g&vgd_rensize=610_250&vgd_scr_h=1200&vgd_scr_w=1600&vgd_mbr=1&vgd_l1rpth=%2Fdmedianet.js&vgd_pgids=2&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F112825%2Fmalware%2Fgolang-based-worm-windows-linux.html&oRurl=http%3A%2F%2Fcdn3gsc%2Fmediamain.html%3F%26nb%3D1%26settings%3D1%26%26cc%3DCA%26isOffice%3D0%26fvips%3D0%26vi%3D1636386484777536428%26lw%3D1%26esi%3D1%26size%3D300x250%26crid%3D816788371%26vpf%3D000%26kwrf%3Dhttps%253a%252f%252ft.co%26cid%3D8CU5BD6EW%26ugd%3D4%26chost%3Dcontextual.media.net%26vif%3D1%26blacpfl%3D1%26https%3D1%26blapd%3D0%26nse%3D5%26baeFlag%3D1%26cpcd%3DRlAcVccC-RdUYIl-LjF9ag%253d%253d%26nb%3D1%26cb%3Dwindow._mNDetails.initAd%26gdpr%3D0%26pid%3D8PO9OT5EW%26requrl%3Dhttps%253a%252f%252fsecurityaffairs.co%252fwordpress%252f112825%252fmalware%252fgolang-based-worm-windows-linux.html%26%26katid%3D807619784%26katen%3D1%26katbid%3D-21&tdAdd[]=uiparams%3D%3Brend_w%3A610%3Brend_h%3A250%3Bwin_w%3A1600%3Bwin_h%3A1200%3Bkwd_scnt%3A5&vgd_crefurl=https://t.co/&vgd_end=1
Requested by
Host: contextual.media.net
URL: https://contextual.media.net/4a/nrrV8478.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.205.72.10 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-205-72-10.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
c787e9dd6dc8ea3c935f5f0f30e3b9e4a3e066b4619bb244f569883f8e318a24
Security Headers
Name Value
Strict-Transport-Security max-age=21600

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=21600
server
Apache
date
Mon, 08 Nov 2021 15:48:05 GMT
ntcoent-length
15
vary
Accept-Encoding
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
*
cache-control
max-age=0, no-cache, no-store
content-length
15
expires
Mon, 08 Nov 2021 15:48:05 GMT
log
navvy.media.net/ Frame C053 		35 B
97 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://navvy.media.net/log
Requested by
Host: contextual.media.net
URL: https://contextual.media.net/4a/nrrV8478.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.102.149.62 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
62.149.102.34.bc.googleusercontent.com
Software
Jetty(9.4.7.v20170914) /
Resource Hash
796c46ec10bc9105545f6f90d51593921b69956bd9087eb72bee83f40ad86f90

Request headers

Referer
https://securityaffairs.co/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:05 GMT
via
1.1 google
server
Jetty(9.4.7.v20170914)
content-type
image/gif
access-control-allow-origin
*
cache-control
max-age=0, no-cache,no-store
alt-svc
clear
content-length
35
expires
Mon, 08 Nov 2021 15:48:05 GMT
bql.php
lg3.media.net/ Frame B594 		15 B
216 B 		Script
General
Check archive.org
Download Go to
Full URL
https://lg3.media.net/bql.php?&vgd_l2type=setting&v=1&gdpr=0&hvsid=00001636386484790006286739412714&geo=45.50|-73.58&dlper=25&lper=100&fp=EIMN-ehR7Pps_CSyS_Yzo-2i1OixKc5bcJvKkD7oNWATQGXYvCMCRLKVdh2eukso_f6pP4e5IzyvbPnHKl9LHoAJDEvSwEvhnvfJ_srsglICsPP-T8BhmeVr0yiwnC5nJ9n_F3Fi1DA%3D&lpid=&tsid=1&q=&prv=&type=&ps=&cme=rAtACw3qPFEkX5KZshQSlmtrO8hYYfKTVFCu4GksAB4fAJTcbgeIhuLqPAHhRBv06W-ta906QfR4brFv4h5APKOUq-WRW1XmDbJKUbotSXVSMTC4SrQ95s9MFlyvIdPQCVKY_TpMTmJWEnpKKM067sXNZQzinMhR6ZaVO0zYY68TUNVrbvVOtiSkInQpiutfrs9U6lUC-KavvYxaNcQe9SyfAj5XlUX98D5-BxmXFuQ%3D%7C%7CNDHRnZ9Gz3KXlI-i9OnZqQ%3D%3D%7C5gDUJdTGiJzedmq9hanWYg%3D%3D%7Cy2SqoJcE0s-9IUO1sSido6Y3VR48iOc4%7CRcpmkYFUEad4UGjcl9oeyAEaTNDbRNEIks4wTgyNZ4FJcEQB3h8DiHcXjG9zXgBwuQ-iD5hpeAGJnqqwfaxa2rBJ8DpAn-oVHvtLs36MZgRQv3XJnx3Jdw%3D%3D%7CN7fu2vKt8_s%3D%7C6F9phpIEW_vg-aNZ28anmfYLZ9q4IZyoq6EUPCOQN1s64TfATaRbP4Umo1V968jOdk2jtbd_AITwaxhf0SaK4sZU0r2rD_CjdkMiNXb-nmC1CSBvvfwq9bmRIWIM8FFVuVzfpx8AnHmYNCzbLD0T9Ify3F6g2uTKeto32A_rKGqRDcih6CvursidqiHg9ZC6edV5fpRlt-C18rnTYjLE-g%3D%3D%7C&hint=&td=&cc=CA&wsip=170721371&bca=0&ugd=4&vgd_chost=contextual.media.net&vgd_fcic=1&vgde_kbbh=fuoyxQBuG&vgde_setid=Nfu&&rc=0&ksu=207&oref=https%3A%2F%2Ft.co&fdkt=232&kwd[]=Big%20Data%20Trends%20for%202021&kwt[]=232&kbc[]=e824e04e23680a67a8f7c3c119c78baa.d2s&kwp[]=1&kid[]=330153821&kbc2[]=0%7C%7Crpc%3D0.15%7C%7Clvl%3D1.00&ktd[]=274894749696&kwd[]=Best%20Antivirus%20Software%20of%202021&kwt[]=232&kbc[]=e824e04e23680a67a8f7c3c119c78baa.d2s&kwp[]=2&kid[]=330153303&kbc2[]=0%7C%7Crpc%3D1.13%7C%7Clvl%3D2.13&ktd[]=274894749696&kwd[]=Best%20Antivirus%20Internet%20Protection&kwt[]=232&kbc[]=e824e04e23680a67a8f7c3c119c78baa.d2s&kwp[]=3&kid[]=324848715&kbc2[]=0%7C%7Crpc%3D1.64%7C%7Clvl%3D1.00&ktd[]=274911526912&kwd[]=10%20Top%20Rated%20VPN&kwt[]=232&kbc[]=e824e04e23680a67a8f7c3c119c78baa.d2s&kwp[]=4&kid[]=329969288&kbc2[]=0%7C%7Crpc%3D0.91%7C%7Clvl%3D1.29&ktd[]=274894749696&kwd[]=Refinance%20Home%20Mortgage%20Rates&kwt[]=232&kbc[]=e824e04e23680a67a8f7c3c119c78baa.d2s&kwp[]=5&kid[]=24069650&kbc2[]=0%7C%7Crpc%3D1.57%7C%7Clvl%3D1.00&ktd[]=274911526912&rand=1636386485354&cid=8CU5BD6EW&vwid=1636386484245624938&vi=1636386484245624938&l3ch=0&slnkp=no&tdAdd[]=ib=0&vgd_uspa=0&vgd_sc=QC&vgd_l1rakh=1636386484160257449&vgd_l1rhst=contextual.media.net&vgd_lhl=998&tdAdd[]=%7C%40%7Csde%3D1%7C%40%7Cadepth%3D1%7C%40%7Cddepth%3D1%7C%40%7Cfsap%3D1%7C%40%7Clsat%3D3&vgd_ifrmode=00&sttm=1636386484790&upk=1636386485.674&hvsid=00001636386484790006286739412714&verid=3121199&kbbq=%26sde%3D1%26adepth%3D1%26ddepth%3D1%26asn%3D9009&vgd_isiolc=1&npgv=1&pid=8PO9OT5EW&katen=1&pc=9&vgd_pgid=p1490451350t202111081548&matm=1636386485357&vgd_ltime=685&vgd_ltimesrc=2&abpl=2&tdAdd[]=nw%3DNone&tdAdd[]=nwType%3DNone&tdAdd[]=asnum%3D9009&tdAdd[]=proxy%3DNone&tdAdd[]=comp%3DNone&vgd_l3_sc=QC&vgd_l1ch=1&vgd_refdomain=t.co&vgd_katid=801338178&vgd_katbid=-21&vgd_kals=ttype%3D10002%7C%7Cpc%3D9&vgd_kasts=tstype%3D-10408%7C%7Cgbid%3D-1&vgd_altbql=sb&vgd_pdtid=1&vgd_implt=3&vgd_sbSup=1&vgd_l2wsip=170721402&vgd_nrrsf=nrr&vgd_nrrv=8478&vgd_nrrs=8478&vgd_nrrmf=4a&vgd_cntrdt=AS%7CDIV-184323154%7CDIV&vgd_x_pos=980&vgd_y_pos=413&vgd_ren_page_h=4544&vgd_cty=MONTREAL&vgd_l1hcsd=A9%7C7476&vgd_sethcsd=N6%7C7396&vgd_cfud=200309&vgd_is_amp=0&vgd_icat=-1&vgd_spcat=-1&vgd_optout=0&vgd_l2ch=0&vgd_ect=4g&vgd_rensize=300_250&vgd_scr_h=1200&vgd_scr_w=1600&vgd_mbr=1&vgd_l1rpth=%2Fdmedianet.js&vgd_pgids=2&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F112825%2Fmalware%2Fgolang-based-worm-windows-linux.html&oRurl=http%3A%2F%2Fcdn3gor%2Fmediamain.html%3F%26nb%3D1%26settings%3D1%26%26cc%3DCA%26isOffice%3D0%26fvips%3D0%26vi%3D1636386484245624938%26lw%3D1%26esi%3D1%26size%3D300x250%26crid%3D184323154%26vpf%3D000%26kwrf%3Dhttps%253a%252f%252ft.co%26cid%3D8CU5BD6EW%26ugd%3D4%26chost%3Dcontextual.media.net%26vif%3D1%26blacpfl%3D1%26https%3D1%26blapd%3D0%26nse%3D5%26baeFlag%3D1%26cpcd%3DRlAcVccC-RdUYIl-LjF9ag%253d%253d%26nb%3D1%26cb%3Dwindow._mNDetails.initAd%26gdpr%3D0%26pid%3D8PO9OT5EW%26requrl%3Dhttps%253a%252f%252fsecurityaffairs.co%252fwordpress%252f112825%252fmalware%252fgolang-based-worm-windows-linux.html%26%26katid%3D801338178%26katen%3D1%26katbid%3D-21&tdAdd[]=uiparams%3D%3Brend_w%3A300%3Brend_h%3A250%3Bwin_w%3A1600%3Bwin_h%3A1200%3Bkwd_scnt%3A5&vgd_crefurl=https://t.co/&vgd_end=1
Requested by
Host: contextual.media.net
URL: https://contextual.media.net/4a/nrrV8478.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.205.72.10 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-205-72-10.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
c787e9dd6dc8ea3c935f5f0f30e3b9e4a3e066b4619bb244f569883f8e318a24
Security Headers
Name Value
Strict-Transport-Security max-age=21600

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=21600
server
Apache
date
Mon, 08 Nov 2021 15:48:05 GMT
ntcoent-length
15
vary
Accept-Encoding
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
*
cache-control
max-age=0, no-cache, no-store
content-length
15
expires
Mon, 08 Nov 2021 15:48:05 GMT
log
navvy.media.net/ Frame B594 		35 B
97 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://navvy.media.net/log
Requested by
Host: contextual.media.net
URL: https://contextual.media.net/4a/nrrV8478.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.102.149.62 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
62.149.102.34.bc.googleusercontent.com
Software
Jetty(9.4.7.v20170914) /
Resource Hash
796c46ec10bc9105545f6f90d51593921b69956bd9087eb72bee83f40ad86f90

Request headers

Referer
https://securityaffairs.co/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:05 GMT
via
1.1 google
server
Jetty(9.4.7.v20170914)
content-type
image/gif
access-control-allow-origin
*
cache-control
max-age=0, no-cache,no-store
alt-svc
clear
content-length
35
expires
Mon, 08 Nov 2021 15:48:05 GMT
bql.php
lg3.media.net/ Frame C8CE 		15 B
216 B 		Script
General
Check archive.org
Download Go to
Full URL
https://lg3.media.net/bql.php?&vgd_l2type=setting&v=1&gdpr=0&hvsid=00001636386484772006286739413192&geo=45.50|-73.58&dlper=25&lper=100&fp=nUk68iMZrfa9ZC9t8LGdlqJ1ViLsmJq304IiFmEAdnQzWB4Vk_zchAUo5RUZLNL39J3hoXhQ31IhmhZUfHRTUAWhs-q0Qy1rWMG9DqvbPSf8TyzevDW5ozM2DhdDYvfk&lpid=&tsid=1&q=&prv=&type=&ps=&cme=-qkzMpzS_SLH-5qLTg6UZEN0wchIRxmzx41kbWb7YPklRzvHB6sS_MEnaCuKbjyHLC9InR4yOO9uYR0yszKwdLsKse64QKyMT4deP4CphC9p8uP7js28Si8TYdLpIQwegXuL5_Ap2DV6BImgQP3rH_JR07BO_WlAwetkPR1JYhzd343VFshb_tnGZH3DBoJcrqdeVx8QVKxPnz4K9iXIUjoHFNKPqKcZABS9AFZCz4w%3D%7C%7CNDHRnZ9Gz3KXlI-i9OnZqQ%3D%3D%7C5gDUJdTGiJzedmq9hanWYg%3D%3D%7Cy2SqoJcE0s-9IUO1sSido6Y3VR48iOc4%7CRcpmkYFUEad4UGjcl9oeyAEaTNDbRNEIks4wTgyNZ4FJcEQB3h8DiHcXjG9zXgBwuQ-iD5hpeAGJnqqwfaxa2rBJ8DpAn-oVHvtLs36MZgRQv3XJnx3Jdw%3D%3D%7CN7fu2vKt8_s%3D%7CKHgfGqzILLGjt-taSMAk3Wo9A5j0ER2C7Z3bLzhEPWfdiduXNsYfmmX1XhIKHx4_jUkADi51lvrsOK4ooi7udUAxGBVS4ECcB94HWaUiytOEchG7_thr1lcxLpY67_xXDVsVIOIjkhW3nYiL8DITk8nwHPtbOHkCWAaA4BbZT6tDHpXXS5mOVtfsbiUeadr9PQ_L0iWD_DPhrZEnFXCBeU6dX2RsgbuH%7C&hint=&td=&cc=CA&wsip=170785125&bca=0&ugd=4&vgd_chost=contextual.media.net&vgd_fcic=1&vgde_kbbh=ffoyxQJuO&vgde_setid=Nff&&rc=0&ksu=207&oref=https%3A%2F%2Ft.co&fdkt=232&kwd[]=Network%20Vulnerability%20Scanner&kwt[]=232&kbc[]=e824e04e23680a67a8f7c3c119c78baa.d2s&kwp[]=1&kid[]=20332811&kbc2[]=0%7C%7Cps%3D0.953%7C%7Crpc%3D0.49%7C%7Clvl%3D1.00&ktd[]=274895077632&kwd[]=Internet%20Malware%20Security%20Protection%20Endpoint%20Softwares&kwt[]=232&kbc[]=e824e04e23680a67a8f7c3c119c78baa.d2s&kwp[]=2&kid[]=330036340&kbc2[]=0%7C%7Cps%3D0.953%7C%7Crpc%3D0.74%7C%7Clvl%3D1.00&ktd[]=274895077632&kwd[]=Big%20Data%20Trends%20for%202021&kwt[]=232&kbc[]=e824e04e23680a67a8f7c3c119c78baa.d2s&kwp[]=3&kid[]=330153821&kbc2[]=0%7C%7Cps%3D0.953%7C%7Crpc%3D0.15%7C%7Clvl%3D1.00&ktd[]=274895077632&kwd[]=Free%20Malware%20Removing%20Tools&kwt[]=232&kbc[]=e824e04e23680a67a8f7c3c119c78baa.d2s&kwp[]=4&kid[]=329768009&kbc2[]=0%7C%7Cps%3D0.953%7C%7Crpc%3D0.01%7C%7Clvl%3D1.00&ktd[]=1126174801920256&kwd[]=10%20Best%20Computer%20Security%20Tools&kwt[]=232&kbc[]=e824e04e23680a67a8f7c3c119c78baa.d2s&kwp[]=5&kid[]=329829519&kbc2[]=0%7C%7Cps%3D0.953%7C%7Crpc%3D1.90%7C%7Clvl%3D1.00&ktd[]=274895077632&rand=1636386485388&cid=8CU5BD6EW&vwid=1636386484338537045&vi=1636386484338537045&l3ch=0&slnkp=no&tdAdd[]=ib=0&vgd_uspa=0&vgd_sc=QC&vgd_l1rakh=1636386484160257449&vgd_l1rhst=contextual.media.net&vgd_lhl=993&tdAdd[]=%7C%40%7Csde%3D1%7C%40%7Cadepth%3D1%7C%40%7Cddepth%3D1%7C%40%7Cfsap%3D1%7C%40%7Clsat%3D3&vgd_ifrmode=00&sttm=1636386484772&upk=1636386485.674&hvsid=00001636386484772006286739413192&verid=3121199&kbbq=%26sde%3D1%26adepth%3D1%26ddepth%3D1%26asn%3D9009&vgd_isiolc=1&pid=8PO9OT5EW&katen=1&pc=67&vgd_pgid=p1490451350t202111081548&matm=1636386485391&vgd_ltime=724&vgd_ltimesrc=2&abpl=2&tdAdd[]=nw%3DNone&tdAdd[]=nwType%3DNone&tdAdd[]=asnum%3D9009&tdAdd[]=proxy%3DNone&tdAdd[]=comp%3DNone&vgd_l3_sc=QC&vgd_l1ch=1&vgd_refdomain=t.co&vgd_katid=807619784&vgd_katbid=-21&vgd_kals=ttype%3D10002%7C%7Cpc%3D67&vgd_kasts=tstype%3D-10408%7C%7Cgbid%3D-1&vgd_altbql=sb&vgd_pdtid=1&vgd_implt=3&vgd_sbSup=1&vgd_l2wsip=170785125&vgd_nrrsf=nrr&vgd_nrrv=8478&vgd_nrrs=8478&vgd_nrrmf=4a&vgd_cntrdt=AS%7CDIV-816788371%7CDIV&vgd_x_pos=325&vgd_y_pos=2598&vgd_ren_page_h=4544&vgd_cty=MONTREAL&vgd_l1hcsd=A9%7C7476&vgd_sethcsd=N6%7C7396&vgd_cfud=200309&vgd_is_amp=0&vgd_icat=-1&vgd_spcat=-1&vgd_optout=0&vgd_l2ch=1&vgd_ect=4g&vgd_rensize=610_250&vgd_scr_h=1200&vgd_scr_w=1600&vgd_mbr=1&vgd_l1rpth=%2Fdmedianet.js&vgd_pgids=1&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F112825%2Fmalware%2Fgolang-based-worm-windows-linux.html&oRurl=http%3A%2F%2Fcdn3gsc%2Fmediamain.html%3F%26nb%3D1%26settings%3D1%26%26cc%3DCA%26isOffice%3D0%26fvips%3D0%26vi%3D1636386484338537045%26lw%3D1%26esi%3D1%26size%3D300x250%26crid%3D816788371%26vpf%3D000%26kwrf%3Dhttps%253a%252f%252ft.co%26cid%3D8CU5BD6EW%26ugd%3D4%26chost%3Dcontextual.media.net%26vif%3D1%26blacpfl%3D1%26https%3D1%26blapd%3D0%26nse%3D5%26baeFlag%3D1%26cpcd%3DRlAcVccC-RdUYIl-LjF9ag%253d%253d%26nb%3D1%26cb%3Dwindow._mNDetails.initAd%26gdpr%3D0%26pid%3D8PO9OT5EW%26requrl%3Dhttps%253a%252f%252fsecurityaffairs.co%252fwordpress%252f112825%252fmalware%252fgolang-based-worm-windows-linux.html%26%26katid%3D807619784%26katen%3D1%26katbid%3D-21&tdAdd[]=uiparams%3D%3Brend_w%3A610%3Brend_h%3A250%3Bwin_w%3A1600%3Bwin_h%3A1200%3Bkwd_scnt%3A5&vgd_crefurl=https://t.co/&vgd_end=1
Requested by
Host: contextual.media.net
URL: https://contextual.media.net/4a/nrrV8478.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.205.72.10 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-205-72-10.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
c787e9dd6dc8ea3c935f5f0f30e3b9e4a3e066b4619bb244f569883f8e318a24
Security Headers
Name Value
Strict-Transport-Security max-age=21600

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=21600
server
Apache
date
Mon, 08 Nov 2021 15:48:05 GMT
ntcoent-length
15
vary
Accept-Encoding
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
*
cache-control
max-age=0, no-cache, no-store
content-length
15
expires
Mon, 08 Nov 2021 15:48:05 GMT
log
navvy.media.net/ Frame C8CE 		35 B
97 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://navvy.media.net/log
Requested by
Host: contextual.media.net
URL: https://contextual.media.net/4a/nrrV8478.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.102.149.62 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
62.149.102.34.bc.googleusercontent.com
Software
Jetty(9.4.7.v20170914) /
Resource Hash
796c46ec10bc9105545f6f90d51593921b69956bd9087eb72bee83f40ad86f90

Request headers

Referer
https://securityaffairs.co/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:05 GMT
via
1.1 google
server
Jetty(9.4.7.v20170914)
content-type
image/gif
access-control-allow-origin
*
cache-control
max-age=0, no-cache,no-store
alt-svc
clear
content-length
35
expires
Mon, 08 Nov 2021 15:48:05 GMT
ptmd
dt.clnmde.com/ 		70 B
330 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dt.clnmde.com/ptmd?t=16363864849763280910398_N4IgxgbiBcLAOiANgezAQyQfQM4BcUAndAcwFNFpEAWAZgEYMBOMgBgFprX0Ajd++mTDseYRu1a0ArAIDssptQAmYAGaIANIhxkcOAJYoAdrgLFylGg2ZtO3PgKEixwyTPrzFK9SC3gUKADW+mRYSuh46JYgdIzoLBxcvPyCwqLibnIKymqIAL6+ICR4qjAA2qwaldVVALoaRXg45TWV9HUN+M3QFVV91fUgQngAtjAgtLLUhWQAHuOshThgKOP0AGy0mwAc69Tb1Fjb9EwATFKs66yn2zdLK6XQ7SDLKHhrmzt7B0cn55fXW7bI48U6sbayHj0a5gFi0MhSVSqMhKRj0aiybYo7Y8TH3N6PZ6vPBKD5bWi7faHY5nC5XG43LCndAeVQ8VgnVTobbbSSqMBgWTrdB0WRgdZY06naT4kmEhpkQLocaxGyJewpJxMeiqdb8JRgpThVhSJhMMAzQI8GDPSDdOCIVAYbD4IikCgwKxxBJ2ZKOYTa3X6w3G03mzTaXQGYymN0WT0xazxWxJBypdiBvX0A2sI3oE1msAR-xBEJhCJRBOq5Pqv3pzPB3Ohwv5Qr6KDQVgAOiknUieAArt0ykwNNKNCdBgAvZVPBoABxI4ygCqMHZA88KJAAFmSvlSmELaDdWNrJExtoUmmtqKcL6wputzlJLw0IPb1l3u9RqPRCpgYFoBp+RgfgFTwfQ9wpb5pj7JdO06QIoMpH4aX+ekgRmfRN1gSYu3oMEuzBKR8OoJhCggMhCHGedCBQUkFQHWdngHSCEKGCAkHKUAjHQEYyHGHh9CNKisGEwpwkiGBQCEkTCDE0loCMAckCQN99AU5CYNoCkpEmVhqCkEA8jyDQeL4gTYFkpRRPEhpJNnGThJs+TxKUlS1JACANLckANnJFDb0Mp8yIpYzTPM-jBOc2yGJABzpJAazYpgZTVPUzTYH8-cDnkWQ9L2O4TLMkBeKiqyYtcuKEugJy5MytLPO8zK-M+aCqXJIUpHkU5wsGed33KQYcCQfAtIPdZyIaJB5S8nzFNagLtM2LqesKMAhzwFrtgAYQAVSkAAhAARdYAFEAHUtwtJ42pQqQLlkBoAEdLOeVQ2NYPIgA
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.211.217.109 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-18-211-217-109.compute-1.amazonaws.com
Software
/ Express
Resource Hash
c414cd0e204de974f73753c7e28d7638e7b3691bb8b1a2bab6b25bb7fed7ce77

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

access-control-allow-origin
*
date
Mon, 08 Nov 2021 15:48:05 GMT
x-powered-by
Express
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Bafp-Eg, Bafp-Ec, Bafp-Eg-T, Bafp-Ec-T
access-control-max-age
1800
access-control-allow-methods
GET,PUT,POST,DELETE,OPTIONS
content-type
image/gif
show_ads.js
pagead2.googlesyndication.com/pagead/ Frame E33F 		0
0
tracking.php
served-by.pixfuture.com/www/headerbid/library/tracking/ 		0
309 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://served-by.pixfuture.com/www/headerbid/library/tracking/tracking.php
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://securityaffairs.co/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:05 GMT
server
nginx/1.10.3 (Ubuntu)
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
cache-control
max-age=172800
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
expires
Wed, 10 Nov 2021 15:48:05 GMT
show_ads.js
pagead2.googlesyndication.com/pagead/ Frame 991D 		112 KB
40 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/show_ads.js
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81c::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
f17507fde883e1ea7e0fe20d36e491f202e92bf940a5030e7b3b35b07a62b711
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:05 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
40401
x-xss-protection
0
server
cafe
etag
2266192958071205390
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Mon, 08 Nov 2021 15:48:05 GMT
tracking.php
served-by.pixfuture.com/www/headerbid/library/tracking/ 		0
309 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://served-by.pixfuture.com/www/headerbid/library/tracking/tracking.php
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://securityaffairs.co/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:05 GMT
server
nginx/1.10.3 (Ubuntu)
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
cache-control
max-age=172800
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
expires
Wed, 10 Nov 2021 15:48:05 GMT
um
u-iad04.e-planning.net/ Frame A012
Redirect Chain
  • https://pixel.sitescout.com/dmp/pixelSync?network=EPLANNING&rurl=https%3A%2F%2Fu-iad04.e-planning.net%2Fum%3Fuid%3D%7BUSER_ID%7D%26dc%3D0abbcb4eba840e59%26fi%3Da925008edff725ea
  • https://pixel.sitescout.com/dmp/pixelSync?cookieQ=1&network=EPLANNING&rurl=https%3A%2F%2Fu-iad04.e-planning.net%2Fum%3Fuid%3D%7BUSER_ID%7D%26dc%3D0abbcb4eba840e59%26fi%3Da925008edff725ea
  • https://loadm.exelator.com/load/?p=204&g=700&j=r&buid=c5a8c34f-a2af-431f-bc5a-09806d7b694f-618946b5-4341&ru=https%3A%2F%2Fpixel.tapad.com%2Fidsync%2Fex%2Fpush%3Fpartner_id%3D2499%26partner_device_i...
  • https://loadm.exelator.com/load/?p=204&g=700&j=r&buid=c5a8c34f-a2af-431f-bc5a-09806d7b694f-618946b5-4341&ru=https%3A%2F%2Fpixel.tapad.com%2Fidsync%2Fex%2Fpush%3Fpartner_id%3D2499%26partner_device_i...
  • https://pixel.tapad.com/idsync/ex/push?partner_id=2499&partner_device_id=c5a8c34f-a2af-431f-bc5a-09806d7b694f-618946b5-4341&partner_url=https%3A%2F%2Fu-iad04.e-planning.net%2Fum%3Fuid%3Dc5a8c34f-a2...
  • https://pixel.tapad.com/idsync/ex/push/check?partner_id=2499&partner_device_id=c5a8c34f-a2af-431f-bc5a-09806d7b694f-618946b5-4341&partner_url=https%3A%2F%2Fu-iad04.e-planning.net%2Fum%3Fuid%3Dc5a8c...
  • https://u-iad04.e-planning.net/um?uid=c5a8c34f-a2af-431f-bc5a-09806d7b694f-618946b5-4341&dc=0abbcb4eba840e59&fi=a925008edff725ea
42 B
103 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://u-iad04.e-planning.net/um?uid=c5a8c34f-a2af-431f-bc5a-09806d7b694f-618946b5-4341&dc=0abbcb4eba840e59&fi=a925008edff725ea
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
H2
Server
172.98.26.126 , United States, ASN399668 (E-PLANNING-, US),
Reverse DNS
ads.us.e-planning.net
Software
openresty /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ads.us.e-planning.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:06 GMT
server
openresty
content-type
image/gif

Redirect headers

location
https://u-iad04.e-planning.net/um?uid=c5a8c34f-a2af-431f-bc5a-09806d7b694f-618946b5-4341&dc=0abbcb4eba840e59&fi=a925008edff725ea
date
Mon, 08 Nov 2021 15:48:06 GMT
via
1.1 google
alt-svc
clear
content-length
0
strict-transport-security
max-age=31536000
p3p
policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
um
sync.e-planning.net/ Frame A012
Redirect Chain
  • https://sync.1rx.io/usersync2/eplanning
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=4824082051
  • https://sync.1rx.io/usersync/tradedesk/bef21cd7-0fed-4f87-bc0f-da97b65f7cb9
  • https://sync.targeting.unrulymedia.com/csync/RX-af56c6db-498f-42fc-9369-e44a2dbc1924-005?redir=https%3A%2F%2Fsync.e-planning.net%2Fum%3Fuid%3DRX-af56c6db-498f-42fc-9369-e44a2dbc1924-005%26dc%3D1079...
  • https://sync.e-planning.net/um?uid=RX-af56c6db-498f-42fc-9369-e44a2dbc1924-005&dc=1079cc634ca638f8&iss=1
42 B
103 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.e-planning.net/um?uid=RX-af56c6db-498f-42fc-9369-e44a2dbc1924-005&dc=1079cc634ca638f8&iss=1
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
H2
Server
172.98.26.125 , United States, ASN399668 (E-PLANNING-, US),
Reverse DNS
ads.us.e-planning.net
Software
openresty /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ads.us.e-planning.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:06 GMT
server
openresty
content-type
image/gif

Redirect headers

Date
Mon, 08 Nov 2021 15:48:05 GMT
Server
Tengine
ETag
RXaf56c6db498f42fc9369e44a2dbc1924005
Transfer-Encoding
chunked
P3P
CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
Location
https://sync.e-planning.net/um?uid=RX-af56c6db-498f-42fc-9369-e44a2dbc1924-005&dc=1079cc634ca638f8&iss=1
Connection
keep-alive
Content-Type
text/html
dataxpand_28122020.js
s.e-planning.net/esb/4/1/3fb8/8a4272ba9ae263fe/ Frame A012 		39 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s.e-planning.net/esb/4/1/3fb8/8a4272ba9ae263fe/dataxpand_28122020.js
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
172.98.26.121 , United States, ASN399668 (E-PLANNING-, US),
Reverse DNS
s.e-planning.net
Software
openresty /
Resource Hash
792e8d90eda8320b9bad0aa1aa9b98cb609ac3a72a642e6d370f40131c88ebe4

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ads.us.e-planning.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:05 GMT
content-encoding
gzip
last-modified
Mon, 28 Dec 2020 16:45:03 GMT
server
openresty
etag
W/"5fea0b8f-9a72"
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
max-age=157680000
expires
Sat, 07 Nov 2026 15:48:05 GMT
retargetly_030920.js
s.e-planning.net/esb/4/1/3fb8/7bb4893a30d21aef/ Frame A012 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s.e-planning.net/esb/4/1/3fb8/7bb4893a30d21aef/retargetly_030920.js
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
172.98.26.121 , United States, ASN399668 (E-PLANNING-, US),
Reverse DNS
s.e-planning.net
Software
openresty /
Resource Hash
18cbfcb608af5885f7916274b60578d32006c90e8fce3d98dbcc89a646707608

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ads.us.e-planning.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:05 GMT
content-encoding
gzip
last-modified
Thu, 03 Sep 2020 18:45:03 GMT
server
openresty
etag
W/"5f5139af-857"
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
max-age=157680000
expires
Sat, 07 Nov 2026 15:48:05 GMT
um
u-iad04.e-planning.net/ Frame A012
Redirect Chain
  • https://rtb.openx.net/sync/prebid?r=https%3A%2F%2Fu-iad04.e-planning.net%2Fum%3Fdc%3Dff96d1aa62deeebd%26fi%3Da925008edff725ea%26uid%3D%24%7BUID%7D
  • https://u-iad04.e-planning.net/um?dc=ff96d1aa62deeebd&fi=a925008edff725ea&uid=8bf5fdb4-34f9-41fa-ba1f-8a2a28959897
42 B
103 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://u-iad04.e-planning.net/um?dc=ff96d1aa62deeebd&fi=a925008edff725ea&uid=8bf5fdb4-34f9-41fa-ba1f-8a2a28959897
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
H2
Server
172.98.26.126 , United States, ASN399668 (E-PLANNING-, US),
Reverse DNS
ads.us.e-planning.net
Software
openresty /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ads.us.e-planning.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:05 GMT
server
openresty
content-type
image/gif

Redirect headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:04 GMT
via
1.1 google
server
Cowboy
access-control-allow-origin
null
vary
Origin
p3p
CP="CUR ADM OUR NOR STA NID"
location
https://u-iad04.e-planning.net/um?dc=ff96d1aa62deeebd&fi=a925008edff725ea&uid=8bf5fdb4-34f9-41fa-ba1f-8a2a28959897
access-control-expose-headers
cache-control
private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-request-id
0a81veorv4tqpdu8086301udi4mvscus
ptag
a.audrte.com/ Frame A012 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://a.audrte.com/ptag?p=M1353665098
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.206.192.53 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-206-192-53.compute-1.amazonaws.com
Software
nginx/1.18.0 /
Resource Hash
e881ad0df4507d3c60cee0b4ac6e2073af52b23c16864f317b09c399bf74b423

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ads.us.e-planning.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date
Mon, 08 Nov 2021 15:48:05 GMT
Content-Encoding
gzip
Server
nginx/1.18.0
Vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Methods
POST, GET, OPTIONS
Content-Type
text/plain;charset=UTF-8
Access-Control-Allow-Origin
*
Cache-Control
no-transform, public, max-age=3600
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
1682
lotame.js
s.e-planning.net/esb/4/1/3fb8/69b1486c74a3b7dc/ Frame A012 		266 B
415 B 		Script
General
Check archive.org
Download Go to
Full URL
https://s.e-planning.net/esb/4/1/3fb8/69b1486c74a3b7dc/lotame.js
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
172.98.26.121 , United States, ASN399668 (E-PLANNING-, US),
Reverse DNS
s.e-planning.net
Software
openresty /
Resource Hash
76d1da9e9902ccf3d2983b706151d7c4f1a910c86b757fae4302ccf989c630a7

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ads.us.e-planning.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:05 GMT
content-encoding
gzip
last-modified
Thu, 19 Nov 2020 16:18:03 GMT
server
openresty
etag
W/"5fb69abb-10a"
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
max-age=157680000
expires
Sat, 07 Nov 2026 15:48:05 GMT
um
u-iad04.e-planning.net/ Frame A012
Redirect Chain
  • https://prebid-match.dotomi.com/match/bounce/current?networkId=72582&version=1&rurl=https%3A%2F%2Fu-iad04.e-planning.net%2Fum%3Fdc%3Dfbb23d0ef33aad5d%26fi%3Da925008edff725ea%26uid%3D
  • https://prebid-match.dotomi.com/match/bounce/current?DotomiTest=7426990e44bc122e&is_secure=true&networkId=72582&version=1&rurl=https%3A%2F%2Fu-iad04.e-planning.net%2Fum%3Fdc%3Dfbb23d0ef33aad5d%26fi...
  • https://u-iad04.e-planning.net/um?dc=fbb23d0ef33aad5d&fi=a925008edff725ea&uid=AAAGdRmRckESagNJKRDMAAAAAAA&expiration=1636472885&is_secure=true
42 B
103 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://u-iad04.e-planning.net/um?dc=fbb23d0ef33aad5d&fi=a925008edff725ea&uid=AAAGdRmRckESagNJKRDMAAAAAAA&expiration=1636472885&is_secure=true
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
H2
Server
172.98.26.126 , United States, ASN399668 (E-PLANNING-, US),
Reverse DNS
ads.us.e-planning.net
Software
openresty /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ads.us.e-planning.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:06 GMT
server
openresty
content-type
image/gif

Redirect headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:05 GMT
server
nginx
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP NID OUR STP"
location
https://u-iad04.e-planning.net/um?dc=fbb23d0ef33aad5d&fi=a925008edff725ea&uid=AAAGdRmRckESagNJKRDMAAAAAAA&expiration=1636472885&is_secure=true
cache-control
no-cache, private, max-age=0, no-store
content-length
0
expires
0
/
sync.richaudience.com/1a12a024f8f9561c49164bbaf87ed164/ Frame A012
Redirect Chain
  • https://sync.richaudience.com/f7872c90c5d3791e2b51f7edce1a0a5d/?p=25BiP9IMgN&r=https%3A%2F%2Fu-iad04.e-planning.net%2Fum%3Fuid%3D[PDID]%26dc%3Dfabfd6762b833237%26fi%3Da925008edff725ea
  • https://sync.richaudience.com/bf7c142f4339da0278e83698a02b0854/?consentString=&referrer=https%3A%2F%2Fads.us.e-planning.net%2F
  • https://sync.richaudience.com/bf7c142f4339da0278e83698a02b0854/?consentString=&referrer=https%3A%2F%2Fads.us.e-planning.net%2F&rd=1
  • https://sync.smartadserver.com/getuid?url=https%3A%2F%2Fsync.richaudience.com%2F1a12a024f8f9561c49164bbaf87ed164%2F%3Fuid%3D[sas_uid]&gdpr_consent=&nwid=2441/
  • https://sync.smartadserver.com/getuid?url=https://sync.richaudience.com/1a12a024f8f9561c49164bbaf87ed164/?uid=[sas_uid]&gdpr_consent=&nwid=2441/&cklb=1
  • https://sync.richaudience.com/1a12a024f8f9561c49164bbaf87ed164/?uid=4168224421957587973
95 B
347 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.richaudience.com/1a12a024f8f9561c49164bbaf87ed164/?uid=4168224421957587973
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
H2
Server
168.119.146.39 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.39.146.119.168.clients.your-server.de
Software
nginx/1.14.2 /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ads.us.e-planning.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:06 GMT
server
nginx/1.14.2
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
content-type
image/png

Redirect headers

location
https://sync.richaudience.com/1a12a024f8f9561c49164bbaf87ed164/?uid=4168224421957587973
pragma
no-cache
date
Mon, 08 Nov 2021 15:48:05 GMT
cache-control
no-cache,no-store
content-length
0
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
um
u-iad04.e-planning.net/ Frame A012
Redirect Chain
  • https://ib.adnxs.com/getuid?https%3A%2F%2Fu-iad04.e-planning.net%2Fum%3Fdc%3D8103fa85295fbe60%26fi%3Da925008edff725ea%26uid%3D%24UID
  • https://u-iad04.e-planning.net/um?dc=8103fa85295fbe60&fi=a925008edff725ea&uid=6624566760367890375
42 B
104 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://u-iad04.e-planning.net/um?dc=8103fa85295fbe60&fi=a925008edff725ea&uid=6624566760367890375
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
H2
Server
172.98.26.126 , United States, ASN399668 (E-PLANNING-, US),
Reverse DNS
ads.us.e-planning.net
Software
openresty /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ads.us.e-planning.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:05 GMT
server
openresty
content-type
image/gif

Redirect headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:05 GMT
X-Proxy-Origin
37.120.205.149; 37.120.205.149; 803.bm-nginx-loadbalancer.mgmt.nym2; adnxs.com
AN-X-Request-Uuid
f2b6d801-085c-4290-bd6f-801d9ee4342d
Server
nginx/1.17.9
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://u-iad04.e-planning.net/um?dc=8103fa85295fbe60&fi=a925008edff725ea&uid=6624566760367890375
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
um
u-iad04.e-planning.net/ Frame A012
Redirect Chain
  • https://sync.go.sonobi.com/us?loc=%0A%0Ahttps%3A%2F%2Fu-iad04.e-planning.net%2Fum%3Fdc%3De52415579699e09f%26fi%3Da925008edff725ea%26uid%3D%5BUID%5D
  • https://u-iad04.e-planning.net/um?dc=e52415579699e09f&fi=a925008edff725ea&uid=f3bb0ca7-bd05-4942-8f6c-d6a9657e2b3f
42 B
103 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://u-iad04.e-planning.net/um?dc=e52415579699e09f&fi=a925008edff725ea&uid=f3bb0ca7-bd05-4942-8f6c-d6a9657e2b3f
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
H2
Server
172.98.26.126 , United States, ASN399668 (E-PLANNING-, US),
Reverse DNS
ads.us.e-planning.net
Software
openresty /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ads.us.e-planning.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:05 GMT
server
openresty
content-type
image/gif

Redirect headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:05 GMT
Server
sonobi-go
Vary
negotiate,Accept-Encoding
X-Go-Server
go-iad-2-5-36
P3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Location
https://u-iad04.e-planning.net/um?dc=e52415579699e09f&fi=a925008edff725ea&uid=f3bb0ca7-bd05-4942-8f6c-d6a9657e2b3f
Cache-Control
no-cache, no-store, private
Tcn
Choice
Content-Type
text/plain; charset=utf8
Content-Length
0
X-Xss-Protection
0
Expires
Sat, 26 Jul 1997 05:00:00 GMT
um
sync.e-planning.net/ Frame A012
Redirect Chain
  • https://ups.analytics.yahoo.com/ups/58414/occ
  • https://sync.e-planning.net/um?dc=d5ef3eaea371187e&iss=1&uid=y-DWGe3ZRE2uE9W5WwSA1PSFfWghO6_q_I9VNM3fQ-~A
42 B
104 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.e-planning.net/um?dc=d5ef3eaea371187e&iss=1&uid=y-DWGe3ZRE2uE9W5WwSA1PSFfWghO6_q_I9VNM3fQ-~A
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
H2
Server
172.98.26.125 , United States, ASN399668 (E-PLANNING-, US),
Reverse DNS
ads.us.e-planning.net
Software
openresty /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ads.us.e-planning.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:05 GMT
server
openresty
content-type
image/gif

Redirect headers

location
https://sync.e-planning.net/um?dc=d5ef3eaea371187e&iss=1&uid=y-DWGe3ZRE2uE9W5WwSA1PSFfWghO6_q_I9VNM3fQ-~A
date
Mon, 08 Nov 2021 15:48:05 GMT
server
ATS/9.1.0.33
age
0
content-length
0
strict-transport-security
max-age=31536000
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
um
u-iad04.e-planning.net/ Frame A012
Redirect Chain
  • https://cs.admanmedia.com/sync/eplanning?redir=https%3A%2F%2Fu-iad04.e-planning.net%2Fum%3Fdc%3D227acb3d18564968%26fi%3Da925008edff725ea%26uid%3D%7B%24UID%7D
  • https://u-iad04.e-planning.net/um?dc=227acb3d18564968&fi=a925008edff725ea&uid=8b9c57a28a641e890a1326df957fbbd9dbdd5e73
42 B
103 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://u-iad04.e-planning.net/um?dc=227acb3d18564968&fi=a925008edff725ea&uid=8b9c57a28a641e890a1326df957fbbd9dbdd5e73
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
H2
Server
172.98.26.126 , United States, ASN399668 (E-PLANNING-, US),
Reverse DNS
ads.us.e-planning.net
Software
openresty /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ads.us.e-planning.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:06 GMT
server
openresty
content-type
image/gif

Redirect headers

Location
https://u-iad04.e-planning.net/um?dc=227acb3d18564968&fi=a925008edff725ea&uid=8b9c57a28a641e890a1326df957fbbd9dbdd5e73
Date
Mon, 08 Nov 2021 15:48:05 GMT
Transfer-Encoding
chunked
Server
nginx
Connection
keep-alive
X-Frame-Options
DENY
Strict-Transport-Security
max-age=63072000; includeSubdomains; preload
usync.html
eus.rubiconproject.com/ Frame B8BF
Redirect Chain
  • https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?&p=eplanning_east&endpoint=us-east
  • https://eus.rubiconproject.com/usync.html?&p=eplanning_east&endpoint=us-east
281 B
554 B 		Document
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.html?&p=eplanning_east&endpoint=us-east
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.73.244.44 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-73-244-44.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://ads.us.e-planning.net/

Response headers

Server
Apache/2.2.15 (CentOS)
Last-Modified
Tue, 26 Oct 2021 17:01:05 GMT
ETag
"40334-119-5cf446c48f640"
Accept-Ranges
bytes
Content-Encoding
gzip
Content-Length
233
Content-Type
text/html; charset=UTF-8
Date
Mon, 08 Nov 2021 15:48:05 GMT
Connection
keep-alive
Vary
Accept-Encoding

Redirect headers

Server
AkamaiGHost
Content-Length
0
Location
https://eus.rubiconproject.com/usync.html?&p=eplanning_east&endpoint=us-east
Date
Mon, 08 Nov 2021 15:48:05 GMT
Connection
keep-alive
Access-Control-Allow-Credentials
true
Access-Control-Allow-Origin
*
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame E629 		14 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-iad04.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3Da925008edff725ea%26uid%3D
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
184.29.128.213 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-29-128-213.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
2295c7a89c8ac4a19e2641283109be472d8f58bd78e42a38a0d16e34203e4bba

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://ads.us.e-planning.net/

Response headers

last-modified
Tue, 15 Jun 2021 06:08:03 GMT
etag
"1300708-3945-5c4c7cc02bd56"
server
Apache/2.2.15 (CentOS)
accept-ranges
bytes
content-encoding
gzip
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length
5054
content-type
text/html; charset=UTF-8
cache-control
max-age=124974
expires
Wed, 10 Nov 2021 02:30:59 GMT
date
Mon, 08 Nov 2021 15:48:05 GMT
vary
Accept-Encoding
show_ads.js
pagead2.googlesyndication.com/pagead/ Frame 142B 		112 KB
40 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/show_ads.js
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81c::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
f17507fde883e1ea7e0fe20d36e491f202e92bf940a5030e7b3b35b07a62b711
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:05 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
40401
x-xss-protection
0
server
cafe
etag
2266192958071205390
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Mon, 08 Nov 2021 15:48:05 GMT
tracking.php
served-by.pixfuture.com/www/headerbid/library/tracking/ 		0
309 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://served-by.pixfuture.com/www/headerbid/library/tracking/tracking.php
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://securityaffairs.co/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:05 GMT
server
nginx/1.10.3 (Ubuntu)
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
cache-control
max-age=172800
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
expires
Wed, 10 Nov 2021 15:48:05 GMT
show_ads.js
pagead2.googlesyndication.com/pagead/ Frame 8146 		112 KB
40 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/show_ads.js
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81c::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
f17507fde883e1ea7e0fe20d36e491f202e92bf940a5030e7b3b35b07a62b711
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:05 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
40401
x-xss-protection
0
server
cafe
etag
2266192958071205390
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Mon, 08 Nov 2021 15:48:05 GMT
tracking.php
served-by.pixfuture.com/www/headerbid/library/tracking/ 		0
309 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://served-by.pixfuture.com/www/headerbid/library/tracking/tracking.php
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://securityaffairs.co/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:05 GMT
server
nginx/1.10.3 (Ubuntu)
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
cache-control
max-age=172800
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
expires
Wed, 10 Nov 2021 15:48:05 GMT
PugMaster
image6.pubmatic.com/AdServer/ Frame E629 		5 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=93510887&p=156631&s=0&a=0&ptask=ALL&np=0&fp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-iad04.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3Da925008edff725ea%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
8.28.7.81 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
3cd5077a3d52017f278b54a7612c075ea3322f57c352c469e73a4bb7c41f8822

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:05 GMT
content-type
text/html; charset=UTF-8
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
usermatch
ssum.casalemedia.com/ Frame 725F
Redirect Chain
  • https://ssum.casalemedia.com/usermatch?s=190243&cb=https%3A%2F%2Fu-iad04.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3Da925008edff725ea%26uid%3D
  • https://ssum.casalemedia.com/usermatch?cb=https%3A%2F%2Fu-iad04.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3Da925008edff725ea%26uid%3D&s=190243&C=1
1 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ssum.casalemedia.com/usermatch?cb=https%3A%2F%2Fu-iad04.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3Da925008edff725ea%26uid%3D&s=190243&C=1
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
184.29.129.7 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-29-129-7.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
e98bc0fd53abc85dcdb9da6be552c09e4874a8b8c5e7a999aaa791a001ca746f

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://ads.us.e-planning.net/

Response headers

Server
Apache
Content-Type
text/html
Dropped-Udsids
241|230|45|39|5|57|46|8
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Vary
Is-Traffic-Usersync
Content-Length
1530
Expires
Mon, 08 Nov 2021 15:48:05 GMT
Cache-Control
max-age=0, no-cache, no-store
Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:05 GMT
Connection
keep-alive

Redirect headers

Server
Apache
Content-Length
345
Content-Type
text/html; charset=iso-8859-1
Location
https://ssum.casalemedia.com/usermatch?cb=https%3A%2F%2Fu-iad04.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3Da925008edff725ea%26uid%3D&s=190243&C=1
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Expires
Mon, 08 Nov 2021 15:48:05 GMT
Cache-Control
max-age=0, no-cache, no-store
Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:05 GMT
Connection
keep-alive
loader
api.retargetly.com/ Frame A012 		11 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://api.retargetly.com/loader?id=1473
Requested by
Host: s.e-planning.net
URL: https://s.e-planning.net/esb/4/1/3fb8/7bb4893a30d21aef/retargetly_030920.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:118d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d22884064f4d7b34e4a0c7ef2767d21363923c795416100088d9d910a32a63c5

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ads.us.e-planning.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:05 GMT
content-encoding
gzip
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
cf-ray
6aaff1901ae3ecea-YUL
p3p
policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA
cache-control
public, max-age=604800
content-type
application/javascript
expires
Mon Nov 15 2021 15:48:05 GMT+0000 (UTC)
/
onetag-sys.com/usync/ Frame 060B 		2 KB
814 B 		Document
General
Check archive.org
Download Go to
Full URL
https://onetag-sys.com/usync/?pubId=5927d926323dc2c
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
51.222.239.232 , Canada, ASN16276 (OVH, FR),
Reverse DNS
ip232.ip-51-222-239.net
Software
/
Resource Hash
37a31642af0a7fe695ed0fd68a06a55af44e854d083dc7f5d0e70535f0189ae0
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://ads.us.e-planning.net/

Response headers

content-type
text/html
cache-control
no-transform, no-cache
content-encoding
gzip
content-length
731
strict-transport-security
max-age=15552000
/
spl.zeotap.com/ Frame 0A6C 		6 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:1957 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
99e3e2418d1979ef171917b4618019e5c917cbd991cbcb411a6e00016753993f

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://ads.us.e-planning.net/

Response headers

date
Mon, 08 Nov 2021 15:48:05 GMT
content-type
text/html
access-control-allow-credentials
true
access-control-allow-headers
*
access-control-allow-origin
https://ads.us.e-planning.net
vary
Origin
via
1.1 google
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
6aaff190183b7138-YUL
content-encoding
br
cc.js
tags.crwdcntrl.net/c/15238/ Frame A012 		38 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.crwdcntrl.net/c/15238/cc.js?ns=_cc15238
Requested by
Host: s.e-planning.net
URL: https://s.e-planning.net/esb/4/1/3fb8/69b1486c74a3b7dc/lotame.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.249.109.81 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-249-109-81.atl50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
1844237c138bd410bc7fcfecd38156aa58aa2968d59889386b17de5c796e3c84

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ads.us.e-planning.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

x-amz-server-side-encryption
AES256
date
Mon, 08 Nov 2021 11:23:37 GMT
content-encoding
gzip
last-modified
Thu, 02 Jul 2020 15:35:12 GMT
server
AmazonS3
age
15869
etag
W/"2b2f816f40499d384e118ce88a266e02"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/json
via
1.1 81967fd0988948662c44f29b5412bafe.cloudfront.net (CloudFront)
cache-control
max-age: 86400
x-amz-cf-pop
ATL50-C1
x-amz-cf-id
Rv0s_TjkxYzuvyAMTLOumCmo8T-4JeGz-tAQHiXZ6g5RcckW2k3iRA==
sirdata_03022021.html
s.e-planning.net/esb/4/0/1992d/bb6e7a161f794f56/ Frame 54CE 		636 B
577 B 		Document
General
Check archive.org
Download Go to
Full URL
https://s.e-planning.net/esb/4/0/1992d/bb6e7a161f794f56/sirdata_03022021.html
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
172.98.26.121 , United States, ASN399668 (E-PLANNING-, US),
Reverse DNS
s.e-planning.net
Software
openresty /
Resource Hash
14d79e2cf47df339b79d25ffc6d0136e5d2e70a96b75e6782198ea6bbda3ca0a

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://ads.us.e-planning.net/

Response headers

server
openresty
date
Mon, 08 Nov 2021 15:48:05 GMT
content-type
text/html
last-modified
Wed, 03 Feb 2021 21:18:20 GMT
etag
W/"601b131c-27c"
expires
Sat, 07 Nov 2026 15:48:05 GMT
cache-control
max-age=157680000
access-control-allow-origin
*
content-encoding
gzip
e-planning
sync.quantumdex.io/usersync/ Frame EFCC 		2 KB
957 B 		Document
General
Check archive.org
Download Go to
Full URL
https://sync.quantumdex.io/usersync/e-planning
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:397e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9b6bfc62667e9c051cc448e77549436a996616e5572ee8cbf241b610a3575fb8

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://ads.us.e-planning.net/

Response headers

date
Mon, 08 Nov 2021 15:48:05 GMT
content-type
text/html
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
6aaff1901ba6ecf2-YUL
content-encoding
gzip
setuid
prebidserver.pixfuture.com/ Frame B249 		0
516 B 		Document
General
Check archive.org
Download Go to
Full URL
https://prebidserver.pixfuture.com:8000/setuid?bidder=eplanning&gdpr=&gdpr_consent=&f=b&uid=AOltqTKsRf3LV5Jt
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
157.245.94.128 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://ads.us.e-planning.net/

Response headers

Server
nginx/1.14.0 (Ubuntu)
Date
Mon, 08 Nov 2021 15:48:05 GMT
Content-Type
text/html
Content-Length
0
Connection
keep-alive
Cache-Control
no-cache, no-store, must-revalidate
Expires
0
Pragma
no-cache
Vary
Origin
show_ads_impl_fy2019.js
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202111020101/ Frame 991D 		268 KB
96 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202111020101/show_ads_impl_fy2019.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/show_ads.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81c::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
feae1113590087853e239a32024ed804cb812031a6abdff979d137598a340e50
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:05 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
98219
x-xss-protection
0
server
cafe
etag
5617275746474595787
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=1209600
timing-allow-origin
*
expires
Mon, 08 Nov 2021 15:48:05 GMT
show_ads_impl_fy2019.js
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202111020101/ Frame 142B 		268 KB
96 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202111020101/show_ads_impl_fy2019.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/show_ads.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81c::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
feae1113590087853e239a32024ed804cb812031a6abdff979d137598a340e50
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:05 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
98219
x-xss-protection
0
server
cafe
etag
5617275746474595787
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=1209600
timing-allow-origin
*
expires
Mon, 08 Nov 2021 15:48:05 GMT
show_ads_impl_fy2019.js
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202111020101/ Frame 8146 		268 KB
96 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202111020101/show_ads_impl_fy2019.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/show_ads.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81c::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
feae1113590087853e239a32024ed804cb812031a6abdff979d137598a340e50
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:05 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
98219
x-xss-protection
0
server
cafe
etag
5617275746474595787
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=1209600
timing-allow-origin
*
expires
Mon, 08 Nov 2021 15:48:05 GMT
GS.d
js.cookieless-data.com/ Frame 54CE 		0
535 B 		Script
General
Check archive.org
Download Go to
Full URL
https://js.cookieless-data.com/GS.d?pa=24492&cmp=0&si=1&u=https%3A%2F%2Fs.e-planning.net%2Fesb%2F4%2F0%2F1992d%2Fbb6e7a161f794f56%2Fsirdata_03022021.html&r=https%3A%2F%2Fads.us.e-planning.net%2F&s=&rand=1636386485780
Requested by
Host: s.e-planning.net
URL: https://s.e-planning.net/esb/4/0/1992d/bb6e7a161f794f56/sirdata_03022021.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
212.129.3.112 , France, ASN12876 (Online SAS, FR),
Reverse DNS
212-129-3-112.rev.poneytelecom.eu
Software
nginx/1.11.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains; preload
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://s.e-planning.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:06 GMT
Server
nginx/1.11.3
Strict-Transport-Security
max-age=15724800; includeSubDomains; preload
P3p
CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
*
Cache-Control
no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
Cross-Origin-Resource-Policy
cross-origin
Connection
keep-alive
Content-Length
0
X-Xss-Protection
0
Expires
Tue, 01 Jan 2000 00:00:00 GMT
usync.js
eus.rubiconproject.com/ Frame B8BF 		32 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.js
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?&p=eplanning_east&endpoint=us-east
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.73.244.44 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-73-244-44.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash
4ac95c59a70b7c78d9dcfce05d1dcfd512e8f083d1525cf5d34ee3f57bf8e325

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://eus.rubiconproject.com/usync.html?&p=eplanning_east&endpoint=us-east
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date
Mon, 08 Nov 2021 15:48:05 GMT
Content-Encoding
gzip
Last-Modified
Wed, 03 Nov 2021 21:03:19 GMT
Server
Apache/2.2.15 (CentOS)
X-Powered-By
PHP/5.3.3
Vary
Accept-Encoding
p3p
CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control
max-age=62571
Connection
keep-alive
Content-Type
text/html; charset=UTF-8
Content-Length
9506
Expires
Tue, 09 Nov 2021 09:10:56 GMT
match
c1.adform.net/serving/cookie/ Frame 0225
Redirect Chain
  • https://c1.adform.net/serving/cookie/match?party=14&cid=909D4247-195C-4A1C-B725-510C1A2C19E4
  • https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=909D4247-195C-4A1C-B725-510C1A2C19E4
35 B
468 B 		Document
General
Check archive.org
Download Go to
Full URL
https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=909D4247-195C-4A1C-B725-510C1A2C19E4
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-iad04.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3Da925008edff725ea%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.167.164.39 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://ads.pubmatic.com/

Response headers

server
nginx
date
Mon, 08 Nov 2021 15:48:05 GMT
content-type
image/gif
cache-control
no-cache, no-store, must-revalidate, no-transform
pragma
no-cache
expires
-1
access-control-allow-credentials
true
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
access-control-allow-methods
GET
access-control-allow-origin
*
access-control-max-age
86400
strict-transport-security
max-age=31536000; includeSubDomains

Redirect headers

server
nginx
date
Mon, 08 Nov 2021 15:48:05 GMT
content-length
0
location
https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=909D4247-195C-4A1C-B725-510C1A2C19E4
cache-control
no-cache, no-store, must-revalidate, no-transform
pragma
no-cache
expires
-1
access-control-allow-credentials
true
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
access-control-allow-methods
GET
access-control-allow-origin
*
access-control-max-age
86400
strict-transport-security
max-age=31536000; includeSubDomains
Pug
simage2.pubmatic.com/AdServer/ Frame F183
Redirect Chain
  • https://sync-tm.everesttech.net/upi/pid/b9pj45k4?redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%7D%...
  • https://sync-tm.everesttech.net/ct/upi/pid/b9pj45k4?redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%...
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=YYlGtQADCzBZAQAz&gdpr=0&gdpr_consent=&_test=YYlGtQADCzBZAQAz
1 B
259 B 		Document
General
Check archive.org
Download Go to
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=YYlGtQADCzBZAQAz&gdpr=0&gdpr_consent=&_test=YYlGtQADCzBZAQAz
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-iad04.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3Da925008edff725ea%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
8.28.7.83 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://ads.pubmatic.com/

Response headers

server
nginx
date
Mon, 08 Nov 2021 15:48:06 GMT
content-type
text/html; charset=utf-8
content-length
1
x-lat
va1pug013:0:1096
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control
no-store, no-cache, private

Redirect headers

server
Varnish
retry-after
0
location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=YYlGtQADCzBZAQAz&gdpr=0&gdpr_consent=&_test=YYlGtQADCzBZAQAz
accept-ranges
bytes
date
Mon, 08 Nov 2021 15:48:05 GMT
via
1.1 varnish
x-served-by
cache-yul12822-YUL
x-cache
HIT
x-cache-hits
0
x-timer
S1636386486.921665,VS0,VE0
cache-control
no-cache
pragma
no-cache
content-length
0
adx
match.prod.bidr.io/cookie-sync/ Frame E3AC
Redirect Chain
  • https://match.prod.bidr.io/cookie-sync/pm&gdpr=0&gdpr_consent=
  • https://match.prod.bidr.io/cookie-sync/pm&gdpr=0&gdpr_consent=?_bee_ppp=1
  • https://cm.g.doubleclick.net/pixel?google_nid=beeswaxio&google_sc=&google_hm=QUFDcURrN0RFbzBBQUJrZktRUHhLUQ&bee_sync_partners=pp%2Csas%2Csyn%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&...
  • https://match.prod.bidr.io/cookie-sync/adx?bee_sync_partners=pp%2Csas%2Csyn%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&bee_sync_hop_count=1
43 B
430 B 		Document
General
Check archive.org
Download Go to
Full URL
https://match.prod.bidr.io/cookie-sync/adx?bee_sync_partners=pp%2Csas%2Csyn%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&bee_sync_hop_count=1
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-iad04.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3Da925008edff725ea%26uid%3D
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.20.77.98 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-20-77-98.compute-1.amazonaws.com
Software
nginx /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://ads.pubmatic.com/

Response headers

cache-control
no-cache, must-revalidate
content-type
image/gif
Date
Mon, 08 Nov 2021 15:48:06 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
p3p
CP="This is not a P3P policy! See https://beeswax.com/privacy for more info."
pragma
no-cache
Server
nginx
strict-transport-security
max-age=2592000; includeSubDomains
Content-Length
43
Connection
keep-alive

Redirect headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://match.prod.bidr.io/cookie-sync/adx?bee_sync_partners=pp%2Csas%2Csyn%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&bee_sync_hop_count=1
date
Mon, 08 Nov 2021 15:48:06 GMT
pragma
no-cache
expires
Fri, 01 Jan 1990 00:00:00 GMT
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
server
HTTP server (unknown)
content-length
361
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
usersync.aspx
dis.criteo.com/dis/ Frame 9500 		43 B
334 B 		Document
General
Check archive.org
Download Go to
Full URL
https://dis.criteo.com/dis/usersync.aspx?r=3&p=4&cp=pubmaticUS&cu=1&&gdpr=0&gdpr_consent=&url=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCookie=uid:@@CRITEO_USERID@@
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-iad04.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3Da925008edff725ea%26uid%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
74.119.119.150 , United States, ASN19750 (AS-CRITEO, US),
Reverse DNS
Software
Kestrel /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://ads.pubmatic.com/

Response headers

date
Mon, 08 Nov 2021 15:48:05 GMT
content-type
image/gif
server
Kestrel
cache-control
no-cache
pragma
no-cache
expires
Mon, 08 Nov 2021 00:00:00 GMT
x-errorlevel
0
p3p
CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
cross-origin-resource-policy
cross-origin
server-processing-duration-in-ticks
257182
141
match.deepintent.com/usersync/ Frame 4FC7 		0
222 B 		Document
General
Check archive.org
Download Go to
Full URL
https://match.deepintent.com/usersync/141?gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-iad04.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3Da925008edff725ea%26uid%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
38.91.45.7 , United States, ASN398989 (DEEPINTENT, US),
Reverse DNS
Software
a /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://ads.pubmatic.com/

Response headers

p3p
policyref='http://cdn.deepintent.com/p3p.xml', CP='NON CUR DEV TAI'
content-type
image/gif
content-length
0
date
Mon, 08 Nov 2021 15:48:05 GMT
server
a
Pug
simage2.pubmatic.com/AdServer/ Frame FCF3
Redirect Chain
  • https://cm.adgrx.com/bridge?AG_PID=pubmatic&AG_SETCOOKIE&gdpr=0&gdpr_consent=
  • https://cm.adgrx.com/bridge.gif?AG_PID=pubmatic&gdpr=0&gdpr_consent=
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzMDEmdGw9MTI5NjAw&piggybackCookie=439792cc-40ab-11ec-918a-3b0a3813f2a6
42 B
217 B 		Document
General
Check archive.org
Download Go to
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzMDEmdGw9MTI5NjAw&piggybackCookie=439792cc-40ab-11ec-918a-3b0a3813f2a6
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-iad04.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3Da925008edff725ea%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
8.28.7.83 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://ads.pubmatic.com/

Response headers

server
nginx
date
Mon, 08 Nov 2021 15:48:06 GMT
content-type
image/gif; charset=utf-8
content-length
42
x-lat
10:0:822
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control
no-store, no-cache, private

Redirect headers

Date
Mon, 08 Nov 2021 15:48:05 GMT
Content-Type
image/gif
Content-Length
0
Connection
keep-alive
server
Cowboy
Location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzMDEmdGw9MTI5NjAw&piggybackCookie=439792cc-40ab-11ec-918a-3b0a3813f2a6
X-RealServer-NX
lga-delivery-7
Cache-Control
no-cache, no-store, must-revalidate, proxy-revalidate
Pragma
no-cache
Expires
Thu, 23 Sep 2004 17:42:04 GMT
P3P
CP="NOI OTC OTP OUR NOR"
Access-Control-Allow-Origin
*
Pug
simage2.pubmatic.com/AdServer/ Frame 4643
Redirect Chain
  • https://pm.w55c.net/ping_match.gif?ei=PUBMATIC&rurl=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:_wfivefivec_&gdpr=0&gdpr_consent=
  • https://pm.w55c.net/ping_match.gif?scc=1&ei=PUBMATIC&rurl=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:_wfivefivec_&gdpr=0&gdpr_consent=
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:XuW5Oh981MK6Sp5&gdpr=0&gdpr_consent=
42 B
206 B 		Document
General
Check archive.org
Download Go to
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:XuW5Oh981MK6Sp5&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-iad04.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3Da925008edff725ea%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
8.28.7.83 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://ads.pubmatic.com/

Response headers

server
nginx
date
Mon, 08 Nov 2021 15:48:06 GMT
content-type
image/gif; charset=utf-8
content-length
42
x-lat
10:0:521
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control
no-store, no-cache, private

Redirect headers

Cache-Control
no-cache, must-revalidate
Date
Mon, 08 Nov 2021 15:48:05 GMT
Expires
Fri, 01 Jan 1990 00:00:00 GMT
Location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:XuW5Oh981MK6Sp5&gdpr=0&gdpr_consent=
P3P
policyref="https://cts.w55c.net/ct/p3p_policy_ref.xml", CP="UNI PUR COM INT STA OTC STP OUR CUR TAIo COR DSP NOI"
Pragma
no-cache
Server
PingMatch/v2.0.30-691-gbabbd08#rel-ec2-master i-0abd6a2c06619c796@us-east-1b@dxedge-app-us-east-1-prod-asg
Strict-Transport-Security
max-age=2592000; includeSubDomains
Content-Length
0
Connection
keep-alive
Pug
simage2.pubmatic.com/AdServer/ Frame EE28
Redirect Chain
  • https://sync.srv.stackadapt.com/sync?nid=11
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=hUTaF9LeQ2xNm_19Q3CPgCV4zZU
42 B
524 B 		Document
General
Check archive.org
Download Go to
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=hUTaF9LeQ2xNm_19Q3CPgCV4zZU
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-iad04.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3Da925008edff725ea%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
8.28.7.83 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://ads.pubmatic.com/

Response headers

server
nginx
date
Mon, 08 Nov 2021 15:48:05 GMT
content-type
image/gif; charset=utf-8
content-length
42
x-lat
10:0:440
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control
no-store, no-cache, private

Redirect headers

Content-Type
text/html; charset=utf-8
Date
Mon, 08 Nov 2021 15:48:05 GMT
Location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=hUTaF9LeQ2xNm_19Q3CPgCV4zZU
Content-Length
159
Connection
keep-alive
setuid
sync.quantumdex.io/ Frame 1262
Redirect Chain
  • https://sync.1rx.io/usersync2/pubmatic&gdpr=0&gdpr_consent=
  • https://x.bidswitch.net/sync?ssp=adconductor&user_id=RX-af56c6db-498f-42fc-9369-e44a2dbc1924-005&rndcb=4977707178
  • https://x.bidswitch.net/ul_cb/sync?ssp=adconductor&user_id=RX-af56c6db-498f-42fc-9369-e44a2dbc1924-005&rndcb=4977707178
  • https://event.clientgear.com/cookie/bidswitch?partner=bidswitch&bidswitch_ssp_id=adconductor&bsw_custom_parameter=85c87065-7ef7-4b17-88e8-8c602c265f67
  • https://x.bidswitch.net/sync?dsp_id=257&user_id=mk3b3536ea-2edf-49ca-9ae0-72ccb4dd4411&expires=7&user_group=5&ssp=adconductor&bsw_param=85c87065-7ef7-4b17-88e8-8c602c265f67
  • https://sync.1rx.io/usersync/bidswitch/85c87065-7ef7-4b17-88e8-8c602c265f67?gdpr=&gdpr_consent=
  • https://sync.targeting.unrulymedia.com/csync/RX-af56c6db-498f-42fc-9369-e44a2dbc1924-005?redir=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dunruly%26uid%3DRX-af56c6db-498f-42fc-9369-e44a2db...
  • https://sync.quantumdex.io/setuid?bidder=unruly&uid=RX-af56c6db-498f-42fc-9369-e44a2dbc1924-005
43 B
95 B 		Document
General
Check archive.org
Download Go to
Full URL
https://sync.quantumdex.io/setuid?bidder=unruly&uid=RX-af56c6db-498f-42fc-9369-e44a2dbc1924-005
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-iad04.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3Da925008edff725ea%26uid%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:397e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://ads.pubmatic.com/

Response headers

date
Mon, 08 Nov 2021 15:48:06 GMT
content-type
image/gif
content-length
43
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
6aaff1952ad4ecf2-YUL

Redirect headers

Server
Tengine
Date
Mon, 08 Nov 2021 15:48:06 GMT
Content-Type
text/html
Transfer-Encoding
chunked
Connection
keep-alive
P3P
CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
Location
https://sync.quantumdex.io/setuid?bidder=unruly&uid=RX-af56c6db-498f-42fc-9369-e44a2dbc1924-005
ETag
RXaf56c6db498f42fc9369e44a2dbc1924005
i.match
s.tribalfusion.com/z/ Frame 9778
Redirect Chain
  • https://a.tribalfusion.com/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATI...
  • https://s.tribalfusion.com/z/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMA...
43 B
452 B 		Document
General
Check archive.org
Download Go to
Full URL
https://s.tribalfusion.com/z/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID}
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-iad04.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3Da925008edff725ea%26uid%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:d05 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4f49e616d278a16d9cd55a6d5fe19c99ebd37d7d3848d14422190618b67011e0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://ads.pubmatic.com/

Response headers

date
Mon, 08 Nov 2021 15:48:06 GMT
content-type
image/gif; charset=utf-8
content-length
43
p3p
CP="NOI DEVo TAIa OUR BUS"
x-function
302
cache-control
no-cache private
expires
Thu, 01 Jan 1970 00:00:00 GMT
pragma
no-cache
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
6aaff1916db14bbf-YUL
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

Redirect headers

date
Mon, 08 Nov 2021 15:48:05 GMT
content-type
text/html
p3p
CP="NOI DEVo TAIa OUR BUS"
x-function
206
x-reuse-index
185
cache-control
no-cache private
expires
Thu, 01 Jan 1970 00:00:00 GMT
pragma
no-cache
location
https://s.tribalfusion.com/z/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID}
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
6aaff190aca94bbf-YUL
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
Pug
simage2.pubmatic.com/AdServer/ Frame 62E3
Redirect Chain
  • https://px.owneriq.net/epm?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzMmdGw9MTI5NjAw&piggybackCookie=$UID
  • https://px.owneriq.net/ecc?redir=https%3a%2f%2fsimage2.pubmatic.com%2fAdServer%2fPug%3fvcode%3dbz0yJnR5cGU9MSZjb2RlPTMwNzMmdGw9MTI5NjAw%26piggybackCookie%3dQ6896728851048605046&uid=Q689672885104860...
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzMmdGw9MTI5NjAw&piggybackCookie=Q6896728851048605046
42 B
235 B 		Document
General
Check archive.org
Download Go to
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzMmdGw9MTI5NjAw&piggybackCookie=Q6896728851048605046
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-iad04.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3Da925008edff725ea%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
8.28.7.83 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://ads.pubmatic.com/

Response headers

server
nginx
date
Mon, 08 Nov 2021 15:48:06 GMT
content-type
image/gif; charset=utf-8
content-length
42
x-lat
va1pug016:0:368
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control
no-store, no-cache, private

Redirect headers

Server
Apache/2.2.15 (CentOS)
Content-Length
154
Content-Type
text/html
Location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzMmdGw9MTI5NjAw&piggybackCookie=Q6896728851048605046
X-Powered-By
PHP/5.3.3
P3P
policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Vary
Accept-Encoding
Cache-Control
max-age=16468
Date
Mon, 08 Nov 2021 15:48:06 GMT
Connection
keep-alive
Pug
simage2.pubmatic.com/AdServer/ Frame 6AAF
Redirect Chain
  • https://ums.acuityplatform.com/tum?umid=6
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI5NDcmdGw9MTI5NjAw&piggybackCookie=620923216780
42 B
361 B 		Document
General
Check archive.org
Download Go to
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI5NDcmdGw9MTI5NjAw&piggybackCookie=620923216780
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-iad04.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3Da925008edff725ea%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
8.28.7.83 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://ads.pubmatic.com/

Response headers

server
nginx
date
Mon, 08 Nov 2021 15:48:06 GMT
content-type
image/gif; charset=utf-8
content-length
42
x-lat
va1pug011:0:832
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control
no-store, no-cache, private

Redirect headers

Content-Length
0
Access-Control-Allow-Origin
*
Location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI5NDcmdGw9MTI5NjAw&piggybackCookie=620923216780
rtb-h
match.taboola.com/sg/pubmatic-ssp-network/1/ Frame F068
Redirect Chain
  • https://trc.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw&piggybackCookie=uid:$UID
  • https://match.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&tbid=8fd59bcc-d66b-43c7-9a7e-bd761d6b0394-tuct882cc35&query=taboola_hm%3D1%26redir%3Dhttps%3A%2F%2Fsimage2.pubmatic.com%2FAdSe...
0
149 B 		Document
General
Check archive.org
Download Go to
Full URL
https://match.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&tbid=8fd59bcc-d66b-43c7-9a7e-bd761d6b0394-tuct882cc35&query=taboola_hm%3D1%26redir%3Dhttps%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw%26piggybackCookie%3Duid%3A%24UID&isDirect=0
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-iad04.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3Da925008edff725ea%26uid%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.65.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://ads.pubmatic.com/

Response headers

server
nginx
accept-ranges
bytes
date
Mon, 08 Nov 2021 15:48:06 GMT
via
1.1 varnish
x-served-by
cache-yul12825-YUL
x-cache
MISS
x-cache-hits
0
x-timer
S1636386486.072486,VS0,VE12
content-length
0

Redirect headers

server
nginx
location
https://match.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&tbid=8fd59bcc-d66b-43c7-9a7e-bd761d6b0394-tuct882cc35&query=taboola_hm%3D1%26redir%3Dhttps%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw%26piggybackCookie%3Duid%3A%24UID&isDirect=0
accept-ranges
bytes
date
Mon, 08 Nov 2021 15:48:05 GMT
via
1.1 varnish
x-served-by
cache-yul12825-YUL
x-cache
MISS
x-cache-hits
0
x-timer
S1636386486.929835,VS0,VE10
x-vcl-time-ms
10
content-length
0
um
u-iad04.e-planning.net/ Frame 0C9A 		42 B
103 B 		Document
General
Check archive.org
Download Go to
Full URL
https://u-iad04.e-planning.net/um?dc=a208d9366469aa64&fi=a925008edff725ea&uid=909D4247-195C-4A1C-B725-510C1A2C19E4
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-iad04.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3Da925008edff725ea%26uid%3D
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
172.98.26.126 , United States, ASN399668 (E-PLANNING-, US),
Reverse DNS
ads.us.e-planning.net
Software
openresty /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://ads.pubmatic.com/

Response headers

server
openresty
date
Mon, 08 Nov 2021 15:48:05 GMT
content-type
image/gif
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame E629
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=kJ1CRxlcShy3JVEMGiwZ5A%3D%3D
  • https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=kJ1CRxlcShy3JVEMGiwZ5A%3D%3D&google_tc=
  • https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=
14 KB
14 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-iad04.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3Da925008edff725ea%26uid%3D
Protocol
H2
Server
184.29.128.213 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-29-128-213.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:06 GMT
content-encoding
gzip
last-modified
Tue, 15 Jun 2021 06:08:03 GMT
server
Apache/2.2.15 (CentOS)
etag
"1300708-3945-5c4c7cc02bd56"
vary
Accept-Encoding
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control
max-age=124973
accept-ranges
bytes
content-type
text/html; charset=UTF-8
content-length
5054
expires
Wed, 10 Nov 2021 02:30:59 GMT

Redirect headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:06 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
272
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
458249.gif
idsync.rlcdn.com/ Frame E629
Redirect Chain
  • https://idsync.rlcdn.com/420486.gif?partner_uid=909D4247-195C-4A1C-B725-510C1A2C19E4
  • https://idsync.rlcdn.com/1000.gif?memo=CIbVGRIwCiwIARCMowEaJDkwOUQ0MjQ3LTE5NUMtNEExQy1CNzI1LTUxMEMxQTJDMTlFNBAAGg0ItY2ljAYSBQjoBxAAQgBKAA
  • https://pippio.com/api/sync?pid=5324&it=1&iv=769dafaf4b42a5209f3ca325287365d05df3d17b41b63da5df0e5684efd6e152791426b5417dce21&_=2
  • https://cm.g.doubleclick.net/pixel?google_nid=pippio_dmp&google_cm&google_no_sc&m=CMwpElsKVwgBEJInGlA3NjlkYWZhZjRiNDJhNTIwOWYzY2EzMjUyODczNjVkMDVkZjNkMTdiNDFiNjNkYTVkZjBlNTY4NGVmZDZlMTUyNzkxNDI2YjU...
  • https://pippio.com/api/sync/ddp?pid=2&m=CMwpElsKVwgBEJInGlA3NjlkYWZhZjRiNDJhNTIwOWYzY2EzMjUyODczNjVkMDVkZjNkMTdiNDFiNjNkYTVkZjBlNTY4NGVmZDZlMTUyNzkxNDI2YjU0MTdkY2UyMRAAGgwIto2ljAYSBAgCEABCAEoA&goog...
  • https://tags.rd.linksynergy.com/rcs?ns=lr&uid3=
  • https://idsync.rlcdn.com/458249.gif?partner_uid=24055759-e17a-4501-ab3c-6739b9b4c477
42 B
286 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://idsync.rlcdn.com/458249.gif?partner_uid=24055759-e17a-4501-ab3c-6739b9b4c477
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-iad04.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3Da925008edff725ea%26uid%3D
Protocol
H2
Server
35.190.60.146 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
146.60.190.35.bc.googleusercontent.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

timing-allow-origin
*
date
Mon, 08 Nov 2021 15:48:06 GMT
via
1.1 google
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
cache-control
no-cache, no-store
content-type
image/gif
alt-svc
clear
content-length
42

Redirect headers

location
https://idsync.rlcdn.com/458249.gif?partner_uid=24055759-e17a-4501-ab3c-6739b9b4c477
date
Mon, 08 Nov 2021 15:48:06 GMT
via
1.1 google
x-samesite
secure
alt-svc
clear
content-length
111
content-type
text/html; charset=utf-8
SPug
image4.pubmatic.com/AdServer/ Frame E629
Redirect Chain
  • https://sync.mathtag.com/sync/img?mt_exid=3&redir=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3FpartnerID%3D27%26partnerUID%3D%5BMM_UUID%5D
  • https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=b6cf6189-46b6-4a00-b3d1-4eb45cd40869
0
128 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=b6cf6189-46b6-4a00-b3d1-4eb45cd40869
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-iad04.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3Da925008edff725ea%26uid%3D
Protocol
H2
Server
8.28.7.84 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:06 GMT
cache-control
no-store, no-cache, private
server
nginx
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Date
Mon, 08 Nov 2021 15:48:05 GMT
Server
MT3 4067 88cc6bf master iad-pixel-x30 config:1.0.0
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location
https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=b6cf6189-46b6-4a00-b3d1-4eb45cd40869
Cache-Control
no-cache
Connection
keep-alive
Content-Type
image/gif
Keep-Alive
timeout=360
Content-Length
0
Expires
Mon, 08 Nov 2021 15:48:04 GMT
Pug
image2.pubmatic.com/AdServer/ Frame E629
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=OTA5RDQyNDctMTk1Qy00QTFDLUI3MjUtNTEwQzFBMkMxOUU0&gdpr=0&gdpr_consent=
  • https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=OTA5RDQyNDctMTk1Qy00QTFDLUI3MjUtNTEwQzFBMkMxOUU0&gdpr=0&gdpr_consent=&google_tc=
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
42 B
111 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-iad04.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3Da925008edff725ea%26uid%3D
Protocol
H2
Server
104.36.115.109 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:06 GMT
cache-control
no-store, no-cache, private
x-lat
njrpug001:0:464
server
nginx
content-type
image/gif; charset=utf-8
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:06 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
313
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
Pug
image2.pubmatic.com/AdServer/ Frame E629
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm&google_sc&gdpr=0&gdpr_consent=
  • https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm=&google_sc=&gdpr=0&gdpr_consent=&google_tc=
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEHWrEwm--yYmr12Y-k6SOYA&google_cver=1
42 B
282 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEHWrEwm--yYmr12Y-k6SOYA&google_cver=1
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-iad04.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3Da925008edff725ea%26uid%3D
Protocol
H2
Server
104.36.115.109 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:06 GMT
cache-control
no-store, no-cache, private
x-lat
njrpug020:0:602
server
nginx
content-type
image/gif; charset=utf-8
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:06 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEHWrEwm--yYmr12Y-k6SOYA&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
379
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
Pug
image2.pubmatic.com/AdServer/ Frame E629
Redirect Chain
  • https://um.simpli.fi/pubmatic?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODA2JnRsPTUxODQwMA==&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent=
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTgwNiZ0bD01MTg0MDA=&piggybackCookie=uid:961AF1076BCA42258C4489EC777AF824
42 B
380 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTgwNiZ0bD01MTg0MDA=&piggybackCookie=uid:961AF1076BCA42258C4489EC777AF824
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-iad04.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3Da925008edff725ea%26uid%3D
Protocol
H2
Server
104.36.115.109 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:06 GMT
cache-control
no-store, no-cache, private
x-lat
njrpug022:0:371
server
nginx
content-type
image/gif; charset=utf-8
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

date
Mon, 08 Nov 2021 15:48:06 GMT
x-content-type-options
nosniff
server
nginx
location
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTgwNiZ0bD01MTg0MDA=&piggybackCookie=uid:961AF1076BCA42258C4489EC777AF824
strict-transport-security
max-age=63072000; includeSubdomains; preload
access-control-allow-methods
GET, POST, OPTIONS
content-type
text/html
access-control-allow-origin
*
cache-control
no-cache
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length
138
expires
Sun, 07 Nov 2021 15:48:06 GMT
Pug
simage2.pubmatic.com/AdServer/ Frame E629
Redirect Chain
  • https://ad.turn.com/r/cs?pid=1&gdpr=0&gdpr_consent=
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=3101355994236352031&gdpr=0&gdpr_consent=&us_privacy=
1 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=3101355994236352031&gdpr=0&gdpr_consent=&us_privacy=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-iad04.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3Da925008edff725ea%26uid%3D
Protocol
H2
Server
8.28.7.83 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:06 GMT
cache-control
no-store, no-cache, private
x-lat
va1pug020:0:1738
server
nginx
content-type
text/html; charset=utf-8
content-length
1
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=3101355994236352031&gdpr=0&gdpr_consent=&us_privacy=
pragma
no-cache
date
Mon, 08 Nov 2021 15:48:05 GMT
cache-control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length
0
p3p
policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Pug
simage2.pubmatic.com/AdServer/ Frame E629
Redirect Chain
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=pubmatic&ttd_tpi=1&gdpr=0&gdpr_consent=
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=bef21cd7-0fed-4f87-bc0f-da97b65f7cb9
42 B
289 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=bef21cd7-0fed-4f87-bc0f-da97b65f7cb9
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-iad04.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3Da925008edff725ea%26uid%3D
Protocol
H2
Server
8.28.7.83 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:05 GMT
cache-control
no-store, no-cache, private
x-lat
10:0:381
server
nginx
content-type
image/gif; charset=utf-8
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:05 GMT
x-aspnet-version
4.0.30319
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=bef21cd7-0fed-4f87-bc0f-da97b65f7cb9
cache-control
private,no-cache, must-revalidate
content-type
text/html
content-length
313
Pug
simage2.pubmatic.com/AdServer/ Frame E629
Redirect Chain
  • https://sync.mathtag.com/sync/img?mt_exid=3&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA%3D%3D%26piggybackCookie%3...
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA==&piggybackCookie=uid:47ba6189-46b6-4f00-a922-0724bc220c16&gdpr=0&gdpr_consent=
42 B
339 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA==&piggybackCookie=uid:47ba6189-46b6-4f00-a922-0724bc220c16&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-iad04.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3Da925008edff725ea%26uid%3D
Protocol
H2
Server
8.28.7.83 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:06 GMT
cache-control
no-store, no-cache, private
x-lat
va1pug014:0:724
server
nginx
content-type
image/gif; charset=utf-8
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Date
Mon, 08 Nov 2021 15:48:05 GMT
Server
MT3 4067 88cc6bf master iad-pixel-x8 config:1.0.0
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA==&piggybackCookie=uid:47ba6189-46b6-4f00-a922-0724bc220c16&gdpr=0&gdpr_consent=
Cache-Control
no-cache
Connection
keep-alive
Content-Type
image/gif
Keep-Alive
timeout=360
Content-Length
0
Expires
Mon, 08 Nov 2021 15:48:04 GMT
SPug
image4.pubmatic.com/AdServer/ Frame E629
Redirect Chain
  • https://ups.analytics.yahoo.com/ups/58292/sync?_origin=1&uid=909D4247-195C-4A1C-B725-510C1A2C19E4&redir=true&gdpr=0&gdpr_consent=
  • https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-sr26K5hE2uU8.hgfrJxk0n5LRJ3TEc8-~A&gdpr=0&gdpr_consent=
0
260 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-sr26K5hE2uU8.hgfrJxk0n5LRJ3TEc8-~A&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-iad04.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3Da925008edff725ea%26uid%3D
Protocol
H2
Server
8.28.7.84 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:04 GMT
cache-control
no-store, no-cache, private
server
nginx
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

location
https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-sr26K5hE2uU8.hgfrJxk0n5LRJ3TEc8-~A&gdpr=0&gdpr_consent=
date
Mon, 08 Nov 2021 15:48:05 GMT
server
ATS/9.1.0.33
age
0
content-length
0
strict-transport-security
max-age=31536000
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
909D4247-195C-4A1C-B725-510C1A2C19E4
pr-bh.ybp.yahoo.com/sync/pubmatic/ Frame E629 		43 B
877 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pr-bh.ybp.yahoo.com/sync/pubmatic/909D4247-195C-4A1C-B725-510C1A2C19E4?gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-iad04.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3Da925008edff725ea%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f18:4e9:5a01:90f9:19e1:7d5f:7568 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
ATS /
Resource Hash
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:05 GMT
referrer-policy
strict-origin-when-cross-origin
server
ATS
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security
max-age=31536000
content-type
image/gif
x-xss-protection
1; mode=block
content-length
43
x-content-type-options
nosniff
Pug
image2.pubmatic.com/AdServer/ Frame E629
Redirect Chain
  • https://ib.adnxs.com/getuid?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=$UID&gdpr=0&gdpr_consent=
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=6624566760367890375&gdpr=0&gdpr_consent=
42 B
521 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=6624566760367890375&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-iad04.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3Da925008edff725ea%26uid%3D
Protocol
H2
Server
104.36.115.109 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:05 GMT
cache-control
no-store, no-cache, private
x-lat
njrpug007:0:524
server
nginx
content-type
image/gif; charset=utf-8
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:05 GMT
X-Proxy-Origin
37.120.205.149; 37.120.205.149; 803.bm-nginx-loadbalancer.mgmt.nym2; adnxs.com
AN-X-Request-Uuid
2d29ca21-a5c6-4f80-a239-c4a2090ad84e
Server
nginx/1.17.9
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=6624566760367890375&gdpr=0&gdpr_consent=
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
CookieSyncPubMatic&gdpr=0&gdpr_consent=
rtb.adentifi.com/ Frame E629 		0
88 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb.adentifi.com/CookieSyncPubMatic&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-iad04.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3Da925008edff725ea%26uid%3D
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.3.173.52 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-3-173-52.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Connection
keep-alive
Content-Length
0
Content-Type
text/plain
Pug
simage2.pubmatic.com/AdServer/ Frame E629
Redirect Chain
  • https://pubmatic-match.dotomi.com/match/bounce/current?networkId=17100&version=1&nuid=909D4247-195C-4A1C-B725-510C1A2C19E4&gdpr=0&gdpr_consent=
  • https://pubmatic-match.dotomi.com/match/bounce/current?DotomiTest=49ee1423f9b7122e&is_secure=true&networkId=17100&version=1&nuid=909D4247-195C-4A1C-B725-510C1A2C19E4&gdpr=0&gdpr_consent=
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTQ2MSZ0bD0xMDA4MA==&piggybackCookie=AAAGdRmRckESgQMeIAmPAAAAAAA&expiration=1636472886&nuid=909D4247-195C-4A1C-B725-510C1A2C19E4&...
42 B
281 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTQ2MSZ0bD0xMDA4MA==&piggybackCookie=AAAGdRmRckESgQMeIAmPAAAAAAA&expiration=1636472886&nuid=909D4247-195C-4A1C-B725-510C1A2C19E4&is_secure=true&gdpr_consent=&gdpr=0
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-iad04.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3Da925008edff725ea%26uid%3D
Protocol
H2
Server
8.28.7.83 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:06 GMT
cache-control
no-store, no-cache, private
x-lat
va1pug015:0:1477
server
nginx
content-type
image/gif; charset=utf-8
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:06 GMT
server
nginx
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP NID OUR STP"
location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTQ2MSZ0bD0xMDA4MA==&piggybackCookie=AAAGdRmRckESgQMeIAmPAAAAAAA&expiration=1636472886&nuid=909D4247-195C-4A1C-B725-510C1A2C19E4&is_secure=true&gdpr_consent=&gdpr=0
cache-control
no-cache, private, max-age=0, no-store
content-length
0
expires
0
Pug
simage2.pubmatic.com/AdServer/ Frame E629
Redirect Chain
  • https://sync.ipredictive.com/d/sync/cookie/generic?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzI1MCZ0bD0xMjk2MDA=&piggybackCookie=${ADELPHIC_CUID}&gdpr=0&gdpr_cons...
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzI1MCZ0bD0xMjk2MDA=&piggybackCookie=43ca9dab-40ab-11ec-9d66-2b2cac59886f&gdpr=0&gdpr_consent=
1 B
231 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzI1MCZ0bD0xMjk2MDA=&piggybackCookie=43ca9dab-40ab-11ec-9d66-2b2cac59886f&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-iad04.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3Da925008edff725ea%26uid%3D
Protocol
H2
Server
8.28.7.83 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:06 GMT
cache-control
no-store, no-cache, private
x-lat
10:0:555
server
nginx
content-type
text/html; charset=utf-8
content-length
1
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzI1MCZ0bD0xMjk2MDA=&piggybackCookie=43ca9dab-40ab-11ec-9d66-2b2cac59886f&gdpr=0&gdpr_consent=
Date
Mon, 08 Nov 2021 15:48:05 GMT
Server
Apache-Coyote/1.1
Connection
keep-alive
Content-Length
0
X-CI-RTID
43cac4bc-40ab-11ec-9d66-2b2cac59886f
Pug
image2.pubmatic.com/AdServer/ Frame E629
Redirect Chain
  • https://pixel-sync.sitescout.com/dmp/pixelSync?nid=3&gdpr=0&gdpr_consent=
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5NjkmdGw9MjU5MjAw=&piggybackCookie=c5a8c34f-a2af-431f-bc5a-09806d7b694f-618946b5-4341&gdpr=0&gdpr_consent=
42 B
389 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5NjkmdGw9MjU5MjAw=&piggybackCookie=c5a8c34f-a2af-431f-bc5a-09806d7b694f-618946b5-4341&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-iad04.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3Da925008edff725ea%26uid%3D
Protocol
H2
Server
104.36.115.109 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:31:43 GMT
cache-control
no-store, no-cache, private
x-lat
njrpug023:0:357
server
nginx
content-type
image/gif; charset=utf-8
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:05 GMT
server
AC1.1
p3p
CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
location
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5NjkmdGw9MjU5MjAw=&piggybackCookie=c5a8c34f-a2af-431f-bc5a-09806d7b694f-618946b5-4341&gdpr=0&gdpr_consent=
cache-control
max-age=0,no-cache,no-store
content-length
0
expires
Tue, 11 Oct 1977 12:34:56 GMT
sn.ashx
pmp.mxptint.net/ Frame E629
Redirect Chain
  • https://pmp.mxptint.net/sn.ashx?&gdpr=0&gdpr_consent=
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjc0NCZ0bD0xNTc2ODAw&piggybackCookie=R1B331_E63D087A_53B0049B&r=https://pmp.mxptint.net/sn.ashx?ak=1
  • https://pmp.mxptint.net/sn.ashx?ak=1
43 B
266 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pmp.mxptint.net/sn.ashx?ak=1
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-iad04.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3Da925008edff725ea%26uid%3D
Protocol
HTTP/1.1
Server
4.78.226.233 Fort Worth, United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software
/
Resource Hash
98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a
Security Headers
Name Value
Strict-Transport-Security max-age=-319373286; includeSubDomains

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:06 GMT
Cache-Control
no-cache
Expires
-1
Content-Length
43
Strict-Transport-Security
max-age=-319373286; includeSubDomains
Content-Type
image/gif

Redirect headers

location
https://pmp.mxptint.net/sn.ashx?ak=1
date
Mon, 08 Nov 2021 14:13:39 GMT
cache-control
no-store, no-cache, private
x-lat
va2pug001:0:387
server
nginx
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Pug
image2.pubmatic.com/AdServer/ Frame E629
Redirect Chain
  • https://pixel.quantserve.com/pixel/p-5aWVS_roA1dVM.gif?idmatch=0&gdpr=0&gdpr_consent=
  • https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=U88XBlHITQlIyh0HUZ0CDlXHGA1IzBgOUs8nyYch
42 B
274 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=U88XBlHITQlIyh0HUZ0CDlXHGA1IzBgOUs8nyYch
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-iad04.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3Da925008edff725ea%26uid%3D
Protocol
H2
Server
104.36.115.109 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:06 GMT
cache-control
no-store, no-cache, private
x-lat
njrpug006:0:1004
server
nginx
content-type
image/gif; charset=utf-8
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:06 GMT
strict-transport-security
max-age=86400
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
location
https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=U88XBlHITQlIyh0HUZ0CDlXHGA1IzBgOUs8nyYch
cache-control
private, no-cache, no-store, proxy-revalidate
content-length
0
expires
Fri, 04 Aug 1978 12:00:00 GMT
Pug
simage2.pubmatic.com/AdServer/ Frame E629
Redirect Chain
  • https://x.bidswitch.net/sync?ssp=pubmatic&gdpr=0&gdpr_consent=
  • https://rtb.adstanding.com/ssp/bidswitch/cookie?bidswitch_ssp_id=pubmatic&bidswitch_custom_parameter=85c87065-7ef7-4b17-88e8-8c602c265f67
  • https://x.bidswitch.net/sync?dsp_id=317&user_id=3195ec6e475b4ca1064afc2e5639af18&expires=30&ssp=pubmatic&bsw_param=85c87065-7ef7-4b17-88e8-8c602c265f67
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=85c87065-7ef7-4b17-88e8-8c602c265f67&gdpr=&gdpr_consent=&gdpr_pd=
1 B
206 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=85c87065-7ef7-4b17-88e8-8c602c265f67&gdpr=&gdpr_consent=&gdpr_pd=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-iad04.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3Da925008edff725ea%26uid%3D
Protocol
H2
Server
8.28.7.83 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:06 GMT
cache-control
no-store, no-cache, private
x-lat
va1pug014:0:788
server
nginx
content-type
text/html; charset=utf-8
content-length
1
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Location
//simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=85c87065-7ef7-4b17-88e8-8c602c265f67&gdpr=&gdpr_consent=&gdpr_pd=
Date
Mon, 08 Nov 2021 15:48:06 GMT
Cache-Control
no-cache, no-store, must-revalidate
Server
nginx
Connection
keep-alive
Content-Length
0
Pug
simage2.pubmatic.com/AdServer/ Frame E629
Redirect Chain
  • https://sync.resetdigital.co:10001/csync/pubmatic
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MTgmdGw9NzIwMA==&piggybackCookie=000000885342A08A
42 B
203 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MTgmdGw9NzIwMA==&piggybackCookie=000000885342A08A
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-iad04.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3Da925008edff725ea%26uid%3D
Protocol
H2
Server
8.28.7.83 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:06 GMT
cache-control
no-store, no-cache, private
x-lat
10:0:497
server
nginx
content-type
image/gif; charset=utf-8
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Date
Mon, 08 Nov 2021 15:48:07 GMT
Server
nginx/1.18.0 (Ubuntu)
Front-End-Https
on
Content-Type
text/html
Location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MTgmdGw9NzIwMA==&piggybackCookie=000000885342A08A
Cache-Control
no-cache, no-store, must-revalidate
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
0
Pug
simage2.pubmatic.com/AdServer/ Frame E629
Redirect Chain
  • https://c1.adform.net/serving/cookie/match?party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COO...
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=4632481810353762187
42 B
234 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=4632481810353762187
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-iad04.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3Da925008edff725ea%26uid%3D
Protocol
H2
Server
8.28.7.83 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:06 GMT
cache-control
no-store, no-cache, private
x-lat
va1pug020:0:2002
server
nginx
content-type
image/gif; charset=utf-8
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:06 GMT
server
nginx
location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=4632481810353762187
access-control-max-age
86400
access-control-allow-methods
GET
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length
0
expires
-1
T2.min.js
resources-rt.idx.lat/ Frame A012 		18 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://resources-rt.idx.lat/T2.min.js
Requested by
Host: api.retargetly.com
URL: https://api.retargetly.com/loader?id=1473
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:4acb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1326c88d831faec75944c75ab8fb61c5e5c18ade4c6a3fa2de16baafdc64ec97

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ads.us.e-planning.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:05 GMT
via
1.1 637dba6131a9a1e300cf019b0a0edd45.cloudfront.net (CloudFront)
cf-cache-status
HIT
age
1209
x-cache
Miss from cloudfront
content-encoding
gzip
last-modified
Wed, 27 Oct 2021 15:10:54 GMT
server
cloudflare
etag
W/"0e27aee1b6a9fa35cb3b3bbcfd005aaf"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=86400
x-amz-cf-pop
YUL62-C1
cf-ray
6aaff190fded4bc5-YUL
x-amz-cf-id
ACqrb11QGjUHOgtbrTZLAWpabW37e477X_4215ognihXB1P48bonRA==
api
api.retargetly.com/ Frame 1D3B
Redirect Chain
  • https://api.retargetly.com/api?id=1473&src=0&url=https%3A%2F%2Fsecurityaffairs.co%2F&browserUrl=https%3A%2F%2Fads.us.e-planning.net%2Fuspd%2F1%2F%3Fct%3D1%26du%3Dhttps%253A%252F%252Fprebidserver.pi...
  • https://api.retargetly.com/api?id=1473&src=0&url=https%3A%2F%2Fsecurityaffairs.co%2F&browserUrl=https%3A%2F%2Fads.us.e-planning.net%2Fuspd%2F1%2F%3Fct%3D1%26du%3Dhttps%253A%252F%252Fprebidserver.pi...
2 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://api.retargetly.com/api?id=1473&src=0&url=https%3A%2F%2Fsecurityaffairs.co%2F&browserUrl=https%3A%2F%2Fads.us.e-planning.net%2Fuspd%2F1%2F%3Fct%3D1%26du%3Dhttps%253A%252F%252Fprebidserver.pixfuture.com%253A8000%252Fsetuid%253Fbidder%253Deplanning%2526gdpr%253D%2526gdpr_consent%253D%2526f%253Db%2526uid%253D%2524UID&ref=https%3A%2F%2Fads.us.e-planning.net%2Fuspd%2F1%2F%3Fct%3D1%26du%3Dhttps%253A%252F%252Fprebidserver.pixfuture.com%253A8000%252Fsetuid%253Fbidder%253Deplanning%2526gdpr%253D%2526gdpr_consent%253D%2526f%253Db%2526uid%253D%2524UID&utmz=&n=&md=&mk=&il=1&limit_drop=&userid=0a2e2888-773d-4afd-bf1b-4c6e9c21042c&idx=&_rlid=0a2e2888-773d-4afd-bf1b-4c6e9c21042c
Requested by
Host: api.retargetly.com
URL: https://api.retargetly.com/loader?id=1473
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:118d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9dd0aa06803cf91604d71b279d99b9aabcdb20526e3650027938cc58fb55dcf6

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID

Response headers

date
Mon, 08 Nov 2021 15:48:06 GMT
content-type
text/html
p3p
policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA
cache-control
no-cache
pragma
no-cache
expires
0
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
6aaff1914c56ecea-YUL
content-encoding
gzip

Redirect headers

date
Mon, 08 Nov 2021 15:48:05 GMT
content-type
application/javascript
p3p
policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA
cache-control
no-cache
pragma
no-cache
expires
0
location
/api?id=1473&src=0&url=https%3A%2F%2Fsecurityaffairs.co%2F&browserUrl=https%3A%2F%2Fads.us.e-planning.net%2Fuspd%2F1%2F%3Fct%3D1%26du%3Dhttps%253A%252F%252Fprebidserver.pixfuture.com%253A8000%252Fsetuid%253Fbidder%253Deplanning%2526gdpr%253D%2526gdpr_consent%253D%2526f%253Db%2526uid%253D%2524UID&ref=https%3A%2F%2Fads.us.e-planning.net%2Fuspd%2F1%2F%3Fct%3D1%26du%3Dhttps%253A%252F%252Fprebidserver.pixfuture.com%253A8000%252Fsetuid%253Fbidder%253Deplanning%2526gdpr%253D%2526gdpr_consent%253D%2526f%253Db%2526uid%253D%2524UID&utmz=&n=&md=&mk=&il=1&limit_drop=&userid=0a2e2888-773d-4afd-bf1b-4c6e9c21042c&idx=&_rlid=0a2e2888-773d-4afd-bf1b-4c6e9c21042c
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
6aaff1909b7eecea-YUL
um
sync.e-planning.net/ Frame B8BF
Redirect Chain
  • https://pixel-us-east.rubiconproject.com/exchange/sync.php?p=eplanning_east
  • https://sync.e-planning.net/um?uid=KVQU9H03-1P-5D30&dc=9bcc91305985f0db&iss=1
42 B
103 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.e-planning.net/um?uid=KVQU9H03-1P-5D30&dc=9bcc91305985f0db&iss=1
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?&p=eplanning_east&endpoint=us-east
Protocol
H2
Server
172.98.26.125 , United States, ASN399668 (E-PLANNING-, US),
Reverse DNS
ads.us.e-planning.net
Software
openresty /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:06 GMT
server
openresty
content-type
image/gif

Redirect headers

Pragma
no-cache
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location
https://sync.e-planning.net/um?uid=KVQU9H03-1P-5D30&dc=9bcc91305985f0db&iss=1
Cache-Control
no-cache,no-store,must-revalidate
Content-Type
text/html
content-length
0
X-RPHost
e1bf03b8e0c0366715a8d9abd31b9f35
Expires
0
cookie.js
partner.googleadservices.com/gampad/ Frame 991D 		208 B
640 B 		Script
General
Check archive.org
Download Go to
Full URL
https://partner.googleadservices.com/gampad/cookie.js?domain=securityaffairs.co&callback=_gfp_s_&client=ca-pub-1575911585432548
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202111020101/show_ads_impl_fy2019.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.251.40.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s39-in-f2.1e100.net
Software
cafe /
Resource Hash
09bacf25f8a0aa6f3caaada6836e7bdf013a588257bfdff87c145401a8d35fb3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:06 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type
text/javascript; charset=UTF-8
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
195
x-xss-protection
0
integrator.js
adservice.google.ca/adsid/ Frame 991D 		107 B
792 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.ca/adsid/integrator.js?domain=securityaffairs.co
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202111020101/show_ads_impl_fy2019.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80c::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

timing-allow-origin
*
date
Mon, 08 Nov 2021 15:48:06 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ Frame 991D 		107 B
549 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=securityaffairs.co
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202111020101/show_ads_impl_fy2019.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80c::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

timing-allow-origin
*
date
Mon, 08 Nov 2021 15:48:06 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
ads
googleads.g.doubleclick.net/pagead/ Frame 0402 		61 KB
23 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=50&slotname=Internal_320x50_0.10&adk=468307373&adf=1480696131&pi=t.ma~as.Internal_320x50_0.10&w=320&lmt=1636386485&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F112825%2Fmalware%2Fgolang-based-worm-windows-linux.html&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1636386485719&bpp=15&bdt=185&idt=191&shv=r20211103&mjsv=m202111020101&ptt=5&saldr=sa&correlator=6653099393600&frm=21&ife=1&pv=2&ga_vid=826445048.1636386485&ga_sid=1636386486&ga_hid=1089796484&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=320&ady=820&biw=1600&bih=1200&isw=320&ish=50&ifk=1908481605&scr_x=0&scr_y=0&eid=21065724&oid=2&pvsid=3372795393941806&pem=843&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.h7hnysjkfh1q&fsb=1&xpc=fF2ziKw2Ol&p=https%3A//securityaffairs.co&dtd=210
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202111020101/show_ads_impl_fy2019.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.65.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s71-in-f2.1e100.net
Software
cafe /
Resource Hash
b7822b41c321048e2ef8cd1e72fed1cc0623b64b76bf78a18185f5b323cdb0ab
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://securityaffairs.co/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
br
date
Mon, 08 Nov 2021 15:48:06 GMT
server
cafe
content-length
23007
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires
Mon, 08 Nov 2021 15:48:06 GMT
cache-control
private
getuid
ib.adnxs.com/ Frame 0A6C 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ib.adnxs.com/getuid?https://mwzeom.zeotap.com/mw?adnxs_uid=$UID&zpartnerid=2&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f0830e63-3c13-4bc2-5bbe-276457c3e442&reqId=9f19c3ca-11c3-4fb2-628c-957e8f7d28fa&zdid=1361
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
68.67.161.183 New York, United States, ASN29990 (ASN-APPNEX, US),
Reverse DNS
803.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers
mw
mwzeom.zeotap.com/ Frame 0A6C
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=zeotap_ddp&google_cm&zpartnerid=1&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f0830e63-3c13-4bc2-5bbe-276457c3e442&reqId=9f19c3ca-11c3-4fb2-62...
  • https://mwzeom.zeotap.com/mw?google_gid=CAESEKRxaElRs1RZbCYNjV_zo-M&google_cver=1&zpartnerid=1&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f0830e63-3c13-4bc2-5bbe-276457c3e442&reqId=9f19c3...
95 B
204 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mwzeom.zeotap.com/mw?google_gid=CAESEKRxaElRs1RZbCYNjV_zo-M&google_cver=1&zpartnerid=1&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f0830e63-3c13-4bc2-5bbe-276457c3e442&reqId=9f19c3ca-11c3-4fb2-628c-957e8f7d28fa&zdid=1361
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
H2
Server
2606:4700:10::6816:1957 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:06 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin
content-type
image/png
access-control-allow-origin
https://spl.zeotap.com
access-control-allow-credentials
true
cf-ray
6aaff191fb497138-YUL
access-control-allow-headers
*
content-length
95

Redirect headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:05 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://mwzeom.zeotap.com/mw?google_gid=CAESEKRxaElRs1RZbCYNjV_zo-M&google_cver=1&zpartnerid=1&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f0830e63-3c13-4bc2-5bbe-276457c3e442&reqId=9f19c3ca-11c3-4fb2-628c-957e8f7d28fa&zdid=1361
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
470
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
mw
mwzeom.zeotap.com/ Frame 0A6C
Redirect Chain
  • https://pixel.tapad.com/idsync/ex/push?partner_url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BTA_DEVICE_ID%7D%26zpartnerid%3D5%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26...
  • https://pixel.tapad.com/idsync/ex/push/check?partner_url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BTA_DEVICE_ID%7D%26zpartnerid%3D5%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent...
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=tapad&ttd_tpi=1&ttd_puid=aec29ca0-3c0f-4554-9025-2ee595f559f2%252Chttps%253A%252F%252Fmwzeom.zeotap.com%252Fmw%253Fcid%253Daec29ca0-3c0f-4554-9025...
  • https://pixel.tapad.com/idsync/ex/receive?partner_id=1830&partner_device_id=bef21cd7-0fed-4f87-bc0f-da97b65f7cb9&ttd_puid=aec29ca0-3c0f-4554-9025-2ee595f559f2%2Chttps%3A%2F%2Fmwzeom.zeotap.com%2Fmw...
  • https://mwzeom.zeotap.com/mw?cid=aec29ca0-3c0f-4554-9025-2ee595f559f2&zpartnerid=5&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f0830e63-3c13-4bc2-5bbe-276457c3e442&reqId=9f19c3ca-11c3-4fb2...
95 B
153 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mwzeom.zeotap.com/mw?cid=aec29ca0-3c0f-4554-9025-2ee595f559f2&zpartnerid=5&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f0830e63-3c13-4bc2-5bbe-276457c3e442&reqId=9f19c3ca-11c3-4fb2-628c-957e8f7d28fa&zdid=1361
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
H2
Server
2606:4700:10::6816:1957 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:06 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin
content-type
image/png
access-control-allow-origin
https://spl.zeotap.com
access-control-allow-credentials
true
cf-ray
6aaff1946f137138-YUL
access-control-allow-headers
*
content-length
95

Redirect headers

location
https://mwzeom.zeotap.com/mw?cid=aec29ca0-3c0f-4554-9025-2ee595f559f2&zpartnerid=5&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f0830e63-3c13-4bc2-5bbe-276457c3e442&reqId=9f19c3ca-11c3-4fb2-628c-957e8f7d28fa&zdid=1361
date
Mon, 08 Nov 2021 15:48:06 GMT
via
1.1 google
alt-svc
clear
content-length
0
strict-transport-security
max-age=31536000
p3p
policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
/
dmp.adform.net/serving/cookie/match/ Frame 0A6C 		0
330 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dmp.adform.net/serving/cookie/match/?party=1105&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f0830e63-3c13-4bc2-5bbe-276457c3e442&reqId=9f19c3ca-11c3-4fb2-628c-957e8f7d28fa&zdid=1361
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.167.164.39 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:06 GMT
server
nginx
access-control-max-age
86400
access-control-allow-methods
GET
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length
0
expires
-1
mw
mwzeom.zeotap.com/ Frame 0A6C
Redirect Chain
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=2xlgrzl&ttd_tpi=1&ttd_puid=env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3Df0830e63-3c13-4bc2-5bbe-276457c3e442%26reqId%3D9...
  • https://mwzeom.zeotap.com/mw?cid=bef21cd7-0fed-4f87-bc0f-da97b65f7cb9&zpartnerid=6&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f0830e63-3c13-4bc2-5bbe-276457c3e442&reqId=9f19c3ca-11c3-4fb2...
95 B
153 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mwzeom.zeotap.com/mw?cid=bef21cd7-0fed-4f87-bc0f-da97b65f7cb9&zpartnerid=6&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f0830e63-3c13-4bc2-5bbe-276457c3e442&reqId=9f19c3ca-11c3-4fb2-628c-957e8f7d28fa&zdid=1361
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
H2
Server
2606:4700:10::6816:1957 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:06 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin
content-type
image/png
access-control-allow-origin
https://spl.zeotap.com
access-control-allow-credentials
true
cf-ray
6aaff1925bc27138-YUL
access-control-allow-headers
*
content-length
95

Redirect headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:06 GMT
x-aspnet-version
4.0.30319
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location
https://mwzeom.zeotap.com/mw?cid=bef21cd7-0fed-4f87-bc0f-da97b65f7cb9&zpartnerid=6&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f0830e63-3c13-4bc2-5bbe-276457c3e442&reqId=9f19c3ca-11c3-4fb2-628c-957e8f7d28fa&zdid=1361
cache-control
private,no-cache, must-revalidate
content-type
text/html
content-length
481
cm
trc.taboola.com/sg/zeotap/1/ Frame 0A6C 		0
78 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://trc.taboola.com/sg/zeotap/1/cm?env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f0830e63-3c13-4bc2-5bbe-276457c3e442&reqId=9f19c3ca-11c3-4fb2-628c-957e8f7d28fa&zdid=1361
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:600::300 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

x-vcl-time-ms
10
date
Mon, 08 Nov 2021 15:48:06 GMT
via
1.1 varnish
server
nginx
x-timer
S1636386486.058782,VS0,VE10
x-cache
MISS
x-cache-hits
0
accept-ranges
bytes
content-length
0
x-served-by
cache-yul12825-YUL
u
dmp.v.fwmrm.net/ad/ Frame 0A6C 		0
361 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dmp.v.fwmrm.net/ad/u?mode=echo&cr=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D1368%26env%3DmWeb%26cid%3D%23%7Buser.id%7D%26gdpr%3D%24%7BGDPR_ENFORCED%7D%26gdpr_consent%3D%24%7BGDPR_CONSENT%7D
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2607:ae80:5::49 , United States, ASN26558 (FREEWHEEL, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:06 GMT
Cache-Control
no-store
Expires
0
Content-Type
text/html
Content-Length
0
P3P
policyref="https://www.freewheel.tv/w3c/p3p.xml",CP="ALL DSP COR NID"
mw
mwzeom.zeotap.com/ Frame 0A6C
Redirect Chain
  • https://image6.pubmatic.com/AdServer/UCookieSetPug?gdpr=0&gdpr_consent=&rd=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D1384%26env%3DmWeb%26cid%3D%23PM_USER_ID%26env%3DmWeb%26eventType%3Dmap...
  • https://mwzeom.zeotap.com/mw?zpartnerid=1384&env=mWeb&cid=909D4247-195C-4A1C-B725-510C1A2C19E4&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f0830e63-3c13-4bc2-5bbe-276457c3e442&reqId=9f19c3...
95 B
153 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mwzeom.zeotap.com/mw?zpartnerid=1384&env=mWeb&cid=909D4247-195C-4A1C-B725-510C1A2C19E4&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f0830e63-3c13-4bc2-5bbe-276457c3e442&reqId=9f19c3ca-11c3-4fb2-628c-957e8f7d28fa&zdid=1361
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
H2
Server
2606:4700:10::6816:1957 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:06 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin
content-type
image/png
access-control-allow-origin
https://spl.zeotap.com
access-control-allow-credentials
true
cf-ray
6aaff1925bc07138-YUL
access-control-allow-headers
*
content-length
95

Redirect headers

location
https://mwzeom.zeotap.com/mw?zpartnerid=1384&env=mWeb&cid=909D4247-195C-4A1C-B725-510C1A2C19E4&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f0830e63-3c13-4bc2-5bbe-276457c3e442&reqId=9f19c3ca-11c3-4fb2-628c-957e8f7d28fa&zdid=1361
date
Mon, 08 Nov 2021 15:48:04 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length
0
content-type
text/html; charset=UTF-8
mw
mwzeom.zeotap.com/ Frame 0A6C
Redirect Chain
  • https://sync.tidaltv.com/genericusersync.ashx?dpid=3169&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f0830e63-3c13-4bc2-5bbe-276457c3e442&reqId=9f19c3ca-11c3-4fb2-628c-957e8f7d28fa&zdid=1361
  • https://sync.tidaltv.com/genericusersync.ashx?dpid=3169&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f0830e63-3c13-4bc2-5bbe-276457c3e442&reqId=9f19c3ca-11c3-4fb2-628c-957e8f7d28fa&zdid=136...
  • https://mwzeom.zeotap.com/mw?cid=23353786-7d43-4f07-83ef-59f3a06c3bb5&zpartnerid=317&gdpr=1&gdpr_consent=
95 B
153 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mwzeom.zeotap.com/mw?cid=23353786-7d43-4f07-83ef-59f3a06c3bb5&zpartnerid=317&gdpr=1&gdpr_consent=
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
H2
Server
2606:4700:10::6816:1957 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:06 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin
content-type
image/png
access-control-allow-origin
https://spl.zeotap.com
access-control-allow-credentials
true
cf-ray
6aaff193de2f7138-YUL
access-control-allow-headers
*
content-length
95

Redirect headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:06 GMT
server
Apache-Coyote/1.1
location
https://mwzeom.zeotap.com/mw?cid=23353786-7d43-4f07-83ef-59f3a06c3bb5&zpartnerid=317&gdpr=1&gdpr_consent=
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-length
0
x-xss-protection
1; mode=block
expires
0
mw
mwzeom.zeotap.com/ Frame 0A6C
Redirect Chain
  • https://dpm.demdex.net/ibs:dpid=199624&dpuuid=f0830e63-3c13-4bc2-5bbe-276457c3e442&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BDD_UUID%7D%26zpartnerid%3D314%26env%3DmWeb%26eventType%3D...
  • https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=199624&dpuuid=f0830e63-3c13-4bc2-5bbe-276457c3e442&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BDD_UUID%7D%26zpartnerid%3D314%26env...
  • https://mwzeom.zeotap.com/mw?cid=64726530674853989592561403219984982038&zpartnerid=314&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f0830e63-3c13-4bc2-5bbe-276457c3e442&reqId=9f19c3ca-11c3-...
95 B
153 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mwzeom.zeotap.com/mw?cid=64726530674853989592561403219984982038&zpartnerid=314&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f0830e63-3c13-4bc2-5bbe-276457c3e442&reqId=9f19c3ca-11c3-4fb2-628c-957e8f7d28fa&zdid=1361
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
H2
Server
2606:4700:10::6816:1957 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:06 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin
content-type
image/png
access-control-allow-origin
https://spl.zeotap.com
access-control-allow-credentials
true
cf-ray
6aaff196cb827138-YUL
access-control-allow-headers
*
content-length
95

Redirect headers

DCS
dcs-prod-usw2-2-v016-059d18f58.edge-usw2.demdex.com UNKNOWN
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-TID
CLSnXa0pS6U=
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Location
https://mwzeom.zeotap.com/mw?cid=64726530674853989592561403219984982038&zpartnerid=314&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f0830e63-3c13-4bc2-5bbe-276457c3e442&reqId=9f19c3ca-11c3-4fb2-628c-957e8f7d28fa&zdid=1361
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection
keep-alive
Content-Length
0
Expires
Thu, 01 Jan 1970 00:00:00 UTC
mw
mwzeom.zeotap.com/ Frame 0A6C
Redirect Chain
  • https://dsp.adfarm1.adition.com/cookie/?redirect=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%25%25COOKIE%25%25%26env%3DmWeb%26zpartnerid%3D563%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_con...
  • https://mwzeom.zeotap.com/mw?cid=7028226440993372315&env=mWeb&zpartnerid=563&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f0830e63-3c13-4bc2-5bbe-276457c3e442&reqId=9f19c3ca-11c3-4fb2-628c-...
95 B
153 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mwzeom.zeotap.com/mw?cid=7028226440993372315&env=mWeb&zpartnerid=563&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f0830e63-3c13-4bc2-5bbe-276457c3e442&reqId=9f19c3ca-11c3-4fb2-628c-957e8f7d28fa&zdid=1361
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
H2
Server
2606:4700:10::6816:1957 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:06 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin
content-type
image/png
access-control-allow-origin
https://spl.zeotap.com
access-control-allow-credentials
true
cf-ray
6aaff1943ec67138-YUL
access-control-allow-headers
*
content-length
95

Redirect headers

Location
https://mwzeom.zeotap.com/mw?cid=7028226440993372315&env=mWeb&zpartnerid=563&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f0830e63-3c13-4bc2-5bbe-276457c3e442&reqId=9f19c3ca-11c3-4fb2-628c-957e8f7d28fa&zdid=1361
Date
Mon, 08 Nov 2021 15:48:06 GMT
Server
nginx
Connection
keep-alive
Transfer-Encoding
chunked
p3p
policyref="http://imagesrv.adition.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"
mw
mwzeom.zeotap.com/ Frame 0A6C
Redirect Chain
  • https://idsync.frontend.weborama.fr/ids?key=zeotap&value=f0830e63-3c13-4bc2-5bbe-276457c3e442&url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fwebouuid%3D%7BWEBO_CID%7D%26env%3DmWeb%26zpartnerid%3D431%26...
  • https://idsync.frontend.weborama.fr/ids?key=zeotap&value=f0830e63-3c13-4bc2-5bbe-276457c3e442&url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fwebouuid%3D%7BWEBO_CID%7D%26env%3DmWeb%26zpartnerid%3D431%26...
  • https://mwzeom.zeotap.com/mw?webouuid=eFY5CKnrQDDz8Rftw4B3Pe&env=mWeb&zpartnerid=431&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f0830e63-3c13-4bc2-5bbe-276457c3e442&reqId=9f19c3ca-11c3-4f...
95 B
153 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mwzeom.zeotap.com/mw?webouuid=eFY5CKnrQDDz8Rftw4B3Pe&env=mWeb&zpartnerid=431&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f0830e63-3c13-4bc2-5bbe-276457c3e442&reqId=9f19c3ca-11c3-4fb2-628c-957e8f7d28fa&zdid=1361
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
H2
Server
2606:4700:10::6816:1957 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:06 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin
content-type
image/png
access-control-allow-origin
https://spl.zeotap.com
access-control-allow-credentials
true
cf-ray
6aaff1943ec27138-YUL
access-control-allow-headers
*
content-length
95

Redirect headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:06 GMT
via
1.1 google
last-modified
Mon, 08 Nov 2021 15:48:06 GMT
server
nginx/1.12.0
location
https://mwzeom.zeotap.com/mw?webouuid=eFY5CKnrQDDz8Rftw4B3Pe&env=mWeb&zpartnerid=431&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f0830e63-3c13-4bc2-5bbe-276457c3e442&reqId=9f19c3ca-11c3-4fb2-628c-957e8f7d28fa&zdid=1361
p3p
CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin
*
cache-control
no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
alt-svc
clear
content-length
0
expires
Tue, 03 Jul 2001 06:00:00 GMT
mw
mwzeom.zeotap.com/ Frame 0A6C
Redirect Chain
  • https://sync.smartadserver.com/getuid?gdpr=0&gdpr_consent=&url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D[sas_uid]%26zpartnerid%3D592%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%...
  • https://sync.smartadserver.com/getuid?gdpr=0&gdpr_consent=&url=https://mwzeom.zeotap.com/mw?cid=[sas_uid]&zpartnerid=592&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f0830e63-3c13-4bc2-5bbe...
  • https://mwzeom.zeotap.com/mw?cid=4432653193161462965
95 B
153 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mwzeom.zeotap.com/mw?cid=4432653193161462965
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
H2
Server
2606:4700:10::6816:1957 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:06 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin
content-type
image/png
access-control-allow-origin
https://spl.zeotap.com
access-control-allow-credentials
true
cf-ray
6aaff19539277138-YUL
access-control-allow-headers
*
content-length
95

Redirect headers

location
https://mwzeom.zeotap.com/mw?cid=4432653193161462965
pragma
no-cache
date
Mon, 08 Nov 2021 15:48:05 GMT
cache-control
no-cache,no-store
content-length
0
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
mw
mwzeom.zeotap.com/ Frame 0A6C
Redirect Chain
  • https://bcp.crwdcntrl.net/map/c=13620/tp=ZEOT/tpid=f0830e63-3c13-4bc2-5bbe-276457c3e442?https://mwzeom.zeotap.com/mw?pid=${profile_id}&zpartnerid=637&env=mWeb&env=mWeb&eventType=map&gdpr=1&gdpr_con...
  • https://bcp.crwdcntrl.net/map/ct=y/c=13620/tp=ZEOT/tpid=f0830e63-3c13-4bc2-5bbe-276457c3e442?https://mwzeom.zeotap.com/mw?pid=${profile_id}&zpartnerid=637&env=mWeb&env=mWeb&eventType=map&gdpr=1&gdp...
  • https://mwzeom.zeotap.com/mw?pid=5570d12073d005d655e3b9671c26cbf9&zpartnerid=637&env=mWeb&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f0830e63-3c13-4bc2-5bbe-276457c3e442&reqId=9f19c3ca-11...
95 B
153 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mwzeom.zeotap.com/mw?pid=5570d12073d005d655e3b9671c26cbf9&zpartnerid=637&env=mWeb&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f0830e63-3c13-4bc2-5bbe-276457c3e442&reqId=9f19c3ca-11c3-4fb2-628c-957e8f7d28fa&zdid=1361
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
H2
Server
2606:4700:10::6816:1957 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:06 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin
content-type
image/png
access-control-allow-origin
https://spl.zeotap.com
access-control-allow-credentials
true
cf-ray
6aaff193ee3e7138-YUL
access-control-allow-headers
*
content-length
95

Redirect headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:06 GMT
server
Jetty(9.4.38.v20210224)
p3p
CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
location
https://mwzeom.zeotap.com/mw?pid=5570d12073d005d655e3b9671c26cbf9&zpartnerid=637&env=mWeb&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f0830e63-3c13-4bc2-5bbe-276457c3e442&reqId=9f19c3ca-11c3-4fb2-628c-957e8f7d28fa&zdid=1361
cache-control
no-cache
x-server
10.40.2.139
content-length
0
expires
0
mw
mwzeom.zeotap.com/ Frame 0A6C
Redirect Chain
  • https://cms.analytics.yahoo.com/cms?partner_id=ZTAP
  • https://mwzeom.zeotap.com/mw?cid=y-IAky0axE2oppILIJGskF1MvbGAq1jFysuw--~A&zpartnerid=570&env=mWeb
95 B
153 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mwzeom.zeotap.com/mw?cid=y-IAky0axE2oppILIJGskF1MvbGAq1jFysuw--~A&zpartnerid=570&env=mWeb
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
H2
Server
2606:4700:10::6816:1957 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:06 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin
content-type
image/png
access-control-allow-origin
https://spl.zeotap.com
access-control-allow-credentials
true
cf-ray
6aaff1934d537138-YUL
access-control-allow-headers
*
content-length
95

Redirect headers

date
Mon, 08 Nov 2021 15:48:06 GMT
referrer-policy
strict-origin-when-cross-origin
server
ATS
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options
DENY
content-type
text/html;charset=utf-8
location
https://mwzeom.zeotap.com/mw?cid=y-IAky0axE2oppILIJGskF1MvbGAq1jFysuw--~A&zpartnerid=570&env=mWeb
x-xss-protection
1; mode=block
strict-transport-security
max-age=31536000
content-length
0
x-content-type-options
nosniff
mw
mwzeom.zeotap.com/ Frame 0A6C
Redirect Chain
  • https://aa.agkn.com/adscores/g.pixel?sid=9212299398&zctry=CAN&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f0830e63-3c13-4bc2-5bbe-276457c3e442&reqId=9f19c3ca-11c3-4fb2-628c-957e8f7d28fa&zd...
  • https://mwzeom.zeotap.com/mw?zpartnerid=660&env=mWeb&zctry=CAN&zdid=1361&cid=qI%2FVFV8XFInIz8qYprCvcT2aRuXp9skD%2BS41iYitP1U%3D
95 B
153 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mwzeom.zeotap.com/mw?zpartnerid=660&env=mWeb&zctry=CAN&zdid=1361&cid=qI%2FVFV8XFInIz8qYprCvcT2aRuXp9skD%2BS41iYitP1U%3D
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
H2
Server
2606:4700:10::6816:1957 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:06 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin
content-type
image/png
access-control-allow-origin
https://spl.zeotap.com
access-control-allow-credentials
true
cf-ray
6aaff193de2b7138-YUL
access-control-allow-headers
*
content-length
95

Redirect headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:03 GMT
Server
AAWebServer
Access-Control-Allow-Origin
*
Access-Control-Allow-Methods
GET, POST, OPTIONS
P3P
policyref="https://www.agkn.com/p3p/p3p.xml",CP="NOI NID"
Location
https://mwzeom.zeotap.com/mw?zpartnerid=660&env=mWeb&zctry=CAN&zdid=1361&cid=qI%2FVFV8XFInIz8qYprCvcT2aRuXp9skD%2BS41iYitP1U%3D
Cache-Control
no-cache, no-store, must-revalidate
Connection
close
Access-Control-Allow-Headers
accept, cache-control, origin, x-requested-with, x-file-name, content-type
Expires
0
mw
mwzeom.zeotap.com/ Frame 0A6C
Redirect Chain
  • https://odr.mookie1.com/t/v2?tagid=V2_746632&src.visitorId=f0830e63-3c13-4bc2-5bbe-276457c3e442&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f0830e63-3c13-4bc2-5bbe-276457c3e442&reqId=9f19c...
  • https://mwzeom.zeotap.com/mw?zpartnerid=993&env=mWeb&cid=10600910574261568507&zdid=1361&reqId=9f19c3ca-11c3-4fb2-628c-957e8f7d28fa&w_k=${w_k}&user_zi=${user_zi}&optin=${optin}&uc=${uc}&z_p=${z_p}&g...
95 B
152 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mwzeom.zeotap.com/mw?zpartnerid=993&env=mWeb&cid=10600910574261568507&zdid=1361&reqId=9f19c3ca-11c3-4fb2-628c-957e8f7d28fa&w_k=${w_k}&user_zi=${user_zi}&optin=${optin}&uc=${uc}&z_p=${z_p}&gdpr=1&gdpr_consent=
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
H2
Server
2606:4700:10::6816:1957 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:06 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin
content-type
image/png
access-control-allow-origin
https://spl.zeotap.com
access-control-allow-credentials
true
cf-ray
6aaff19539257138-YUL
access-control-allow-headers
*
content-length
95

Redirect headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:06 GMT
via
1.1 google
server
Apache
p3p
CP="NON DSP COR NID CURa PSAa PSDa OUR STP UNI COM NAV STA LOC OTC",policyref="/w3c/p3p.xml"
location
https://mwzeom.zeotap.com/mw?zpartnerid=993&env=mWeb&cid=10600910574261568507&zdid=1361&reqId=9f19c3ca-11c3-4fb2-628c-957e8f7d28fa&w_k=${w_k}&user_zi=${user_zi}&optin=${optin}&uc=${uc}&z_p=${z_p}&gdpr=1&gdpr_consent=
cache-control
no-cache, no-store, must-revalidate
alt-svc
clear
content-length
0
x-application-context
application
expires
Thu, 01 Jan 1970 00:00:00 GMT
usermatch.gif
beacon.krxd.net/ Frame 0A6C 		0
338 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://beacon.krxd.net/usermatch.gif?partner=zeotap&partner_uid=141838&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f0830e63-3c13-4bc2-5bbe-276457c3e442&reqId=9f19c3ca-11c3-4fb2-628c-957e8f7d28fa&zdid=1361
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.156.89.184 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-156-89-184.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:06 GMT
cache-control
private, no-cache, no-store
x-request-time
D=40 t=1636386486
x-served-by
beacon-n020-ash-prod.krxd.net
p3p
policyref="https://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
mw
mwzeom.zeotap.com/ Frame 0A6C
Redirect Chain
  • https://sync-tm.everesttech.net/upi/pid/cQZGoH6Q?redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D876%26env%3DmWeb%26cid%3D${TM_USER_ID}%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_co...
  • https://mwzeom.zeotap.com/mw?zpartnerid=876&env=mWeb&cid=YYlGtQADCzBZAQAz&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f0830e63-3c13-4bc2-5bbe-276457c3e442&reqId=9f19c3ca-11c3-4fb2-628c-957...
95 B
153 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mwzeom.zeotap.com/mw?zpartnerid=876&env=mWeb&cid=YYlGtQADCzBZAQAz&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f0830e63-3c13-4bc2-5bbe-276457c3e442&reqId=9f19c3ca-11c3-4fb2-628c-957e8f7d28fa&zdid=1361
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
H2
Server
2606:4700:10::6816:1957 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:06 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin
content-type
image/png
access-control-allow-origin
https://spl.zeotap.com
access-control-allow-credentials
true
cf-ray
6aaff1925bcb7138-YUL
access-control-allow-headers
*
content-length
95

Redirect headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:06 GMT
via
1.1 varnish
server
Jetty(9.4.35.v20201120)
x-timer
S1636386486.064396,VS0,VE16
x-served-by
cache-yul12822-YUL
x-cache
MISS
p3p
CP="NOI DSP COR LAW PSAo PSDo IVAo IVDo OUR BUS UNI DEM"
location
https://mwzeom.zeotap.com/mw?zpartnerid=876&env=mWeb&cid=YYlGtQADCzBZAQAz&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f0830e63-3c13-4bc2-5bbe-276457c3e442&reqId=9f19c3ca-11c3-4fb2-628c-957e8f7d28fa&zdid=1361
cache-control
no-cache
accept-ranges
bytes
access-control-allow-origin
*
content-length
0
x-cache-hits
0
usermatch.gif
beacon.krxd.net/ Frame 0A6C
Redirect Chain
  • https://usermatch.krxd.net/um/v2?partner=zeotap&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f0830e63-3c13-4bc2-5bbe-276457c3e442&reqId=9f19c3ca-11c3-4fb2-628c-957e8f7d28fa&zdid=1361
  • https://beacon.krxd.net/usermatch.gif?kuid_status=new&partner=zeotap&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f0830e63-3c13-4bc2-5bbe-276457c3e442&reqId=9f19c3ca-11c3-4fb2-628c-957e8f7d...
0
337 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://beacon.krxd.net/usermatch.gif?kuid_status=new&partner=zeotap&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f0830e63-3c13-4bc2-5bbe-276457c3e442&reqId=9f19c3ca-11c3-4fb2-628c-957e8f7d28fa&zdid=1361
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
H2
Server
54.156.89.184 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-156-89-184.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:06 GMT
cache-control
private, no-cache, no-store
x-request-time
D=39 t=1636386486
x-served-by
beacon-n024-ash-prod.krxd.net
p3p
policyref="https://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

location
https://beacon.krxd.net/usermatch.gif?kuid_status=new&partner=zeotap&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f0830e63-3c13-4bc2-5bbe-276457c3e442&reqId=9f19c3ca-11c3-4fb2-628c-957e8f7d28fa&zdid=1361
date
Mon, 08 Nov 2021 15:48:06 GMT
x-cache-hits
0
x-age
0
content-length
0
x-cache
MISS
x-served-by
usermatch-a007-ash-prod.krxd.net
dcm
s.amazon-adsystem.com/ Frame 0A6C
Redirect Chain
  • https://s.amazon-adsystem.com/dcm?pid=39af290e-e48a-466a-ba7d-77872fa636b5&id=f0830e63-3c13-4bc2-5bbe-276457c3e442&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f0830e63-3c13-4bc2-5bbe-27645...
  • https://s.amazon-adsystem.com/dcm?pid=39af290e-e48a-466a-ba7d-77872fa636b5&id=f0830e63-3c13-4bc2-5bbe-276457c3e442&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f0830e63-3c13-4bc2-5bbe-27645...
43 B
645 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.amazon-adsystem.com/dcm?pid=39af290e-e48a-466a-ba7d-77872fa636b5&id=f0830e63-3c13-4bc2-5bbe-276457c3e442&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f0830e63-3c13-4bc2-5bbe-276457c3e442&reqId=9f19c3ca-11c3-4fb2-628c-957e8f7d28fa&zdid=1361&dcc=t
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
HTTP/1.1
Server
209.54.176.128 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:06 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
E6G8EPFBS0T7P0276RW1
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy
interest-cohort=()
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:06 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
SFE2965KWCWHRX475PHR
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location
https://s.amazon-adsystem.com/dcm?pid=39af290e-e48a-466a-ba7d-77872fa636b5&id=f0830e63-3c13-4bc2-5bbe-276457c3e442&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f0830e63-3c13-4bc2-5bbe-276457c3e442&reqId=9f19c3ca-11c3-4fb2-628c-957e8f7d28fa&zdid=1361&dcc=t
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy
interest-cohort=()
Connection
keep-alive
Content-Length
0
Expires
Thu, 01 Jan 1970 00:00:00 GMT
87734
tags.bluekai.com/site/ Frame 0A6C 		62 B
425 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tags.bluekai.com/site/87734?id=f0830e63-3c13-4bc2-5bbe-276457c3e442&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D1202%26env%3DmWeb%26cid%3D%24_BK_UUID%26BK_SWAP_DEST%3D87734&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f0830e63-3c13-4bc2-5bbe-276457c3e442&reqId=9f19c3ca-11c3-4fb2-628c-957e8f7d28fa&zdid=1361
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
184.50.205.90 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-50-205-90.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
0af3aae90b7de9fdceee2ab421378ea2f54c74be81ef43fc6c1790a032755d80

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:06 GMT
P3P
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
62
BK-Server
f0de
Expires
Thu, 01 Dec 1994 16:00:00 GMT
cookie.js
partner.googleadservices.com/gampad/ Frame 8146 		208 B
265 B 		Script
General
Check archive.org
Download Go to
Full URL
https://partner.googleadservices.com/gampad/cookie.js?domain=securityaffairs.co&callback=_gfp_s_&client=ca-pub-1575911585432548
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202111020101/show_ads_impl_fy2019.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.251.40.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s39-in-f2.1e100.net
Software
cafe /
Resource Hash
ed5c5a4affb432c9174fe5445d3b783fc031d87256abdf39fa0a795e79473096
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:06 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type
text/javascript; charset=UTF-8
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
196
x-xss-protection
0
integrator.js
adservice.google.ca/adsid/ Frame 8146 		107 B
165 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.ca/adsid/integrator.js?domain=securityaffairs.co
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202111020101/show_ads_impl_fy2019.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80c::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

timing-allow-origin
*
date
Mon, 08 Nov 2021 15:48:06 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ Frame 8146 		107 B
165 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=securityaffairs.co
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202111020101/show_ads_impl_fy2019.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80c::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

timing-allow-origin
*
date
Mon, 08 Nov 2021 15:48:06 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
ads
googleads.g.doubleclick.net/pagead/ Frame B1D3 		15 KB
9 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=90&slotname=Internal_728x90_0.10&adk=1194620937&adf=1480696129&pi=t.ma~as.Internal_728x90_0.10&w=728&lmt=1636386485&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F112825%2Fmalware%2Fgolang-based-worm-windows-linux.html&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1636386485752&bpp=6&bdt=145&idt=196&shv=r20211103&mjsv=m202111020101&ptt=5&saldr=sa&correlator=6653099393600&frm=21&ife=1&pv=1&ga_vid=826445048.1636386485&ga_sid=1636386486&ga_hid=1670877418&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=320&ady=518&biw=1600&bih=1200&isw=728&ish=90&ifk=1904614804&scr_x=0&scr_y=0&eid=31062938&oid=2&pvsid=1757560233294358&pem=843&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.xa1tfz6tg05z&fsb=1&xpc=jgpFHxDAe2&p=https%3A//securityaffairs.co&dtd=211
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202111020101/show_ads_impl_fy2019.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.65.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s71-in-f2.1e100.net
Software
cafe /
Resource Hash
8342d6c5eab6536f636e116038d85861574fa98a3e0367836796af227d83021e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://securityaffairs.co/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
br
date
Mon, 08 Nov 2021 15:48:06 GMT
server
cafe
content-length
9064
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires
Mon, 08 Nov 2021 15:48:06 GMT
cache-control
private
setuid
sync.quantumdex.io/ Frame EFCC
Redirect Chain
  • https://ib.adnxs.com/getuid?https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Danswermedia%26uid%3D%24UID
  • https://sync.quantumdex.io/setuid?bidder=answermedia&uid=6624566760367890375
43 B
129 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.quantumdex.io/setuid?bidder=answermedia&uid=6624566760367890375
Requested by
Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/e-planning
Protocol
H2
Server
2606:4700:10::6816:397e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://sync.quantumdex.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:06 GMT
cf-cache-status
DYNAMIC
server
cloudflare
cf-ray
6aaff191fe2aecf2-YUL
content-length
43
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-type
image/gif

Redirect headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:05 GMT
X-Proxy-Origin
37.120.205.149; 37.120.205.149; 803.bm-nginx-loadbalancer.mgmt.nym2; adnxs.com
AN-X-Request-Uuid
c9a7ef43-ae48-41a6-b822-502fed67ab38
Server
nginx/1.17.9
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://sync.quantumdex.io/setuid?bidder=answermedia&uid=6624566760367890375
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
setuid
sync.quantumdex.io/ Frame EFCC
Redirect Chain
  • https://id5-sync.com/i/495/0.gif?callback=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dinmobi%26uid%3D%7BID5UID%7D
  • https://sync.quantumdex.io/setuid?bidder=inmobi&uid=ID5-ZHMOgpMYU4Sy97VUWlx8FiFMQ8P0lOmI-7p-N1WlPw
43 B
95 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.quantumdex.io/setuid?bidder=inmobi&uid=ID5-ZHMOgpMYU4Sy97VUWlx8FiFMQ8P0lOmI-7p-N1WlPw
Requested by
Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/e-planning
Protocol
H2
Server
2606:4700:10::6816:397e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://sync.quantumdex.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:06 GMT
cf-cache-status
DYNAMIC
server
cloudflare
cf-ray
6aaff1925edeecf2-YUL
content-length
43
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-type
image/gif

Redirect headers

Location
https://sync.quantumdex.io/setuid?bidder=inmobi&uid=ID5-ZHMOgpMYU4Sy97VUWlx8FiFMQ8P0lOmI-7p-N1WlPw
Date
Mon, 08 Nov 2021 15:47:59 GMT
Transfer-Encoding
chunked
Strict-Transport-Security
max-age=63072000; includeSubDomains; preload
P3P
CP="CAO PSA OUR"
setuid
sync.quantumdex.io/ Frame EFCC
Redirect Chain
  • https://sync.go.sonobi.com/us?loc=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dsonobi%26uid%3D%5BUID%5D
  • https://sync.quantumdex.io/setuid?bidder=sonobi&uid=f3bb0ca7-bd05-4942-8f6c-d6a9657e2b3f
43 B
95 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.quantumdex.io/setuid?bidder=sonobi&uid=f3bb0ca7-bd05-4942-8f6c-d6a9657e2b3f
Requested by
Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/e-planning
Protocol
H2
Server
2606:4700:10::6816:397e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://sync.quantumdex.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:06 GMT
cf-cache-status
DYNAMIC
server
cloudflare
cf-ray
6aaff192af64ecf2-YUL
content-length
43
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-type
image/gif

Redirect headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:06 GMT
Server
sonobi-go
Vary
negotiate,Accept-Encoding
X-Go-Server
go-iad-2-5-36
P3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Location
https://sync.quantumdex.io/setuid?bidder=sonobi&uid=f3bb0ca7-bd05-4942-8f6c-d6a9657e2b3f
Cache-Control
no-cache, no-store, private
Tcn
Choice
Content-Type
text/plain; charset=utf8
Content-Length
0
X-Xss-Protection
0
Expires
Sat, 26 Jul 1997 05:00:00 GMT
setuid
sync.quantumdex.io/ Frame EFCC
Redirect Chain
  • https://ib.adnxs.com/getuid?https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dappnexus%26uid%3D%24UID
  • https://sync.quantumdex.io/setuid?bidder=appnexus&uid=6624566760367890375
43 B
95 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.quantumdex.io/setuid?bidder=appnexus&uid=6624566760367890375
Requested by
Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/e-planning
Protocol
H2
Server
2606:4700:10::6816:397e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://sync.quantumdex.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:06 GMT
cf-cache-status
DYNAMIC
server
cloudflare
cf-ray
6aaff1925ee2ecf2-YUL
content-length
43
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-type
image/gif

Redirect headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:06 GMT
X-Proxy-Origin
37.120.205.149; 37.120.205.149; 803.bm-nginx-loadbalancer.mgmt.nym2; adnxs.com
AN-X-Request-Uuid
c51346cf-dcff-40f1-b708-7c4d2ce6bb81
Server
nginx/1.17.9
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://sync.quantumdex.io/setuid?bidder=appnexus&uid=6624566760367890375
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
setuid
sync.quantumdex.io/ Frame EFCC
Redirect Chain
  • https://ups.analytics.yahoo.com/ups/58424/occ
  • https://sync.quantumdex.io/setuid?bidder=verizon-display&uid=y-DWGe3ZRE2uE9W5WwSA1PSFfWghO6_q_I9VNM3fQ-~A
43 B
95 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.quantumdex.io/setuid?bidder=verizon-display&uid=y-DWGe3ZRE2uE9W5WwSA1PSFfWghO6_q_I9VNM3fQ-~A
Requested by
Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/e-planning
Protocol
H2
Server
2606:4700:10::6816:397e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://sync.quantumdex.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:06 GMT
cf-cache-status
DYNAMIC
server
cloudflare
cf-ray
6aaff1925ee5ecf2-YUL
content-length
43
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-type
image/gif

Redirect headers

location
https://sync.quantumdex.io/setuid?bidder=verizon-display&uid=y-DWGe3ZRE2uE9W5WwSA1PSFfWghO6_q_I9VNM3fQ-~A
date
Mon, 08 Nov 2021 15:48:06 GMT
server
ATS/9.1.0.33
age
0
content-length
0
strict-transport-security
max-age=31536000
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
setuid
sync.quantumdex.io/ Frame EFCC
Redirect Chain
  • https://match.sharethrough.com/FGMrCMMc/v1?redirectUri=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dsharethrough%26uid%3D%24UID
  • https://sync.quantumdex.io/setuid?bidder=sharethrough&uid=76c2086f-ea18-48df-9400-9341ac1d465a
43 B
95 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.quantumdex.io/setuid?bidder=sharethrough&uid=76c2086f-ea18-48df-9400-9341ac1d465a
Requested by
Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/e-planning
Protocol
H2
Server
2606:4700:10::6816:397e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://sync.quantumdex.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:06 GMT
cf-cache-status
DYNAMIC
server
cloudflare
cf-ray
6aaff193682cecf2-YUL
content-length
43
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-type
image/gif

Redirect headers

location
https://sync.quantumdex.io/setuid?bidder=sharethrough&uid=76c2086f-ea18-48df-9400-9341ac1d465a
date
Mon, 08 Nov 2021 15:48:06 GMT
content-length
0
RX-af56c6db-498f-42fc-9369-e44a2dbc1924-005
sync.targeting.unrulymedia.com/csync/ Frame EFCC
Redirect Chain
  • https://sync.1rx.io/usersync2/rmphb?redir=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dunruly%26uid%3D%5BRX_UUID%5D
  • https://x.bidswitch.net/sync?ssp=adconductor&user_id=RX-af56c6db-498f-42fc-9369-e44a2dbc1924-005&rndcb=5676723411
  • https://a.sportradarserving.com/sync?ssp=bidswitch&bidswitch_ssp_id=adconductor
  • https://a.sportradarserving.com/ul_cb/sync?ssp=bidswitch&bidswitch_ssp_id=adconductor
  • https://x.bidswitch.net/sync?dsp_id=409&expires=14&user_group=1&user_id=969ab515-771e-4a36-b33b-f48fc2378c18&ssp=adconductor
  • https://sync.1rx.io/usersync/bidswitch/85c87065-7ef7-4b17-88e8-8c602c265f67?gdpr=&gdpr_consent=
  • https://sync.targeting.unrulymedia.com/csync/RX-af56c6db-498f-42fc-9369-e44a2dbc1924-005
43 B
452 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.targeting.unrulymedia.com/csync/RX-af56c6db-498f-42fc-9369-e44a2dbc1924-005
Requested by
Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/e-planning
Protocol
HTTP/1.1
Server
199.127.204.142 , United States, ASN26120 (RHYTHMONE, US),
Reverse DNS
Software
Tengine /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://sync.quantumdex.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date
Mon, 08 Nov 2021 15:48:06 GMT
Server
Tengine
Connection
keep-alive
Content-Length
43
P3P
CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"

Redirect headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:06 GMT
Server
Tengine
Transfer-Encoding
chunked
Content-Type
text/html
Location
https://sync.targeting.unrulymedia.com/csync/RX-af56c6db-498f-42fc-9369-e44a2dbc1924-005
Cache-Control
no-store, no-cache, must-revalidate
Connection
keep-alive
Expires
0
um
sync.e-planning.net/ Frame EFCC 		42 B
103 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.e-planning.net/um?dc=bcf310d1654d268f&iss=1&uid=f49e2eb1-acb5-45cd-a25f-decf871b58bb
Requested by
Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/e-planning
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
172.98.26.125 , United States, ASN399668 (E-PLANNING-, US),
Reverse DNS
ads.us.e-planning.net
Software
openresty /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://sync.quantumdex.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:06 GMT
server
openresty
content-type
image/gif
cookie.js
partner.googleadservices.com/gampad/ Frame 142B 		208 B
267 B 		Script
General
Check archive.org
Download Go to
Full URL
https://partner.googleadservices.com/gampad/cookie.js?domain=securityaffairs.co&callback=_gfp_s_&client=ca-pub-1575911585432548
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202111020101/show_ads_impl_fy2019.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.251.40.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s39-in-f2.1e100.net
Software
cafe /
Resource Hash
df41d46868d9ca6723baad61f0697f65a4fc61728e0958aa7af1d1706a2eb7d0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:06 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type
text/javascript; charset=UTF-8
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
198
x-xss-protection
0
integrator.js
adservice.google.ca/adsid/ Frame 142B 		107 B
165 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.ca/adsid/integrator.js?domain=securityaffairs.co
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202111020101/show_ads_impl_fy2019.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80c::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

timing-allow-origin
*
date
Mon, 08 Nov 2021 15:48:06 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ Frame 142B 		107 B
165 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=securityaffairs.co
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202111020101/show_ads_impl_fy2019.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80c::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

timing-allow-origin
*
date
Mon, 08 Nov 2021 15:48:06 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
ads
googleads.g.doubleclick.net/pagead/ Frame F442 		15 KB
9 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=250&slotname=Internal_300x250_0.10&adk=1639670682&adf=1480696128&pi=t.ma~as.Internal_300x250_0._&w=300&lmt=1636386485&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F112825%2Fmalware%2Fgolang-based-worm-windows-linux.html&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1636386485746&bpp=5&bdt=180&idt=229&shv=r20211103&mjsv=m202111020101&ptt=5&saldr=sa&correlator=6653099393600&frm=21&ife=1&pv=1&ga_vid=826445048.1636386485&ga_sid=1636386486&ga_hid=1444845079&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=320&ady=2972&biw=1600&bih=1200&isw=300&ish=250&ifk=612157785&scr_x=0&scr_y=0&eid=31063374%2C31062930&oid=2&pvsid=530218145386761&pem=843&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C250&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.huopeqk60154&btvi=1&fsb=1&xpc=yFCYGbik1C&p=https%3A//securityaffairs.co&dtd=244
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202111020101/show_ads_impl_fy2019.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.65.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s71-in-f2.1e100.net
Software
cafe /
Resource Hash
27c842a9dec0bf406cce5758064484e738a6d85f6ee9de9cbe8ffd73abe987ec
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://securityaffairs.co/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
br
date
Mon, 08 Nov 2021 15:48:06 GMT
server
cafe
content-length
9136
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires
Mon, 08 Nov 2021 15:48:06 GMT
cache-control
private
tap.php
pixel.rubiconproject.com/ Frame B8BF
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm&google_sc
  • https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEPJsK0Yy7IOT86qirEHvsU8&google_cver=1
42 B
701 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEPJsK0Yy7IOT86qirEHvsU8&google_cver=1
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?&p=eplanning_east&endpoint=us-east
Protocol
HTTP/1.1
Server
69.173.151.100 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-length
42
X-RPHost
d5a7ef20801cf5cb1ee516b6110e672f
Content-Type
image/gif

Redirect headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:06 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEPJsK0Yy7IOT86qirEHvsU8&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
326
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
tap.php
pixel.rubiconproject.com/ Frame B8BF
Redirect Chain
  • https://sync.mathtag.com/sync/img?mt_exid=9&redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D4222%26nid%3D1512%26put%3D%5BMM_UUID%5D
  • https://pixel.rubiconproject.com/tap.php?v=4222&nid=1512&put=47ba6189-46b6-4f00-a922-0724bc220c16&expires=28
42 B
701 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.rubiconproject.com/tap.php?v=4222&nid=1512&put=47ba6189-46b6-4f00-a922-0724bc220c16&expires=28
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?&p=eplanning_east&endpoint=us-east
Protocol
HTTP/1.1
Server
69.173.151.100 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-length
42
X-RPHost
20e8391fc78a9019eb67dba4b22f0ac2
Content-Type
image/gif

Redirect headers

Date
Mon, 08 Nov 2021 15:48:06 GMT
Server
MT3 4067 88cc6bf master iad-pixel-x32 config:1.0.0
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location
https://pixel.rubiconproject.com/tap.php?v=4222&nid=1512&put=47ba6189-46b6-4f00-a922-0724bc220c16&expires=28
Cache-Control
no-cache
Connection
keep-alive
Content-Type
image/gif
Keep-Alive
timeout=360
Content-Length
0
Expires
Mon, 08 Nov 2021 15:48:05 GMT
709414.gif
id.rlcdn.com/ Frame B8BF 		42 B
297 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://id.rlcdn.com/709414.gif
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?&p=eplanning_east&endpoint=us-east
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.190.60.146 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
146.60.190.35.bc.googleusercontent.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

timing-allow-origin
*
date
Mon, 08 Nov 2021 15:48:06 GMT
via
1.1 google
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
cache-control
no-cache, no-store
content-type
image/gif
alt-svc
clear
content-length
42
tap.php
pixel.rubiconproject.com/ Frame B8BF
Redirect Chain
  • https://sync-tm.everesttech.net/upi/pid/btu4jd3a?redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D191940%26nid%3D3778%26put%3D%24%7BUSER_ID%7D
  • https://pixel.rubiconproject.com/tap.php?v=191940&nid=3778&put=YYlGtQADCzBZAQAz
42 B
701 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.rubiconproject.com/tap.php?v=191940&nid=3778&put=YYlGtQADCzBZAQAz
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?&p=eplanning_east&endpoint=us-east
Protocol
HTTP/1.1
Server
69.173.151.100 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-length
42
X-RPHost
0190a17a18f2299b1b85aeb1793e601c
Content-Type
image/gif

Redirect headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:06 GMT
via
1.1 varnish
server
Varnish
x-timer
S1636386486.087226,VS0,VE0
x-served-by
cache-yul12822-YUL
x-cache
HIT
location
https://pixel.rubiconproject.com/tap.php?v=191940&nid=3778&put=YYlGtQADCzBZAQAz
cache-control
no-cache
accept-ranges
bytes
content-length
0
retry-after
0
x-cache-hits
0
pixel
cm.g.doubleclick.net/ Frame B8BF
Redirect Chain
  • https://token.rubiconproject.com/token?pid=2249&pt=n
  • https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=OTI5Yjk0NWMyYWU4ZWM5ZWIxOGQyMzE1ZDIzMTc5MDM4MTYwMDY3NQ
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=OTI5Yjk0NWMyYWU4ZWM5ZWIxOGQyMzE1ZDIzMTc5MDM4MTYwMDY3NQ
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?&p=eplanning_east&endpoint=us-east
Protocol
H3
Server
142.250.65.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s71-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:06 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location
https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=OTI5Yjk0NWMyYWU4ZWM5ZWIxOGQyMzE1ZDIzMTc5MDM4MTYwMDY3NQ
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
83041abbe8494cb29eff3083edd6dff6
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
tap.php
pixel.rubiconproject.com/ Frame B8BF
Redirect Chain
  • https://match.adsrvr.org/track/cmf/rubicon
  • https://pixel.rubiconproject.com/tap.php?v=8981&nid=2307&put=bef21cd7-0fed-4f87-bc0f-da97b65f7cb9&gdpr=0&gdpr_consent=&expires=30
42 B
701 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.rubiconproject.com/tap.php?v=8981&nid=2307&put=bef21cd7-0fed-4f87-bc0f-da97b65f7cb9&gdpr=0&gdpr_consent=&expires=30
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?&p=eplanning_east&endpoint=us-east
Protocol
HTTP/1.1
Server
69.173.151.100 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-length
42
X-RPHost
29af2665c43893332e84c235bac366c1
Content-Type
image/gif

Redirect headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:06 GMT
x-aspnet-version
4.0.30319
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location
https://pixel.rubiconproject.com/tap.php?v=8981&nid=2307&put=bef21cd7-0fed-4f87-bc0f-da97b65f7cb9&gdpr=0&gdpr_consent=&expires=30
cache-control
private,no-cache, must-revalidate
content-type
text/html
content-length
289
pixel
cm.g.doubleclick.net/ Frame B8BF
Redirect Chain
  • https://token.rubiconproject.com/token?pid=25470
  • https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1ZRVTlIMDMtMVAtNUQzMA==
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1ZRVTlIMDMtMVAtNUQzMA==
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?&p=eplanning_east&endpoint=us-east
Protocol
H3
Server
142.250.65.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s71-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:06 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1ZRVTlIMDMtMVAtNUQzMA==
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
9a0c641c0479142b55591fdf2031b15f
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
tap.php
pixel.rubiconproject.com/ Frame B8BF
Redirect Chain
  • https://token.rubiconproject.com/token?pid=2974&pt=n&a=1
  • https://pr-bh.ybp.yahoo.com/sync/rubicon/alUxRz8jO92aCBpkGKrz_8n5EUdSAgOZEtemQ7w0kco?csrc=
  • https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=8029805308033783727
42 B
701 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=8029805308033783727
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?&p=eplanning_east&endpoint=us-east
Protocol
HTTP/1.1
Server
69.173.151.100 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-length
42
X-RPHost
d5a7ef20801cf5cb1ee516b6110e672f
Content-Type
image/gif

Redirect headers

date
Mon, 08 Nov 2021 15:48:06 GMT
referrer-policy
strict-origin-when-cross-origin
server
ATS
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security
max-age=31536000
location
https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=8029805308033783727
x-xss-protection
1; mode=block
content-length
0
x-content-type-options
nosniff
/
onetag-sys.com/usync/ Frame 2200 		2 KB
814 B 		Document
General
Check archive.org
Download Go to
Full URL
https://onetag-sys.com/usync/?pubId=2bb78272a859ca6
Requested by
Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/e-planning
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
51.222.239.232 , Canada, ASN16276 (OVH, FR),
Reverse DNS
ip232.ip-51-222-239.net
Software
/
Resource Hash
37a31642af0a7fe695ed0fd68a06a55af44e854d083dc7f5d0e70535f0189ae0
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://sync.quantumdex.io/

Response headers

content-type
text/html
cache-control
no-transform, no-cache
content-encoding
gzip
content-length
731
strict-transport-security
max-age=15552000
usermatch
ssum-sec.casalemedia.com/ Frame 8720 		2 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ssum-sec.casalemedia.com/usermatch?s=192922&cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D
Requested by
Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/e-planning
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
184.29.129.7 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-29-129-7.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
08fd21c59272d298f44aaf30d0acc7c84b7980d9c8a8a31bb5890ac3ffa0aa23

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://sync.quantumdex.io/

Response headers

Server
Apache
Content-Type
text/html
Dropped-Udsids
73|130|88|3|195|39|230|90
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Vary
Is-Traffic-Usersync
Content-Length
1702
Expires
Mon, 08 Nov 2021 15:48:06 GMT
Cache-Control
max-age=0, no-cache, no-store
Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:06 GMT
Connection
keep-alive
uc.html
sync.go.sonobi.com/ Frame 4A76 		1 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://sync.go.sonobi.com/uc.html?pubid=4d443a3ea2
Requested by
Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/e-planning
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
69.166.1.10 , United States, ASN27630 (AS-XFERNET, US),
Reverse DNS
Software
sonobi-go /
Resource Hash
b983dba3f0ca5cbf132672901a5787f5a65adae20679813c11b1ce61a033282a
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://sync.quantumdex.io/

Response headers

Date
Mon, 08 Nov 2021 15:48:06 GMT
Content-Type
text/html
Content-Length
688
Expires
Sat, 26 Jul 1997 05:00:00 GMT
Cache-Control
no-cache, no-store, private
P3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Pragma
no-cache
Tcn
Choice
Vary
negotiate,Accept-Encoding
X-Go-Server
go-iad-2-5-36
X-Xss-Protection
0
Content-Encoding
gzip
Server
sonobi-go
dcm
s.amazon-adsystem.com/ Frame 725F
Redirect Chain
  • https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=YYlGtSCPhl8A5ZZDXjjRgQAAAd8AAAAB
  • https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=YYlGtSCPhl8A5ZZDXjjRgQAAAd8AAAAB&dcc=t
43 B
932 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=YYlGtSCPhl8A5ZZDXjjRgQAAAd8AAAAB&dcc=t
Requested by
Host: ssum.casalemedia.com
URL: https://ssum.casalemedia.com/usermatch?cb=https%3A%2F%2Fu-iad04.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3Da925008edff725ea%26uid%3D&s=190243&C=1
Protocol
HTTP/1.1
Server
209.54.176.128 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ssum.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:06 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
2Z9FFPHT78SZBYH8K4F5
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy
interest-cohort=()
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:06 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
9PVXMH9YJNHWRSX5NZPB
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=YYlGtSCPhl8A5ZZDXjjRgQAAAd8AAAAB&dcc=t
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy
interest-cohort=()
Connection
keep-alive
Content-Length
0
Expires
Thu, 01 Jan 1970 00:00:00 GMT
usermatchredir
ssum-sec.casalemedia.com/ Frame 725F
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=YYlGtSCPhl8A5ZZDXjjRgQAAAd8AAAAB&gdpr_consent=&us_privacy=&gdpr=
  • https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=&google_gid=CAESEH1sWt7_lsPxoCDM9lkRKYs&google_cver=1
43 B
315 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=&google_gid=CAESEH1sWt7_lsPxoCDM9lkRKYs&google_cver=1
Requested by
Host: ssum.casalemedia.com
URL: https://ssum.casalemedia.com/usermatch?cb=https%3A%2F%2Fu-iad04.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3Da925008edff725ea%26uid%3D&s=190243&C=1
Protocol
HTTP/1.1
Server
184.29.129.7 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-29-129-7.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ssum.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:06 GMT
Server
Apache
Vary
Is-Traffic-Usersync
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Length
43
Expires
Mon, 08 Nov 2021 15:48:06 GMT

Redirect headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:06 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=&google_gid=CAESEH1sWt7_lsPxoCDM9lkRKYs&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
342
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
crum
dsum-sec.casalemedia.com/ Frame 725F
Redirect Chain
  • https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=YYlGtSCPhl8A5ZZDXjjRgQAA
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEGK4bIgoKd_9lNiADEr1I_s&google_cver=1
43 B
1017 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEGK4bIgoKd_9lNiADEr1I_s&google_cver=1
Requested by
Host: ssum.casalemedia.com
URL: https://ssum.casalemedia.com/usermatch?cb=https%3A%2F%2Fu-iad04.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3Da925008edff725ea%26uid%3D&s=190243&C=1
Protocol
HTTP/1.1
Server
184.29.129.7 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-29-129-7.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ssum.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:06 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Mon, 08 Nov 2021 15:48:06 GMT

Redirect headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:06 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEGK4bIgoKd_9lNiADEr1I_s&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
314
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
rum
dsum-sec.casalemedia.com/ Frame 725F
Redirect Chain
  • https://match.adsrvr.org/track/cmf/casale
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=39&external_user_id=bef21cd7-0fed-4f87-bc0f-da97b65f7cb9&expiration=1638978486&gdpr=0&gdpr_consent=
43 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=39&external_user_id=bef21cd7-0fed-4f87-bc0f-da97b65f7cb9&expiration=1638978486&gdpr=0&gdpr_consent=
Requested by
Host: ssum.casalemedia.com
URL: https://ssum.casalemedia.com/usermatch?cb=https%3A%2F%2Fu-iad04.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3Da925008edff725ea%26uid%3D&s=190243&C=1
Protocol
HTTP/1.1
Server
184.29.129.7 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-29-129-7.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ssum.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:06 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Mon, 08 Nov 2021 15:48:06 GMT

Redirect headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:06 GMT
x-aspnet-version
4.0.30319
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=39&external_user_id=bef21cd7-0fed-4f87-bc0f-da97b65f7cb9&expiration=1638978486&gdpr=0&gdpr_consent=
cache-control
private,no-cache, must-revalidate
content-type
text/html
content-length
323
ix
ad4m.at/ad/sim/ Frame 725F 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ad4m.at/ad/sim/ix
Requested by
Host: ssum.casalemedia.com
URL: https://ssum.casalemedia.com/usermatch?cb=https%3A%2F%2Fu-iad04.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3Da925008edff725ea%26uid%3D&s=190243&C=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ssum.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers
crum
dsum-sec.casalemedia.com/ Frame 725F
Redirect Chain
  • https://p.rfihub.com/cm?in=1&pub=2079
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=57&external_user_id=978758875032371846
43 B
989 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=57&external_user_id=978758875032371846
Requested by
Host: ssum.casalemedia.com
URL: https://ssum.casalemedia.com/usermatch?cb=https%3A%2F%2Fu-iad04.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3Da925008edff725ea%26uid%3D&s=190243&C=1
Protocol
HTTP/1.1
Server
184.29.129.7 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-29-129-7.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ssum.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:06 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Mon, 08 Nov 2021 15:48:06 GMT

Redirect headers

Location
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=57&external_user_id=978758875032371846
Date
Mon, 08 Nov 2021 15:48:06 GMT
Server
Jetty(9.3.29.v20201019)
Content-Length
0
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
crum
dsum-sec.casalemedia.com/ Frame 725F
Redirect Chain
  • https://secure.adnxs.com/getuid?https://dsum-sec.casalemedia.com/crum?cm_dsp_id=46&external_user_id=$UID
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=46&external_user_id=6624566760367890375
43 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=46&external_user_id=6624566760367890375
Requested by
Host: ssum.casalemedia.com
URL: https://ssum.casalemedia.com/usermatch?cb=https%3A%2F%2Fu-iad04.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3Da925008edff725ea%26uid%3D&s=190243&C=1
Protocol
HTTP/1.1
Server
184.29.129.7 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-29-129-7.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ssum.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:06 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Mon, 08 Nov 2021 15:48:06 GMT

Redirect headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:06 GMT
X-Proxy-Origin
37.120.205.149; 37.120.205.149; 550.bm-nginx-loadbalancer.mgmt.nym2; adnxs.com
AN-X-Request-Uuid
bea277f5-5d2c-4ab1-a9be-f06766526988
Server
nginx/1.17.9
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=46&external_user_id=6624566760367890375
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
crum
dsum-sec.casalemedia.com/ Frame 725F
Redirect Chain
  • https://beacon.lynx.cognitivlabs.com/ix.gif
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=8&external_user_id=d94a373b-c211-44ba-8717-a80e29e0f3e1&expiration=1667922486
43 B
1007 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=8&external_user_id=d94a373b-c211-44ba-8717-a80e29e0f3e1&expiration=1667922486
Requested by
Host: ssum.casalemedia.com
URL: https://ssum.casalemedia.com/usermatch?cb=https%3A%2F%2Fu-iad04.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3Da925008edff725ea%26uid%3D&s=190243&C=1
Protocol
HTTP/1.1
Server
184.29.129.7 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-29-129-7.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ssum.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:06 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Mon, 08 Nov 2021 15:48:06 GMT

Redirect headers

location
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=8&external_user_id=d94a373b-c211-44ba-8717-a80e29e0f3e1&expiration=1667922486
date
Mon, 08 Nov 2021 15:48:06 GMT
server
Kestrel
content-length
0
um
u-iad04.e-planning.net/ Frame 725F 		42 B
103 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://u-iad04.e-planning.net/um?dc=99e41df815fd80b4&fi=a925008edff725ea&uid=YYlGtSCPhl8A5ZZDXjjRgQAA%26479
Requested by
Host: ssum.casalemedia.com
URL: https://ssum.casalemedia.com/usermatch?cb=https%3A%2F%2Fu-iad04.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3Da925008edff725ea%26uid%3D&s=190243&C=1
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
172.98.26.126 , United States, ASN399668 (E-PLANNING-, US),
Reverse DNS
ads.us.e-planning.net
Software
openresty /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ssum.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:06 GMT
server
openresty
content-type
image/gif
/
rt.idx.lat/idx/ Frame A012 		889 B
1 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://rt.idx.lat/idx/
Requested by
Host: resources-rt.idx.lat
URL: https://resources-rt.idx.lat/T2.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.200.50.237 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-200-50-237.compute-1.amazonaws.com
Software
awselb/2.0 /
Resource Hash
ac7ba3f3eea997ca4adc017561e5aafcf777f40605907a375f5ec7da78ab8f12

Request headers

Referer
https://ads.us.e-planning.net/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type
application/json

Response headers

date
Mon, 08 Nov 2021 15:48:06 GMT
server
awselb/2.0
access-control-allow-methods
OPTIONS,POST
content-type
application/json
access-control-allow-origin
https://ads.us.e-planning.net
access-control-allow-credentials
true
access-control-allow-headers
content-type
content-length
889
/
rt.idx.lat/idx/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://rt.idx.lat/idx/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.200.50.237 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-200-50-237.compute-1.amazonaws.com
Software
awselb/2.0 /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Method
POST
Access-Control-Request-Headers
content-type
Origin
https://ads.us.e-planning.net
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

server
awselb/2.0
date
Mon, 08 Nov 2021 15:48:06 GMT
content-type
application/json
content-length
0
access-control-allow-origin
https://ads.us.e-planning.net
access-control-allow-methods
OPTIONS,POST
access-control-allow-headers
content-type
access-control-allow-credentials
true
sync
app.retargetly.com/ Frame 1D3B
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=retargetly_ddp&google_hm=MGEyZTI4ODgtNzczZC00YWZkLWJmMWItNGM2ZTljMjEwNDJj&google_cm
  • https://app.retargetly.com/sync?pid=11&google_gid=CAESEKgazWiIrb2mZb9McGEYrBU&google_cver=1
68 B
558 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://app.retargetly.com/sync?pid=11&google_gid=CAESEKgazWiIrb2mZb9McGEYrBU&google_cver=1
Requested by
Host: api.retargetly.com
URL: https://api.retargetly.com/api?id=1473&src=0&url=https%3A%2F%2Fsecurityaffairs.co%2F&browserUrl=https%3A%2F%2Fads.us.e-planning.net%2Fuspd%2F1%2F%3Fct%3D1%26du%3Dhttps%253A%252F%252Fprebidserver.pixfuture.com%253A8000%252Fsetuid%253Fbidder%253Deplanning%2526gdpr%253D%2526gdpr_consent%253D%2526f%253Db%2526uid%253D%2524UID&ref=https%3A%2F%2Fads.us.e-planning.net%2Fuspd%2F1%2F%3Fct%3D1%26du%3Dhttps%253A%252F%252Fprebidserver.pixfuture.com%253A8000%252Fsetuid%253Fbidder%253Deplanning%2526gdpr%253D%2526gdpr_consent%253D%2526f%253Db%2526uid%253D%2524UID&utmz=&n=&md=&mk=&il=1&limit_drop=&userid=0a2e2888-773d-4afd-bf1b-4c6e9c21042c&idx=&_rlid=0a2e2888-773d-4afd-bf1b-4c6e9c21042c
Protocol
H2
Server
2606:4700:10::6816:118d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4443eccbe460b086b56483fdbfdaafca2c11c369a796a56c097997b15c160660

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://api.retargetly.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:06 GMT
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
cf-ray
6aaff1936f06ecea-YUL
p3p
policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA
cache-control
no-cache
content-type
image/png
expires
0

Redirect headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:06 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://app.retargetly.com/sync?pid=11&google_gid=CAESEKgazWiIrb2mZb9McGEYrBU&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
296
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
js
pixel.mathtag.com/sync/ Frame 1D3B 		1 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pixel.mathtag.com/sync/js?mt_lim=12&sync=auto&exsync=https%3A%2F%2Fapp.retargetly.com%2Fsync%3Fsid%3D%5BMM_UUID%5D%26pid%3D10
Requested by
Host: api.retargetly.com
URL: https://api.retargetly.com/api?id=1473&src=0&url=https%3A%2F%2Fsecurityaffairs.co%2F&browserUrl=https%3A%2F%2Fads.us.e-planning.net%2Fuspd%2F1%2F%3Fct%3D1%26du%3Dhttps%253A%252F%252Fprebidserver.pixfuture.com%253A8000%252Fsetuid%253Fbidder%253Deplanning%2526gdpr%253D%2526gdpr_consent%253D%2526f%253Db%2526uid%253D%2524UID&ref=https%3A%2F%2Fads.us.e-planning.net%2Fuspd%2F1%2F%3Fct%3D1%26du%3Dhttps%253A%252F%252Fprebidserver.pixfuture.com%253A8000%252Fsetuid%253Fbidder%253Deplanning%2526gdpr%253D%2526gdpr_consent%253D%2526f%253Db%2526uid%253D%2524UID&utmz=&n=&md=&mk=&il=1&limit_drop=&userid=0a2e2888-773d-4afd-bf1b-4c6e9c21042c&idx=&_rlid=0a2e2888-773d-4afd-bf1b-4c6e9c21042c
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.41.168.211 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-41-168-211.deploy.static.akamaitechnologies.com
Software
MT3 4067 88cc6bf master ord-pixel-x55 config:1.0.0 /
Resource Hash
77a6bfa0c74c0f4276af80d9d46d20e13b07b09ea18166289e014c08588fc952

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://api.retargetly.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date
Mon, 08 Nov 2021 15:48:06 GMT
Server
MT3 4067 88cc6bf master ord-pixel-x55 config:1.0.0
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control
no-cache
Connection
keep-alive
Content-Type
text/javascript
Content-Length
1486
Expires
Mon, 08 Nov 2021 15:48:05 GMT
receive
pixel.tapad.com/idsync/ex/ Frame 1D3B
Redirect Chain
  • https://pixel.tapad.com/idsync/ex/receive?partner_id=3012&partner_device_id=0a2e2888-773d-4afd-bf1b-4c6e9c21042c&_rand=1636386486033
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=tapad&ttd_tpi=1&ttd_puid=aec29ca0-3c0f-4554-9025-2ee595f559f2%252C&gdpr=0&gdpr_consent=
  • https://pixel.tapad.com/idsync/ex/receive?partner_id=1830&partner_device_id=bef21cd7-0fed-4f87-bc0f-da97b65f7cb9&ttd_puid=aec29ca0-3c0f-4554-9025-2ee595f559f2%2C
95 B
430 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.tapad.com/idsync/ex/receive?partner_id=1830&partner_device_id=bef21cd7-0fed-4f87-bc0f-da97b65f7cb9&ttd_puid=aec29ca0-3c0f-4554-9025-2ee595f559f2%2C
Requested by
Host: api.retargetly.com
URL: https://api.retargetly.com/api?id=1473&src=0&url=https%3A%2F%2Fsecurityaffairs.co%2F&browserUrl=https%3A%2F%2Fads.us.e-planning.net%2Fuspd%2F1%2F%3Fct%3D1%26du%3Dhttps%253A%252F%252Fprebidserver.pixfuture.com%253A8000%252Fsetuid%253Fbidder%253Deplanning%2526gdpr%253D%2526gdpr_consent%253D%2526f%253Db%2526uid%253D%2524UID&ref=https%3A%2F%2Fads.us.e-planning.net%2Fuspd%2F1%2F%3Fct%3D1%26du%3Dhttps%253A%252F%252Fprebidserver.pixfuture.com%253A8000%252Fsetuid%253Fbidder%253Deplanning%2526gdpr%253D%2526gdpr_consent%253D%2526f%253Db%2526uid%253D%2524UID&utmz=&n=&md=&mk=&il=1&limit_drop=&userid=0a2e2888-773d-4afd-bf1b-4c6e9c21042c&idx=&_rlid=0a2e2888-773d-4afd-bf1b-4c6e9c21042c
Protocol
H2
Server
107.178.246.49 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
49.246.178.107.bc.googleusercontent.com
Software
/
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://api.retargetly.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:06 GMT
via
1.1 google
content-type
image/png
alt-svc
clear
content-length
95
strict-transport-security
max-age=31536000
p3p
policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"

Redirect headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:06 GMT
x-aspnet-version
4.0.30319
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location
https://pixel.tapad.com/idsync/ex/receive?partner_id=1830&partner_device_id=bef21cd7-0fed-4f87-bc0f-da97b65f7cb9&ttd_puid=aec29ca0-3c0f-4554-9025-2ee595f559f2%2C
cache-control
private,no-cache, must-revalidate
content-type
text/html
content-length
353
sync
app.retargetly.com/ Frame 1D3B
Redirect Chain
  • https://tags.bluekai.com/site/28347?limit=0&id=0a2e2888-773d-4afd-bf1b-4c6e9c21042c&redir=https%3A%2F%2Fapp.retargetly.com%2Fsync%3Fsid%3D%24_BK_UUID%26pid%3D9
  • https://app.retargetly.com/sync?sid=FaFD%2F999999Bv%2FkC&pid=9
68 B
531 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://app.retargetly.com/sync?sid=FaFD%2F999999Bv%2FkC&pid=9
Requested by
Host: api.retargetly.com
URL: https://api.retargetly.com/api?id=1473&src=0&url=https%3A%2F%2Fsecurityaffairs.co%2F&browserUrl=https%3A%2F%2Fads.us.e-planning.net%2Fuspd%2F1%2F%3Fct%3D1%26du%3Dhttps%253A%252F%252Fprebidserver.pixfuture.com%253A8000%252Fsetuid%253Fbidder%253Deplanning%2526gdpr%253D%2526gdpr_consent%253D%2526f%253Db%2526uid%253D%2524UID&ref=https%3A%2F%2Fads.us.e-planning.net%2Fuspd%2F1%2F%3Fct%3D1%26du%3Dhttps%253A%252F%252Fprebidserver.pixfuture.com%253A8000%252Fsetuid%253Fbidder%253Deplanning%2526gdpr%253D%2526gdpr_consent%253D%2526f%253Db%2526uid%253D%2524UID&utmz=&n=&md=&mk=&il=1&limit_drop=&userid=0a2e2888-773d-4afd-bf1b-4c6e9c21042c&idx=&_rlid=0a2e2888-773d-4afd-bf1b-4c6e9c21042c
Protocol
H2
Server
2606:4700:10::6816:118d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4443eccbe460b086b56483fdbfdaafca2c11c369a796a56c097997b15c160660

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://api.retargetly.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:06 GMT
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
cf-ray
6aaff1949850ecea-YUL
p3p
policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA
cache-control
no-cache
content-type
image/png
expires
0

Redirect headers

Location
https://app.retargetly.com/sync?sid=FaFD%2F999999Bv%2FkC&pid=9
Date
Mon, 08 Nov 2021 15:48:06 GMT
Connection
keep-alive
Content-Length
0
BK-Server
769b
P3P
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
sync
api.retargetly.com/ Frame 1D3B
Redirect Chain
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=83i98y4&ttd_tpi=1
  • https://api.retargetly.com/sync?pid=13&sid=bef21cd7-0fed-4f87-bc0f-da97b65f7cb9
68 B
484 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://api.retargetly.com/sync?pid=13&sid=bef21cd7-0fed-4f87-bc0f-da97b65f7cb9
Requested by
Host: api.retargetly.com
URL: https://api.retargetly.com/api?id=1473&src=0&url=https%3A%2F%2Fsecurityaffairs.co%2F&browserUrl=https%3A%2F%2Fads.us.e-planning.net%2Fuspd%2F1%2F%3Fct%3D1%26du%3Dhttps%253A%252F%252Fprebidserver.pixfuture.com%253A8000%252Fsetuid%253Fbidder%253Deplanning%2526gdpr%253D%2526gdpr_consent%253D%2526f%253Db%2526uid%253D%2524UID&ref=https%3A%2F%2Fads.us.e-planning.net%2Fuspd%2F1%2F%3Fct%3D1%26du%3Dhttps%253A%252F%252Fprebidserver.pixfuture.com%253A8000%252Fsetuid%253Fbidder%253Deplanning%2526gdpr%253D%2526gdpr_consent%253D%2526f%253Db%2526uid%253D%2524UID&utmz=&n=&md=&mk=&il=1&limit_drop=&userid=0a2e2888-773d-4afd-bf1b-4c6e9c21042c&idx=&_rlid=0a2e2888-773d-4afd-bf1b-4c6e9c21042c
Protocol
H2
Server
2606:4700:10::6816:118d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4443eccbe460b086b56483fdbfdaafca2c11c369a796a56c097997b15c160660

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://api.retargetly.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:06 GMT
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
cf-ray
6aaff1934ee3ecea-YUL
p3p
policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA
cache-control
no-cache
content-type
image/png
expires
0

Redirect headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:06 GMT
x-aspnet-version
4.0.30319
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location
https://api.retargetly.com/sync?pid=13&sid=bef21cd7-0fed-4f87-bc0f-da97b65f7cb9
cache-control
private,no-cache, must-revalidate
content-type
text/html
content-length
189
sync
app.retargetly.com/ Frame 1D3B
Redirect Chain
  • https://pixel-sync.sitescout.com/connectors/retargetly/usersync?redir=https%3A%2F%2Fapp.retargetly.com%2Fsync%3Fsid%3D%7BuserId%7D%26pid%3D23
  • https://app.retargetly.com/sync?sid=c5a8c34f-a2af-431f-bc5a-09806d7b694f-618946b5-4341&pid=23
68 B
692 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://app.retargetly.com/sync?sid=c5a8c34f-a2af-431f-bc5a-09806d7b694f-618946b5-4341&pid=23
Requested by
Host: api.retargetly.com
URL: https://api.retargetly.com/api?id=1473&src=0&url=https%3A%2F%2Fsecurityaffairs.co%2F&browserUrl=https%3A%2F%2Fads.us.e-planning.net%2Fuspd%2F1%2F%3Fct%3D1%26du%3Dhttps%253A%252F%252Fprebidserver.pixfuture.com%253A8000%252Fsetuid%253Fbidder%253Deplanning%2526gdpr%253D%2526gdpr_consent%253D%2526f%253Db%2526uid%253D%2524UID&ref=https%3A%2F%2Fads.us.e-planning.net%2Fuspd%2F1%2F%3Fct%3D1%26du%3Dhttps%253A%252F%252Fprebidserver.pixfuture.com%253A8000%252Fsetuid%253Fbidder%253Deplanning%2526gdpr%253D%2526gdpr_consent%253D%2526f%253Db%2526uid%253D%2524UID&utmz=&n=&md=&mk=&il=1&limit_drop=&userid=0a2e2888-773d-4afd-bf1b-4c6e9c21042c&idx=&_rlid=0a2e2888-773d-4afd-bf1b-4c6e9c21042c
Protocol
H2
Server
2606:4700:10::6816:118d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4443eccbe460b086b56483fdbfdaafca2c11c369a796a56c097997b15c160660

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://api.retargetly.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:06 GMT
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
cf-ray
6aaff193efa4ecea-YUL
p3p
policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA
cache-control
no-cache
content-type
image/png
expires
0

Redirect headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:05 GMT
server
AC1.1
p3p
CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
location
https://app.retargetly.com/sync?sid=c5a8c34f-a2af-431f-bc5a-09806d7b694f-618946b5-4341&pid=23
cache-control
max-age=0,no-cache,no-store
content-length
0
expires
Tue, 11 Oct 1977 12:34:56 GMT
sync
app.retargetly.com/ Frame 1D3B
Redirect Chain
  • https://cms.analytics.yahoo.com/cms?partner_id=RTGLY
  • https://app.retargetly.com/sync?pid=22&sid=y-XkdWwu9E2oJh_i0Gm78c9IFaYeXUGvQ9OUU-~A
68 B
430 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://app.retargetly.com/sync?pid=22&sid=y-XkdWwu9E2oJh_i0Gm78c9IFaYeXUGvQ9OUU-~A
Requested by
Host: api.retargetly.com
URL: https://api.retargetly.com/api?id=1473&src=0&url=https%3A%2F%2Fsecurityaffairs.co%2F&browserUrl=https%3A%2F%2Fads.us.e-planning.net%2Fuspd%2F1%2F%3Fct%3D1%26du%3Dhttps%253A%252F%252Fprebidserver.pixfuture.com%253A8000%252Fsetuid%253Fbidder%253Deplanning%2526gdpr%253D%2526gdpr_consent%253D%2526f%253Db%2526uid%253D%2524UID&ref=https%3A%2F%2Fads.us.e-planning.net%2Fuspd%2F1%2F%3Fct%3D1%26du%3Dhttps%253A%252F%252Fprebidserver.pixfuture.com%253A8000%252Fsetuid%253Fbidder%253Deplanning%2526gdpr%253D%2526gdpr_consent%253D%2526f%253Db%2526uid%253D%2524UID&utmz=&n=&md=&mk=&il=1&limit_drop=&userid=0a2e2888-773d-4afd-bf1b-4c6e9c21042c&idx=&_rlid=0a2e2888-773d-4afd-bf1b-4c6e9c21042c
Protocol
H2
Server
2606:4700:10::6816:118d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4443eccbe460b086b56483fdbfdaafca2c11c369a796a56c097997b15c160660

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://api.retargetly.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:06 GMT
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
cf-ray
6aaff1936f10ecea-YUL
p3p
policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA
cache-control
no-cache
content-type
image/png
expires
0

Redirect headers

date
Mon, 08 Nov 2021 15:48:06 GMT
referrer-policy
strict-origin-when-cross-origin
server
ATS
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options
DENY
content-type
text/html;charset=utf-8
location
https://app.retargetly.com/sync?pid=22&sid=y-XkdWwu9E2oJh_i0Gm78c9IFaYeXUGvQ9OUU-~A
x-xss-protection
1; mode=block
strict-transport-security
max-age=31536000
content-length
0
x-content-type-options
nosniff
sync
app.retargetly.com/ Frame 1D3B
Redirect Chain
  • https://secure.adnxs.com/getuid?https://app.retargetly.com/sync?sid=$UID&pid=2
  • https://app.retargetly.com/sync?sid=6624566760367890375&pid=2
68 B
516 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://app.retargetly.com/sync?sid=6624566760367890375&pid=2
Requested by
Host: api.retargetly.com
URL: https://api.retargetly.com/api?id=1473&src=0&url=https%3A%2F%2Fsecurityaffairs.co%2F&browserUrl=https%3A%2F%2Fads.us.e-planning.net%2Fuspd%2F1%2F%3Fct%3D1%26du%3Dhttps%253A%252F%252Fprebidserver.pixfuture.com%253A8000%252Fsetuid%253Fbidder%253Deplanning%2526gdpr%253D%2526gdpr_consent%253D%2526f%253Db%2526uid%253D%2524UID&ref=https%3A%2F%2Fads.us.e-planning.net%2Fuspd%2F1%2F%3Fct%3D1%26du%3Dhttps%253A%252F%252Fprebidserver.pixfuture.com%253A8000%252Fsetuid%253Fbidder%253Deplanning%2526gdpr%253D%2526gdpr_consent%253D%2526f%253Db%2526uid%253D%2524UID&utmz=&n=&md=&mk=&il=1&limit_drop=&userid=0a2e2888-773d-4afd-bf1b-4c6e9c21042c&idx=&_rlid=0a2e2888-773d-4afd-bf1b-4c6e9c21042c
Protocol
H2
Server
2606:4700:10::6816:118d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4443eccbe460b086b56483fdbfdaafca2c11c369a796a56c097997b15c160660

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://api.retargetly.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:06 GMT
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
cf-ray
6aaff1936f0aecea-YUL
p3p
policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA
cache-control
no-cache
content-type
image/png
expires
0

Redirect headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:06 GMT
X-Proxy-Origin
37.120.205.149; 37.120.205.149; 550.bm-nginx-loadbalancer.mgmt.nym2; adnxs.com
AN-X-Request-Uuid
f72c83e9-dd5f-4b0f-97fe-e1fa3763a485
Server
nginx/1.17.9
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://app.retargetly.com/sync?sid=6624566760367890375&pid=2
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
sync
app.retargetly.com/ Frame 1D3B
Redirect Chain
  • https://trc.taboola.com/sg/retargetly/1/cm
  • https://app.retargetly.com/sync?pid=39&sid=8fd59bcc-d66b-43c7-9a7e-bd761d6b0394-tuct882cc35
68 B
456 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://app.retargetly.com/sync?pid=39&sid=8fd59bcc-d66b-43c7-9a7e-bd761d6b0394-tuct882cc35
Requested by
Host: api.retargetly.com
URL: https://api.retargetly.com/api?id=1473&src=0&url=https%3A%2F%2Fsecurityaffairs.co%2F&browserUrl=https%3A%2F%2Fads.us.e-planning.net%2Fuspd%2F1%2F%3Fct%3D1%26du%3Dhttps%253A%252F%252Fprebidserver.pixfuture.com%253A8000%252Fsetuid%253Fbidder%253Deplanning%2526gdpr%253D%2526gdpr_consent%253D%2526f%253Db%2526uid%253D%2524UID&ref=https%3A%2F%2Fads.us.e-planning.net%2Fuspd%2F1%2F%3Fct%3D1%26du%3Dhttps%253A%252F%252Fprebidserver.pixfuture.com%253A8000%252Fsetuid%253Fbidder%253Deplanning%2526gdpr%253D%2526gdpr_consent%253D%2526f%253Db%2526uid%253D%2524UID&utmz=&n=&md=&mk=&il=1&limit_drop=&userid=0a2e2888-773d-4afd-bf1b-4c6e9c21042c&idx=&_rlid=0a2e2888-773d-4afd-bf1b-4c6e9c21042c
Protocol
H2
Server
2606:4700:10::6816:118d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4443eccbe460b086b56483fdbfdaafca2c11c369a796a56c097997b15c160660

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://api.retargetly.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:06 GMT
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
cf-ray
6aaff1936f0eecea-YUL
p3p
policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA
cache-control
no-cache
content-type
image/png
expires
0

Redirect headers

x-vcl-time-ms
12
date
Mon, 08 Nov 2021 15:48:06 GMT
via
1.1 varnish
server
nginx
x-timer
S1636386486.238722,VS0,VE12
x-cache
MISS
location
https://app.retargetly.com/sync?pid=39&sid=8fd59bcc-d66b-43c7-9a7e-bd761d6b0394-tuct882cc35
x-cache-hits
0
accept-ranges
bytes
content-length
0
x-served-by
cache-yul12825-YUL
sync
app.retargetly.com/ Frame 1D3B
Redirect Chain
  • https://image6.pubmatic.com/AdServer/UCookieSetPug?rd=https%3a%2f%2fapp.retargetly.com%2fsync%3fpid%3d14%26sid%3d%23PM_USER_ID
  • https://app.retargetly.com/sync?pid=14&sid=909D4247-195C-4A1C-B725-510C1A2C19E4
68 B
416 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://app.retargetly.com/sync?pid=14&sid=909D4247-195C-4A1C-B725-510C1A2C19E4
Requested by
Host: api.retargetly.com
URL: https://api.retargetly.com/api?id=1473&src=0&url=https%3A%2F%2Fsecurityaffairs.co%2F&browserUrl=https%3A%2F%2Fads.us.e-planning.net%2Fuspd%2F1%2F%3Fct%3D1%26du%3Dhttps%253A%252F%252Fprebidserver.pixfuture.com%253A8000%252Fsetuid%253Fbidder%253Deplanning%2526gdpr%253D%2526gdpr_consent%253D%2526f%253Db%2526uid%253D%2524UID&ref=https%3A%2F%2Fads.us.e-planning.net%2Fuspd%2F1%2F%3Fct%3D1%26du%3Dhttps%253A%252F%252Fprebidserver.pixfuture.com%253A8000%252Fsetuid%253Fbidder%253Deplanning%2526gdpr%253D%2526gdpr_consent%253D%2526f%253Db%2526uid%253D%2524UID&utmz=&n=&md=&mk=&il=1&limit_drop=&userid=0a2e2888-773d-4afd-bf1b-4c6e9c21042c&idx=&_rlid=0a2e2888-773d-4afd-bf1b-4c6e9c21042c
Protocol
H2
Server
2606:4700:10::6816:118d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4443eccbe460b086b56483fdbfdaafca2c11c369a796a56c097997b15c160660

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://api.retargetly.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:06 GMT
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
cf-ray
6aaff1936f03ecea-YUL
p3p
policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA
cache-control
no-cache
content-type
image/png
expires
0

Redirect headers

location
https://app.retargetly.com/sync?pid=14&sid=909D4247-195C-4A1C-B725-510C1A2C19E4
date
Mon, 08 Nov 2021 15:48:06 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length
0
content-type
text/html; charset=UTF-8
sync
app.retargetly.com/ Frame 1D3B
Redirect Chain
  • https://sync.smartadserver.com/getuid?gdpr=0&url=https%3A%2F%2Fapp.retargetly.com%2Fsync%3Fsid%3D%5Bsas_uid%5D%26pid%3D63
  • https://sync.smartadserver.com/getuid?gdpr=0&url=https://app.retargetly.com/sync?sid=[sas_uid]&pid=63&cklb=1
  • https://app.retargetly.com/sync?sid=487468390229988596
68 B
124 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://app.retargetly.com/sync?sid=487468390229988596
Requested by
Host: api.retargetly.com
URL: https://api.retargetly.com/api?id=1473&src=0&url=https%3A%2F%2Fsecurityaffairs.co%2F&browserUrl=https%3A%2F%2Fads.us.e-planning.net%2Fuspd%2F1%2F%3Fct%3D1%26du%3Dhttps%253A%252F%252Fprebidserver.pixfuture.com%253A8000%252Fsetuid%253Fbidder%253Deplanning%2526gdpr%253D%2526gdpr_consent%253D%2526f%253Db%2526uid%253D%2524UID&ref=https%3A%2F%2Fads.us.e-planning.net%2Fuspd%2F1%2F%3Fct%3D1%26du%3Dhttps%253A%252F%252Fprebidserver.pixfuture.com%253A8000%252Fsetuid%253Fbidder%253Deplanning%2526gdpr%253D%2526gdpr_consent%253D%2526f%253Db%2526uid%253D%2524UID&utmz=&n=&md=&mk=&il=1&limit_drop=&userid=0a2e2888-773d-4afd-bf1b-4c6e9c21042c&idx=&_rlid=0a2e2888-773d-4afd-bf1b-4c6e9c21042c
Protocol
H2
Server
2606:4700:10::6816:118d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4443eccbe460b086b56483fdbfdaafca2c11c369a796a56c097997b15c160660

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://api.retargetly.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:06 GMT
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
cf-ray
6aaff195495decea-YUL
p3p
policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA
cache-control
no-cache
content-type
image/png
expires
0

Redirect headers

location
https://app.retargetly.com/sync?sid=487468390229988596
pragma
no-cache
date
Mon, 08 Nov 2021 15:48:05 GMT
cache-control
no-cache,no-store
content-length
0
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
sync
app.retargetly.com/ Frame 1D3B
Redirect Chain
  • https://sync.teads.tv/rt/sync?vid=0a2e2888-773d-4afd-bf1b-4c6e9c21042c&gdpr=0&us_privacy=%221-N-%22
  • https://app.retargetly.com/sync?pid=51&sid=0a2e2888-773d-4afd-bf1b-4c6e9c21042c
68 B
527 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://app.retargetly.com/sync?pid=51&sid=0a2e2888-773d-4afd-bf1b-4c6e9c21042c
Requested by
Host: api.retargetly.com
URL: https://api.retargetly.com/api?id=1473&src=0&url=https%3A%2F%2Fsecurityaffairs.co%2F&browserUrl=https%3A%2F%2Fads.us.e-planning.net%2Fuspd%2F1%2F%3Fct%3D1%26du%3Dhttps%253A%252F%252Fprebidserver.pixfuture.com%253A8000%252Fsetuid%253Fbidder%253Deplanning%2526gdpr%253D%2526gdpr_consent%253D%2526f%253Db%2526uid%253D%2524UID&ref=https%3A%2F%2Fads.us.e-planning.net%2Fuspd%2F1%2F%3Fct%3D1%26du%3Dhttps%253A%252F%252Fprebidserver.pixfuture.com%253A8000%252Fsetuid%253Fbidder%253Deplanning%2526gdpr%253D%2526gdpr_consent%253D%2526f%253Db%2526uid%253D%2524UID&utmz=&n=&md=&mk=&il=1&limit_drop=&userid=0a2e2888-773d-4afd-bf1b-4c6e9c21042c&idx=&_rlid=0a2e2888-773d-4afd-bf1b-4c6e9c21042c
Protocol
H2
Server
2606:4700:10::6816:118d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4443eccbe460b086b56483fdbfdaafca2c11c369a796a56c097997b15c160660

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://api.retargetly.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:06 GMT
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
cf-ray
6aaff1945810ecea-YUL
p3p
policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA
cache-control
no-cache
content-type
image/png
expires
0

Redirect headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:06 GMT
server
akka-http/10.2.6
content-type
text/html; charset=UTF-8
location
https://app.retargetly.com/sync?pid=51&sid=0a2e2888-773d-4afd-bf1b-4c6e9c21042c
cache-control
max-age=0, no-cache, no-store
content-length
152
expires
Mon, 08 Nov 2021 15:48:06 GMT
tpid=0a2e2888-773d-4afd-bf1b-4c6e9c21042c
bcp.crwdcntrl.net/map/ct=y/c=11530/tp=RTRG/ Frame 1D3B
Redirect Chain
  • https://bcp.crwdcntrl.net/map/c=11530/tp=RTRG/tpid=0a2e2888-773d-4afd-bf1b-4c6e9c21042c
  • https://bcp.crwdcntrl.net/map/ct=y/c=11530/tp=RTRG/tpid=0a2e2888-773d-4afd-bf1b-4c6e9c21042c
49 B
737 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bcp.crwdcntrl.net/map/ct=y/c=11530/tp=RTRG/tpid=0a2e2888-773d-4afd-bf1b-4c6e9c21042c
Requested by
Host: api.retargetly.com
URL: https://api.retargetly.com/api?id=1473&src=0&url=https%3A%2F%2Fsecurityaffairs.co%2F&browserUrl=https%3A%2F%2Fads.us.e-planning.net%2Fuspd%2F1%2F%3Fct%3D1%26du%3Dhttps%253A%252F%252Fprebidserver.pixfuture.com%253A8000%252Fsetuid%253Fbidder%253Deplanning%2526gdpr%253D%2526gdpr_consent%253D%2526f%253Db%2526uid%253D%2524UID&ref=https%3A%2F%2Fads.us.e-planning.net%2Fuspd%2F1%2F%3Fct%3D1%26du%3Dhttps%253A%252F%252Fprebidserver.pixfuture.com%253A8000%252Fsetuid%253Fbidder%253Deplanning%2526gdpr%253D%2526gdpr_consent%253D%2526f%253Db%2526uid%253D%2524UID&utmz=&n=&md=&mk=&il=1&limit_drop=&userid=0a2e2888-773d-4afd-bf1b-4c6e9c21042c&idx=&_rlid=0a2e2888-773d-4afd-bf1b-4c6e9c21042c
Protocol
H2
Server
18.233.246.214 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-18-233-246-214.compute-1.amazonaws.com
Software
Jetty(9.4.38.v20210224) /
Resource Hash
2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://api.retargetly.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:06 GMT
server
Jetty(9.4.38.v20210224)
p3p
CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin
*
cache-control
no-cache
x-server
10.40.36.225
content-type
image/gif
content-length
49
expires
0

Redirect headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:06 GMT
server
Jetty(9.4.38.v20210224)
p3p
CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
location
https://bcp.crwdcntrl.net/map/ct=y/c=11530/tp=RTRG/tpid=0a2e2888-773d-4afd-bf1b-4c6e9c21042c
cache-control
no-cache
x-server
10.40.2.32
content-length
0
expires
0
cm.os
ads01.groovinads.com/grv/track/ Frame 1D3B 		43 B
550 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ads01.groovinads.com/grv/track/cm.os?p=RT&u=0a2e2888-773d-4afd-bf1b-4c6e9c21042c
Requested by
Host: api.retargetly.com
URL: https://api.retargetly.com/api?id=1473&src=0&url=https%3A%2F%2Fsecurityaffairs.co%2F&browserUrl=https%3A%2F%2Fads.us.e-planning.net%2Fuspd%2F1%2F%3Fct%3D1%26du%3Dhttps%253A%252F%252Fprebidserver.pixfuture.com%253A8000%252Fsetuid%253Fbidder%253Deplanning%2526gdpr%253D%2526gdpr_consent%253D%2526f%253Db%2526uid%253D%2524UID&ref=https%3A%2F%2Fads.us.e-planning.net%2Fuspd%2F1%2F%3Fct%3D1%26du%3Dhttps%253A%252F%252Fprebidserver.pixfuture.com%253A8000%252Fsetuid%253Fbidder%253Deplanning%2526gdpr%253D%2526gdpr_consent%253D%2526f%253Db%2526uid%253D%2524UID&utmz=&n=&md=&mk=&il=1&limit_drop=&userid=0a2e2888-773d-4afd-bf1b-4c6e9c21042c&idx=&_rlid=0a2e2888-773d-4afd-bf1b-4c6e9c21042c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.67.23.236 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://api.retargetly.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:06 GMT
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
content-type
image/gif
cache-control
no-cache, must-revalidate
cf-ray
6aaff1941bcbe1c2-ORD
expires
0
YYlGtSCPhl8A5ZZDXjjRgQAAAd8AAAAB
pr-bh.ybp.yahoo.com/sync/casale/ Frame 8720 		43 B
876 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pr-bh.ybp.yahoo.com/sync/casale/YYlGtSCPhl8A5ZZDXjjRgQAAAd8AAAAB?gdpr_consent=&us_privacy=&gdpr=
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=192922&cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f18:4e9:5a01:90f9:19e1:7d5f:7568 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
ATS /
Resource Hash
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:06 GMT
referrer-policy
strict-origin-when-cross-origin
server
ATS
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security
max-age=31536000
content-type
image/gif
x-xss-protection
1; mode=block
content-length
43
x-content-type-options
nosniff
ie
match.prod.bidr.io/cookie-sync/ Frame 8720 		43 B
430 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.prod.bidr.io/cookie-sync/ie
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=192922&cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.20.77.98 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-20-77-98.compute-1.amazonaws.com
Software
nginx /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:06 GMT
Server
nginx
strict-transport-security
max-age=2592000; includeSubDomains
p3p
CP="This is not a P3P policy! See https://beeswax.com/privacy for more info."
cache-control
no-cache, must-revalidate
Connection
keep-alive
content-type
image/gif
Content-Length
43
expires
Fri, 01 Jan 1990 00:00:00 GMT
rum
dsum-sec.casalemedia.com/ Frame 8720
Redirect Chain
  • https://sync-tm.everesttech.net/upi/pid/ZMAwryCI?redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Frum%3Fcm_dsp_id%3D88%26external_user_id%3D%24%7BTM_USER_ID%7D
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=88&external_user_id=YYlGtQADCzBZAQAz
43 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=88&external_user_id=YYlGtQADCzBZAQAz
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=192922&cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D
Protocol
HTTP/1.1
Server
184.29.129.7 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-29-129-7.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:06 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Mon, 08 Nov 2021 15:48:06 GMT

Redirect headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:06 GMT
via
1.1 varnish
server
Varnish
x-timer
S1636386486.290536,VS0,VE0
x-served-by
cache-yul12822-YUL
x-cache
HIT
location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=88&external_user_id=YYlGtQADCzBZAQAz
cache-control
no-cache
accept-ranges
bytes
content-length
0
retry-after
0
x-cache-hits
0
crum
dsum-sec.casalemedia.com/ Frame 8720
Redirect Chain
  • https://sync.mathtag.com/sync/img?mt_exid=15&redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Fcrum%3Fcm_dsp_id%3D3%26external_user_id%3D%5BMM_UUID%5D
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=3&external_user_id=47ba6189-46b6-4f00-a922-0724bc220c16
43 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=3&external_user_id=47ba6189-46b6-4f00-a922-0724bc220c16
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=192922&cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D
Protocol
HTTP/1.1
Server
184.29.129.7 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-29-129-7.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:06 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Mon, 08 Nov 2021 15:48:06 GMT

Redirect headers

Date
Mon, 08 Nov 2021 15:48:06 GMT
Server
MT3 4067 88cc6bf master iad-pixel-x24 config:1.0.0
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=3&external_user_id=47ba6189-46b6-4f00-a922-0724bc220c16
Cache-Control
no-cache
Connection
keep-alive
Content-Type
image/gif
Keep-Alive
timeout=360
Content-Length
0
Expires
Mon, 08 Nov 2021 15:48:05 GMT
crum
dsum-sec.casalemedia.com/ Frame 8720
Redirect Chain
  • https://nep.advangelists.com/xp/user-sync?acctid=405&redirect=https%3A%2F%2Fdsum-sec.casalemedia.com%2Fcrum%3Fcm_dsp_id%3D195%26external_user_id%3D%7BPARTNER_VISITOR_ID%7D%0A
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=195&external_user_id=av-5f78dc28-2a7a-4add-ba0e-548e7a2d227f
43 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=195&external_user_id=av-5f78dc28-2a7a-4add-ba0e-548e7a2d227f
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=192922&cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D
Protocol
HTTP/1.1
Server
184.29.129.7 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-29-129-7.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:06 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Mon, 08 Nov 2021 15:48:06 GMT

Redirect headers

location
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=195&external_user_id=av-5f78dc28-2a7a-4add-ba0e-548e7a2d227f
date
Mon, 08 Nov 2021 15:48:06 GMT
server
Apache-Coyote/1.1
content-length
0
rum
dsum-sec.casalemedia.com/ Frame 8720
Redirect Chain
  • https://match.adsrvr.org/track/cmf/casale
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=39&external_user_id=bef21cd7-0fed-4f87-bc0f-da97b65f7cb9&expiration=1638978486&gdpr=0&gdpr_consent=
43 B
1007 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=39&external_user_id=bef21cd7-0fed-4f87-bc0f-da97b65f7cb9&expiration=1638978486&gdpr=0&gdpr_consent=
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=192922&cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D
Protocol
HTTP/1.1
Server
184.29.129.7 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-29-129-7.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:06 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Mon, 08 Nov 2021 15:48:06 GMT

Redirect headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:06 GMT
x-aspnet-version
4.0.30319
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=39&external_user_id=bef21cd7-0fed-4f87-bc0f-da97b65f7cb9&expiration=1638978486&gdpr=0&gdpr_consent=
cache-control
private,no-cache, must-revalidate
content-type
text/html
content-length
323
usermatchredir
ssum-sec.casalemedia.com/ Frame 8720
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=YYlGtSCPhl8A5ZZDXjjRgQAAAd8AAAAB&gdpr_consent=&us_privacy=&gdpr=
  • https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=&google_gid=CAESEH1sWt7_lsPxoCDM9lkRKYs&google_cver=1
43 B
315 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=&google_gid=CAESEH1sWt7_lsPxoCDM9lkRKYs&google_cver=1
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=192922&cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D
Protocol
HTTP/1.1
Server
184.29.129.7 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-29-129-7.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:06 GMT
Server
Apache
Vary
Is-Traffic-Usersync
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Length
43
Expires
Mon, 08 Nov 2021 15:48:06 GMT

Redirect headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:06 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=&google_gid=CAESEH1sWt7_lsPxoCDM9lkRKYs&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
342
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
crum
dsum-sec.casalemedia.com/ Frame 8720
Redirect Chain
  • https://um.simpli.fi/pm_match?https://dsum-sec.casalemedia.com/crum?cm_dsp_id=90&external_user_id=$UID
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=90&external_user_id=961AF1076BCA42258C4489EC777AF824
43 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=90&external_user_id=961AF1076BCA42258C4489EC777AF824
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=192922&cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D
Protocol
HTTP/1.1
Server
184.29.129.7 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-29-129-7.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:06 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Mon, 08 Nov 2021 15:48:06 GMT

Redirect headers

date
Mon, 08 Nov 2021 15:48:06 GMT
x-content-type-options
nosniff
server
nginx
location
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=90&external_user_id=961AF1076BCA42258C4489EC777AF824
strict-transport-security
max-age=63072000; includeSubdomains; preload
access-control-allow-methods
GET, POST, OPTIONS
content-type
text/html
access-control-allow-origin
*
cache-control
no-cache
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length
138
expires
Sun, 07 Nov 2021 15:48:06 GMT
setuid
sync.quantumdex.io/ Frame 8720 		43 B
95 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.quantumdex.io/setuid?bidder=ix&uid=YYlGtSCPhl8A5ZZDXjjRgQAAAd8AAAAB
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=192922&cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:397e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:06 GMT
cf-cache-status
DYNAMIC
server
cloudflare
cf-ray
6aaff193380fecf2-YUL
content-length
43
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-type
image/gif
us.gif
sync.go.sonobi.com/ Frame 4A76
Redirect Chain
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=sonobi&ttd_tpi=1&ttd_puid=4d443a3ea2&gdpr=0&gdpr_consent=
  • https://sync.go.sonobi.com/us.gif?nw=td&nuid=bef21cd7-0fed-4f87-bc0f-da97b65f7cb9&pubid=4d443a3ea2
49 B
864 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.go.sonobi.com/us.gif?nw=td&nuid=bef21cd7-0fed-4f87-bc0f-da97b65f7cb9&pubid=4d443a3ea2
Requested by
Host: sync.go.sonobi.com
URL: https://sync.go.sonobi.com/uc.html?pubid=4d443a3ea2
Protocol
HTTP/1.1
Server
69.166.1.10 , United States, ASN27630 (AS-XFERNET, US),
Reverse DNS
Software
sonobi-go /
Resource Hash
8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://sync.go.sonobi.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:06 GMT
Server
sonobi-go
Vary
negotiate,Accept-Encoding
X-Go-Server
go-iad-2-5-36
P3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control
no-cache, no-store, private
Tcn
Choice
Content-Type
image/gif
Content-Length
49
X-Xss-Protection
0
Expires
Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:06 GMT
x-aspnet-version
4.0.30319
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location
https://sync.go.sonobi.com/us.gif?nw=td&nuid=bef21cd7-0fed-4f87-bc0f-da97b65f7cb9&pubid=4d443a3ea2
cache-control
private,no-cache, must-revalidate
content-type
text/html
content-length
227
us.gif
sync.go.sonobi.com/ Frame 4A76
Redirect Chain
  • https://x.bidswitch.net/sync?ssp=sonobi&gdpr=0&gdpr_consent=
  • https://cm.g.doubleclick.net/pixel?google_nid=bidswitch_dbm&google_cm&google_sc&ssp=sonobi&bsw_param=85c87065-7ef7-4b17-88e8-8c602c265f67&google_hm=ODVjODcwNjUtN2VmNy00YjE3LTg4ZTgtOGM2MDJjMjY1ZjY3
  • https://x.bidswitch.net/sync?dsp_id=16&user_id=CAESEGHyNX3Si-8-Wh6uFvekvZk&google_cver=1&ssp=sonobi&bsw_param=85c87065-7ef7-4b17-88e8-8c602c265f67
  • https://sync.go.sonobi.com/us.gif?nw=bidswitch&nuid=85c87065-7ef7-4b17-88e8-8c602c265f67
49 B
864 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.go.sonobi.com/us.gif?nw=bidswitch&nuid=85c87065-7ef7-4b17-88e8-8c602c265f67
Requested by
Host: sync.go.sonobi.com
URL: https://sync.go.sonobi.com/uc.html?pubid=4d443a3ea2
Protocol
HTTP/1.1
Server
69.166.1.10 , United States, ASN27630 (AS-XFERNET, US),
Reverse DNS
Software
sonobi-go /
Resource Hash
8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://sync.go.sonobi.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:06 GMT
Server
sonobi-go
Vary
negotiate,Accept-Encoding
X-Go-Server
go-iad-2-5-36
P3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control
no-cache, no-store, private
Tcn
Choice
Content-Type
image/gif
Content-Length
49
X-Xss-Protection
0
Expires
Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

Location
//sync.go.sonobi.com/us.gif?nw=bidswitch&nuid=85c87065-7ef7-4b17-88e8-8c602c265f67
Date
Mon, 08 Nov 2021 15:48:06 GMT
Cache-Control
no-cache, no-store, must-revalidate
Server
nginx
Connection
keep-alive
Content-Length
0
us.gif
sync.go.sonobi.com/ Frame 4A76
Redirect Chain
  • https://sync.mathtag.com/sync/img?cs_wd_sy=1&dp=43&redir=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Dmediamath%26nuid%3D[MM_UUID]
  • https://sync.go.sonobi.com/us.gif?nw=mediamath&nuid=47ba6189-46b6-4f00-a922-0724bc220c16
49 B
864 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.go.sonobi.com/us.gif?nw=mediamath&nuid=47ba6189-46b6-4f00-a922-0724bc220c16
Requested by
Host: sync.go.sonobi.com
URL: https://sync.go.sonobi.com/uc.html?pubid=4d443a3ea2
Protocol
HTTP/1.1
Server
69.166.1.10 , United States, ASN27630 (AS-XFERNET, US),
Reverse DNS
Software
sonobi-go /
Resource Hash
8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://sync.go.sonobi.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:06 GMT
Server
sonobi-go
Vary
negotiate,Accept-Encoding
X-Go-Server
go-iad-2-5-36
P3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control
no-cache, no-store, private
Tcn
Choice
Content-Type
image/gif
Content-Length
49
X-Xss-Protection
0
Expires
Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

Date
Mon, 08 Nov 2021 15:48:06 GMT
Server
MT3 4067 88cc6bf master iad-pixel-x2 config:1.0.0
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location
https://sync.go.sonobi.com/us.gif?nw=mediamath&nuid=47ba6189-46b6-4f00-a922-0724bc220c16
Cache-Control
no-cache
Connection
keep-alive
Content-Type
image/gif
Keep-Alive
timeout=360
Content-Length
0
Expires
Mon, 08 Nov 2021 15:48:05 GMT
us.gif
sync.go.sonobi.com/ Frame 4A76
Redirect Chain
  • https://bh.contextweb.com/bh/rtset?do=add&pid=560606&ev=f3bb0ca7-bd05-4942-8f6c-d6a9657e2b3f&daaqp=1&rurl=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Dpp%26nuid%3D%25%25VGUID%25%25
  • https://cm.g.doubleclick.net/pixel?google_nid=contextweb&google_cm&google_sc&google_hm=R2NDcVdlLXJ2X0FMQkNxQ3FBa0ZCZw&gdpr=&gdpr_consent=
  • https://bh.contextweb.com/bh/rtset?do=add&pid=547259&gdpr=&gdpr_consent=&ev=CAESENGwBjvJMhZSVJM7jnumHSc&google_cver=1
  • https://sync.go.sonobi.com/us.gif?nw=pp&nuid=H8Pc5X87Q0ue
49 B
723 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.go.sonobi.com/us.gif?nw=pp&nuid=H8Pc5X87Q0ue
Requested by
Host: sync.go.sonobi.com
URL: https://sync.go.sonobi.com/uc.html?pubid=4d443a3ea2
Protocol
HTTP/1.1
Server
69.166.1.10 , United States, ASN27630 (AS-XFERNET, US),
Reverse DNS
Software
sonobi-go /
Resource Hash
8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://sync.go.sonobi.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:06 GMT
Server
sonobi-go
Vary
negotiate,Accept-Encoding
X-Go-Server
go-iad-2-5-36
P3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control
no-cache, no-store, private
Tcn
Choice
Content-Type
image/gif
Content-Length
49
X-Xss-Protection
0
Expires
Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

strict-transport-security
max-age=15768000
server
Jetty(9.4.14.v20181114)
p3p
policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
content-language
en-CA
location
https://sync.go.sonobi.com/us.gif?nw=pp&nuid=H8Pc5X87Q0ue
cache-control
private, max-age=0, no-cache, no-store
cw-server
bh-deployment-857fc6c844-vxjjb
expires
-1
us.gif
sync.go.sonobi.com/ Frame 4A76
Redirect Chain
  • https://p.rfihub.com/cm?pub=35683&in=1
  • https://sync.go.sonobi.com/us.gif?nw=zt&nuid=978758875032371846
49 B
846 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.go.sonobi.com/us.gif?nw=zt&nuid=978758875032371846
Requested by
Host: sync.go.sonobi.com
URL: https://sync.go.sonobi.com/uc.html?pubid=4d443a3ea2
Protocol
HTTP/1.1
Server
69.166.1.10 , United States, ASN27630 (AS-XFERNET, US),
Reverse DNS
Software
sonobi-go /
Resource Hash
8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://sync.go.sonobi.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:06 GMT
Server
sonobi-go
Vary
negotiate,Accept-Encoding
X-Go-Server
go-iad-2-5-36
P3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control
no-cache, no-store, private
Tcn
Choice
Content-Type
image/gif
Content-Length
49
X-Xss-Protection
0
Expires
Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

Location
https://sync.go.sonobi.com/us.gif?nw=zt&nuid=978758875032371846
Date
Mon, 08 Nov 2021 15:48:06 GMT
Server
Jetty(9.3.29.v20201019)
Content-Length
0
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
receive
pixel.tapad.com/idsync/ex/ Frame 4A76
Redirect Chain
  • https://pixel.tapad.com/idsync/ex/receive?partner_id=3061&partner_device_id=f3bb0ca7-bd05-4942-8f6c-d6a9657e2b3f
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=tapad&ttd_tpi=1&ttd_puid=aec29ca0-3c0f-4554-9025-2ee595f559f2%252C&gdpr=0&gdpr_consent=
  • https://pixel.tapad.com/idsync/ex/receive?partner_id=1830&partner_device_id=bef21cd7-0fed-4f87-bc0f-da97b65f7cb9&ttd_puid=aec29ca0-3c0f-4554-9025-2ee595f559f2%2C
95 B
419 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.tapad.com/idsync/ex/receive?partner_id=1830&partner_device_id=bef21cd7-0fed-4f87-bc0f-da97b65f7cb9&ttd_puid=aec29ca0-3c0f-4554-9025-2ee595f559f2%2C
Requested by
Host: sync.go.sonobi.com
URL: https://sync.go.sonobi.com/uc.html?pubid=4d443a3ea2
Protocol
H2
Server
107.178.246.49 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
49.246.178.107.bc.googleusercontent.com
Software
/
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://sync.go.sonobi.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:06 GMT
via
1.1 google
content-type
image/png
alt-svc
clear
content-length
95
strict-transport-security
max-age=31536000
p3p
policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"

Redirect headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:06 GMT
x-aspnet-version
4.0.30319
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location
https://pixel.tapad.com/idsync/ex/receive?partner_id=1830&partner_device_id=bef21cd7-0fed-4f87-bc0f-da97b65f7cb9&ttd_puid=aec29ca0-3c0f-4554-9025-2ee595f559f2%2C
cache-control
private,no-cache, must-revalidate
content-type
text/html
content-length
353
tap.php
pixel.rubiconproject.com/ Frame 4A76
Redirect Chain
  • https://api.intentiq.com/profiles_engine/ProfilesEngineServlet?at=39&mi=10&dpi=570392714&pt=17&dpn=1&dpt=&trid=&pcid=f3bb0ca7-bd05-4942-8f6c-d6a9657e2b3f
  • https://api.intentiq.com/profiles_engine/ProfilesEngineServlet?at=39&mi=10&dpi=570392714&pt=17&dpn=1&dpt=&trid=&pcid=f3bb0ca7-bd05-4942-8f6c-d6a9657e2b3f&ckls=true&ci=XnxJeeNw8N&nc=false&trid=13485...
  • https://ib.adnxs.com/getuid?https%3A%2F%2Fapi.intentiq.com%2Fprofiles_engine%2FProfilesEngineServlet%3Fat%3D20%26dpi%3D1709765917%26mi%3D10%26csh%3D570392714%26rnd%3D-1483788077&pcid=$UID
  • https://api.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&dpi=1709765917&mi=10&csh=570392714&rnd=-1483788077&pcid=6624566760367890375
  • https://u.openx.net/w/1.0/cm?id=476b50d3-5ccf-49a1-89b8-1ddf8ea18042&r=https%3A%2F%2Fapi.intentiq.com%2Fprofiles_engine%2FProfilesEngineServlet%3Fat%3D20%26dpi%3D1486637409%26mi%3D10%26csh%3D570392...
  • https://api.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&dpi=1486637409&mi=10&csh=570392714;1709765917&rnd=-2038348771&pcid=458e94cb-c120-4ae0-95f6-dc1c4586190f
  • https://sync.search.spotxchange.com/partner?adv_id=8805&redir=https%3A%2F%2Fapi.intentiq.com%2Fprofiles_engine%2FProfilesEngineServlet%3Fat%3D20%26dpi%3D1072441116%26mi%3D10%26csh%3D570392714%3B170...
  • https://sync.search.spotxchange.com/partner?adv_id=8805&redir=https%3A%2F%2Fapi.intentiq.com%2Fprofiles_engine%2FProfilesEngineServlet%3Fat%3D20%26dpi%3D1072441116%26mi%3D10%26csh%3D570392714%3B170...
  • https://api.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&dpi=1072441116&mi=10&csh=570392714;1709765917;1486637409&rnd=-34729989&pcid=44cea979-40ab-11ec-a825-15e8696a0103
  • https://image8.pubmatic.com/AdServer/ImgSync?p=156872&pu=https%3A%2F%2Fapi.intentiq.com%2Fprofiles_engine%2FProfilesEngineServlet%3Fat%3D20%26dpi%3D1402230080%26mi%3D10%26csh%3D570392714%3B17097659...
  • https://api.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&dpi=1402230080&mi=10&csh=570392714;1709765917;1486637409;1072441116&rnd=1518932529&pcid=909D4247-195C-4A1C-B725-510C1A2C19E4
  • https://sync.mathtag.com/sync/img?mt_exid=10019&redir=https%3A%2F%2Fapi.intentiq.com%2Fprofiles_engine%2FProfilesEngineServlet%3Fat%3D20%26dpi%3D1678944572%26mi%3D10%26csh%3D570392714%3B1709765917%...
  • https://api.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&dpi=1678944572&mi=10&csh=570392714;1709765917;1486637409;1072441116;1402230080&rnd=-1307652507&pcid=47ba6189-46b6-4f00-a922-0724...
  • https://pixel.rubiconproject.com/tap.php?v=12218&nid=2528&put=XnxJeeNw8N&expires=1825&rnd=2133504222
42 B
701 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.rubiconproject.com/tap.php?v=12218&nid=2528&put=XnxJeeNw8N&expires=1825&rnd=2133504222
Requested by
Host: sync.go.sonobi.com
URL: https://sync.go.sonobi.com/uc.html?pubid=4d443a3ea2
Protocol
HTTP/1.1
Server
69.173.151.100 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://sync.go.sonobi.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-length
42
X-RPHost
af308bb17a856a105b8c87aaae7d7f8c
Content-Type
image/gif

Redirect headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:09 GMT
via
1.1 1280ed2b25df326a730453b28b0f9aaa.cloudfront.net (CloudFront)
server
Apache-Coyote/1.1
x-amz-cf-pop
ATL51-C1
x-cache
Miss from cloudfront
p3p
CP="NOI DSP COR NID CURa ADMo TAIa PSAo PSDo OUR SAMo BUS UNI PUR COM NAV INT DEM CNT STA PRE LOC"
location
https://pixel.rubiconproject.com/tap.php?v=12218&nid=2528&put=XnxJeeNw8N&expires=1825&rnd=2133504222
cache-control
no-cache, no-store, must-revalidate
patent
https://www.almondnet.com/ip
content-type
image/gif
content-length
43
x-amz-cf-id
C-_q0bZp9fSI1wJYV4RLy0YE7d_80UslbMV1QC1XSvGFz4gZ4l4XCQ==
expires
Thu, 01 Jan 1970 00:00:00 GMT
usg.gif
sync.go.sonobi.com/ Frame 4A76
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=sonobi&google_cm&google_hm=ZjNiYjBjYTctYmQwNS00OTQyLThmNmMtZDZhOTY1N2UyYjNm
  • https://sync.go.sonobi.com/usg.gif?google_gid=CAESEF0CDKViprhr77i3Xyw8QKc&google_cver=1
49 B
858 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.go.sonobi.com/usg.gif?google_gid=CAESEF0CDKViprhr77i3Xyw8QKc&google_cver=1
Requested by
Host: sync.go.sonobi.com
URL: https://sync.go.sonobi.com/uc.html?pubid=4d443a3ea2
Protocol
HTTP/1.1
Server
69.166.1.10 , United States, ASN27630 (AS-XFERNET, US),
Reverse DNS
Software
sonobi-go /
Resource Hash
8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://sync.go.sonobi.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:06 GMT
Server
sonobi-go
Vary
negotiate,Accept-Encoding
X-Go-Server
go-iad-2-5-36
P3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control
no-cache, no-store, private
Tcn
Choice
Content-Type
image/gif
Content-Length
49
X-Xss-Protection
0
Expires
Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:06 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://sync.go.sonobi.com/usg.gif?google_gid=CAESEF0CDKViprhr77i3Xyw8QKc&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
288
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
match
ice.360yield.com/ Frame 4A76
Redirect Chain
  • https://id5-sync.com/s/434/9.gif?puid=f3bb0ca7-bd05-4942-8f6c-d6a9657e2b3f&gdpr=0&gdpr_consent=
  • https://ib.adnxs.com/getuid?https://id5-sync.com/c/434/2/8/2.gif?puid=$UID&gdpr=0&gdpr_consent=
  • https://id5-sync.com/c/434/2/8/2.gif?puid=6624566760367890375&gdpr=0&gdpr_consent=
  • https://sync.mathtag.com/sync/img?mt_exid=10089&mt_exuid=ID5-ZHMOgpMYU4Sy97VUWlx8FiFMQ8P0lOmI-7p-N1WlPw&redir=https%3A%2F%2Fid5-sync.com%2Fc%2F434%2F3%2F7%2F3.gif%3Fpuid%3D%5BUUID%5D%26gdpr%3D0%26g...
  • https://id5-sync.com/c/434/3/7/3.gif?puid=47ba6189-46b6-4f00-a922-0724bc220c16&gdpr=0&gdpr_consent=
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=8h9u11h&ttd_tpi=1&gdpr=0&gdpr_consent=
  • https://id5-sync.com/k/264.gif?puid=bef21cd7-0fed-4f87-bc0f-da97b65f7cb9&ttl=%%TTL%%
  • https://pixel.tapad.com/idsync/ex/push?partner_id=2922&partner_url=https%3A%2F%2Fid5-sync.com%2Fc%2F434%2F108%2F5%2F5.gif%3Fpuid%3D%24%7BTA_DEVICE_ID%7D%26gdpr%3D0%26gdpr_consent%3D&gdpr=0&gdpr_con...
  • https://id5-sync.com/c/434/108/5/5.gif?puid=aec29ca0-3c0f-4554-9025-2ee595f559f2&gdpr=0&gdpr_consent=
  • https://rtd-tm.everesttech.net/upi/pid/dm4ha19W?redir=https%3A%2F%2Fid5-sync.com%2Fc%2F434%2F136%2F4%2F6.gif%3Fpuid%3D%24%7BTM_USER_ID%7D%26gdpr%3D0%26gdpr_consent%3D
  • https://id5-sync.com/c/434/136/4/6.gif?puid=YYlGtQADCzBZAQAz&gdpr=0&gdpr_consent=
  • https://cookie-matching.mediarithmics.com/v1/get_user_agent_id?dom_token=id517&sd=Y2FzY2FkZXNSZW1haW5pbmc9MyZjYXNjYWRlc0RvbmU9NyZpbml0aWF0aW5nUGFydG5lcj00MzQmZm9ybWF0PWdpZiY
  • https://cookie-matching.mediarithmics.com/v1/get_or_create?sd=Y2FzY2FkZXNSZW1haW5pbmc9MyZjYXNjYWRlc0RvbmU9NyZpbml0aWF0aW5nUGFydG5lcj00MzQmZm9ybWF0PWdpZiY&domid=1033
  • https://cm.g.doubleclick.net/pixel?google_nid=medr&google_cm&key=GOO&sd=Y2FzY2FkZXNSZW1haW5pbmc9MyZjYXNjYWRlc0RvbmU9NyZpbml0aWF0aW5nUGFydG5lcj00MzQmZm9ybWF0PWdpZiY&action=GET_ID&opid=goo&etid=&domi...
  • https://cookie-matching.mediarithmics.com/input?key=GOO&key=GOO&sd=Y2FzY2FkZXNSZW1haW5pbmc9MyZjYXNjYWRlc0RvbmU9NyZpbml0aWF0aW5nUGFydG5lcj00MzQmZm9ybWF0PWdpZiY&action=GET_ID&opid=goo&etid=&domid=103...
  • https://ib.adnxs.com/getuid?https://cookie-matching.mediarithmics.com/input?key=APX&apx_uid=$UID&opid=apx&ops=&utidl=tech:goo:CAESECVbHaqeMk3pzXt9oSLe5qE&sd=Y2FzY2FkZXNSZW1haW5pbmc9MyZjYXNjYWRlc0Rv...
  • https://cookie-matching.mediarithmics.com/input?key=APX&apx_uid=6624566760367890375&opid=apx&ops=&utidl=tech:goo:CAESECVbHaqeMk3pzXt9oSLe5qE&sd=Y2FzY2FkZXNSZW1haW5pbmc9MyZjYXNjYWRlc0RvbmU9NyZpbml0a...
  • https://id5-sync.com/qp/18.gif?puid=vec%3A22332276496&sd=Y2FzY2FkZXNSZW1haW5pbmc9MyZjYXNjYWRlc0RvbmU9NyZpbml0aWF0aW5nUGFydG5lcj00MzQmZm9ybWF0PWdpZiY
  • https://sync.crwdcntrl.net/map/c=13953/tp=IDFI/gdpr=0/gdpr_consent=?https://id5-sync.com/c/434/19/2/8.gif?puid=${profile_id}&gdpr=0&gdpr_consent=
  • https://id5-sync.com/c/434/19/2/8.gif?puid=5570d12073d005d655e3b9671c26cbf9&gdpr=0&gdpr_consent=
  • https://ice.360yield.com/match?publisher_dsp_id=313&dsp_callback=1&external_user_id=ID5-ZHMOgpMYU4Sy97VUWlx8FiFMQ8P0lOmI-7p-N1WlPw&r=https%3A%2F%2Fid5-sync.com%2Fcq%2F434%2F916%2F1%2F9.gif%3Fpuid%3...
0
0
bqi.php
lg3.media.net/ 		15 B
15 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lg3.media.net/bqi.php?lf=3&&vgd_l2type=setting&pid=8PO9OT5EW&katid=801338178&kals=ttype%3D10002%7C%7Cpc%3D9&katen=1&pc=9&kata=aton&katbid=-21&kasts=tstype%3D-10408%7C%7Cgbid%3D-1&cme=rAtACw3qPFEkX5KZshQSlmtrO8hYYfKTVFCu4GksAB4fAJTcbgeIhuLqPAHhRBv06W-ta906QfR4brFv4h5APKOUq-WRW1XmDbJKUbotSXVSMTC4SrQ95s9MFlyvIdPQCVKY_TpMTmJWEnpKKM067sXNZQzinMhR6ZaVO0zYY68TUNVrbvVOtiSkInQpiutfrs9U6lUC-KavvYxaNcQe9SyfAj5XlUX98D5-BxmXFuQ=||NDHRnZ9Gz3KXlI-i9OnZqQ==|5gDUJdTGiJzedmq9hanWYg==|y2SqoJcE0s-9IUO1sSido6Y3VR48iOc4|RcpmkYFUEad4UGjcl9oeyAEaTNDbRNEIks4wTgyNZ4FJcEQB3h8DiHcXjG9zXgBwuQ-iD5hpeAGJnqqwfaxa2rBJ8DpAn-oVHvtLs36MZgRQv3XJnx3Jdw==|N7fu2vKt8_s=|6F9phpIEW_vg-aNZ28anmfYLZ9q4IZyoq6EUPCOQN1s64TfATaRbP4Umo1V968jOdk2jtbd_AITwaxhf0SaK4sZU0r2rD_CjdkMiNXb-nmC1CSBvvfwq9bmRIWIM8FFVuVzfpx8AnHmYNCzbLD0T9Ify3F6g2uTKeto32A_rKGqRDcih6CvursidqiHg9ZC6edV5fpRlt-C18rnTYjLE-g==|&gdpr=0&prid=8PRHGG6T9&cid=8CU5BD6EW&crid=184323154&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F112825%2Fmalware%2Fgolang-based-worm-windows-linux.html&vi=1636386484245624938&ugd=4&cc=CA&sc=QC&startTime=1636386484789&l2type=setting&vgd_l1rakh=1636386484160257449&l1ch=1&cref=https%3A%2F%2Ft.co%2F&sttm=1636386484790&upk=1636386485.674&hvsid=00001636386484790006286739412714&verid=3121199&vgd_sc=QC&tdAdd[]=%7C%40%7Csde%3D1%7C%40%7Cadepth%3D1%7C%40%7Cddepth%3D1%7C%40%7Cfsap%3D1%7C%40%7Clsat%3D3&kbbq=%26sde%3D1%26adepth%3D1%26ddepth%3D1&l1hcsd=l1!A9|7476&vgd_l1rhst=contextual.media.net&vgd_uspa=0&vgd_isiolc=1&npgv=1&clp=%7B%7D&cl=%7B%7D&l2ch=0&l2wsip=170721402&sethcsd=set!N6%7C7396&vgd_pgid=p1490451350t202111081548&vgd_pgids=2
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.205.72.10 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-205-72-10.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=21600

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=21600
server
Apache
date
Mon, 08 Nov 2021 15:48:06 GMT
ntcoent-length
15
vary
Accept-Encoding
content-type
text/javascript;charset=UTF-8
cache-control
max-age=0, no-cache, no-store
content-length
15
expires
Mon, 08 Nov 2021 15:48:06 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame B1D3 		42 B
173 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-Dy4uGfcLwHkSzLvJH2QnKxOGCD-E63D4Lo8oMPcWC3DT6LKwPVb57qYKKf2I4PvXdVTnywxC-pisGugGzxFdMWXPDBMP2lj5hxVqPbDL7P6cE5pkI
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=90&slotname=Internal_728x90_0.10&adk=1194620937&adf=1480696129&pi=t.ma~as.Internal_728x90_0.10&w=728&lmt=1636386485&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F112825%2Fmalware%2Fgolang-based-worm-windows-linux.html&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1636386485752&bpp=6&bdt=145&idt=196&shv=r20211103&mjsv=m202111020101&ptt=5&saldr=sa&correlator=6653099393600&frm=21&ife=1&pv=1&ga_vid=826445048.1636386485&ga_sid=1636386486&ga_hid=1670877418&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=320&ady=518&biw=1600&bih=1200&isw=728&ish=90&ifk=1904614804&scr_x=0&scr_y=0&eid=31062938&oid=2&pvsid=1757560233294358&pem=843&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.xa1tfz6tg05z&fsb=1&xpc=jgpFHxDAe2&p=https%3A//securityaffairs.co&dtd=211
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81c::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:06 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
window_focus_fy2019.js
tpc.googlesyndication.com/pagead/js/r20211103/r20110914/client/ Frame B1D3 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20211103/r20110914/client/window_focus_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=90&slotname=Internal_728x90_0.10&adk=1194620937&adf=1480696129&pi=t.ma~as.Internal_728x90_0.10&w=728&lmt=1636386485&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F112825%2Fmalware%2Fgolang-based-worm-windows-linux.html&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1636386485752&bpp=6&bdt=145&idt=196&shv=r20211103&mjsv=m202111020101&ptt=5&saldr=sa&correlator=6653099393600&frm=21&ife=1&pv=1&ga_vid=826445048.1636386485&ga_sid=1636386486&ga_hid=1670877418&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=320&ady=518&biw=1600&bih=1200&isw=728&ish=90&ifk=1904614804&scr_x=0&scr_y=0&eid=31062938&oid=2&pvsid=1757560233294358&pem=843&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.xa1tfz6tg05z&fsb=1&xpc=jgpFHxDAe2&p=https%3A//securityaffairs.co&dtd=211
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:816::2001 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
4af635698cb6488a8df86b99febedbc979c76e04f675f3a9cdc66f7b4d86aff6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:47:39 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
27
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1470
x-xss-protection
0
server
cafe
etag
9165589572046851897
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Mon, 22 Nov 2021 15:47:39 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame B1D3 		120 KB
37 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=90&slotname=Internal_728x90_0.10&adk=1194620937&adf=1480696129&pi=t.ma~as.Internal_728x90_0.10&w=728&lmt=1636386485&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F112825%2Fmalware%2Fgolang-based-worm-windows-linux.html&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1636386485752&bpp=6&bdt=145&idt=196&shv=r20211103&mjsv=m202111020101&ptt=5&saldr=sa&correlator=6653099393600&frm=21&ife=1&pv=1&ga_vid=826445048.1636386485&ga_sid=1636386486&ga_hid=1670877418&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=320&ady=518&biw=1600&bih=1200&isw=728&ish=90&ifk=1904614804&scr_x=0&scr_y=0&eid=31062938&oid=2&pvsid=1757560233294358&pem=843&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.xa1tfz6tg05z&fsb=1&xpc=jgpFHxDAe2&p=https%3A//securityaffairs.co&dtd=211
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:816::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a889ed53ea224d3134512762ff0cde5c4b0426379110a6592f9d0e337b859e95
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:06 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
37686
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1635939303405469"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Mon, 08 Nov 2021 15:48:06 GMT
qs_click_protection_fy2019.js
tpc.googlesyndication.com/pagead/js/r20211103/r20110914/client/ Frame B1D3 		15 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20211103/r20110914/client/qs_click_protection_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=90&slotname=Internal_728x90_0.10&adk=1194620937&adf=1480696129&pi=t.ma~as.Internal_728x90_0.10&w=728&lmt=1636386485&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F112825%2Fmalware%2Fgolang-based-worm-windows-linux.html&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1636386485752&bpp=6&bdt=145&idt=196&shv=r20211103&mjsv=m202111020101&ptt=5&saldr=sa&correlator=6653099393600&frm=21&ife=1&pv=1&ga_vid=826445048.1636386485&ga_sid=1636386486&ga_hid=1670877418&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=320&ady=518&biw=1600&bih=1200&isw=728&ish=90&ifk=1904614804&scr_x=0&scr_y=0&eid=31062938&oid=2&pvsid=1757560233294358&pem=843&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.xa1tfz6tg05z&fsb=1&xpc=jgpFHxDAe2&p=https%3A//securityaffairs.co&dtd=211
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:816::2001 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
69a051355ad02c286b388a0013340d02657eb3f463d628f7fc1069c40ab8a7e5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:45:04 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
182
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6619
x-xss-protection
0
server
cafe
etag
4215814365075848680
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Mon, 22 Nov 2021 15:45:04 GMT
l
www.google.com/ads/measurement/ Frame B1D3 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/measurement/l?ebcid=ALh7CaQz9rvTnu_HsvB2H-hfn-Fl1TKc0bRWZFHNs5rw_iuYpicpzDHKd-aHE6MaghXHS6GSD33KlXpOsVk2XtdeJuATboon8Q
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=90&slotname=Internal_728x90_0.10&adk=1194620937&adf=1480696129&pi=t.ma~as.Internal_728x90_0.10&w=728&lmt=1636386485&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F112825%2Fmalware%2Fgolang-based-worm-windows-linux.html&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1636386485752&bpp=6&bdt=145&idt=196&shv=r20211103&mjsv=m202111020101&ptt=5&saldr=sa&correlator=6653099393600&frm=21&ife=1&pv=1&ga_vid=826445048.1636386485&ga_sid=1636386486&ga_hid=1670877418&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=320&ady=518&biw=1600&bih=1200&isw=728&ish=90&ifk=1904614804&scr_x=0&scr_y=0&eid=31062938&oid=2&pvsid=1757560233294358&pem=843&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.xa1tfz6tg05z&fsb=1&xpc=jgpFHxDAe2&p=https%3A//securityaffairs.co&dtd=211
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:817::2004 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers
pixel
googleads.g.doubleclick.net/xbbe/ Frame 7B0D 		624 B
297 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/xbbe/pixel?d=CJ3FExCr1FUY3pDfuAEwAQ&v=APEucNWa5Thg9BIsJfPl5VSewPfJf0dr04VSNJsB3IAwIcP4s_WQp0tz3ooJqZ2Gz44zpZqiKaUqMEKdAl9BCkvthStTNnlSMQ
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=90&slotname=Internal_728x90_0.10&adk=1194620937&adf=1480696129&pi=t.ma~as.Internal_728x90_0.10&w=728&lmt=1636386485&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F112825%2Fmalware%2Fgolang-based-worm-windows-linux.html&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1636386485752&bpp=6&bdt=145&idt=196&shv=r20211103&mjsv=m202111020101&ptt=5&saldr=sa&correlator=6653099393600&frm=21&ife=1&pv=1&ga_vid=826445048.1636386485&ga_sid=1636386486&ga_hid=1670877418&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=320&ady=518&biw=1600&bih=1200&isw=728&ish=90&ifk=1904614804&scr_x=0&scr_y=0&eid=31062938&oid=2&pvsid=1757560233294358&pem=843&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.xa1tfz6tg05z&fsb=1&xpc=jgpFHxDAe2&p=https%3A//securityaffairs.co&dtd=211
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.65.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s71-in-f2.1e100.net
Software
cafe /
Resource Hash
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=90&slotname=Internal_728x90_0.10&adk=1194620937&adf=1480696129&pi=t.ma~as.Internal_728x90_0.10&w=728&lmt=1636386485&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F112825%2Fmalware%2Fgolang-based-worm-windows-linux.html&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1636386485752&bpp=6&bdt=145&idt=196&shv=r20211103&mjsv=m202111020101&ptt=5&saldr=sa&correlator=6653099393600&frm=21&ife=1&pv=1&ga_vid=826445048.1636386485&ga_sid=1636386486&ga_hid=1670877418&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=320&ady=518&biw=1600&bih=1200&isw=728&ish=90&ifk=1904614804&scr_x=0&scr_y=0&eid=31062938&oid=2&pvsid=1757560233294358&pem=843&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.xa1tfz6tg05z&fsb=1&xpc=jgpFHxDAe2&p=https%3A//securityaffairs.co&dtd=211

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
gzip
date
Mon, 08 Nov 2021 15:48:06 GMT
server
cafe
cache-control
private
content-length
276
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
ad
googleads.g.doubleclick.net/dbm/ Frame B1D3 		59 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-A9Qn_CpOL1Tlr6a1fggPTMp-OLcP1UZR4LBETBEsfW4aygeWbH2jruJ1f6KJPbOHsVf4xilEko2lXhdvccMtxAjcfrv_dP_Uco9EuX35CFFUcmf2an71SD8e-ICpI-QV_KDR4iQuLp0h8N6VkOlc4atRXnwQ&dbm_d=AKAmf-Ank46oWlCdbWt6kmJTbTE7cmaH2913tGYFZB50T-nF_rgD9spmy0BykAT18NpwMJSD6Igfkq_fmmnskv8pHF67P9EiAbLYVmn6-j8uvIiqRGj6Mto1f73_S_aSQLBqRwnjUWzias0r5uf0tHOeTGh6dAnksyDNtmrORs93lVSbTM9itr7rz4qQYcK1N87D0_ZHGKab8Rn2nWSe4yr3UKNXXfrUV6qrOsCBI0twTIQzs3lN3K7qhg5K2dElKc7S6IMXoiEwQGV3uxGn6dFBZbBpQibqfvZ2DVL_vWByk8Yrdb0J75nBFfx6icsWnZV6-b_mZJDVGTGOJz7y3wE6MdHA13esOeQH4AdGWeg8lQSM0hiqgFeAVHTS8qChfoPxEVrtr_dltQ9ieHA5MyBeFNyRPYCov0u0wQEfLGNIn90R4iIvvtElOUBLiJcV8aKvt5OTpgym7SC_JGDm7upBveKv-MuAXvRHNytanKDNai75b4CIwKP9pfETQOjvzkRuFyBYqxr9ppUy3OxnG2GM5IBy8x0pioa3KC7O_9eKgFKbaOzy_5twEizevlYGVJpTrv544BphO-JCBKe2tifdyWXYrPb-qnqa7yHn-q5LgFMTX2c426aPgFLJNkiucHz6PIYwdUEM70i1PmE4ov6cqCFwvgQK80zql0GbbZWoA74GjCw1kc9NWoHb20rJZf6YSioRQBUPZ0N1rBZrEip8zckrVAOlJ1qIUJ_UYof05oHxcKni0zy-6UQbSsEcVtgjKNUsg2bz8VOxHpNSzYTK0jZKUjFZVC0_aMMX194-Nam8GDL2q2Aq2aFuM-HmXPtiAFSNQHoyAvkWQHgcVhDepsYYyRgUjqpuAgpE-keeTEhl0KXi1bSm-xxGLFFmmx2js79836cD-KcgKRdD947rfrA3F5CUa8eXuj5vJhrzO0VJ7DDnW1B2qKKMuktwy4XY2ETKVaCslNNlCVDaDpjTxVKw6uq9UrqpQUGI0GaJ2LAs8W9ou9KHJuJ0VkH4d_JIKlM6N217YvkocjSA8FozixWFhHfWvNMeONixhgJ-YRhQN7UxdhkeH_LpYfbYsYlVKIJTkFOlL_TEpT6IwjVZOPeihlEyH9PhyihIqc-TctNK4yJAgDd3MRDaHnLh7SielYX_CC9Q86ifZNkypoGZ0RE9mZaWLJZ81TNXKOy7GPTb7ULM3UGLBPcrQLsgy6yq2T37WVsMvnqzYXe_WdYM9_-iWQEi8AOmPlAuwCYRVcRR_H6TZz8pWwbbokz-C76APLz5GoUkCtoAotLLDpd7_hkDxLgCw2QPcQ0_-3uXs3_d9gPZJTIiX249y2oXTFKGZzhKBYniyM8X56TiKCwBuajP1XsmlYzY4i7on981szaqbD8NYpgOA4Qk0aappTOWwEWRgCPTcOiqWtZWB6DE1zUTTItiNGWasPOQwuEPVfpfWNgueb_RPFyAtAMBD4Iirp-8SrzWs41S8QfIXwghnSrHo4DKo-pRgHZqiI48AbUT6Y29cnfETgE-N6Jfy7v44f9g399yF4g5VxPFWhdgNyIxQlzK7G82beZ2jS39hSwJWA-u2Aiezx18YUJsGLi5_MMU9qqUuxmGP26slpKNYL0X2c3R2rPZ4hishd6HZvQVzZc2Z5KiZFZDiL4rU5YkX14yvD2jVDkUck4fuEzzjS5PY_FrQzWZ1meE8mKGc2In9UIdFf3Li06rHHQj2qFNXYUysNYPN3ObrteWcvBdSmZVBypcDMNTc-PKA7O_e3BQvW_GgsHQD7fSyZ1Imf1-Hsyrq4b5_nQc2IKA8_F2EFRZ8YtrEgnGJiHNufp1RG7f9d5PrshEG1auDCqGnK1t9Tf50a-d0t2phA-DK1FFA2DyFJ8ry20onIz0sQAzTni5W0qsQQeL6g0zmtUKPS70SBWB6Qi5JbGiXtmmAK0mmjdJrxNO5bF1hYasLx6G4hyUQCJnlWS669JjFT6ktCGuQrqazHNIt2Abm0a7Ndq6DlOjf2l0HPheFDoSoKmKUPg70fUDSic1T46W25ZN4N1gMo4XAFW2S592eO_SrLN61bh9GcmZal7ySg5hj5_9d3XJLXBbCWJGBc1u1IWldZiVVlWPfB5_4XEBPbBBp89-rcTAXtexybXaPM0gq8BLOGfk4BVzwT2mj5WuTUa8foYYzwzVKoaDjCwxfqZv3AehOBQPjJx_JLbnK5-2DOaBv8wDpgzRCi8ff0Q1-_RGS4Aj6I1gNJ1auK32bT9Z2GTDxJVesz9ETGGKzMsBpMNKwnQ_2c3dTCYd3_38aDXSP7XOZRrNm8XwxdypKH_nJ-Jz1muapjn35kBBNO4kFlhxEq4c7qJVo7cNL9vyF6qiD2QeVTWH9BRJ92PAKhIY27xtNh-cWYBCGpdHWlRXKaD7u66aGxG68Z5w4oYjHzd_NPuYutGEKEkjgEYKnav06jkM2fRQSkaZVdK4aVDkG5JAE2ah0dsFGuyd0feQhniGa4d2pn_3EyWIz3kLbquCET1tKthT4dx1ZqJzHzpPN3jEWNtbvnUachB0yyHRrRW6Au8dmzZjUwk6l-19NSWn30ZWLKDOUSNBmuj34b6bng8VCQtm2xzhcs5lu5tufYlWquw1SP_Rj0kozHakc_pM7ElCJIioOubr_2etxume-xW5OaB2P0tw0c136EKka4_S1ZK9uZiKffCQvEn1pwYsaG1Ht8SM4qy49_B7Eg5GfwkRcs0eqIPr_fyaY94MqQvocAFRur5MEDCtq39pAXml0VzDFg8qwa39knclQ-QIPwq2IYzCXlB-hDwvwgsHU9m5kesZ2M40YzvjSnwPxAjr1WLhj_ybkqTRg_W2JJQeTOnkQRvGKy3_hpUCAHfH0oFstpe0Rl55CaM5lp3z1dbMG78PHIKO41sG-Q&cid=CAASEuRofDh7RneN00UcPGc_tsS3EQ&rfl=2%2Chttps%253A%252F%252Fsecurityaffairs.co%242%2Chttps%253A%252F%252Fsecurityaffairs.co%252F%240
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=90&slotname=Internal_728x90_0.10&adk=1194620937&adf=1480696129&pi=t.ma~as.Internal_728x90_0.10&w=728&lmt=1636386485&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F112825%2Fmalware%2Fgolang-based-worm-windows-linux.html&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1636386485752&bpp=6&bdt=145&idt=196&shv=r20211103&mjsv=m202111020101&ptt=5&saldr=sa&correlator=6653099393600&frm=21&ife=1&pv=1&ga_vid=826445048.1636386485&ga_sid=1636386486&ga_hid=1670877418&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=320&ady=518&biw=1600&bih=1200&isw=728&ish=90&ifk=1904614804&scr_x=0&scr_y=0&eid=31062938&oid=2&pvsid=1757560233294358&pem=843&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.xa1tfz6tg05z&fsb=1&xpc=jgpFHxDAe2&p=https%3A//securityaffairs.co&dtd=211
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.65.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s71-in-f2.1e100.net
Software
cafe /
Resource Hash
844b89347c63d8c219bed6618235cd446cd07480492b20c4e6db09b74079b104
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=90&slotname=Internal_728x90_0.10&adk=1194620937&adf=1480696129&pi=t.ma~as.Internal_728x90_0.10&w=728&lmt=1636386485&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F112825%2Fmalware%2Fgolang-based-worm-windows-linux.html&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1636386485752&bpp=6&bdt=145&idt=196&shv=r20211103&mjsv=m202111020101&ptt=5&saldr=sa&correlator=6653099393600&frm=21&ife=1&pv=1&ga_vid=826445048.1636386485&ga_sid=1636386486&ga_hid=1670877418&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=320&ady=518&biw=1600&bih=1200&isw=728&ish=90&ifk=1904614804&scr_x=0&scr_y=0&eid=31062938&oid=2&pvsid=1757560233294358&pem=843&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.xa1tfz6tg05z&fsb=1&xpc=jgpFHxDAe2&p=https%3A//securityaffairs.co&dtd=211
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:06 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
28218
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
iframe
pixel.mathtag.com/sync/ Frame 3D7F 		3 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://pixel.mathtag.com/sync/iframe?mt_uuid=47ba6189-46b6-4f00-a922-0724bc220c16&no_iframe=1&exsync=https%3A%2F%2Fapp.retargetly.com%2Fsync%3Fsid%3D%5BMM_UUID%5D%26pid%3D10&mt_lim=12&source=mathtag
Requested by
Host: pixel.mathtag.com
URL: https://pixel.mathtag.com/sync/js?mt_lim=12&sync=auto&exsync=https%3A%2F%2Fapp.retargetly.com%2Fsync%3Fsid%3D%5BMM_UUID%5D%26pid%3D10
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.41.168.211 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-41-168-211.deploy.static.akamaitechnologies.com
Software
MT3 4067 88cc6bf master iad-pixel-x25 config:1.0.0 /
Resource Hash
476dcbeae1b083da37796e8ee3205f04ede05aeec588144e3394d1666b37763e

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://api.retargetly.com/

Response headers

Content-Type
text/html
Server
MT3 4067 88cc6bf master iad-pixel-x25 config:1.0.0
Cache-Control
no-cache
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Expires
Mon, 08 Nov 2021 15:48:05 GMT
Vary
Accept-Encoding
Content-Encoding
gzip
Date
Mon, 08 Nov 2021 15:48:06 GMT
Content-Length
902
Connection
keep-alive
bqi.php
lg3.media.net/ 		15 B
15 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lg3.media.net/bqi.php?lf=3&&vgd_l2type=setting&pid=8PO9OT5EW&katid=807619790&kals=ttype%3D10002%7C%7Cpc%3D38&katen=1&pc=38&kata=aton&katbid=-21&kasts=tstype%3D-10408%7C%7Cgbid%3D-1&cme=QBtmEwQY_KMOzeEqgwW_kcFlHv2Ot35dAo2l2YuTfiRnopykPLBDOmN5joqjwGaYMhu52qIeb75rz3C5r8AIeCglJpuROnOejeWr7chnkzFzwfBbpkQ9vRkOKc2m2T6-pbZHwyLzkQFnv9ND1On5h86zu--tFuk8_fmSXfm-t9JYKAZJ9RgF_5_4XgKDxqDBL8ruoB28q23MKMAWYm2r3oL8cd4-s0jP||NDHRnZ9Gz3KXlI-i9OnZqQ==|5gDUJdTGiJzedmq9hanWYg==|y2SqoJcE0s-9IUO1sSido6Y3VR48iOc4|RcpmkYFUEad4UGjcl9oeyAEaTNDbRNEIks4wTgyNZ4FJcEQB3h8DiHcXjG9zXgBwuQ-iD5hpeAGJnqqwfaxa2rBJ8DpAn-oVHvtLs36MZgRQv3XJnx3Jdw==|N7fu2vKt8_s=|zeQrVoT0xVHm4BTDBEC_rHN8lIYC3mBhRhvCQ_rWvUbEfj2Wnok-p5oFiQ9kNQt8nGmzH640gWn7Lx9BU5MBRL75S1XUmQh8bz0jWTQFyV3fvTriAueZSVi4F_jsHBHY3fGYCXp405nHF_XoZoUL1NByunLIQgAVp5d0jRusVRvirQGEhf5ccrXNfTsS7gliOYhiDc5aSYk1Y3QZlLY0poh0cERna27X|&gdpr=0&prid=8PRHGG6T9&cid=8CU5BD6EW&crid=647633027&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F112825%2Fmalware%2Fgolang-based-worm-windows-linux.html&vi=1636386484363765772&ugd=4&cc=CA&sc=QC&startTime=1636386484793&l2type=setting&vgd_l1rakh=1636386484160257449&l1ch=1&cref=https%3A%2F%2Ft.co%2F&sttm=1636386484794&upk=1636386485.674&hvsid=00001636386484794006286739413397&verid=3121199&vgd_sc=QC&tdAdd[]=%7C%40%7Csde%3D1%7C%40%7Cadepth%3D1%7C%40%7Cddepth%3D1%7C%40%7Cfsap%3D1%7C%40%7Clsat%3D3&kbbq=%26sde%3D1%26adepth%3D1%26ddepth%3D1&l1hcsd=l1!A9|7476&vgd_l1rhst=contextual.media.net&vgd_uspa=0&vgd_isiolc=1&npgv=1&clp=%7B%7D&cl=%7B%7D&l2ch=0&l2wsip=2886994110&sethcsd=set!N6%7C7396&vgd_pgid=p1490451350t202111081548&vgd_pgids=2
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.205.72.10 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-205-72-10.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=21600

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=21600
server
Apache
date
Mon, 08 Nov 2021 15:48:06 GMT
ntcoent-length
15
vary
Accept-Encoding
content-type
text/javascript;charset=UTF-8
cache-control
max-age=0, no-cache, no-store
content-length
15
expires
Mon, 08 Nov 2021 15:48:06 GMT
img
pixel.mathtag.com/misc/ Frame 1D3B 		43 B
493 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.mathtag.com/misc/img?mm_bnc&bcdv=0
Requested by
Host: api.retargetly.com
URL: https://api.retargetly.com/api?id=1473&src=0&url=https%3A%2F%2Fsecurityaffairs.co%2F&browserUrl=https%3A%2F%2Fads.us.e-planning.net%2Fuspd%2F1%2F%3Fct%3D1%26du%3Dhttps%253A%252F%252Fprebidserver.pixfuture.com%253A8000%252Fsetuid%253Fbidder%253Deplanning%2526gdpr%253D%2526gdpr_consent%253D%2526f%253Db%2526uid%253D%2524UID&ref=https%3A%2F%2Fads.us.e-planning.net%2Fuspd%2F1%2F%3Fct%3D1%26du%3Dhttps%253A%252F%252Fprebidserver.pixfuture.com%253A8000%252Fsetuid%253Fbidder%253Deplanning%2526gdpr%253D%2526gdpr_consent%253D%2526f%253Db%2526uid%253D%2524UID&utmz=&n=&md=&mk=&il=1&limit_drop=&userid=0a2e2888-773d-4afd-bf1b-4c6e9c21042c&idx=&_rlid=0a2e2888-773d-4afd-bf1b-4c6e9c21042c
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.41.168.211 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-41-168-211.deploy.static.akamaitechnologies.com
Software
MT3 4067 88cc6bf master ord-pixel-x26 config:1.0.0 /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://api.retargetly.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date
Mon, 08 Nov 2021 15:48:06 GMT
Server
MT3 4067 88cc6bf master ord-pixel-x26 config:1.0.0
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control
no-cache
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Mon, 08 Nov 2021 15:48:05 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame F442 		42 B
107 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-Bko9gwyWJWAqkViNxMTg472bP0-KCAqIOEwop1IxqdnFMU6fGI4VZBqFt-HBEzVuH7hF9r4Yv2bYCciQ5CqjtxER2YCNbc5jOKr-_9RZjIISDxUf0
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=250&slotname=Internal_300x250_0.10&adk=1639670682&adf=1480696128&pi=t.ma~as.Internal_300x250_0._&w=300&lmt=1636386485&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F112825%2Fmalware%2Fgolang-based-worm-windows-linux.html&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1636386485746&bpp=5&bdt=180&idt=229&shv=r20211103&mjsv=m202111020101&ptt=5&saldr=sa&correlator=6653099393600&frm=21&ife=1&pv=1&ga_vid=826445048.1636386485&ga_sid=1636386486&ga_hid=1444845079&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=320&ady=2972&biw=1600&bih=1200&isw=300&ish=250&ifk=612157785&scr_x=0&scr_y=0&eid=31063374%2C31062930&oid=2&pvsid=530218145386761&pem=843&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C250&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.huopeqk60154&btvi=1&fsb=1&xpc=yFCYGbik1C&p=https%3A//securityaffairs.co&dtd=244
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81c::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:06 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
window_focus_fy2019.js
tpc.googlesyndication.com/pagead/js/r20211103/r20110914/client/ Frame F442 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20211103/r20110914/client/window_focus_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=250&slotname=Internal_300x250_0.10&adk=1639670682&adf=1480696128&pi=t.ma~as.Internal_300x250_0._&w=300&lmt=1636386485&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F112825%2Fmalware%2Fgolang-based-worm-windows-linux.html&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1636386485746&bpp=5&bdt=180&idt=229&shv=r20211103&mjsv=m202111020101&ptt=5&saldr=sa&correlator=6653099393600&frm=21&ife=1&pv=1&ga_vid=826445048.1636386485&ga_sid=1636386486&ga_hid=1444845079&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=320&ady=2972&biw=1600&bih=1200&isw=300&ish=250&ifk=612157785&scr_x=0&scr_y=0&eid=31063374%2C31062930&oid=2&pvsid=530218145386761&pem=843&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C250&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.huopeqk60154&btvi=1&fsb=1&xpc=yFCYGbik1C&p=https%3A//securityaffairs.co&dtd=244
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:816::2001 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
4af635698cb6488a8df86b99febedbc979c76e04f675f3a9cdc66f7b4d86aff6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:47:39 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
27
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1470
x-xss-protection
0
server
cafe
etag
9165589572046851897
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Mon, 22 Nov 2021 15:47:39 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame F442 		120 KB
37 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=250&slotname=Internal_300x250_0.10&adk=1639670682&adf=1480696128&pi=t.ma~as.Internal_300x250_0._&w=300&lmt=1636386485&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F112825%2Fmalware%2Fgolang-based-worm-windows-linux.html&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1636386485746&bpp=5&bdt=180&idt=229&shv=r20211103&mjsv=m202111020101&ptt=5&saldr=sa&correlator=6653099393600&frm=21&ife=1&pv=1&ga_vid=826445048.1636386485&ga_sid=1636386486&ga_hid=1444845079&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=320&ady=2972&biw=1600&bih=1200&isw=300&ish=250&ifk=612157785&scr_x=0&scr_y=0&eid=31063374%2C31062930&oid=2&pvsid=530218145386761&pem=843&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C250&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.huopeqk60154&btvi=1&fsb=1&xpc=yFCYGbik1C&p=https%3A//securityaffairs.co&dtd=244
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:816::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a889ed53ea224d3134512762ff0cde5c4b0426379110a6592f9d0e337b859e95
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:06 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
37686
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1635939303405469"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Mon, 08 Nov 2021 15:48:06 GMT
qs_click_protection_fy2019.js
tpc.googlesyndication.com/pagead/js/r20211103/r20110914/client/ Frame F442 		15 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20211103/r20110914/client/qs_click_protection_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=250&slotname=Internal_300x250_0.10&adk=1639670682&adf=1480696128&pi=t.ma~as.Internal_300x250_0._&w=300&lmt=1636386485&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F112825%2Fmalware%2Fgolang-based-worm-windows-linux.html&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1636386485746&bpp=5&bdt=180&idt=229&shv=r20211103&mjsv=m202111020101&ptt=5&saldr=sa&correlator=6653099393600&frm=21&ife=1&pv=1&ga_vid=826445048.1636386485&ga_sid=1636386486&ga_hid=1444845079&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=320&ady=2972&biw=1600&bih=1200&isw=300&ish=250&ifk=612157785&scr_x=0&scr_y=0&eid=31063374%2C31062930&oid=2&pvsid=530218145386761&pem=843&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C250&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.huopeqk60154&btvi=1&fsb=1&xpc=yFCYGbik1C&p=https%3A//securityaffairs.co&dtd=244
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:816::2001 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
69a051355ad02c286b388a0013340d02657eb3f463d628f7fc1069c40ab8a7e5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:45:04 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
182
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6619
x-xss-protection
0
server
cafe
etag
4215814365075848680
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Mon, 22 Nov 2021 15:45:04 GMT
l
www.google.com/ads/measurement/ Frame F442 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/measurement/l?ebcid=ALh7CaS6tlXWwKxJ9-loMSozfb1Ndw0ERzmmop4iw4Ii-PjNZ-O13fZzu7bZpnchqTEmVdWLUqG9Ql9X4YIj5fFv6ONlDx2few
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=250&slotname=Internal_300x250_0.10&adk=1639670682&adf=1480696128&pi=t.ma~as.Internal_300x250_0._&w=300&lmt=1636386485&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F112825%2Fmalware%2Fgolang-based-worm-windows-linux.html&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1636386485746&bpp=5&bdt=180&idt=229&shv=r20211103&mjsv=m202111020101&ptt=5&saldr=sa&correlator=6653099393600&frm=21&ife=1&pv=1&ga_vid=826445048.1636386485&ga_sid=1636386486&ga_hid=1444845079&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=320&ady=2972&biw=1600&bih=1200&isw=300&ish=250&ifk=612157785&scr_x=0&scr_y=0&eid=31063374%2C31062930&oid=2&pvsid=530218145386761&pem=843&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C250&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.huopeqk60154&btvi=1&fsb=1&xpc=yFCYGbik1C&p=https%3A//securityaffairs.co&dtd=244
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:817::2004 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers
rum
dsum-sec.casalemedia.com/ Frame 7B0D
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEI3JkYmOSl7hSERwyzWj0WI&google_cver=1
43 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEI3JkYmOSl7hSERwyzWj0WI&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJ3FExCr1FUY3pDfuAEwAQ&v=APEucNWa5Thg9BIsJfPl5VSewPfJf0dr04VSNJsB3IAwIcP4s_WQp0tz3ooJqZ2Gz44zpZqiKaUqMEKdAl9BCkvthStTNnlSMQ
Protocol
HTTP/1.1
Server
184.29.129.7 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-29-129-7.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:06 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Mon, 08 Nov 2021 15:48:06 GMT

Redirect headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:06 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEI3JkYmOSl7hSERwyzWj0WI&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
313
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
rum
dsum-sec.casalemedia.com/ Frame 7B0D
Redirect Chain
  • https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YYlGtSCPhl8A5ZZDXjjRgQAA
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEI3JkYmOSl7hSERwyzWj0WI&google_cver=1
43 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEI3JkYmOSl7hSERwyzWj0WI&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJ3FExCr1FUY3pDfuAEwAQ&v=APEucNWa5Thg9BIsJfPl5VSewPfJf0dr04VSNJsB3IAwIcP4s_WQp0tz3ooJqZ2Gz44zpZqiKaUqMEKdAl9BCkvthStTNnlSMQ
Protocol
HTTP/1.1
Server
184.29.129.7 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-29-129-7.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:06 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Mon, 08 Nov 2021 15:48:06 GMT

Redirect headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:06 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEI3JkYmOSl7hSERwyzWj0WI&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
313
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
setuid
ib.adnxs.com/ Frame 7B0D
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
  • https://ib.adnxs.com/setuid?entity=101&code=CAESEAqEpBpv-CC9gsVoKeI31Bw&google_cver=1
43 B
1006 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ib.adnxs.com/setuid?entity=101&code=CAESEAqEpBpv-CC9gsVoKeI31Bw&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJ3FExCr1FUY3pDfuAEwAQ&v=APEucNWa5Thg9BIsJfPl5VSewPfJf0dr04VSNJsB3IAwIcP4s_WQp0tz3ooJqZ2Gz44zpZqiKaUqMEKdAl9BCkvthStTNnlSMQ
Protocol
HTTP/1.1
Server
68.67.161.183 New York, United States, ASN29990 (ASN-APPNEX, US),
Reverse DNS
803.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net
Software
nginx/1.17.9 /
Resource Hash
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:06 GMT
X-Proxy-Origin
37.120.205.149; 37.120.205.149; 803.bm-nginx-loadbalancer.mgmt.nym2; adnxs.com
AN-X-Request-Uuid
1c261372-3184-48b5-9ca3-6ec2b8d06893
Server
nginx/1.17.9
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:06 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://ib.adnxs.com/setuid?entity=101&code=CAESEAqEpBpv-CC9gsVoKeI31Bw&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
290
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame 7B0D
Redirect Chain
  • https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjYyNDU2Njc2MDM2Nzg5MDM3NQ%3D%3D
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjYyNDU2Njc2MDM2Nzg5MDM3NQ%3D%3D
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJ3FExCr1FUY3pDfuAEwAQ&v=APEucNWa5Thg9BIsJfPl5VSewPfJf0dr04VSNJsB3IAwIcP4s_WQp0tz3ooJqZ2Gz44zpZqiKaUqMEKdAl9BCkvthStTNnlSMQ
Protocol
H3
Server
142.250.65.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s71-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:06 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:06 GMT
X-Proxy-Origin
37.120.205.149; 37.120.205.149; 803.bm-nginx-loadbalancer.mgmt.nym2; adnxs.com
AN-X-Request-Uuid
58ad4a58-74c2-4726-a1b4-8320e6837b13
Server
nginx/1.17.9
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjYyNDU2Njc2MDM2Nzg5MDM3NQ%3D%3D
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
10350300550641876104
tpc.googlesyndication.com/daca_images/simgad/ Frame 0402 		21 KB
22 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/daca_images/simgad/10350300550641876104
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=50&slotname=Internal_320x50_0.10&adk=468307373&adf=1480696131&pi=t.ma~as.Internal_320x50_0.10&w=320&lmt=1636386485&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F112825%2Fmalware%2Fgolang-based-worm-windows-linux.html&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1636386485719&bpp=15&bdt=185&idt=191&shv=r20211103&mjsv=m202111020101&ptt=5&saldr=sa&correlator=6653099393600&frm=21&ife=1&pv=2&ga_vid=826445048.1636386485&ga_sid=1636386486&ga_hid=1089796484&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=320&ady=820&biw=1600&bih=1200&isw=320&ish=50&ifk=1908481605&scr_x=0&scr_y=0&eid=21065724&oid=2&pvsid=3372795393941806&pem=843&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.h7hnysjkfh1q&fsb=1&xpc=fF2ziKw2Ol&p=https%3A//securityaffairs.co&dtd=210
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:816::2001 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
78f4a6474672b7edfcf444c1e765a327a63257be9a32d068fefd488f9dfd66b0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 11:17:49 GMT
x-content-type-options
nosniff
age
16217
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
21953
x-xss-protection
0
last-modified
Sat, 23 Oct 2021 06:13:28 GMT
server
sffe
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Tue, 08 Nov 2022 11:17:49 GMT
abg_lite_fy2019.js
tpc.googlesyndication.com/pagead/js/r20211103/r20110914/ Frame 0402 		19 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20211103/r20110914/abg_lite_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=50&slotname=Internal_320x50_0.10&adk=468307373&adf=1480696131&pi=t.ma~as.Internal_320x50_0.10&w=320&lmt=1636386485&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F112825%2Fmalware%2Fgolang-based-worm-windows-linux.html&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1636386485719&bpp=15&bdt=185&idt=191&shv=r20211103&mjsv=m202111020101&ptt=5&saldr=sa&correlator=6653099393600&frm=21&ife=1&pv=2&ga_vid=826445048.1636386485&ga_sid=1636386486&ga_hid=1089796484&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=320&ady=820&biw=1600&bih=1200&isw=320&ish=50&ifk=1908481605&scr_x=0&scr_y=0&eid=21065724&oid=2&pvsid=3372795393941806&pem=843&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.h7hnysjkfh1q&fsb=1&xpc=fF2ziKw2Ol&p=https%3A//securityaffairs.co&dtd=210
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:816::2001 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
4c9d68e6fcd7df4461d8628656db38b9b67c9f193e49fdd74e0ab213c56e3581
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:45:58 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
128
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7933
x-xss-protection
0
server
cafe
etag
7671872550847203596
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Mon, 22 Nov 2021 15:45:58 GMT
window_focus_fy2019.js
tpc.googlesyndication.com/pagead/js/r20211103/r20110914/client/ Frame 0402 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20211103/r20110914/client/window_focus_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=50&slotname=Internal_320x50_0.10&adk=468307373&adf=1480696131&pi=t.ma~as.Internal_320x50_0.10&w=320&lmt=1636386485&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F112825%2Fmalware%2Fgolang-based-worm-windows-linux.html&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1636386485719&bpp=15&bdt=185&idt=191&shv=r20211103&mjsv=m202111020101&ptt=5&saldr=sa&correlator=6653099393600&frm=21&ife=1&pv=2&ga_vid=826445048.1636386485&ga_sid=1636386486&ga_hid=1089796484&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=320&ady=820&biw=1600&bih=1200&isw=320&ish=50&ifk=1908481605&scr_x=0&scr_y=0&eid=21065724&oid=2&pvsid=3372795393941806&pem=843&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.h7hnysjkfh1q&fsb=1&xpc=fF2ziKw2Ol&p=https%3A//securityaffairs.co&dtd=210
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:816::2001 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
4af635698cb6488a8df86b99febedbc979c76e04f675f3a9cdc66f7b4d86aff6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:47:39 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
27
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1470
x-xss-protection
0
server
cafe
etag
9165589572046851897
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Mon, 22 Nov 2021 15:47:39 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame 0402 		120 KB
37 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=50&slotname=Internal_320x50_0.10&adk=468307373&adf=1480696131&pi=t.ma~as.Internal_320x50_0.10&w=320&lmt=1636386485&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F112825%2Fmalware%2Fgolang-based-worm-windows-linux.html&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1636386485719&bpp=15&bdt=185&idt=191&shv=r20211103&mjsv=m202111020101&ptt=5&saldr=sa&correlator=6653099393600&frm=21&ife=1&pv=2&ga_vid=826445048.1636386485&ga_sid=1636386486&ga_hid=1089796484&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=320&ady=820&biw=1600&bih=1200&isw=320&ish=50&ifk=1908481605&scr_x=0&scr_y=0&eid=21065724&oid=2&pvsid=3372795393941806&pem=843&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.h7hnysjkfh1q&fsb=1&xpc=fF2ziKw2Ol&p=https%3A//securityaffairs.co&dtd=210
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:816::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a889ed53ea224d3134512762ff0cde5c4b0426379110a6592f9d0e337b859e95
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:06 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
37686
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1635939303405469"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Mon, 08 Nov 2021 15:48:06 GMT
qs_click_protection_fy2019.js
tpc.googlesyndication.com/pagead/js/r20211103/r20110914/client/ Frame 0402 		15 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20211103/r20110914/client/qs_click_protection_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=50&slotname=Internal_320x50_0.10&adk=468307373&adf=1480696131&pi=t.ma~as.Internal_320x50_0.10&w=320&lmt=1636386485&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F112825%2Fmalware%2Fgolang-based-worm-windows-linux.html&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1636386485719&bpp=15&bdt=185&idt=191&shv=r20211103&mjsv=m202111020101&ptt=5&saldr=sa&correlator=6653099393600&frm=21&ife=1&pv=2&ga_vid=826445048.1636386485&ga_sid=1636386486&ga_hid=1089796484&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=320&ady=820&biw=1600&bih=1200&isw=320&ish=50&ifk=1908481605&scr_x=0&scr_y=0&eid=21065724&oid=2&pvsid=3372795393941806&pem=843&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.h7hnysjkfh1q&fsb=1&xpc=fF2ziKw2Ol&p=https%3A//securityaffairs.co&dtd=210
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:816::2001 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
69a051355ad02c286b388a0013340d02657eb3f463d628f7fc1069c40ab8a7e5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:45:04 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
182
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6619
x-xss-protection
0
server
cafe
etag
4215814365075848680
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Mon, 22 Nov 2021 15:45:04 GMT
one_click_handler_one_afma_fy2019.js
tpc.googlesyndication.com/pagead/js/r20211103/r20110914/client/ Frame 0402 		27 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20211103/r20110914/client/one_click_handler_one_afma_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=50&slotname=Internal_320x50_0.10&adk=468307373&adf=1480696131&pi=t.ma~as.Internal_320x50_0.10&w=320&lmt=1636386485&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F112825%2Fmalware%2Fgolang-based-worm-windows-linux.html&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1636386485719&bpp=15&bdt=185&idt=191&shv=r20211103&mjsv=m202111020101&ptt=5&saldr=sa&correlator=6653099393600&frm=21&ife=1&pv=2&ga_vid=826445048.1636386485&ga_sid=1636386486&ga_hid=1089796484&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=320&ady=820&biw=1600&bih=1200&isw=320&ish=50&ifk=1908481605&scr_x=0&scr_y=0&eid=21065724&oid=2&pvsid=3372795393941806&pem=843&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.h7hnysjkfh1q&fsb=1&xpc=fF2ziKw2Ol&p=https%3A//securityaffairs.co&dtd=210
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:816::2001 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
958cb8992e75141f60d67383af5df25397e04446753f027dd317be9d51136ab0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Sun, 07 Nov 2021 20:23:13 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
69893
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
11538
x-xss-protection
0
server
cafe
etag
16299297374704173702
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Sun, 21 Nov 2021 20:23:13 GMT
pixel
googleads.g.doubleclick.net/xbbe/ Frame F727 		624 B
299 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/xbbe/pixel?d=CO-t7QIQhsvvAhiDks-dATAB&v=APEucNWCShfVHYbJAWJ5paS7sq2hHaJcYa1j1TXvUNZRTCvM1iwrcRg5-buZex2q8dHL12jkg97PopWI4imF2n5NcLwwF_N4sA
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=250&slotname=Internal_300x250_0.10&adk=1639670682&adf=1480696128&pi=t.ma~as.Internal_300x250_0._&w=300&lmt=1636386485&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F112825%2Fmalware%2Fgolang-based-worm-windows-linux.html&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1636386485746&bpp=5&bdt=180&idt=229&shv=r20211103&mjsv=m202111020101&ptt=5&saldr=sa&correlator=6653099393600&frm=21&ife=1&pv=1&ga_vid=826445048.1636386485&ga_sid=1636386486&ga_hid=1444845079&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=320&ady=2972&biw=1600&bih=1200&isw=300&ish=250&ifk=612157785&scr_x=0&scr_y=0&eid=31063374%2C31062930&oid=2&pvsid=530218145386761&pem=843&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C250&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.huopeqk60154&btvi=1&fsb=1&xpc=yFCYGbik1C&p=https%3A//securityaffairs.co&dtd=244
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.65.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s71-in-f2.1e100.net
Software
cafe /
Resource Hash
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=250&slotname=Internal_300x250_0.10&adk=1639670682&adf=1480696128&pi=t.ma~as.Internal_300x250_0._&w=300&lmt=1636386485&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F112825%2Fmalware%2Fgolang-based-worm-windows-linux.html&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1636386485746&bpp=5&bdt=180&idt=229&shv=r20211103&mjsv=m202111020101&ptt=5&saldr=sa&correlator=6653099393600&frm=21&ife=1&pv=1&ga_vid=826445048.1636386485&ga_sid=1636386486&ga_hid=1444845079&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=320&ady=2972&biw=1600&bih=1200&isw=300&ish=250&ifk=612157785&scr_x=0&scr_y=0&eid=31063374%2C31062930&oid=2&pvsid=530218145386761&pem=843&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C250&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.huopeqk60154&btvi=1&fsb=1&xpc=yFCYGbik1C&p=https%3A//securityaffairs.co&dtd=244

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
gzip
date
Mon, 08 Nov 2021 15:48:06 GMT
server
cafe
cache-control
private
content-length
276
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires
Mon, 08 Nov 2021 15:48:06 GMT
ad
googleads.g.doubleclick.net/dbm/ Frame F442 		51 KB
25 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DPK7D0U45VmWqoWAJ00Ctz_hG9BfCXkHRab9pwbrOacom15pWTg3tP-h5rMNrS1GtgWOz-NoFIpfTQZUqPx1lpQukKnyH2ldmLM3nJwlCbR_kOQe67GaBf5fRd_9xreXlXkHarkPwMDlahNey38OI-2onVnA&cry=1&dbm_d=AKAmf-C4Frw8vf_y__db68hK3R1nGvJeA-LkldeVfwDC1XvxSUVqT9BsHsv3VclwaoeXjBblOV5IhR59f2tAHUZ1GyeSjOZewWi02i9FUcerqy5hBZDB7QzixXa4Ko3-QPmD7w1joLJS8xZdMNT0LllB7_w528q7_dcOp9aLwQQMx-_B2BVH_Q7UOBYl8R4m7dYURZz3MNa9cK4I-V1XhjU2fV6aAJVthDVWb_0W8_Hr8hKC7VEfm3tCG4171HJer60b6x-8yyysAt6SfMiVaz0M6CPCUdDXj9f1qX7mRHymOD3a9KkTaiqeYy7QmSCFtzkN828rBwx-rJuATPbTME3gBmZreVPDvkxjIiODiVbXxpdRR2ukkYKIvamoBq6sQW1ygi0o74Cob6w22or4vVll2uoCFHE6HJGpz3fMmS3C_-xCjflXMq1Bvg-5SA60xqAlpPOiFLBaz6_G0oCiMEE7sqLvNTNzYiHqQgftpBk03U6IXbEbBdr0fQ9PbMgOrw_PreFUHv1pT_DUZsk_fY8qNiMb2s9NhEcQ3U-5K6EIH_e3mKXttXDqOKAS1TXqB5KZHbk62D0cU18FEV6lvYuqp5FqcdxOZERWjM-9ymsmS2NDP7u_czwH1Q5LBhRr5Bo1I8VdGWgvQrjktw3SyBwhqU2_2Qs3Bt1ZEEW3pLcaTd_dn5VtOhtBwUCUL5YQPbrDp8W5A7O9qyMK3lKTpTdzo7F_tVj_AO7vOrlCQbKWPX1hIJb3Rq2Nax6JlDkZJXl7ia_po5xPPkKYy3GIyEbNxKSORMzczuzf049JVrDP1XLiIturrK5E-kh7P3urAgerIhc9K82Zt6pu8BAoS66EAbWySGWSC_eEK0bDXxtr_NxkeAmBnM7cY7hV-irkm4m_9Dat6e1tU8WPZfDqgSA6nLpixPWQPxrc8P3UhNRqqI2VNX1Q_GPp8PjrRH9VYsnqxa0e0dENLebXHaKqkWs0zds4aZi8_3oU5QwwYYBGVrPEw2P2Iz0b2Q6xuIitYkrxBU7hD-UhXH7KXwzunPr0RqYiCPo1Nu0qBd-uwzPgHdCSvHbRysQKNd141tMHpWZukfbDnyyTAQmG1hEqZs_Wwx4FXM0FPQ-LQjOfZa6cCpIG75FIvioGLkXxjllrtzxHoAmbMjYy3AqYu3HsL6KuPn3uPHTbYzpjsQFbLoj0FWNT3DbhDlFS1pH2tvwyWrzhVYMj-l0N6HzWzXdpTlXUPt_9VEAP72ZdBeiysXUM5yj3ZFzq_OBQZHmyGF19k_ay0tXG4cNsX5xfN0OIb94xAfk3JU2q37VJmDCeDqgzGiRCcZZNq1pss4EB4mNEhbvJK4iyATPupu4JJDIdkrBlAFHPpkHJ9Mm0lvJA8mLwXqcCUsqchUhCThoFomokS-G5d0cYk5H_IhPDpspfMl5pCO6gPcCjwMEs_nRT2lYq49WW3etOTNOB29aIJev8sOxmGRSMwBKCycDn6o27vdgT2YZheLR3IPasn6LYIw-dt8RgN2BNEVE8WGS92HfCnwhOCOPSwKEw5ggTNwDTT9nUS4mO_Ilxz_C_URmIvv1JbzcaDgOLc2hXUD_8XwQELyJHR3NRz6l-uchCIuDPx-wBNLuCvqCbinbrOpFES8Al0tFuT11DzXlNKmvHPTX7ZpqBIeHotFIkOICFlm5vYOvzBuM8d_elG45v2f4xUHvoSj10g8wCrjj14dqg0fjTfxYSTBJPN92REIHCXRcR7tHmsk9TtVKrgrnOZR7ueecJ6C53b8rlVXKLkwE3CPUwHiLfHii-WbiDkoNaM-kwUKvwemFsmygeIDUEpsn1fhelUH29x_0xZSHCQae5NB9xoOIRNl43TaQS-wEETcTgswM4KGqQr5Yq410VJLqZ85YAVrYR4csmIxoJpLXW8hCTO1DYZP0VjThJRPx3mykEmFKKcBN2sgaizQt1-yiVXx075N_eVVz-ts95D7kCkixZ9f4XsKQrOf2k-DwcZ8oEbRbxn8pJIGMe-NXijKfznz9EljpqtnVubs82OjPUyEecNdBliBaqvh9N5LjKaR2CsmfY5EvJ8b1YPns2kPlbz8jUfvtkJdIPyxF3xM9GwjNaEVUd0fNMlYOIrB7tGxHl3EkYEIQ-KP0AuqOwZPJKZZ8lBwpLQ3hicTLJYC3blIK4HZDLgKUZFhmRbjWnBmZmEX_mTOUNo-qJlo41yYypFBQ_son8HEdPEgNLNkRJxXR2vAtIrHbIoG-9IGIk3ynD6S44f3yja9Xq-ri3Xxc5FeSn5ZGeiipJLgRHPufJEU0VpEytJhTLDai2HoDzCW96vFGDVruLj3ZAPt3Dm2sGHbiYMil8tUrRDhHNpxJwQHWjgG2tdvPcIZrcH0UI2BCCPSN-aHccQNgZpYamaRVi5-tqyuybGspNalxH-Zzj4jC_jcYFT-lrzbiRj9-iQ6LdfVOLLajQAs33qozzF9V1_F94lnrGG_aTCTDbFXa7iDCUCX0ao8VoeogKXx1FUE3FZloFhro1b5hi1orPcUvNZX7OgSJof9bmwY-yxf3h2RHeHmRI5Jdueq2T9UYGcYJJQfyN0Q3MS0TG6k08qL7OaPQoCESXXG49KzVyvmTCdDcaBkjFkS3toiTrS37Z4DR7c71bz7vfTwfwR23No9gak010-ToK5_xNk9DVD3SxGk4PgkVw2KTXYRwpSKNuJYH7OG9CTzwrQYof4WL02sakvnpu90hPn9KMc_EXF3mGIsx11K_GWbA5riTxN9eSRjyHSNBE1HbK6xVDSEA3uSZZzufiiGOFJM4Vs8dXoNArzKwF0yppDpuwEzT5iIOc2KPi2IvpH6lSWUM9buu-JSSTZpIXTDRWQSTMdpYiN5ZrQuDvaB8Og28rNmOkIq76-64bVf-bkVxPy8r_9Cm15CyYBKJ-97wFgGBQP-yOA9_g84qUmea66CZBivCeJ0PMzd-1n5z83cdosZgxeXrM36gIUW3dlIofGv_N8ciRNmcty6en1Qx2c4m2nl6s2t0__CT3HWOywwm1TriEBYjiX8zenefwwQQHbgstO10U6tbb8nRModkL8ferJpiaNSbY346vnXtxcemqOFmEhFbRCyPHpeEh8iL0JbXyeQErb3qYDRagNt0ua9nv-tfrZL66apQTCvadZDx96UqvSqlkthefiZ-dSQAG_SO3fnPbmAtA_yYmdXEzfrE6I8M88ojaAWza9eJXynC1G8xpgwtNFS4KuSr3Tyc3N0i6FpY&cid=CAASEuRohWaFhNXRk-PKX1TgSDjPRA&rfl=2%2Chttps%253A%252F%252Fsecurityaffairs.co%242%2Chttps%253A%252F%252Fsecurityaffairs.co%252F%240
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=250&slotname=Internal_300x250_0.10&adk=1639670682&adf=1480696128&pi=t.ma~as.Internal_300x250_0._&w=300&lmt=1636386485&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F112825%2Fmalware%2Fgolang-based-worm-windows-linux.html&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1636386485746&bpp=5&bdt=180&idt=229&shv=r20211103&mjsv=m202111020101&ptt=5&saldr=sa&correlator=6653099393600&frm=21&ife=1&pv=1&ga_vid=826445048.1636386485&ga_sid=1636386486&ga_hid=1444845079&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=320&ady=2972&biw=1600&bih=1200&isw=300&ish=250&ifk=612157785&scr_x=0&scr_y=0&eid=31063374%2C31062930&oid=2&pvsid=530218145386761&pem=843&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C250&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.huopeqk60154&btvi=1&fsb=1&xpc=yFCYGbik1C&p=https%3A//securityaffairs.co&dtd=244
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.65.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s71-in-f2.1e100.net
Software
cafe /
Resource Hash
a571be55ecca189f07b523295ac93dc8951c84c5dc2de7b37eb530d8b4045c3c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=250&slotname=Internal_300x250_0.10&adk=1639670682&adf=1480696128&pi=t.ma~as.Internal_300x250_0._&w=300&lmt=1636386485&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F112825%2Fmalware%2Fgolang-based-worm-windows-linux.html&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1636386485746&bpp=5&bdt=180&idt=229&shv=r20211103&mjsv=m202111020101&ptt=5&saldr=sa&correlator=6653099393600&frm=21&ife=1&pv=1&ga_vid=826445048.1636386485&ga_sid=1636386486&ga_hid=1444845079&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=320&ady=2972&biw=1600&bih=1200&isw=300&ish=250&ifk=612157785&scr_x=0&scr_y=0&eid=31063374%2C31062930&oid=2&pvsid=530218145386761&pem=843&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C250&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.huopeqk60154&btvi=1&fsb=1&xpc=yFCYGbik1C&p=https%3A//securityaffairs.co&dtd=244
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:06 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
25267
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
abg_lite.js
pagead2.googlesyndication.com/pagead/js/r20211103/r20110914/ Frame B1D3 		24 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20211103/r20110914/abg_lite.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-A9Qn_CpOL1Tlr6a1fggPTMp-OLcP1UZR4LBETBEsfW4aygeWbH2jruJ1f6KJPbOHsVf4xilEko2lXhdvccMtxAjcfrv_dP_Uco9EuX35CFFUcmf2an71SD8e-ICpI-QV_KDR4iQuLp0h8N6VkOlc4atRXnwQ&dbm_d=AKAmf-Ank46oWlCdbWt6kmJTbTE7cmaH2913tGYFZB50T-nF_rgD9spmy0BykAT18NpwMJSD6Igfkq_fmmnskv8pHF67P9EiAbLYVmn6-j8uvIiqRGj6Mto1f73_S_aSQLBqRwnjUWzias0r5uf0tHOeTGh6dAnksyDNtmrORs93lVSbTM9itr7rz4qQYcK1N87D0_ZHGKab8Rn2nWSe4yr3UKNXXfrUV6qrOsCBI0twTIQzs3lN3K7qhg5K2dElKc7S6IMXoiEwQGV3uxGn6dFBZbBpQibqfvZ2DVL_vWByk8Yrdb0J75nBFfx6icsWnZV6-b_mZJDVGTGOJz7y3wE6MdHA13esOeQH4AdGWeg8lQSM0hiqgFeAVHTS8qChfoPxEVrtr_dltQ9ieHA5MyBeFNyRPYCov0u0wQEfLGNIn90R4iIvvtElOUBLiJcV8aKvt5OTpgym7SC_JGDm7upBveKv-MuAXvRHNytanKDNai75b4CIwKP9pfETQOjvzkRuFyBYqxr9ppUy3OxnG2GM5IBy8x0pioa3KC7O_9eKgFKbaOzy_5twEizevlYGVJpTrv544BphO-JCBKe2tifdyWXYrPb-qnqa7yHn-q5LgFMTX2c426aPgFLJNkiucHz6PIYwdUEM70i1PmE4ov6cqCFwvgQK80zql0GbbZWoA74GjCw1kc9NWoHb20rJZf6YSioRQBUPZ0N1rBZrEip8zckrVAOlJ1qIUJ_UYof05oHxcKni0zy-6UQbSsEcVtgjKNUsg2bz8VOxHpNSzYTK0jZKUjFZVC0_aMMX194-Nam8GDL2q2Aq2aFuM-HmXPtiAFSNQHoyAvkWQHgcVhDepsYYyRgUjqpuAgpE-keeTEhl0KXi1bSm-xxGLFFmmx2js79836cD-KcgKRdD947rfrA3F5CUa8eXuj5vJhrzO0VJ7DDnW1B2qKKMuktwy4XY2ETKVaCslNNlCVDaDpjTxVKw6uq9UrqpQUGI0GaJ2LAs8W9ou9KHJuJ0VkH4d_JIKlM6N217YvkocjSA8FozixWFhHfWvNMeONixhgJ-YRhQN7UxdhkeH_LpYfbYsYlVKIJTkFOlL_TEpT6IwjVZOPeihlEyH9PhyihIqc-TctNK4yJAgDd3MRDaHnLh7SielYX_CC9Q86ifZNkypoGZ0RE9mZaWLJZ81TNXKOy7GPTb7ULM3UGLBPcrQLsgy6yq2T37WVsMvnqzYXe_WdYM9_-iWQEi8AOmPlAuwCYRVcRR_H6TZz8pWwbbokz-C76APLz5GoUkCtoAotLLDpd7_hkDxLgCw2QPcQ0_-3uXs3_d9gPZJTIiX249y2oXTFKGZzhKBYniyM8X56TiKCwBuajP1XsmlYzY4i7on981szaqbD8NYpgOA4Qk0aappTOWwEWRgCPTcOiqWtZWB6DE1zUTTItiNGWasPOQwuEPVfpfWNgueb_RPFyAtAMBD4Iirp-8SrzWs41S8QfIXwghnSrHo4DKo-pRgHZqiI48AbUT6Y29cnfETgE-N6Jfy7v44f9g399yF4g5VxPFWhdgNyIxQlzK7G82beZ2jS39hSwJWA-u2Aiezx18YUJsGLi5_MMU9qqUuxmGP26slpKNYL0X2c3R2rPZ4hishd6HZvQVzZc2Z5KiZFZDiL4rU5YkX14yvD2jVDkUck4fuEzzjS5PY_FrQzWZ1meE8mKGc2In9UIdFf3Li06rHHQj2qFNXYUysNYPN3ObrteWcvBdSmZVBypcDMNTc-PKA7O_e3BQvW_GgsHQD7fSyZ1Imf1-Hsyrq4b5_nQc2IKA8_F2EFRZ8YtrEgnGJiHNufp1RG7f9d5PrshEG1auDCqGnK1t9Tf50a-d0t2phA-DK1FFA2DyFJ8ry20onIz0sQAzTni5W0qsQQeL6g0zmtUKPS70SBWB6Qi5JbGiXtmmAK0mmjdJrxNO5bF1hYasLx6G4hyUQCJnlWS669JjFT6ktCGuQrqazHNIt2Abm0a7Ndq6DlOjf2l0HPheFDoSoKmKUPg70fUDSic1T46W25ZN4N1gMo4XAFW2S592eO_SrLN61bh9GcmZal7ySg5hj5_9d3XJLXBbCWJGBc1u1IWldZiVVlWPfB5_4XEBPbBBp89-rcTAXtexybXaPM0gq8BLOGfk4BVzwT2mj5WuTUa8foYYzwzVKoaDjCwxfqZv3AehOBQPjJx_JLbnK5-2DOaBv8wDpgzRCi8ff0Q1-_RGS4Aj6I1gNJ1auK32bT9Z2GTDxJVesz9ETGGKzMsBpMNKwnQ_2c3dTCYd3_38aDXSP7XOZRrNm8XwxdypKH_nJ-Jz1muapjn35kBBNO4kFlhxEq4c7qJVo7cNL9vyF6qiD2QeVTWH9BRJ92PAKhIY27xtNh-cWYBCGpdHWlRXKaD7u66aGxG68Z5w4oYjHzd_NPuYutGEKEkjgEYKnav06jkM2fRQSkaZVdK4aVDkG5JAE2ah0dsFGuyd0feQhniGa4d2pn_3EyWIz3kLbquCET1tKthT4dx1ZqJzHzpPN3jEWNtbvnUachB0yyHRrRW6Au8dmzZjUwk6l-19NSWn30ZWLKDOUSNBmuj34b6bng8VCQtm2xzhcs5lu5tufYlWquw1SP_Rj0kozHakc_pM7ElCJIioOubr_2etxume-xW5OaB2P0tw0c136EKka4_S1ZK9uZiKffCQvEn1pwYsaG1Ht8SM4qy49_B7Eg5GfwkRcs0eqIPr_fyaY94MqQvocAFRur5MEDCtq39pAXml0VzDFg8qwa39knclQ-QIPwq2IYzCXlB-hDwvwgsHU9m5kesZ2M40YzvjSnwPxAjr1WLhj_ybkqTRg_W2JJQeTOnkQRvGKy3_hpUCAHfH0oFstpe0Rl55CaM5lp3z1dbMG78PHIKO41sG-Q&cid=CAASEuRofDh7RneN00UcPGc_tsS3EQ&rfl=2%2Chttps%253A%252F%252Fsecurityaffairs.co%242%2Chttps%253A%252F%252Fsecurityaffairs.co%252F%240
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81c::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
f8957910f9a887e298f5c082685e139255d095ec819e8b8cc6469b0006ef204b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:46:28 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
98
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
9560
x-xss-protection
0
server
cafe
etag
378257483732583304
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Mon, 22 Nov 2021 15:46:28 GMT
omrhp.js
pagead2.googlesyndication.com/pagead/js/r20211103/r20110914/elements/html/ Frame B1D3 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20211103/r20110914/elements/html/omrhp.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-A9Qn_CpOL1Tlr6a1fggPTMp-OLcP1UZR4LBETBEsfW4aygeWbH2jruJ1f6KJPbOHsVf4xilEko2lXhdvccMtxAjcfrv_dP_Uco9EuX35CFFUcmf2an71SD8e-ICpI-QV_KDR4iQuLp0h8N6VkOlc4atRXnwQ&dbm_d=AKAmf-Ank46oWlCdbWt6kmJTbTE7cmaH2913tGYFZB50T-nF_rgD9spmy0BykAT18NpwMJSD6Igfkq_fmmnskv8pHF67P9EiAbLYVmn6-j8uvIiqRGj6Mto1f73_S_aSQLBqRwnjUWzias0r5uf0tHOeTGh6dAnksyDNtmrORs93lVSbTM9itr7rz4qQYcK1N87D0_ZHGKab8Rn2nWSe4yr3UKNXXfrUV6qrOsCBI0twTIQzs3lN3K7qhg5K2dElKc7S6IMXoiEwQGV3uxGn6dFBZbBpQibqfvZ2DVL_vWByk8Yrdb0J75nBFfx6icsWnZV6-b_mZJDVGTGOJz7y3wE6MdHA13esOeQH4AdGWeg8lQSM0hiqgFeAVHTS8qChfoPxEVrtr_dltQ9ieHA5MyBeFNyRPYCov0u0wQEfLGNIn90R4iIvvtElOUBLiJcV8aKvt5OTpgym7SC_JGDm7upBveKv-MuAXvRHNytanKDNai75b4CIwKP9pfETQOjvzkRuFyBYqxr9ppUy3OxnG2GM5IBy8x0pioa3KC7O_9eKgFKbaOzy_5twEizevlYGVJpTrv544BphO-JCBKe2tifdyWXYrPb-qnqa7yHn-q5LgFMTX2c426aPgFLJNkiucHz6PIYwdUEM70i1PmE4ov6cqCFwvgQK80zql0GbbZWoA74GjCw1kc9NWoHb20rJZf6YSioRQBUPZ0N1rBZrEip8zckrVAOlJ1qIUJ_UYof05oHxcKni0zy-6UQbSsEcVtgjKNUsg2bz8VOxHpNSzYTK0jZKUjFZVC0_aMMX194-Nam8GDL2q2Aq2aFuM-HmXPtiAFSNQHoyAvkWQHgcVhDepsYYyRgUjqpuAgpE-keeTEhl0KXi1bSm-xxGLFFmmx2js79836cD-KcgKRdD947rfrA3F5CUa8eXuj5vJhrzO0VJ7DDnW1B2qKKMuktwy4XY2ETKVaCslNNlCVDaDpjTxVKw6uq9UrqpQUGI0GaJ2LAs8W9ou9KHJuJ0VkH4d_JIKlM6N217YvkocjSA8FozixWFhHfWvNMeONixhgJ-YRhQN7UxdhkeH_LpYfbYsYlVKIJTkFOlL_TEpT6IwjVZOPeihlEyH9PhyihIqc-TctNK4yJAgDd3MRDaHnLh7SielYX_CC9Q86ifZNkypoGZ0RE9mZaWLJZ81TNXKOy7GPTb7ULM3UGLBPcrQLsgy6yq2T37WVsMvnqzYXe_WdYM9_-iWQEi8AOmPlAuwCYRVcRR_H6TZz8pWwbbokz-C76APLz5GoUkCtoAotLLDpd7_hkDxLgCw2QPcQ0_-3uXs3_d9gPZJTIiX249y2oXTFKGZzhKBYniyM8X56TiKCwBuajP1XsmlYzY4i7on981szaqbD8NYpgOA4Qk0aappTOWwEWRgCPTcOiqWtZWB6DE1zUTTItiNGWasPOQwuEPVfpfWNgueb_RPFyAtAMBD4Iirp-8SrzWs41S8QfIXwghnSrHo4DKo-pRgHZqiI48AbUT6Y29cnfETgE-N6Jfy7v44f9g399yF4g5VxPFWhdgNyIxQlzK7G82beZ2jS39hSwJWA-u2Aiezx18YUJsGLi5_MMU9qqUuxmGP26slpKNYL0X2c3R2rPZ4hishd6HZvQVzZc2Z5KiZFZDiL4rU5YkX14yvD2jVDkUck4fuEzzjS5PY_FrQzWZ1meE8mKGc2In9UIdFf3Li06rHHQj2qFNXYUysNYPN3ObrteWcvBdSmZVBypcDMNTc-PKA7O_e3BQvW_GgsHQD7fSyZ1Imf1-Hsyrq4b5_nQc2IKA8_F2EFRZ8YtrEgnGJiHNufp1RG7f9d5PrshEG1auDCqGnK1t9Tf50a-d0t2phA-DK1FFA2DyFJ8ry20onIz0sQAzTni5W0qsQQeL6g0zmtUKPS70SBWB6Qi5JbGiXtmmAK0mmjdJrxNO5bF1hYasLx6G4hyUQCJnlWS669JjFT6ktCGuQrqazHNIt2Abm0a7Ndq6DlOjf2l0HPheFDoSoKmKUPg70fUDSic1T46W25ZN4N1gMo4XAFW2S592eO_SrLN61bh9GcmZal7ySg5hj5_9d3XJLXBbCWJGBc1u1IWldZiVVlWPfB5_4XEBPbBBp89-rcTAXtexybXaPM0gq8BLOGfk4BVzwT2mj5WuTUa8foYYzwzVKoaDjCwxfqZv3AehOBQPjJx_JLbnK5-2DOaBv8wDpgzRCi8ff0Q1-_RGS4Aj6I1gNJ1auK32bT9Z2GTDxJVesz9ETGGKzMsBpMNKwnQ_2c3dTCYd3_38aDXSP7XOZRrNm8XwxdypKH_nJ-Jz1muapjn35kBBNO4kFlhxEq4c7qJVo7cNL9vyF6qiD2QeVTWH9BRJ92PAKhIY27xtNh-cWYBCGpdHWlRXKaD7u66aGxG68Z5w4oYjHzd_NPuYutGEKEkjgEYKnav06jkM2fRQSkaZVdK4aVDkG5JAE2ah0dsFGuyd0feQhniGa4d2pn_3EyWIz3kLbquCET1tKthT4dx1ZqJzHzpPN3jEWNtbvnUachB0yyHRrRW6Au8dmzZjUwk6l-19NSWn30ZWLKDOUSNBmuj34b6bng8VCQtm2xzhcs5lu5tufYlWquw1SP_Rj0kozHakc_pM7ElCJIioOubr_2etxume-xW5OaB2P0tw0c136EKka4_S1ZK9uZiKffCQvEn1pwYsaG1Ht8SM4qy49_B7Eg5GfwkRcs0eqIPr_fyaY94MqQvocAFRur5MEDCtq39pAXml0VzDFg8qwa39knclQ-QIPwq2IYzCXlB-hDwvwgsHU9m5kesZ2M40YzvjSnwPxAjr1WLhj_ybkqTRg_W2JJQeTOnkQRvGKy3_hpUCAHfH0oFstpe0Rl55CaM5lp3z1dbMG78PHIKO41sG-Q&cid=CAASEuRofDh7RneN00UcPGc_tsS3EQ&rfl=2%2Chttps%253A%252F%252Fsecurityaffairs.co%242%2Chttps%253A%252F%252Fsecurityaffairs.co%252F%240
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81c::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
9db8a678d1681c1c4a3f15e1769c3f54d96f126db4a7b00cea65127c820a7763
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:44:05 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
241
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
3140
x-xss-protection
0
server
cafe
etag
17163059639670574047
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Mon, 22 Nov 2021 15:44:05 GMT
view
googleads4.g.doubleclick.net/pcs/ Frame B1D3 		0
571 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvcNrC1w5AsthhE6nlRi36AJ9arlnKf_N_VQkxFeO0lLdAwi9vJlLGJRqp701OJI5sWiYK6eITVzuhHUR6giTgotTK0n989i33d7PLpm3fO1JbTNcUTwdI2qaYwDWwGUf6puGZTVG7cmQK8blTawtoR1ha18-Ef0inT1Do1xHkOmy5MKx5Ii7_u28R_yOeCz-66vVs34eNp9kLqixcs9jkyhgjUKUcPZdqJBYUQ0lftx7Lt2FCLtmUwAxEEICbFLceHhShWD1YQVU_TVL7TQtwf6_4j_jtFg1ljjmOTJGQlVVoxgq3yEJWTU5EgL6Hcon-WWXOSTgDgKoyn8C6hH8G20RZufbbpsHW3Fbjezf8Z26AjzcrAcBw2e9gSRWoV9OCup3bRdzzU8QFDWa8cgR3gVY9N92hW9aZSmRchIHeZr-7-fE0s9BdNfe6ikCQBSszvJVnTcOyuuYSkBtH3OQFdyZ5txEp3bzIVAfDxjOElZ3X6feXNMuc1krz1ulecArFIghb0pODgO8unJGLP-W_hfeymRhEWrUCpQSm88lrKbzwlDjvgw1rnEKNc2yJdns6-TAnmxiOGze2bWPUgnwq_fzsFrQbyVhTteXZJKp-oTxM6ljN-1z6RdH900s0Lzvd1kU9w99lGAlz2XsbKIMehxiaJDcISHJCmEN2QDlUnImd1MY5W1yqz4jXZavM0oULA3BtnN_MC_tNL2HlD5JKHz0FRFzcWMc3Ai68W7VRlIpRJA5cieRIkr3gKFELBHDtH-eKHknMjyOHNlBKjqp6EmJ0gwPrGvRIfLzxQTDPr1i4yl4dH2_6t1AT-hLn7zSAd3-Ao9mLXbWPQ4OJTGE5PMycfjqTCPAL3ZZEHFH_MRitODtid47zZDJJzzX6_W6fsmFGBwfW_t80KnalqUpZJEOdfOzyMUk77nzKnZuVzaeQ5j4XHOAKJvQaPdC4_pSTxY6eKj13qa1mAU3yXieiBT6_8GSDIXc0-N53Ff_d90CWMZtSOoF7TYkkuaP90naskoSIgs0ys_YF05qtfHVEhPFENabZohPzBontYIR9uxM6WA8saueNBI2dZvSM4IY_rzMHpwXWRPDPnVntnm9G8wjzaPwcVUGZUBjYi4Vv-d-y6fu817KZ0PC8hakUKTfHCGQ--M9KZ3EwmYL9lAG3cKbUwHMlLnCfdN9MmipEphvCX&sai=AMfl-YQ6blj9fGVtE_uAt_KxNVgK8QOokTC5Dzl6qZfLlKyStsCJnI7EdpT44EMph3lKFJUHa0gN8TUC2EP7GZDR294odszg93G5dNyOwKCEHoHoctjXQk-tO1-ZuAP1sRQ3nRA4UGsMneVQrj5rFOnbPcg0P4aKNw&sig=Cg0ArKJSzFWnt3yfRd1dEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=2&cbvp=1&cstd=0&cisv=r20211103.76324&adurl=
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-A9Qn_CpOL1Tlr6a1fggPTMp-OLcP1UZR4LBETBEsfW4aygeWbH2jruJ1f6KJPbOHsVf4xilEko2lXhdvccMtxAjcfrv_dP_Uco9EuX35CFFUcmf2an71SD8e-ICpI-QV_KDR4iQuLp0h8N6VkOlc4atRXnwQ&dbm_d=AKAmf-Ank46oWlCdbWt6kmJTbTE7cmaH2913tGYFZB50T-nF_rgD9spmy0BykAT18NpwMJSD6Igfkq_fmmnskv8pHF67P9EiAbLYVmn6-j8uvIiqRGj6Mto1f73_S_aSQLBqRwnjUWzias0r5uf0tHOeTGh6dAnksyDNtmrORs93lVSbTM9itr7rz4qQYcK1N87D0_ZHGKab8Rn2nWSe4yr3UKNXXfrUV6qrOsCBI0twTIQzs3lN3K7qhg5K2dElKc7S6IMXoiEwQGV3uxGn6dFBZbBpQibqfvZ2DVL_vWByk8Yrdb0J75nBFfx6icsWnZV6-b_mZJDVGTGOJz7y3wE6MdHA13esOeQH4AdGWeg8lQSM0hiqgFeAVHTS8qChfoPxEVrtr_dltQ9ieHA5MyBeFNyRPYCov0u0wQEfLGNIn90R4iIvvtElOUBLiJcV8aKvt5OTpgym7SC_JGDm7upBveKv-MuAXvRHNytanKDNai75b4CIwKP9pfETQOjvzkRuFyBYqxr9ppUy3OxnG2GM5IBy8x0pioa3KC7O_9eKgFKbaOzy_5twEizevlYGVJpTrv544BphO-JCBKe2tifdyWXYrPb-qnqa7yHn-q5LgFMTX2c426aPgFLJNkiucHz6PIYwdUEM70i1PmE4ov6cqCFwvgQK80zql0GbbZWoA74GjCw1kc9NWoHb20rJZf6YSioRQBUPZ0N1rBZrEip8zckrVAOlJ1qIUJ_UYof05oHxcKni0zy-6UQbSsEcVtgjKNUsg2bz8VOxHpNSzYTK0jZKUjFZVC0_aMMX194-Nam8GDL2q2Aq2aFuM-HmXPtiAFSNQHoyAvkWQHgcVhDepsYYyRgUjqpuAgpE-keeTEhl0KXi1bSm-xxGLFFmmx2js79836cD-KcgKRdD947rfrA3F5CUa8eXuj5vJhrzO0VJ7DDnW1B2qKKMuktwy4XY2ETKVaCslNNlCVDaDpjTxVKw6uq9UrqpQUGI0GaJ2LAs8W9ou9KHJuJ0VkH4d_JIKlM6N217YvkocjSA8FozixWFhHfWvNMeONixhgJ-YRhQN7UxdhkeH_LpYfbYsYlVKIJTkFOlL_TEpT6IwjVZOPeihlEyH9PhyihIqc-TctNK4yJAgDd3MRDaHnLh7SielYX_CC9Q86ifZNkypoGZ0RE9mZaWLJZ81TNXKOy7GPTb7ULM3UGLBPcrQLsgy6yq2T37WVsMvnqzYXe_WdYM9_-iWQEi8AOmPlAuwCYRVcRR_H6TZz8pWwbbokz-C76APLz5GoUkCtoAotLLDpd7_hkDxLgCw2QPcQ0_-3uXs3_d9gPZJTIiX249y2oXTFKGZzhKBYniyM8X56TiKCwBuajP1XsmlYzY4i7on981szaqbD8NYpgOA4Qk0aappTOWwEWRgCPTcOiqWtZWB6DE1zUTTItiNGWasPOQwuEPVfpfWNgueb_RPFyAtAMBD4Iirp-8SrzWs41S8QfIXwghnSrHo4DKo-pRgHZqiI48AbUT6Y29cnfETgE-N6Jfy7v44f9g399yF4g5VxPFWhdgNyIxQlzK7G82beZ2jS39hSwJWA-u2Aiezx18YUJsGLi5_MMU9qqUuxmGP26slpKNYL0X2c3R2rPZ4hishd6HZvQVzZc2Z5KiZFZDiL4rU5YkX14yvD2jVDkUck4fuEzzjS5PY_FrQzWZ1meE8mKGc2In9UIdFf3Li06rHHQj2qFNXYUysNYPN3ObrteWcvBdSmZVBypcDMNTc-PKA7O_e3BQvW_GgsHQD7fSyZ1Imf1-Hsyrq4b5_nQc2IKA8_F2EFRZ8YtrEgnGJiHNufp1RG7f9d5PrshEG1auDCqGnK1t9Tf50a-d0t2phA-DK1FFA2DyFJ8ry20onIz0sQAzTni5W0qsQQeL6g0zmtUKPS70SBWB6Qi5JbGiXtmmAK0mmjdJrxNO5bF1hYasLx6G4hyUQCJnlWS669JjFT6ktCGuQrqazHNIt2Abm0a7Ndq6DlOjf2l0HPheFDoSoKmKUPg70fUDSic1T46W25ZN4N1gMo4XAFW2S592eO_SrLN61bh9GcmZal7ySg5hj5_9d3XJLXBbCWJGBc1u1IWldZiVVlWPfB5_4XEBPbBBp89-rcTAXtexybXaPM0gq8BLOGfk4BVzwT2mj5WuTUa8foYYzwzVKoaDjCwxfqZv3AehOBQPjJx_JLbnK5-2DOaBv8wDpgzRCi8ff0Q1-_RGS4Aj6I1gNJ1auK32bT9Z2GTDxJVesz9ETGGKzMsBpMNKwnQ_2c3dTCYd3_38aDXSP7XOZRrNm8XwxdypKH_nJ-Jz1muapjn35kBBNO4kFlhxEq4c7qJVo7cNL9vyF6qiD2QeVTWH9BRJ92PAKhIY27xtNh-cWYBCGpdHWlRXKaD7u66aGxG68Z5w4oYjHzd_NPuYutGEKEkjgEYKnav06jkM2fRQSkaZVdK4aVDkG5JAE2ah0dsFGuyd0feQhniGa4d2pn_3EyWIz3kLbquCET1tKthT4dx1ZqJzHzpPN3jEWNtbvnUachB0yyHRrRW6Au8dmzZjUwk6l-19NSWn30ZWLKDOUSNBmuj34b6bng8VCQtm2xzhcs5lu5tufYlWquw1SP_Rj0kozHakc_pM7ElCJIioOubr_2etxume-xW5OaB2P0tw0c136EKka4_S1ZK9uZiKffCQvEn1pwYsaG1Ht8SM4qy49_B7Eg5GfwkRcs0eqIPr_fyaY94MqQvocAFRur5MEDCtq39pAXml0VzDFg8qwa39knclQ-QIPwq2IYzCXlB-hDwvwgsHU9m5kesZ2M40YzvjSnwPxAjr1WLhj_ybkqTRg_W2JJQeTOnkQRvGKy3_hpUCAHfH0oFstpe0Rl55CaM5lp3z1dbMG78PHIKO41sG-Q&cid=CAASEuRofDh7RneN00UcPGc_tsS3EQ&rfl=2%2Chttps%253A%252F%252Fsecurityaffairs.co%242%2Chttps%253A%252F%252Fsecurityaffairs.co%252F%240
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.64.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s30-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

timing-allow-origin
*
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
date
Mon, 08 Nov 2021 15:48:06 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
moatad.js
z.moatads.com/sendgriddcm593119715704/ Frame B1D3 		311 KB
105 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://z.moatads.com/sendgriddcm593119715704/moatad.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-A9Qn_CpOL1Tlr6a1fggPTMp-OLcP1UZR4LBETBEsfW4aygeWbH2jruJ1f6KJPbOHsVf4xilEko2lXhdvccMtxAjcfrv_dP_Uco9EuX35CFFUcmf2an71SD8e-ICpI-QV_KDR4iQuLp0h8N6VkOlc4atRXnwQ&dbm_d=AKAmf-Ank46oWlCdbWt6kmJTbTE7cmaH2913tGYFZB50T-nF_rgD9spmy0BykAT18NpwMJSD6Igfkq_fmmnskv8pHF67P9EiAbLYVmn6-j8uvIiqRGj6Mto1f73_S_aSQLBqRwnjUWzias0r5uf0tHOeTGh6dAnksyDNtmrORs93lVSbTM9itr7rz4qQYcK1N87D0_ZHGKab8Rn2nWSe4yr3UKNXXfrUV6qrOsCBI0twTIQzs3lN3K7qhg5K2dElKc7S6IMXoiEwQGV3uxGn6dFBZbBpQibqfvZ2DVL_vWByk8Yrdb0J75nBFfx6icsWnZV6-b_mZJDVGTGOJz7y3wE6MdHA13esOeQH4AdGWeg8lQSM0hiqgFeAVHTS8qChfoPxEVrtr_dltQ9ieHA5MyBeFNyRPYCov0u0wQEfLGNIn90R4iIvvtElOUBLiJcV8aKvt5OTpgym7SC_JGDm7upBveKv-MuAXvRHNytanKDNai75b4CIwKP9pfETQOjvzkRuFyBYqxr9ppUy3OxnG2GM5IBy8x0pioa3KC7O_9eKgFKbaOzy_5twEizevlYGVJpTrv544BphO-JCBKe2tifdyWXYrPb-qnqa7yHn-q5LgFMTX2c426aPgFLJNkiucHz6PIYwdUEM70i1PmE4ov6cqCFwvgQK80zql0GbbZWoA74GjCw1kc9NWoHb20rJZf6YSioRQBUPZ0N1rBZrEip8zckrVAOlJ1qIUJ_UYof05oHxcKni0zy-6UQbSsEcVtgjKNUsg2bz8VOxHpNSzYTK0jZKUjFZVC0_aMMX194-Nam8GDL2q2Aq2aFuM-HmXPtiAFSNQHoyAvkWQHgcVhDepsYYyRgUjqpuAgpE-keeTEhl0KXi1bSm-xxGLFFmmx2js79836cD-KcgKRdD947rfrA3F5CUa8eXuj5vJhrzO0VJ7DDnW1B2qKKMuktwy4XY2ETKVaCslNNlCVDaDpjTxVKw6uq9UrqpQUGI0GaJ2LAs8W9ou9KHJuJ0VkH4d_JIKlM6N217YvkocjSA8FozixWFhHfWvNMeONixhgJ-YRhQN7UxdhkeH_LpYfbYsYlVKIJTkFOlL_TEpT6IwjVZOPeihlEyH9PhyihIqc-TctNK4yJAgDd3MRDaHnLh7SielYX_CC9Q86ifZNkypoGZ0RE9mZaWLJZ81TNXKOy7GPTb7ULM3UGLBPcrQLsgy6yq2T37WVsMvnqzYXe_WdYM9_-iWQEi8AOmPlAuwCYRVcRR_H6TZz8pWwbbokz-C76APLz5GoUkCtoAotLLDpd7_hkDxLgCw2QPcQ0_-3uXs3_d9gPZJTIiX249y2oXTFKGZzhKBYniyM8X56TiKCwBuajP1XsmlYzY4i7on981szaqbD8NYpgOA4Qk0aappTOWwEWRgCPTcOiqWtZWB6DE1zUTTItiNGWasPOQwuEPVfpfWNgueb_RPFyAtAMBD4Iirp-8SrzWs41S8QfIXwghnSrHo4DKo-pRgHZqiI48AbUT6Y29cnfETgE-N6Jfy7v44f9g399yF4g5VxPFWhdgNyIxQlzK7G82beZ2jS39hSwJWA-u2Aiezx18YUJsGLi5_MMU9qqUuxmGP26slpKNYL0X2c3R2rPZ4hishd6HZvQVzZc2Z5KiZFZDiL4rU5YkX14yvD2jVDkUck4fuEzzjS5PY_FrQzWZ1meE8mKGc2In9UIdFf3Li06rHHQj2qFNXYUysNYPN3ObrteWcvBdSmZVBypcDMNTc-PKA7O_e3BQvW_GgsHQD7fSyZ1Imf1-Hsyrq4b5_nQc2IKA8_F2EFRZ8YtrEgnGJiHNufp1RG7f9d5PrshEG1auDCqGnK1t9Tf50a-d0t2phA-DK1FFA2DyFJ8ry20onIz0sQAzTni5W0qsQQeL6g0zmtUKPS70SBWB6Qi5JbGiXtmmAK0mmjdJrxNO5bF1hYasLx6G4hyUQCJnlWS669JjFT6ktCGuQrqazHNIt2Abm0a7Ndq6DlOjf2l0HPheFDoSoKmKUPg70fUDSic1T46W25ZN4N1gMo4XAFW2S592eO_SrLN61bh9GcmZal7ySg5hj5_9d3XJLXBbCWJGBc1u1IWldZiVVlWPfB5_4XEBPbBBp89-rcTAXtexybXaPM0gq8BLOGfk4BVzwT2mj5WuTUa8foYYzwzVKoaDjCwxfqZv3AehOBQPjJx_JLbnK5-2DOaBv8wDpgzRCi8ff0Q1-_RGS4Aj6I1gNJ1auK32bT9Z2GTDxJVesz9ETGGKzMsBpMNKwnQ_2c3dTCYd3_38aDXSP7XOZRrNm8XwxdypKH_nJ-Jz1muapjn35kBBNO4kFlhxEq4c7qJVo7cNL9vyF6qiD2QeVTWH9BRJ92PAKhIY27xtNh-cWYBCGpdHWlRXKaD7u66aGxG68Z5w4oYjHzd_NPuYutGEKEkjgEYKnav06jkM2fRQSkaZVdK4aVDkG5JAE2ah0dsFGuyd0feQhniGa4d2pn_3EyWIz3kLbquCET1tKthT4dx1ZqJzHzpPN3jEWNtbvnUachB0yyHRrRW6Au8dmzZjUwk6l-19NSWn30ZWLKDOUSNBmuj34b6bng8VCQtm2xzhcs5lu5tufYlWquw1SP_Rj0kozHakc_pM7ElCJIioOubr_2etxume-xW5OaB2P0tw0c136EKka4_S1ZK9uZiKffCQvEn1pwYsaG1Ht8SM4qy49_B7Eg5GfwkRcs0eqIPr_fyaY94MqQvocAFRur5MEDCtq39pAXml0VzDFg8qwa39knclQ-QIPwq2IYzCXlB-hDwvwgsHU9m5kesZ2M40YzvjSnwPxAjr1WLhj_ybkqTRg_W2JJQeTOnkQRvGKy3_hpUCAHfH0oFstpe0Rl55CaM5lp3z1dbMG78PHIKO41sG-Q&cid=CAASEuRofDh7RneN00UcPGc_tsS3EQ&rfl=2%2Chttps%253A%252F%252Fsecurityaffairs.co%242%2Chttps%253A%252F%252Fsecurityaffairs.co%252F%240
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
184.29.129.187 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-29-129-187.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
dba2137af06d32f5b107332961e3f7e8254891adcd4e468a4e1a74d8cd195ef1

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:06 GMT
content-encoding
gzip
last-modified
Tue, 02 Nov 2021 14:47:38 GMT
server
AmazonS3
x-amz-request-id
P9CXMS830VMYE8BF
etag
"830ef554ceb17da14dc30df32c328701"
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
max-age=19232
accept-ranges
bytes
content-length
106505
x-amz-id-2
nNwNwtjCNWpD+FPUBS9XGkwg6l7U1b1caXErcKsnq+1gl+wsglT8pNNnpy/UUZSXOrqiTvuCSYU=
UFYwWwmt.js
tpc.googlesyndication.com/sodar/ Frame B1D3 		41 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-A9Qn_CpOL1Tlr6a1fggPTMp-OLcP1UZR4LBETBEsfW4aygeWbH2jruJ1f6KJPbOHsVf4xilEko2lXhdvccMtxAjcfrv_dP_Uco9EuX35CFFUcmf2an71SD8e-ICpI-QV_KDR4iQuLp0h8N6VkOlc4atRXnwQ&dbm_d=AKAmf-Ank46oWlCdbWt6kmJTbTE7cmaH2913tGYFZB50T-nF_rgD9spmy0BykAT18NpwMJSD6Igfkq_fmmnskv8pHF67P9EiAbLYVmn6-j8uvIiqRGj6Mto1f73_S_aSQLBqRwnjUWzias0r5uf0tHOeTGh6dAnksyDNtmrORs93lVSbTM9itr7rz4qQYcK1N87D0_ZHGKab8Rn2nWSe4yr3UKNXXfrUV6qrOsCBI0twTIQzs3lN3K7qhg5K2dElKc7S6IMXoiEwQGV3uxGn6dFBZbBpQibqfvZ2DVL_vWByk8Yrdb0J75nBFfx6icsWnZV6-b_mZJDVGTGOJz7y3wE6MdHA13esOeQH4AdGWeg8lQSM0hiqgFeAVHTS8qChfoPxEVrtr_dltQ9ieHA5MyBeFNyRPYCov0u0wQEfLGNIn90R4iIvvtElOUBLiJcV8aKvt5OTpgym7SC_JGDm7upBveKv-MuAXvRHNytanKDNai75b4CIwKP9pfETQOjvzkRuFyBYqxr9ppUy3OxnG2GM5IBy8x0pioa3KC7O_9eKgFKbaOzy_5twEizevlYGVJpTrv544BphO-JCBKe2tifdyWXYrPb-qnqa7yHn-q5LgFMTX2c426aPgFLJNkiucHz6PIYwdUEM70i1PmE4ov6cqCFwvgQK80zql0GbbZWoA74GjCw1kc9NWoHb20rJZf6YSioRQBUPZ0N1rBZrEip8zckrVAOlJ1qIUJ_UYof05oHxcKni0zy-6UQbSsEcVtgjKNUsg2bz8VOxHpNSzYTK0jZKUjFZVC0_aMMX194-Nam8GDL2q2Aq2aFuM-HmXPtiAFSNQHoyAvkWQHgcVhDepsYYyRgUjqpuAgpE-keeTEhl0KXi1bSm-xxGLFFmmx2js79836cD-KcgKRdD947rfrA3F5CUa8eXuj5vJhrzO0VJ7DDnW1B2qKKMuktwy4XY2ETKVaCslNNlCVDaDpjTxVKw6uq9UrqpQUGI0GaJ2LAs8W9ou9KHJuJ0VkH4d_JIKlM6N217YvkocjSA8FozixWFhHfWvNMeONixhgJ-YRhQN7UxdhkeH_LpYfbYsYlVKIJTkFOlL_TEpT6IwjVZOPeihlEyH9PhyihIqc-TctNK4yJAgDd3MRDaHnLh7SielYX_CC9Q86ifZNkypoGZ0RE9mZaWLJZ81TNXKOy7GPTb7ULM3UGLBPcrQLsgy6yq2T37WVsMvnqzYXe_WdYM9_-iWQEi8AOmPlAuwCYRVcRR_H6TZz8pWwbbokz-C76APLz5GoUkCtoAotLLDpd7_hkDxLgCw2QPcQ0_-3uXs3_d9gPZJTIiX249y2oXTFKGZzhKBYniyM8X56TiKCwBuajP1XsmlYzY4i7on981szaqbD8NYpgOA4Qk0aappTOWwEWRgCPTcOiqWtZWB6DE1zUTTItiNGWasPOQwuEPVfpfWNgueb_RPFyAtAMBD4Iirp-8SrzWs41S8QfIXwghnSrHo4DKo-pRgHZqiI48AbUT6Y29cnfETgE-N6Jfy7v44f9g399yF4g5VxPFWhdgNyIxQlzK7G82beZ2jS39hSwJWA-u2Aiezx18YUJsGLi5_MMU9qqUuxmGP26slpKNYL0X2c3R2rPZ4hishd6HZvQVzZc2Z5KiZFZDiL4rU5YkX14yvD2jVDkUck4fuEzzjS5PY_FrQzWZ1meE8mKGc2In9UIdFf3Li06rHHQj2qFNXYUysNYPN3ObrteWcvBdSmZVBypcDMNTc-PKA7O_e3BQvW_GgsHQD7fSyZ1Imf1-Hsyrq4b5_nQc2IKA8_F2EFRZ8YtrEgnGJiHNufp1RG7f9d5PrshEG1auDCqGnK1t9Tf50a-d0t2phA-DK1FFA2DyFJ8ry20onIz0sQAzTni5W0qsQQeL6g0zmtUKPS70SBWB6Qi5JbGiXtmmAK0mmjdJrxNO5bF1hYasLx6G4hyUQCJnlWS669JjFT6ktCGuQrqazHNIt2Abm0a7Ndq6DlOjf2l0HPheFDoSoKmKUPg70fUDSic1T46W25ZN4N1gMo4XAFW2S592eO_SrLN61bh9GcmZal7ySg5hj5_9d3XJLXBbCWJGBc1u1IWldZiVVlWPfB5_4XEBPbBBp89-rcTAXtexybXaPM0gq8BLOGfk4BVzwT2mj5WuTUa8foYYzwzVKoaDjCwxfqZv3AehOBQPjJx_JLbnK5-2DOaBv8wDpgzRCi8ff0Q1-_RGS4Aj6I1gNJ1auK32bT9Z2GTDxJVesz9ETGGKzMsBpMNKwnQ_2c3dTCYd3_38aDXSP7XOZRrNm8XwxdypKH_nJ-Jz1muapjn35kBBNO4kFlhxEq4c7qJVo7cNL9vyF6qiD2QeVTWH9BRJ92PAKhIY27xtNh-cWYBCGpdHWlRXKaD7u66aGxG68Z5w4oYjHzd_NPuYutGEKEkjgEYKnav06jkM2fRQSkaZVdK4aVDkG5JAE2ah0dsFGuyd0feQhniGa4d2pn_3EyWIz3kLbquCET1tKthT4dx1ZqJzHzpPN3jEWNtbvnUachB0yyHRrRW6Au8dmzZjUwk6l-19NSWn30ZWLKDOUSNBmuj34b6bng8VCQtm2xzhcs5lu5tufYlWquw1SP_Rj0kozHakc_pM7ElCJIioOubr_2etxume-xW5OaB2P0tw0c136EKka4_S1ZK9uZiKffCQvEn1pwYsaG1Ht8SM4qy49_B7Eg5GfwkRcs0eqIPr_fyaY94MqQvocAFRur5MEDCtq39pAXml0VzDFg8qwa39knclQ-QIPwq2IYzCXlB-hDwvwgsHU9m5kesZ2M40YzvjSnwPxAjr1WLhj_ybkqTRg_W2JJQeTOnkQRvGKy3_hpUCAHfH0oFstpe0Rl55CaM5lp3z1dbMG78PHIKO41sG-Q&cid=CAASEuRofDh7RneN00UcPGc_tsS3EQ&rfl=2%2Chttps%253A%252F%252Fsecurityaffairs.co%242%2Chttps%253A%252F%252Fsecurityaffairs.co%252F%240
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:816::2001 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 14:21:58 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
5168
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15207
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="adspam-signals-scs"
expires
Tue, 08 Nov 2022 14:21:58 GMT
uxyFXEcgEeCM1h9D8yFVK7Egjb7uiG80umz3V9MXL9-ITJmbVXMjhSkc7cljUB2dWlpm0wwOILWpq5HKQBk_EyT5jGXuiC1XDwIYN3B0ZXLBg0ZHjqrGLyS1zffvneXHm2VTFveHdinr=w728-h90-n
s2.2mdn.net/proxy/ Frame B1D3 		26 KB
26 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s2.2mdn.net/proxy/uxyFXEcgEeCM1h9D8yFVK7Egjb7uiG80umz3V9MXL9-ITJmbVXMjhSkc7cljUB2dWlpm0wwOILWpq5HKQBk_EyT5jGXuiC1XDwIYN3B0ZXLBg0ZHjqrGLyS1zffvneXHm2VTFveHdinr=w728-h90-n
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=90&slotname=Internal_728x90_0.10&adk=1194620937&adf=1480696129&pi=t.ma~as.Internal_728x90_0.10&w=728&lmt=1636386485&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F112825%2Fmalware%2Fgolang-based-worm-windows-linux.html&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1636386485752&bpp=6&bdt=145&idt=196&shv=r20211103&mjsv=m202111020101&ptt=5&saldr=sa&correlator=6653099393600&frm=21&ife=1&pv=1&ga_vid=826445048.1636386485&ga_sid=1636386486&ga_hid=1670877418&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=320&ady=518&biw=1600&bih=1200&isw=728&ish=90&ifk=1904614804&scr_x=0&scr_y=0&eid=31062938&oid=2&pvsid=1757560233294358&pem=843&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.xa1tfz6tg05z&fsb=1&xpc=jgpFHxDAe2&p=https%3A//securityaffairs.co&dtd=211
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80b::2006 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
5254d96be509322cc0504523d073f20862e307a38d06af3e971db915fa54b148
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 14:07:15 GMT
x-content-type-options
nosniff
server
fife
age
6051
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
content-disposition
inline;filename="unnamed.png"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
26191
x-xss-protection
0
expires
Tue, 09 Nov 2021 14:07:15 GMT
p-de_F6qVUp9bug.gif
pixel.quantserve.com/pixel/ Frame B1D3 		35 B
210 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.quantserve.com/pixel/p-de_F6qVUp9bug.gif?media=ad&labels=_imp.adserver.doubleclick,_imp.campaign.22143192,_imp.publisher.3112338,_imp.placement.318428647,_imp.adid.510678413,_imp.creative.160158782
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=90&slotname=Internal_728x90_0.10&adk=1194620937&adf=1480696129&pi=t.ma~as.Internal_728x90_0.10&w=728&lmt=1636386485&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F112825%2Fmalware%2Fgolang-based-worm-windows-linux.html&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1636386485752&bpp=6&bdt=145&idt=196&shv=r20211103&mjsv=m202111020101&ptt=5&saldr=sa&correlator=6653099393600&frm=21&ife=1&pv=1&ga_vid=826445048.1636386485&ga_sid=1636386486&ga_hid=1670877418&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=320&ady=518&biw=1600&bih=1200&isw=728&ish=90&ifk=1904614804&scr_x=0&scr_y=0&eid=31062938&oid=2&pvsid=1757560233294358&pem=843&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.xa1tfz6tg05z&fsb=1&xpc=jgpFHxDAe2&p=https%3A//securityaffairs.co&dtd=211
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:116:800b:21:559e:e8a8:8a19:7f11 , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
/
Resource Hash
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
Security Headers
Name Value
Strict-Transport-Security max-age=86400

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:06 GMT
cache-control
private, no-cache, no-store, proxy-revalidate
content-type
image/gif
content-length
35
strict-transport-security
max-age=86400
expires
Fri, 04 Aug 1978 12:00:00 GMT
ai.aspx
m.exactag.com/ Frame B1D3 		43 B
833 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://m.exactag.com/ai.aspx?extProvId=8&extPu=49398-dcm&extLi=22143192&extCr=160158782&extPm=318428647&dcm_adid=510678413&pub=DV360
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=90&slotname=Internal_728x90_0.10&adk=1194620937&adf=1480696129&pi=t.ma~as.Internal_728x90_0.10&w=728&lmt=1636386485&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F112825%2Fmalware%2Fgolang-based-worm-windows-linux.html&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1636386485752&bpp=6&bdt=145&idt=196&shv=r20211103&mjsv=m202111020101&ptt=5&saldr=sa&correlator=6653099393600&frm=21&ife=1&pv=1&ga_vid=826445048.1636386485&ga_sid=1636386486&ga_hid=1670877418&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=320&ady=518&biw=1600&bih=1200&isw=728&ish=90&ifk=1904614804&scr_x=0&scr_y=0&eid=31062938&oid=2&pvsid=1757560233294358&pem=843&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.xa1tfz6tg05z&fsb=1&xpc=jgpFHxDAe2&p=https%3A//securityaffairs.co&dtd=211
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
85.14.248.91 Kamp-Lintfort, Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000
X-AspNet-Version
4.0.30319
X-Powered-By
ASP.NET
P3P
policyref="https://m.exactag.com/w3c/p3p.xml", CP="NOI NID STP STA CUR OUR"
Connection
close
X-ET-Monitoring
1
Content-Length
43
Pragma
no-cache
X-ET-Code
25
Last-Modified
Mo, 08 Nov 2021 03:48:06 GMT
Server
Microsoft-IIS/8.5
Date
Mon, 08 Nov 2021 15:48:06 GMT
Access-Control-Max-Age
1000
Access-Control-Allow-Methods
POST, GET, OPTIONS
Content-Type
image/gif
Access-Control-Allow-Origin
https://googleads.g.doubleclick.net
Cache-Control
max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Access-Control-Allow-Credentials
true
X-ET-Camp
1678
Access-Control-Allow-Headers
*
Expires
Mon, 26 Jul 1997 05:00:00 GMT
img
pixel.mathtag.com/misc/ Frame 3D7F 		43 B
497 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.mathtag.com/misc/img?mop_seq=0:1&mt_cb=678764&mop_top=
Requested by
Host: pixel.mathtag.com
URL: https://pixel.mathtag.com/sync/iframe?mt_uuid=47ba6189-46b6-4f00-a922-0724bc220c16&no_iframe=1&exsync=https%3A%2F%2Fapp.retargetly.com%2Fsync%3Fsid%3D%5BMM_UUID%5D%26pid%3D10&mt_lim=12&source=mathtag
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.41.168.211 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-41-168-211.deploy.static.akamaitechnologies.com
Software
MT3 4067 88cc6bf master ord-pixel-x20 config:1.0.0 /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://pixel.mathtag.com/sync/iframe?mt_uuid=47ba6189-46b6-4f00-a922-0724bc220c16&no_iframe=1&exsync=https%3A%2F%2Fapp.retargetly.com%2Fsync%3Fsid%3D%5BMM_UUID%5D%26pid%3D10&mt_lim=12&source=mathtag
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date
Mon, 08 Nov 2021 15:48:06 GMT
Server
MT3 4067 88cc6bf master ord-pixel-x20 config:1.0.0
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control
no-cache
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Mon, 08 Nov 2021 15:48:05 GMT
s
googleads.g.doubleclick.net/pagead/drt/ Frame 77CE 		143 B
163 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=50&slotname=Internal_320x50_0.10&adk=468307373&adf=1480696131&pi=t.ma~as.Internal_320x50_0.10&w=320&lmt=1636386485&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F112825%2Fmalware%2Fgolang-based-worm-windows-linux.html&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1636386485719&bpp=15&bdt=185&idt=191&shv=r20211103&mjsv=m202111020101&ptt=5&saldr=sa&correlator=6653099393600&frm=21&ife=1&pv=2&ga_vid=826445048.1636386485&ga_sid=1636386486&ga_hid=1089796484&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=320&ady=820&biw=1600&bih=1200&isw=320&ish=50&ifk=1908481605&scr_x=0&scr_y=0&eid=21065724&oid=2&pvsid=3372795393941806&pem=843&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.h7hnysjkfh1q&fsb=1&xpc=fF2ziKw2Ol&p=https%3A//securityaffairs.co&dtd=210
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.65.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s71-in-f2.1e100.net
Software
cafe /
Resource Hash
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=50&slotname=Internal_320x50_0.10&adk=468307373&adf=1480696131&pi=t.ma~as.Internal_320x50_0.10&w=320&lmt=1636386485&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F112825%2Fmalware%2Fgolang-based-worm-windows-linux.html&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1636386485719&bpp=15&bdt=185&idt=191&shv=r20211103&mjsv=m202111020101&ptt=5&saldr=sa&correlator=6653099393600&frm=21&ife=1&pv=2&ga_vid=826445048.1636386485&ga_sid=1636386486&ga_hid=1089796484&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=320&ady=820&biw=1600&bih=1200&isw=320&ish=50&ifk=1908481605&scr_x=0&scr_y=0&eid=21065724&oid=2&pvsid=3372795393941806&pem=843&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.h7hnysjkfh1q&fsb=1&xpc=fF2ziKw2Ol&p=https%3A//securityaffairs.co&dtd=210

Response headers

content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
gzip
date
Mon, 08 Nov 2021 15:06:15 GMT
server
cafe
content-length
145
x-xss-protection
0
cache-control
public, max-age=3600
age
2511
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
img
pixel.mathtag.com/misc/ Frame 3D7F 		43 B
492 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.mathtag.com/misc/img?mm_bnc&bcdv=0
Requested by
Host: pixel.mathtag.com
URL: https://pixel.mathtag.com/sync/iframe?mt_uuid=47ba6189-46b6-4f00-a922-0724bc220c16&no_iframe=1&exsync=https%3A%2F%2Fapp.retargetly.com%2Fsync%3Fsid%3D%5BMM_UUID%5D%26pid%3D10&mt_lim=12&source=mathtag
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.41.168.211 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-41-168-211.deploy.static.akamaitechnologies.com
Software
MT3 4067 88cc6bf master iad-pixel-x1 config:1.0.0 /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://pixel.mathtag.com/sync/iframe?mt_uuid=47ba6189-46b6-4f00-a922-0724bc220c16&no_iframe=1&exsync=https%3A%2F%2Fapp.retargetly.com%2Fsync%3Fsid%3D%5BMM_UUID%5D%26pid%3D10&mt_lim=12&source=mathtag
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date
Mon, 08 Nov 2021 15:48:06 GMT
Server
MT3 4067 88cc6bf master iad-pixel-x1 config:1.0.0
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control
no-cache
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Mon, 08 Nov 2021 15:48:05 GMT
us.gif
sync.go.sonobi.com/
Redirect Chain
  • https://sync.mathtag.com/sync/img?cs_wd_sy=1&dp=43&redir=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Dmediamath%26nuid%3D[MM_UUID]
  • https://sync.go.sonobi.com/us.gif?nw=mediamath&nuid=47ba6189-46b6-4f00-a922-0724bc220c16
49 B
747 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.go.sonobi.com/us.gif?nw=mediamath&nuid=47ba6189-46b6-4f00-a922-0724bc220c16
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html
Protocol
HTTP/1.1
Server
69.166.1.10 , United States, ASN27630 (AS-XFERNET, US),
Reverse DNS
Software
sonobi-go /
Resource Hash
8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:06 GMT
Server
sonobi-go
Vary
negotiate,Accept-Encoding
X-Go-Server
go-iad-2-5-36
P3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control
no-cache, no-store, private
Tcn
Choice
Content-Type
image/gif
Content-Length
49
X-Xss-Protection
0
Expires
Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

Date
Mon, 08 Nov 2021 15:48:06 GMT
Server
MT3 4067 88cc6bf master iad-pixel-x30 config:1.0.0
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location
https://sync.go.sonobi.com/us.gif?nw=mediamath&nuid=47ba6189-46b6-4f00-a922-0724bc220c16
Cache-Control
no-cache
Connection
keep-alive
Content-Type
image/gif
Keep-Alive
timeout=360
Content-Length
0
Expires
Mon, 08 Nov 2021 15:48:05 GMT
us.gif
sync.go.sonobi.com/
Redirect Chain
  • https://x.bidswitch.net/sync?ssp=sonobi&gdpr=0&gdpr_consent=
  • https://p.rfihub.com/cm?in=1&pub=20513&ssp=sonobi
  • https://x.bidswitch.net/sync?dsp_id=119&user_id=978758875032371846&expires=30&ssp=sonobi
  • https://sync.go.sonobi.com/us.gif?nw=bidswitch&nuid=85c87065-7ef7-4b17-88e8-8c602c265f67
49 B
747 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.go.sonobi.com/us.gif?nw=bidswitch&nuid=85c87065-7ef7-4b17-88e8-8c602c265f67
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html
Protocol
HTTP/1.1
Server
69.166.1.10 , United States, ASN27630 (AS-XFERNET, US),
Reverse DNS
Software
sonobi-go /
Resource Hash
8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:07 GMT
Server
sonobi-go
Vary
negotiate,Accept-Encoding
X-Go-Server
go-iad-2-5-36
P3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control
no-cache, no-store, private
Tcn
Choice
Content-Type
image/gif
Content-Length
49
X-Xss-Protection
0
Expires
Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

Location
//sync.go.sonobi.com/us.gif?nw=bidswitch&nuid=85c87065-7ef7-4b17-88e8-8c602c265f67
Date
Mon, 08 Nov 2021 15:48:06 GMT
Cache-Control
no-cache, no-store, must-revalidate
Server
nginx
Connection
keep-alive
Content-Length
0
usg.gif
sync.go.sonobi.com/
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=sonobi&google_cm&google_hm=ZjNiYjBjYTctYmQwNS00OTQyLThmNmMtZDZhOTY1N2UyYjNm
  • https://sync.go.sonobi.com/usg.gif?google_gid=CAESELkQjHna8jnu1s_Adycsk7c&google_cver=1
49 B
858 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.go.sonobi.com/usg.gif?google_gid=CAESELkQjHna8jnu1s_Adycsk7c&google_cver=1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html
Protocol
HTTP/1.1
Server
69.166.1.10 , United States, ASN27630 (AS-XFERNET, US),
Reverse DNS
Software
sonobi-go /
Resource Hash
8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:06 GMT
Server
sonobi-go
Vary
negotiate,Accept-Encoding
X-Go-Server
go-iad-2-5-36
P3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control
no-cache, no-store, private
Tcn
Choice
Content-Type
image/gif
Content-Length
49
X-Xss-Protection
0
Expires
Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:06 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://sync.go.sonobi.com/usg.gif?google_gid=CAESELkQjHna8jnu1s_Adycsk7c&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
288
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
us.gif
sync.go.sonobi.com/
Redirect Chain
  • https://p.rfihub.com/cm?pub=35683&in=1
  • https://sync.go.sonobi.com/us.gif?nw=zt&nuid=978758875032371846
49 B
729 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.go.sonobi.com/us.gif?nw=zt&nuid=978758875032371846
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html
Protocol
HTTP/1.1
Server
69.166.1.10 , United States, ASN27630 (AS-XFERNET, US),
Reverse DNS
Software
sonobi-go /
Resource Hash
8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:06 GMT
Server
sonobi-go
Vary
negotiate,Accept-Encoding
X-Go-Server
go-iad-2-5-36
P3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control
no-cache, no-store, private
Tcn
Choice
Content-Type
image/gif
Content-Length
49
X-Xss-Protection
0
Expires
Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

Location
https://sync.go.sonobi.com/us.gif?nw=zt&nuid=978758875032371846
Date
Mon, 08 Nov 2021 15:48:06 GMT
Server
Jetty(9.3.29.v20201019)
Content-Length
0
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
us.gif
sync.go.sonobi.com/
Redirect Chain
  • https://bh.contextweb.com/bh/rtset?do=add&pid=560606&ev=f3bb0ca7-bd05-4942-8f6c-d6a9657e2b3f&daaqp=1&rurl=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Dpp%26nuid%3D%25%25VGUID%25%25
  • https://sync.go.sonobi.com/us.gif?nw=pp&nuid=H8Pc5X87Q0ue
49 B
840 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.go.sonobi.com/us.gif?nw=pp&nuid=H8Pc5X87Q0ue
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html
Protocol
HTTP/1.1
Server
69.166.1.10 , United States, ASN27630 (AS-XFERNET, US),
Reverse DNS
Software
sonobi-go /
Resource Hash
8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:06 GMT
Server
sonobi-go
Vary
negotiate,Accept-Encoding
X-Go-Server
go-iad-2-5-36
P3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control
no-cache, no-store, private
Tcn
Choice
Content-Type
image/gif
Content-Length
49
X-Xss-Protection
0
Expires
Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

strict-transport-security
max-age=15768000
server
Jetty(9.4.14.v20181114)
p3p
policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
content-language
en-CA
location
https://sync.go.sonobi.com/us.gif?nw=pp&nuid=H8Pc5X87Q0ue
cache-control
private, max-age=0, no-cache, no-store
cw-server
bh-deployment-857fc6c844-vxjjb
expires
-1
beacon
ap.lijit.com/ Frame 79EB 		5 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ap.lijit.com/beacon?informer=13480300
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
69.175.41.32 Downers Grove, United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
sovrn-193627-chi03-placeholder
Software
nginx / raptor
Resource Hash
cdcb815a61ee2604869002ea0216a0ed6a1c571c0773eacb220776fa769064cb

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://securityaffairs.co/

Response headers

Server
nginx
Date
Mon, 08 Nov 2021 15:48:06 GMT
Content-Type
text/html
Transfer-Encoding
chunked
Vary
Accept-Encoding
Expires
Fri, 20 Mar 2009 00:00:00 GMT
Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
Pragma
no-cache
P3P
CP="CUR ADM OUR NOR STA NID"
X-Powered-By
raptor
Content-Encoding
gzip
X-Sovrn-Pod
ad_ap3ord1
pd
us-u.openx.net/w/1.0/ Frame DDEE 		672 B
726 B 		Document
General
Check archive.org
Download Go to
Full URL
https://us-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
8.159.244.35.bc.googleusercontent.com
Software
OXGW/16.218.0 /
Resource Hash
a3facb7a3e1870167a3894c2cfd9a75e2a80f17dfc5ffde24c756036a10097e3

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://securityaffairs.co/

Response headers

vary
Accept, Accept-Encoding
server
OXGW/16.218.0
p3p
CP="CUR ADM OUR NOR STA NID"
date
Mon, 08 Nov 2021 15:48:06 GMT
content-type
text/html
content-length
424
content-encoding
gzip
via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
checksync.php
contextual.media.net/ Frame 59CB 		33 KB
11 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUIUMTP7&prvid=2034%2C2033%2C2031%2C2030%2C273%2C2029%2C2028%2C2027%2C236%2C237%2C2025%2C238%2C117%2C97%2C99%2C3012%2C3011%2C3010%2C3007%2C201%2C4%2C246%2C2037%2C203%2C9%2C2011%2C3022%2C3020%2C251%2C175%2C2009%2C255%2C178%2C3018%2C3017%2C3016%2C214%2C3014%2C70%2C77%2C38%2C182%2C261%2C141%2C222%2C301%2C225%2C80%2C10000%2C108&purpose1=1&gdprconsent=1&gdpr=0&usp_status=0&usp_consent=1&itype=PREBID
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.205.72.10 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-205-72-10.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
6200f57c02db8c6db819c98b7d74580894c4e931ff8aa2db59753e08cf1b6e83
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://securityaffairs.co/

Response headers

server
Apache
content-type
text/html; charset=UTF-8
x-mnet-hl2
E
strict-transport-security
max-age=604800
vary
Accept-Encoding
content-encoding
gzip
cache-control
max-age=172800
expires
Wed, 10 Nov 2021 15:48:06 GMT
date
Mon, 08 Nov 2021 15:48:06 GMT
content-length
11178
checksync.php
contextual.media.net/ Frame CA67 		33 KB
11 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUIUMTP7&prvid=2034%2C2033%2C2031%2C2030%2C273%2C2029%2C2028%2C2027%2C236%2C237%2C2025%2C238%2C117%2C97%2C99%2C3012%2C3011%2C3010%2C3007%2C201%2C4%2C246%2C2037%2C203%2C9%2C2011%2C3022%2C3020%2C251%2C175%2C2009%2C255%2C178%2C3018%2C3017%2C3016%2C214%2C3014%2C70%2C77%2C38%2C182%2C261%2C141%2C222%2C301%2C225%2C80%2C10000%2C108&purpose1=1&gdprconsent=1&gdpr=0&usp_status=0&usp_consent=1&itype=PREBID
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.205.72.10 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-205-72-10.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
6200f57c02db8c6db819c98b7d74580894c4e931ff8aa2db59753e08cf1b6e83
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://securityaffairs.co/

Response headers

server
Apache
content-type
text/html; charset=UTF-8
x-mnet-hl2
E
strict-transport-security
max-age=604800
vary
Accept-Encoding
content-encoding
gzip
cache-control
max-age=172800
expires
Wed, 10 Nov 2021 15:48:06 GMT
date
Mon, 08 Nov 2021 15:48:06 GMT
content-length
11178
/
de.tynt.com/deb/ Frame F07E
Redirect Chain
  • https://ssc-cms.33across.com/ps/?m=xch&rt=html&ru=deb&id=azC7qard4r6OkMaKlId8sQ&gdpr_consent=undefined&us_privacy=undefined
  • https://de.tynt.com/deb/?m=xch&rt=html&ru=deb&id=azC7qard4r6OkMaKlId8sQ&gdpr_consent=undefined&us_privacy=undefined
  • https://de.tynt.com/deb/?m=xch&rt=html&ru=deb&id=azC7qard4r6OkMaKlId8sQ&gdpr_consent=undefined&us_privacy=undefined&b=1
1 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://de.tynt.com/deb/?m=xch&rt=html&ru=deb&id=azC7qard4r6OkMaKlId8sQ&gdpr_consent=undefined&us_privacy=undefined&b=1
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
67.202.105.31 , United States, ASN32748 (STEADFAST, US),
Reverse DNS
ip31.67-202-105.static.steadfastdns.net
Software
/
Resource Hash
38df6342fa5306387b8debfc00e4ad8109fd50cf8331ea5563622d91e58130d2

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://securityaffairs.co/

Response headers

cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false
expires
Sat, 26 Jul 1997 05:00:00 GMT
referrer-policy
unsafe-url
content-type
text/html
content-length
1319
date
Mon, 08 Nov 2021 15:48:06 GMT
p3p
CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"

Redirect headers

location
https://de.tynt.com/deb/?m=xch&rt=html&ru=deb&id=azC7qard4r6OkMaKlId8sQ&gdpr_consent=undefined&us_privacy=undefined&b=1
cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false
expires
Sat, 26 Jul 1997 05:00:00 GMT
referrer-policy
unsafe-url
content-length
0
date
Mon, 08 Nov 2021 15:48:06 GMT
p3p
CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
checksync.php
contextual.media.net/ Frame 8EDF 		33 KB
11 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUIUMTP7&prvid=2034%2C2033%2C2031%2C2030%2C273%2C2029%2C2028%2C2027%2C236%2C237%2C2025%2C238%2C117%2C97%2C99%2C3012%2C3011%2C3010%2C3007%2C201%2C4%2C246%2C2037%2C203%2C9%2C2011%2C3022%2C3020%2C251%2C175%2C2009%2C255%2C178%2C3018%2C3017%2C3016%2C214%2C3014%2C70%2C77%2C38%2C182%2C261%2C141%2C222%2C301%2C225%2C80%2C10000%2C108&purpose1=1&gdprconsent=1&gdpr=0&usp_status=0&usp_consent=1&itype=PREBID
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.205.72.10 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-205-72-10.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
6200f57c02db8c6db819c98b7d74580894c4e931ff8aa2db59753e08cf1b6e83
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://securityaffairs.co/

Response headers

server
Apache
content-type
text/html; charset=UTF-8
x-mnet-hl2
E
strict-transport-security
max-age=604800
vary
Accept-Encoding
content-encoding
gzip
cache-control
max-age=172800
expires
Wed, 10 Nov 2021 15:48:06 GMT
date
Mon, 08 Nov 2021 15:48:06 GMT
content-length
11178
async_usersync.html
acdn.adnxs.com/dmp/ Frame 93D0 		52 KB
17 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://acdn.adnxs.com/dmp/async_usersync.html
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.193.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://securityaffairs.co/

Response headers

Connection
keep-alive
Content-Length
17053
Server
nginx/1.18.0 (Ubuntu)
Content-Type
text/html
Last-Modified
Wed, 02 Dec 2020 20:56:47 GMT
ETag
W/"5fc7ff8f-cf34"
Expires
Mon, 01 Nov 2021 05:06:57 GMT
Cache-Control
max-age=86402
Access-Control-Allow-Origin
*
Content-Encoding
gzip
Via
1.1 varnish, 1.1 varnish
Accept-Ranges
bytes
Date
Mon, 08 Nov 2021 15:48:06 GMT
Age
40573
X-Served-By
cache-lga21963-LGA, cache-yul12823-YUL
X-Cache
HIT, HIT
X-Cache-Hits
2, 196321
X-Timer
S1636386487.674539,VS0,VE0
Vary
Accept-Encoding
beacon
ap.lijit.com/ Frame 7BF8 		6 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ap.lijit.com/beacon?informer=13480300
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
69.175.41.32 Downers Grove, United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
sovrn-193627-chi03-placeholder
Software
nginx / raptor
Resource Hash
a886a1cc7a7f0f87bf46ad0f56999d9649c0212d9bfecf96c1f93ed67b35d64d

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://securityaffairs.co/

Response headers

Server
nginx
Date
Mon, 08 Nov 2021 15:48:06 GMT
Content-Type
text/html
Transfer-Encoding
chunked
Vary
Accept-Encoding
Expires
Fri, 20 Mar 2009 00:00:00 GMT
Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
Pragma
no-cache
P3P
CP="CUR ADM OUR NOR STA NID"
X-Powered-By
raptor
Content-Encoding
gzip
X-Sovrn-Pod
ad_ap3ord1
usync.html
eus.rubiconproject.com/ Frame 89EC 		281 B
554 B 		Document
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.html
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.73.244.44 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-73-244-44.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://securityaffairs.co/

Response headers

Server
Apache/2.2.15 (CentOS)
Last-Modified
Tue, 26 Oct 2021 17:01:05 GMT
ETag
"40334-119-5cf446c48f640"
Accept-Ranges
bytes
Content-Encoding
gzip
Content-Length
233
Content-Type
text/html; charset=UTF-8
Date
Mon, 08 Nov 2021 15:48:06 GMT
Connection
keep-alive
Vary
Accept-Encoding
checksync.php
contextual.media.net/ Frame 8EFF 		33 KB
11 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUIUMTP7&prvid=2034%2C2033%2C2031%2C2030%2C273%2C2029%2C2028%2C2027%2C236%2C237%2C2025%2C238%2C117%2C97%2C99%2C3012%2C3011%2C3010%2C3007%2C201%2C4%2C246%2C2037%2C203%2C9%2C2011%2C3022%2C3020%2C251%2C175%2C2009%2C255%2C178%2C3018%2C3017%2C3016%2C214%2C3014%2C70%2C77%2C38%2C182%2C261%2C141%2C222%2C301%2C225%2C80%2C10000%2C108&purpose1=1&gdprconsent=1&gdpr=0&usp_status=0&usp_consent=1&itype=PREBID
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.205.72.10 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-205-72-10.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
6200f57c02db8c6db819c98b7d74580894c4e931ff8aa2db59753e08cf1b6e83
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://securityaffairs.co/

Response headers

server
Apache
content-type
text/html; charset=UTF-8
x-mnet-hl2
E
strict-transport-security
max-age=604800
vary
Accept-Encoding
content-encoding
gzip
cache-control
max-age=172800
expires
Wed, 10 Nov 2021 15:48:06 GMT
date
Mon, 08 Nov 2021 15:48:06 GMT
content-length
11178
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame 985A 		14 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
184.29.128.213 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-29-128-213.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
2295c7a89c8ac4a19e2641283109be472d8f58bd78e42a38a0d16e34203e4bba

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://securityaffairs.co/

Response headers

last-modified
Tue, 15 Jun 2021 06:08:03 GMT
etag
"1300708-3945-5c4c7cc02bd56"
server
Apache/2.2.15 (CentOS)
accept-ranges
bytes
content-encoding
gzip
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length
5054
content-type
text/html; charset=UTF-8
cache-control
max-age=124973
expires
Wed, 10 Nov 2021 02:30:59 GMT
date
Mon, 08 Nov 2021 15:48:06 GMT
vary
Accept-Encoding
beacon
ap.lijit.com/ Frame DFA0 		6 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ap.lijit.com/beacon?informer=13480300
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
69.175.41.32 Downers Grove, United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
sovrn-193627-chi03-placeholder
Software
nginx / raptor
Resource Hash
b01eb8534b871da0988c3f8f14f9e55aa86841624def13b93c44115f77748bbf

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://securityaffairs.co/

Response headers

Server
nginx
Date
Mon, 08 Nov 2021 15:48:06 GMT
Content-Type
text/html
Transfer-Encoding
chunked
Vary
Accept-Encoding
Expires
Fri, 20 Mar 2009 00:00:00 GMT
Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
Pragma
no-cache
P3P
CP="CUR ADM OUR NOR STA NID"
X-Powered-By
raptor
Content-Encoding
gzip
X-Sovrn-Pod
ad_ap3ord1
async_usersync.html
acdn.adnxs.com/dmp/ Frame 9922 		52 KB
17 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://acdn.adnxs.com/dmp/async_usersync.html
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.193.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://securityaffairs.co/

Response headers

Connection
keep-alive
Content-Length
17053
Server
nginx/1.18.0 (Ubuntu)
Content-Type
text/html
Last-Modified
Wed, 02 Dec 2020 20:56:47 GMT
ETag
W/"5fc7ff8f-cf34"
Expires
Mon, 01 Nov 2021 05:06:57 GMT
Cache-Control
max-age=86402
Access-Control-Allow-Origin
*
Content-Encoding
gzip
Via
1.1 varnish, 1.1 varnish
Accept-Ranges
bytes
Date
Mon, 08 Nov 2021 15:48:06 GMT
Age
40573
X-Served-By
cache-lga21963-LGA, cache-yul12823-YUL
X-Cache
HIT, HIT
X-Cache-Hits
2, 196322
X-Timer
S1636386487.674881,VS0,VE0
Vary
Accept-Encoding
pd
us-u.openx.net/w/1.0/ Frame B71D 		672 B
738 B 		Document
General
Check archive.org
Download Go to
Full URL
https://us-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
8.159.244.35.bc.googleusercontent.com
Software
OXGW/16.218.0 /
Resource Hash
a3facb7a3e1870167a3894c2cfd9a75e2a80f17dfc5ffde24c756036a10097e3

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://securityaffairs.co/

Response headers

vary
Accept, Accept-Encoding
server
OXGW/16.218.0
p3p
CP="CUR ADM OUR NOR STA NID"
date
Mon, 08 Nov 2021 15:48:06 GMT
content-type
text/html
content-length
424
content-encoding
gzip
via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
beacon
ap.lijit.com/ Frame 7945 		5 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ap.lijit.com/beacon?informer=13480300
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
69.175.41.32 Downers Grove, United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
sovrn-193627-chi03-placeholder
Software
nginx / raptor
Resource Hash
2bd583067ac5f178e727003086da3d2001edc018d9184db1ca65251e515f7b4a

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://securityaffairs.co/

Response headers

Server
nginx
Date
Mon, 08 Nov 2021 15:48:06 GMT
Content-Type
text/html
Transfer-Encoding
chunked
Vary
Accept-Encoding
Expires
Fri, 20 Mar 2009 00:00:00 GMT
Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
Pragma
no-cache
P3P
CP="CUR ADM OUR NOR STA NID"
X-Powered-By
raptor
Content-Encoding
gzip
X-Sovrn-Pod
ad_ap3ord1
async_usersync.html
acdn.adnxs.com/dmp/ Frame 8370 		52 KB
17 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://acdn.adnxs.com/dmp/async_usersync.html
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.193.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://securityaffairs.co/

Response headers

Connection
keep-alive
Content-Length
17053
Server
nginx/1.18.0 (Ubuntu)
Content-Type
text/html
Last-Modified
Wed, 02 Dec 2020 20:56:47 GMT
ETag
W/"5fc7ff8f-cf34"
Expires
Mon, 01 Nov 2021 05:06:57 GMT
Cache-Control
max-age=86402
Access-Control-Allow-Origin
*
Content-Encoding
gzip
Via
1.1 varnish, 1.1 varnish
Accept-Ranges
bytes
Date
Mon, 08 Nov 2021 15:48:06 GMT
Age
40573
X-Served-By
cache-lga21963-LGA, cache-yul12829-YUL
X-Cache
HIT, HIT
X-Cache-Hits
2, 196627
X-Timer
S1636386487.677909,VS0,VE0
Vary
Accept-Encoding
pd
us-u.openx.net/w/1.0/ Frame 6C63 		672 B
726 B 		Document
General
Check archive.org
Download Go to
Full URL
https://us-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
8.159.244.35.bc.googleusercontent.com
Software
OXGW/16.218.0 /
Resource Hash
a3facb7a3e1870167a3894c2cfd9a75e2a80f17dfc5ffde24c756036a10097e3

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://securityaffairs.co/

Response headers

vary
Accept, Accept-Encoding
server
OXGW/16.218.0
p3p
CP="CUR ADM OUR NOR STA NID"
date
Mon, 08 Nov 2021 15:48:06 GMT
content-type
text/html
content-length
424
content-encoding
gzip
via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame B028 		14 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
184.29.128.213 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-29-128-213.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
2295c7a89c8ac4a19e2641283109be472d8f58bd78e42a38a0d16e34203e4bba

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://securityaffairs.co/

Response headers

last-modified
Tue, 15 Jun 2021 06:08:03 GMT
etag
"1300708-3945-5c4c7cc02bd56"
server
Apache/2.2.15 (CentOS)
accept-ranges
bytes
content-encoding
gzip
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length
5054
content-type
text/html; charset=UTF-8
cache-control
max-age=124973
expires
Wed, 10 Nov 2021 02:30:59 GMT
date
Mon, 08 Nov 2021 15:48:06 GMT
vary
Accept-Encoding
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame 2200 		14 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
184.29.128.213 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-29-128-213.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
2295c7a89c8ac4a19e2641283109be472d8f58bd78e42a38a0d16e34203e4bba

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://securityaffairs.co/

Response headers

last-modified
Tue, 15 Jun 2021 06:08:03 GMT
etag
"1300708-3945-5c4c7cc02bd56"
server
Apache/2.2.15 (CentOS)
accept-ranges
bytes
content-encoding
gzip
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length
5054
content-type
text/html; charset=UTF-8
cache-control
max-age=124973
expires
Wed, 10 Nov 2021 02:30:59 GMT
date
Mon, 08 Nov 2021 15:48:06 GMT
vary
Accept-Encoding
pd
us-u.openx.net/w/1.0/ Frame DDF0 		672 B
726 B 		Document
General
Check archive.org
Download Go to
Full URL
https://us-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
8.159.244.35.bc.googleusercontent.com
Software
OXGW/16.218.0 /
Resource Hash
a3facb7a3e1870167a3894c2cfd9a75e2a80f17dfc5ffde24c756036a10097e3

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://securityaffairs.co/

Response headers

vary
Accept, Accept-Encoding
server
OXGW/16.218.0
p3p
CP="CUR ADM OUR NOR STA NID"
date
Mon, 08 Nov 2021 15:48:06 GMT
content-type
text/html
content-length
424
content-encoding
gzip
via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame 0D1C 		14 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
184.29.128.213 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-29-128-213.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
2295c7a89c8ac4a19e2641283109be472d8f58bd78e42a38a0d16e34203e4bba

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://securityaffairs.co/

Response headers

last-modified
Tue, 15 Jun 2021 06:08:03 GMT
etag
"1300708-3945-5c4c7cc02bd56"
server
Apache/2.2.15 (CentOS)
accept-ranges
bytes
content-encoding
gzip
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length
5054
content-type
text/html; charset=UTF-8
cache-control
max-age=124973
expires
Wed, 10 Nov 2021 02:30:59 GMT
date
Mon, 08 Nov 2021 15:48:06 GMT
vary
Accept-Encoding
async_usersync.html
acdn.adnxs.com/dmp/ Frame B6C4 		52 KB
17 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://acdn.adnxs.com/dmp/async_usersync.html
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.193.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://securityaffairs.co/

Response headers

Connection
keep-alive
Content-Length
17053
Server
nginx/1.18.0 (Ubuntu)
Content-Type
text/html
Last-Modified
Wed, 02 Dec 2020 20:56:47 GMT
ETag
W/"5fc7ff8f-cf34"
Expires
Mon, 01 Nov 2021 05:06:57 GMT
Cache-Control
max-age=86402
Access-Control-Allow-Origin
*
Content-Encoding
gzip
Via
1.1 varnish, 1.1 varnish
Accept-Ranges
bytes
Date
Mon, 08 Nov 2021 15:48:06 GMT
Age
40573
X-Served-By
cache-lga21963-LGA, cache-yul12826-YUL
X-Cache
HIT, HIT
X-Cache-Hits
2, 195785
X-Timer
S1636386487.732242,VS0,VE0
Vary
Accept-Encoding
us.gif
sync.go.sonobi.com/
Redirect Chain
  • https://bh.contextweb.com/bh/rtset?do=add&pid=560606&ev=2ea308b6-caf9-46ef-bcb9-6e411187dfed&daaqp=1&rurl=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Dpp%26nuid%3D%25%25VGUID%25%25
  • https://sync.go.sonobi.com/us.gif?nw=pp&nuid=H8Pc5X87Q0ue
49 B
723 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.go.sonobi.com/us.gif?nw=pp&nuid=H8Pc5X87Q0ue
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html
Protocol
HTTP/1.1
Server
69.166.1.10 , United States, ASN27630 (AS-XFERNET, US),
Reverse DNS
Software
sonobi-go /
Resource Hash
8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:06 GMT
Server
sonobi-go
Vary
negotiate,Accept-Encoding
X-Go-Server
go-iad-2-5-36
P3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control
no-cache, no-store, private
Tcn
Choice
Content-Type
image/gif
Content-Length
49
X-Xss-Protection
0
Expires
Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

strict-transport-security
max-age=15768000
server
Jetty(9.4.14.v20181114)
p3p
policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
content-language
en-CA
location
https://sync.go.sonobi.com/us.gif?nw=pp&nuid=H8Pc5X87Q0ue
cache-control
private, max-age=0, no-cache, no-store
cw-server
bh-deployment-857fc6c844-vxjjb
expires
-1
us.gif
sync.go.sonobi.com/
Redirect Chain
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=sonobi&ttd_tpi=1&ttd_puid=0b24fdfc82&gdpr=0&gdpr_consent=
  • https://sync.go.sonobi.com/us.gif?nw=td&nuid=bef21cd7-0fed-4f87-bc0f-da97b65f7cb9&pubid=0b24fdfc82
49 B
747 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.go.sonobi.com/us.gif?nw=td&nuid=bef21cd7-0fed-4f87-bc0f-da97b65f7cb9&pubid=0b24fdfc82
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html
Protocol
HTTP/1.1
Server
69.166.1.10 , United States, ASN27630 (AS-XFERNET, US),
Reverse DNS
Software
sonobi-go /
Resource Hash
8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:06 GMT
Server
sonobi-go
Vary
negotiate,Accept-Encoding
X-Go-Server
go-iad-2-5-36
P3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control
no-cache, no-store, private
Tcn
Choice
Content-Type
image/gif
Content-Length
49
X-Xss-Protection
0
Expires
Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:06 GMT
x-aspnet-version
4.0.30319
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location
https://sync.go.sonobi.com/us.gif?nw=td&nuid=bef21cd7-0fed-4f87-bc0f-da97b65f7cb9&pubid=0b24fdfc82
cache-control
private,no-cache, must-revalidate
content-type
text/html
content-length
227
usg.gif
sync.go.sonobi.com/
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=sonobi&google_cm&google_hm=MmVhMzA4YjYtY2FmOS00NmVmLWJjYjktNmU0MTExODdkZmVk
  • https://sync.go.sonobi.com/usg.gif?google_gid=CAESELkQjHna8jnu1s_Adycsk7c&google_cver=1
49 B
858 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.go.sonobi.com/usg.gif?google_gid=CAESELkQjHna8jnu1s_Adycsk7c&google_cver=1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html
Protocol
HTTP/1.1
Server
69.166.1.10 , United States, ASN27630 (AS-XFERNET, US),
Reverse DNS
Software
sonobi-go /
Resource Hash
8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:06 GMT
Server
sonobi-go
Vary
negotiate,Accept-Encoding
X-Go-Server
go-iad-2-5-36
P3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control
no-cache, no-store, private
Tcn
Choice
Content-Type
image/gif
Content-Length
49
X-Xss-Protection
0
Expires
Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:06 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://sync.go.sonobi.com/usg.gif?google_gid=CAESELkQjHna8jnu1s_Adycsk7c&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
288
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
us.gif
sync.go.sonobi.com/
Redirect Chain
  • https://bh.contextweb.com/bh/rtset?do=add&pid=560606&ev=b2c7c4a6-7547-4f64-b78a-75f9b6229849&daaqp=1&rurl=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Dpp%26nuid%3D%25%25VGUID%25%25
  • https://sync.go.sonobi.com/us.gif?nw=pp&nuid=H8Pc5X87Q0ue
49 B
840 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.go.sonobi.com/us.gif?nw=pp&nuid=H8Pc5X87Q0ue
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html
Protocol
HTTP/1.1
Server
69.166.1.10 , United States, ASN27630 (AS-XFERNET, US),
Reverse DNS
Software
sonobi-go /
Resource Hash
8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:06 GMT
Server
sonobi-go
Vary
negotiate,Accept-Encoding
X-Go-Server
go-iad-2-5-36
P3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control
no-cache, no-store, private
Tcn
Choice
Content-Type
image/gif
Content-Length
49
X-Xss-Protection
0
Expires
Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

strict-transport-security
max-age=15768000
server
Jetty(9.4.14.v20181114)
p3p
policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
content-language
en-CA
location
https://sync.go.sonobi.com/us.gif?nw=pp&nuid=H8Pc5X87Q0ue
cache-control
private, max-age=0, no-cache, no-store
cw-server
bh-deployment-857fc6c844-vxjjb
expires
-1
usg.gif
sync.go.sonobi.com/
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=sonobi&google_cm&google_hm=YjJjN2M0YTYtNzU0Ny00ZjY0LWI3OGEtNzVmOWI2MjI5ODQ5
  • https://sync.go.sonobi.com/usg.gif?google_gid=CAESELkQjHna8jnu1s_Adycsk7c&google_cver=1
49 B
858 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.go.sonobi.com/usg.gif?google_gid=CAESELkQjHna8jnu1s_Adycsk7c&google_cver=1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html
Protocol
HTTP/1.1
Server
69.166.1.10 , United States, ASN27630 (AS-XFERNET, US),
Reverse DNS
Software
sonobi-go /
Resource Hash
8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:06 GMT
Server
sonobi-go
Vary
negotiate,Accept-Encoding
X-Go-Server
go-iad-2-5-36
P3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control
no-cache, no-store, private
Tcn
Choice
Content-Type
image/gif
Content-Length
49
X-Xss-Protection
0
Expires
Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:06 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://sync.go.sonobi.com/usg.gif?google_gid=CAESELkQjHna8jnu1s_Adycsk7c&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
288
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
usg.gif
sync.go.sonobi.com/
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=sonobi&google_cm&google_hm=ZTBiNzIzYzQtNTk1MC00MmQzLWIyNzItMDY1ZTJlZTA2YmU1
  • https://sync.go.sonobi.com/usg.gif?google_gid=CAESELkQjHna8jnu1s_Adycsk7c&google_cver=1
49 B
858 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.go.sonobi.com/usg.gif?google_gid=CAESELkQjHna8jnu1s_Adycsk7c&google_cver=1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html
Protocol
HTTP/1.1
Server
69.166.1.10 , United States, ASN27630 (AS-XFERNET, US),
Reverse DNS
Software
sonobi-go /
Resource Hash
8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:06 GMT
Server
sonobi-go
Vary
negotiate,Accept-Encoding
X-Go-Server
go-iad-2-5-36
P3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control
no-cache, no-store, private
Tcn
Choice
Content-Type
image/gif
Content-Length
49
X-Xss-Protection
0
Expires
Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:06 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://sync.go.sonobi.com/usg.gif?google_gid=CAESELkQjHna8jnu1s_Adycsk7c&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
288
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
us.gif
sync.go.sonobi.com/
Redirect Chain
  • https://bh.contextweb.com/bh/rtset?do=add&pid=560606&ev=e0b723c4-5950-42d3-b272-065e2ee06be5&daaqp=1&rurl=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Dpp%26nuid%3D%25%25VGUID%25%25
  • https://sync.go.sonobi.com/us.gif?nw=pp&nuid=H8Pc5X87Q0ue
49 B
840 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.go.sonobi.com/us.gif?nw=pp&nuid=H8Pc5X87Q0ue
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html
Protocol
HTTP/1.1
Server
69.166.1.10 , United States, ASN27630 (AS-XFERNET, US),
Reverse DNS
Software
sonobi-go /
Resource Hash
8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:06 GMT
Server
sonobi-go
Vary
negotiate,Accept-Encoding
X-Go-Server
go-iad-2-5-36
P3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control
no-cache, no-store, private
Tcn
Choice
Content-Type
image/gif
Content-Length
49
X-Xss-Protection
0
Expires
Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

strict-transport-security
max-age=15768000
server
Jetty(9.4.14.v20181114)
p3p
policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
content-language
en-CA
location
https://sync.go.sonobi.com/us.gif?nw=pp&nuid=H8Pc5X87Q0ue
cache-control
private, max-age=0, no-cache, no-store
cw-server
bh-deployment-857fc6c844-vxjjb
expires
-1
rum
dsum-sec.casalemedia.com/ Frame F727
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEI3JkYmOSl7hSERwyzWj0WI&google_cver=1
43 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEI3JkYmOSl7hSERwyzWj0WI&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CO-t7QIQhsvvAhiDks-dATAB&v=APEucNWCShfVHYbJAWJ5paS7sq2hHaJcYa1j1TXvUNZRTCvM1iwrcRg5-buZex2q8dHL12jkg97PopWI4imF2n5NcLwwF_N4sA
Protocol
HTTP/1.1
Server
184.29.129.7 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-29-129-7.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:06 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Mon, 08 Nov 2021 15:48:06 GMT

Redirect headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:06 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEI3JkYmOSl7hSERwyzWj0WI&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
313
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
rum
dsum-sec.casalemedia.com/ Frame F727
Redirect Chain
  • https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YYlGtSCPhl8A5ZZDXjjRgQAA
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEI3JkYmOSl7hSERwyzWj0WI&google_cver=1
43 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEI3JkYmOSl7hSERwyzWj0WI&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CO-t7QIQhsvvAhiDks-dATAB&v=APEucNWCShfVHYbJAWJ5paS7sq2hHaJcYa1j1TXvUNZRTCvM1iwrcRg5-buZex2q8dHL12jkg97PopWI4imF2n5NcLwwF_N4sA
Protocol
HTTP/1.1
Server
184.29.129.7 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-29-129-7.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:06 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Mon, 08 Nov 2021 15:48:06 GMT

Redirect headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:06 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEI3JkYmOSl7hSERwyzWj0WI&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
313
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
setuid
ib.adnxs.com/ Frame F727
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
  • https://ib.adnxs.com/setuid?entity=101&code=CAESEAqEpBpv-CC9gsVoKeI31Bw&google_cver=1
43 B
1006 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ib.adnxs.com/setuid?entity=101&code=CAESEAqEpBpv-CC9gsVoKeI31Bw&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CO-t7QIQhsvvAhiDks-dATAB&v=APEucNWCShfVHYbJAWJ5paS7sq2hHaJcYa1j1TXvUNZRTCvM1iwrcRg5-buZex2q8dHL12jkg97PopWI4imF2n5NcLwwF_N4sA
Protocol
HTTP/1.1
Server
68.67.161.183 New York, United States, ASN29990 (ASN-APPNEX, US),
Reverse DNS
803.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net
Software
nginx/1.17.9 /
Resource Hash
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:06 GMT
X-Proxy-Origin
37.120.205.149; 37.120.205.149; 803.bm-nginx-loadbalancer.mgmt.nym2; adnxs.com
AN-X-Request-Uuid
2011473e-a113-4719-aeab-8787e96fe453
Server
nginx/1.17.9
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:06 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://ib.adnxs.com/setuid?entity=101&code=CAESEAqEpBpv-CC9gsVoKeI31Bw&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
290
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame F727
Redirect Chain
  • https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjYyNDU2Njc2MDM2Nzg5MDM3NQ%3D%3D
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjYyNDU2Njc2MDM2Nzg5MDM3NQ%3D%3D
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CO-t7QIQhsvvAhiDks-dATAB&v=APEucNWCShfVHYbJAWJ5paS7sq2hHaJcYa1j1TXvUNZRTCvM1iwrcRg5-buZex2q8dHL12jkg97PopWI4imF2n5NcLwwF_N4sA
Protocol
H3
Server
142.250.65.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s71-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:06 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:06 GMT
X-Proxy-Origin
37.120.205.149; 37.120.205.149; 803.bm-nginx-loadbalancer.mgmt.nym2; adnxs.com
AN-X-Request-Uuid
5fce02ba-11e6-4f78-b3b2-2594824bf48a
Server
nginx/1.17.9
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjYyNDU2Njc2MDM2Nzg5MDM3NQ%3D%3D
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
vtr.php
served-by.pixfuture.com/www/headerbid/library/tracking/ 		0
309 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://served-by.pixfuture.com/www/headerbid/library/tracking/vtr.php
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://securityaffairs.co/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:06 GMT
server
nginx/1.10.3 (Ubuntu)
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
cache-control
max-age=172800
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
expires
Wed, 10 Nov 2021 15:48:06 GMT
abg_lite.js
pagead2.googlesyndication.com/pagead/js/r20211103/r20110914/ Frame F442 		24 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20211103/r20110914/abg_lite.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DPK7D0U45VmWqoWAJ00Ctz_hG9BfCXkHRab9pwbrOacom15pWTg3tP-h5rMNrS1GtgWOz-NoFIpfTQZUqPx1lpQukKnyH2ldmLM3nJwlCbR_kOQe67GaBf5fRd_9xreXlXkHarkPwMDlahNey38OI-2onVnA&cry=1&dbm_d=AKAmf-C4Frw8vf_y__db68hK3R1nGvJeA-LkldeVfwDC1XvxSUVqT9BsHsv3VclwaoeXjBblOV5IhR59f2tAHUZ1GyeSjOZewWi02i9FUcerqy5hBZDB7QzixXa4Ko3-QPmD7w1joLJS8xZdMNT0LllB7_w528q7_dcOp9aLwQQMx-_B2BVH_Q7UOBYl8R4m7dYURZz3MNa9cK4I-V1XhjU2fV6aAJVthDVWb_0W8_Hr8hKC7VEfm3tCG4171HJer60b6x-8yyysAt6SfMiVaz0M6CPCUdDXj9f1qX7mRHymOD3a9KkTaiqeYy7QmSCFtzkN828rBwx-rJuATPbTME3gBmZreVPDvkxjIiODiVbXxpdRR2ukkYKIvamoBq6sQW1ygi0o74Cob6w22or4vVll2uoCFHE6HJGpz3fMmS3C_-xCjflXMq1Bvg-5SA60xqAlpPOiFLBaz6_G0oCiMEE7sqLvNTNzYiHqQgftpBk03U6IXbEbBdr0fQ9PbMgOrw_PreFUHv1pT_DUZsk_fY8qNiMb2s9NhEcQ3U-5K6EIH_e3mKXttXDqOKAS1TXqB5KZHbk62D0cU18FEV6lvYuqp5FqcdxOZERWjM-9ymsmS2NDP7u_czwH1Q5LBhRr5Bo1I8VdGWgvQrjktw3SyBwhqU2_2Qs3Bt1ZEEW3pLcaTd_dn5VtOhtBwUCUL5YQPbrDp8W5A7O9qyMK3lKTpTdzo7F_tVj_AO7vOrlCQbKWPX1hIJb3Rq2Nax6JlDkZJXl7ia_po5xPPkKYy3GIyEbNxKSORMzczuzf049JVrDP1XLiIturrK5E-kh7P3urAgerIhc9K82Zt6pu8BAoS66EAbWySGWSC_eEK0bDXxtr_NxkeAmBnM7cY7hV-irkm4m_9Dat6e1tU8WPZfDqgSA6nLpixPWQPxrc8P3UhNRqqI2VNX1Q_GPp8PjrRH9VYsnqxa0e0dENLebXHaKqkWs0zds4aZi8_3oU5QwwYYBGVrPEw2P2Iz0b2Q6xuIitYkrxBU7hD-UhXH7KXwzunPr0RqYiCPo1Nu0qBd-uwzPgHdCSvHbRysQKNd141tMHpWZukfbDnyyTAQmG1hEqZs_Wwx4FXM0FPQ-LQjOfZa6cCpIG75FIvioGLkXxjllrtzxHoAmbMjYy3AqYu3HsL6KuPn3uPHTbYzpjsQFbLoj0FWNT3DbhDlFS1pH2tvwyWrzhVYMj-l0N6HzWzXdpTlXUPt_9VEAP72ZdBeiysXUM5yj3ZFzq_OBQZHmyGF19k_ay0tXG4cNsX5xfN0OIb94xAfk3JU2q37VJmDCeDqgzGiRCcZZNq1pss4EB4mNEhbvJK4iyATPupu4JJDIdkrBlAFHPpkHJ9Mm0lvJA8mLwXqcCUsqchUhCThoFomokS-G5d0cYk5H_IhPDpspfMl5pCO6gPcCjwMEs_nRT2lYq49WW3etOTNOB29aIJev8sOxmGRSMwBKCycDn6o27vdgT2YZheLR3IPasn6LYIw-dt8RgN2BNEVE8WGS92HfCnwhOCOPSwKEw5ggTNwDTT9nUS4mO_Ilxz_C_URmIvv1JbzcaDgOLc2hXUD_8XwQELyJHR3NRz6l-uchCIuDPx-wBNLuCvqCbinbrOpFES8Al0tFuT11DzXlNKmvHPTX7ZpqBIeHotFIkOICFlm5vYOvzBuM8d_elG45v2f4xUHvoSj10g8wCrjj14dqg0fjTfxYSTBJPN92REIHCXRcR7tHmsk9TtVKrgrnOZR7ueecJ6C53b8rlVXKLkwE3CPUwHiLfHii-WbiDkoNaM-kwUKvwemFsmygeIDUEpsn1fhelUH29x_0xZSHCQae5NB9xoOIRNl43TaQS-wEETcTgswM4KGqQr5Yq410VJLqZ85YAVrYR4csmIxoJpLXW8hCTO1DYZP0VjThJRPx3mykEmFKKcBN2sgaizQt1-yiVXx075N_eVVz-ts95D7kCkixZ9f4XsKQrOf2k-DwcZ8oEbRbxn8pJIGMe-NXijKfznz9EljpqtnVubs82OjPUyEecNdBliBaqvh9N5LjKaR2CsmfY5EvJ8b1YPns2kPlbz8jUfvtkJdIPyxF3xM9GwjNaEVUd0fNMlYOIrB7tGxHl3EkYEIQ-KP0AuqOwZPJKZZ8lBwpLQ3hicTLJYC3blIK4HZDLgKUZFhmRbjWnBmZmEX_mTOUNo-qJlo41yYypFBQ_son8HEdPEgNLNkRJxXR2vAtIrHbIoG-9IGIk3ynD6S44f3yja9Xq-ri3Xxc5FeSn5ZGeiipJLgRHPufJEU0VpEytJhTLDai2HoDzCW96vFGDVruLj3ZAPt3Dm2sGHbiYMil8tUrRDhHNpxJwQHWjgG2tdvPcIZrcH0UI2BCCPSN-aHccQNgZpYamaRVi5-tqyuybGspNalxH-Zzj4jC_jcYFT-lrzbiRj9-iQ6LdfVOLLajQAs33qozzF9V1_F94lnrGG_aTCTDbFXa7iDCUCX0ao8VoeogKXx1FUE3FZloFhro1b5hi1orPcUvNZX7OgSJof9bmwY-yxf3h2RHeHmRI5Jdueq2T9UYGcYJJQfyN0Q3MS0TG6k08qL7OaPQoCESXXG49KzVyvmTCdDcaBkjFkS3toiTrS37Z4DR7c71bz7vfTwfwR23No9gak010-ToK5_xNk9DVD3SxGk4PgkVw2KTXYRwpSKNuJYH7OG9CTzwrQYof4WL02sakvnpu90hPn9KMc_EXF3mGIsx11K_GWbA5riTxN9eSRjyHSNBE1HbK6xVDSEA3uSZZzufiiGOFJM4Vs8dXoNArzKwF0yppDpuwEzT5iIOc2KPi2IvpH6lSWUM9buu-JSSTZpIXTDRWQSTMdpYiN5ZrQuDvaB8Og28rNmOkIq76-64bVf-bkVxPy8r_9Cm15CyYBKJ-97wFgGBQP-yOA9_g84qUmea66CZBivCeJ0PMzd-1n5z83cdosZgxeXrM36gIUW3dlIofGv_N8ciRNmcty6en1Qx2c4m2nl6s2t0__CT3HWOywwm1TriEBYjiX8zenefwwQQHbgstO10U6tbb8nRModkL8ferJpiaNSbY346vnXtxcemqOFmEhFbRCyPHpeEh8iL0JbXyeQErb3qYDRagNt0ua9nv-tfrZL66apQTCvadZDx96UqvSqlkthefiZ-dSQAG_SO3fnPbmAtA_yYmdXEzfrE6I8M88ojaAWza9eJXynC1G8xpgwtNFS4KuSr3Tyc3N0i6FpY&cid=CAASEuRohWaFhNXRk-PKX1TgSDjPRA&rfl=2%2Chttps%253A%252F%252Fsecurityaffairs.co%242%2Chttps%253A%252F%252Fsecurityaffairs.co%252F%240
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81c::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
f8957910f9a887e298f5c082685e139255d095ec819e8b8cc6469b0006ef204b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:46:28 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
98
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
9560
x-xss-protection
0
server
cafe
etag
378257483732583304
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Mon, 22 Nov 2021 15:46:28 GMT
6521925615122537231
s0.2mdn.net/simgad/ Frame F442 		24 KB
24 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/simgad/6521925615122537231?sqp=-oaymwEOCKwCEPoBIAFIZFABWAE&rs=AOga4qkTgIP9S5pDi8IYLKSHVQC9Z0GG7Q
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DPK7D0U45VmWqoWAJ00Ctz_hG9BfCXkHRab9pwbrOacom15pWTg3tP-h5rMNrS1GtgWOz-NoFIpfTQZUqPx1lpQukKnyH2ldmLM3nJwlCbR_kOQe67GaBf5fRd_9xreXlXkHarkPwMDlahNey38OI-2onVnA&cry=1&dbm_d=AKAmf-C4Frw8vf_y__db68hK3R1nGvJeA-LkldeVfwDC1XvxSUVqT9BsHsv3VclwaoeXjBblOV5IhR59f2tAHUZ1GyeSjOZewWi02i9FUcerqy5hBZDB7QzixXa4Ko3-QPmD7w1joLJS8xZdMNT0LllB7_w528q7_dcOp9aLwQQMx-_B2BVH_Q7UOBYl8R4m7dYURZz3MNa9cK4I-V1XhjU2fV6aAJVthDVWb_0W8_Hr8hKC7VEfm3tCG4171HJer60b6x-8yyysAt6SfMiVaz0M6CPCUdDXj9f1qX7mRHymOD3a9KkTaiqeYy7QmSCFtzkN828rBwx-rJuATPbTME3gBmZreVPDvkxjIiODiVbXxpdRR2ukkYKIvamoBq6sQW1ygi0o74Cob6w22or4vVll2uoCFHE6HJGpz3fMmS3C_-xCjflXMq1Bvg-5SA60xqAlpPOiFLBaz6_G0oCiMEE7sqLvNTNzYiHqQgftpBk03U6IXbEbBdr0fQ9PbMgOrw_PreFUHv1pT_DUZsk_fY8qNiMb2s9NhEcQ3U-5K6EIH_e3mKXttXDqOKAS1TXqB5KZHbk62D0cU18FEV6lvYuqp5FqcdxOZERWjM-9ymsmS2NDP7u_czwH1Q5LBhRr5Bo1I8VdGWgvQrjktw3SyBwhqU2_2Qs3Bt1ZEEW3pLcaTd_dn5VtOhtBwUCUL5YQPbrDp8W5A7O9qyMK3lKTpTdzo7F_tVj_AO7vOrlCQbKWPX1hIJb3Rq2Nax6JlDkZJXl7ia_po5xPPkKYy3GIyEbNxKSORMzczuzf049JVrDP1XLiIturrK5E-kh7P3urAgerIhc9K82Zt6pu8BAoS66EAbWySGWSC_eEK0bDXxtr_NxkeAmBnM7cY7hV-irkm4m_9Dat6e1tU8WPZfDqgSA6nLpixPWQPxrc8P3UhNRqqI2VNX1Q_GPp8PjrRH9VYsnqxa0e0dENLebXHaKqkWs0zds4aZi8_3oU5QwwYYBGVrPEw2P2Iz0b2Q6xuIitYkrxBU7hD-UhXH7KXwzunPr0RqYiCPo1Nu0qBd-uwzPgHdCSvHbRysQKNd141tMHpWZukfbDnyyTAQmG1hEqZs_Wwx4FXM0FPQ-LQjOfZa6cCpIG75FIvioGLkXxjllrtzxHoAmbMjYy3AqYu3HsL6KuPn3uPHTbYzpjsQFbLoj0FWNT3DbhDlFS1pH2tvwyWrzhVYMj-l0N6HzWzXdpTlXUPt_9VEAP72ZdBeiysXUM5yj3ZFzq_OBQZHmyGF19k_ay0tXG4cNsX5xfN0OIb94xAfk3JU2q37VJmDCeDqgzGiRCcZZNq1pss4EB4mNEhbvJK4iyATPupu4JJDIdkrBlAFHPpkHJ9Mm0lvJA8mLwXqcCUsqchUhCThoFomokS-G5d0cYk5H_IhPDpspfMl5pCO6gPcCjwMEs_nRT2lYq49WW3etOTNOB29aIJev8sOxmGRSMwBKCycDn6o27vdgT2YZheLR3IPasn6LYIw-dt8RgN2BNEVE8WGS92HfCnwhOCOPSwKEw5ggTNwDTT9nUS4mO_Ilxz_C_URmIvv1JbzcaDgOLc2hXUD_8XwQELyJHR3NRz6l-uchCIuDPx-wBNLuCvqCbinbrOpFES8Al0tFuT11DzXlNKmvHPTX7ZpqBIeHotFIkOICFlm5vYOvzBuM8d_elG45v2f4xUHvoSj10g8wCrjj14dqg0fjTfxYSTBJPN92REIHCXRcR7tHmsk9TtVKrgrnOZR7ueecJ6C53b8rlVXKLkwE3CPUwHiLfHii-WbiDkoNaM-kwUKvwemFsmygeIDUEpsn1fhelUH29x_0xZSHCQae5NB9xoOIRNl43TaQS-wEETcTgswM4KGqQr5Yq410VJLqZ85YAVrYR4csmIxoJpLXW8hCTO1DYZP0VjThJRPx3mykEmFKKcBN2sgaizQt1-yiVXx075N_eVVz-ts95D7kCkixZ9f4XsKQrOf2k-DwcZ8oEbRbxn8pJIGMe-NXijKfznz9EljpqtnVubs82OjPUyEecNdBliBaqvh9N5LjKaR2CsmfY5EvJ8b1YPns2kPlbz8jUfvtkJdIPyxF3xM9GwjNaEVUd0fNMlYOIrB7tGxHl3EkYEIQ-KP0AuqOwZPJKZZ8lBwpLQ3hicTLJYC3blIK4HZDLgKUZFhmRbjWnBmZmEX_mTOUNo-qJlo41yYypFBQ_son8HEdPEgNLNkRJxXR2vAtIrHbIoG-9IGIk3ynD6S44f3yja9Xq-ri3Xxc5FeSn5ZGeiipJLgRHPufJEU0VpEytJhTLDai2HoDzCW96vFGDVruLj3ZAPt3Dm2sGHbiYMil8tUrRDhHNpxJwQHWjgG2tdvPcIZrcH0UI2BCCPSN-aHccQNgZpYamaRVi5-tqyuybGspNalxH-Zzj4jC_jcYFT-lrzbiRj9-iQ6LdfVOLLajQAs33qozzF9V1_F94lnrGG_aTCTDbFXa7iDCUCX0ao8VoeogKXx1FUE3FZloFhro1b5hi1orPcUvNZX7OgSJof9bmwY-yxf3h2RHeHmRI5Jdueq2T9UYGcYJJQfyN0Q3MS0TG6k08qL7OaPQoCESXXG49KzVyvmTCdDcaBkjFkS3toiTrS37Z4DR7c71bz7vfTwfwR23No9gak010-ToK5_xNk9DVD3SxGk4PgkVw2KTXYRwpSKNuJYH7OG9CTzwrQYof4WL02sakvnpu90hPn9KMc_EXF3mGIsx11K_GWbA5riTxN9eSRjyHSNBE1HbK6xVDSEA3uSZZzufiiGOFJM4Vs8dXoNArzKwF0yppDpuwEzT5iIOc2KPi2IvpH6lSWUM9buu-JSSTZpIXTDRWQSTMdpYiN5ZrQuDvaB8Og28rNmOkIq76-64bVf-bkVxPy8r_9Cm15CyYBKJ-97wFgGBQP-yOA9_g84qUmea66CZBivCeJ0PMzd-1n5z83cdosZgxeXrM36gIUW3dlIofGv_N8ciRNmcty6en1Qx2c4m2nl6s2t0__CT3HWOywwm1TriEBYjiX8zenefwwQQHbgstO10U6tbb8nRModkL8ferJpiaNSbY346vnXtxcemqOFmEhFbRCyPHpeEh8iL0JbXyeQErb3qYDRagNt0ua9nv-tfrZL66apQTCvadZDx96UqvSqlkthefiZ-dSQAG_SO3fnPbmAtA_yYmdXEzfrE6I8M88ojaAWza9eJXynC1G8xpgwtNFS4KuSr3Tyc3N0i6FpY&cid=CAASEuRohWaFhNXRk-PKX1TgSDjPRA&rfl=2%2Chttps%253A%252F%252Fsecurityaffairs.co%242%2Chttps%253A%252F%252Fsecurityaffairs.co%252F%240
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80b::2006 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
1c10397a3682540eabe56fb6076bc332ecfd0bf7e9dc978a577b596053f8328e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Fri, 05 Nov 2021 13:47:12 GMT
x-content-type-options
nosniff
age
266454
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
24373
x-xss-protection
0
last-modified
Fri, 12 Feb 2021 01:44:57 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Sat, 05 Nov 2022 13:47:12 GMT
omrhp.js
pagead2.googlesyndication.com/pagead/js/r20211103/r20110914/elements/html/ Frame F442 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20211103/r20110914/elements/html/omrhp.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DPK7D0U45VmWqoWAJ00Ctz_hG9BfCXkHRab9pwbrOacom15pWTg3tP-h5rMNrS1GtgWOz-NoFIpfTQZUqPx1lpQukKnyH2ldmLM3nJwlCbR_kOQe67GaBf5fRd_9xreXlXkHarkPwMDlahNey38OI-2onVnA&cry=1&dbm_d=AKAmf-C4Frw8vf_y__db68hK3R1nGvJeA-LkldeVfwDC1XvxSUVqT9BsHsv3VclwaoeXjBblOV5IhR59f2tAHUZ1GyeSjOZewWi02i9FUcerqy5hBZDB7QzixXa4Ko3-QPmD7w1joLJS8xZdMNT0LllB7_w528q7_dcOp9aLwQQMx-_B2BVH_Q7UOBYl8R4m7dYURZz3MNa9cK4I-V1XhjU2fV6aAJVthDVWb_0W8_Hr8hKC7VEfm3tCG4171HJer60b6x-8yyysAt6SfMiVaz0M6CPCUdDXj9f1qX7mRHymOD3a9KkTaiqeYy7QmSCFtzkN828rBwx-rJuATPbTME3gBmZreVPDvkxjIiODiVbXxpdRR2ukkYKIvamoBq6sQW1ygi0o74Cob6w22or4vVll2uoCFHE6HJGpz3fMmS3C_-xCjflXMq1Bvg-5SA60xqAlpPOiFLBaz6_G0oCiMEE7sqLvNTNzYiHqQgftpBk03U6IXbEbBdr0fQ9PbMgOrw_PreFUHv1pT_DUZsk_fY8qNiMb2s9NhEcQ3U-5K6EIH_e3mKXttXDqOKAS1TXqB5KZHbk62D0cU18FEV6lvYuqp5FqcdxOZERWjM-9ymsmS2NDP7u_czwH1Q5LBhRr5Bo1I8VdGWgvQrjktw3SyBwhqU2_2Qs3Bt1ZEEW3pLcaTd_dn5VtOhtBwUCUL5YQPbrDp8W5A7O9qyMK3lKTpTdzo7F_tVj_AO7vOrlCQbKWPX1hIJb3Rq2Nax6JlDkZJXl7ia_po5xPPkKYy3GIyEbNxKSORMzczuzf049JVrDP1XLiIturrK5E-kh7P3urAgerIhc9K82Zt6pu8BAoS66EAbWySGWSC_eEK0bDXxtr_NxkeAmBnM7cY7hV-irkm4m_9Dat6e1tU8WPZfDqgSA6nLpixPWQPxrc8P3UhNRqqI2VNX1Q_GPp8PjrRH9VYsnqxa0e0dENLebXHaKqkWs0zds4aZi8_3oU5QwwYYBGVrPEw2P2Iz0b2Q6xuIitYkrxBU7hD-UhXH7KXwzunPr0RqYiCPo1Nu0qBd-uwzPgHdCSvHbRysQKNd141tMHpWZukfbDnyyTAQmG1hEqZs_Wwx4FXM0FPQ-LQjOfZa6cCpIG75FIvioGLkXxjllrtzxHoAmbMjYy3AqYu3HsL6KuPn3uPHTbYzpjsQFbLoj0FWNT3DbhDlFS1pH2tvwyWrzhVYMj-l0N6HzWzXdpTlXUPt_9VEAP72ZdBeiysXUM5yj3ZFzq_OBQZHmyGF19k_ay0tXG4cNsX5xfN0OIb94xAfk3JU2q37VJmDCeDqgzGiRCcZZNq1pss4EB4mNEhbvJK4iyATPupu4JJDIdkrBlAFHPpkHJ9Mm0lvJA8mLwXqcCUsqchUhCThoFomokS-G5d0cYk5H_IhPDpspfMl5pCO6gPcCjwMEs_nRT2lYq49WW3etOTNOB29aIJev8sOxmGRSMwBKCycDn6o27vdgT2YZheLR3IPasn6LYIw-dt8RgN2BNEVE8WGS92HfCnwhOCOPSwKEw5ggTNwDTT9nUS4mO_Ilxz_C_URmIvv1JbzcaDgOLc2hXUD_8XwQELyJHR3NRz6l-uchCIuDPx-wBNLuCvqCbinbrOpFES8Al0tFuT11DzXlNKmvHPTX7ZpqBIeHotFIkOICFlm5vYOvzBuM8d_elG45v2f4xUHvoSj10g8wCrjj14dqg0fjTfxYSTBJPN92REIHCXRcR7tHmsk9TtVKrgrnOZR7ueecJ6C53b8rlVXKLkwE3CPUwHiLfHii-WbiDkoNaM-kwUKvwemFsmygeIDUEpsn1fhelUH29x_0xZSHCQae5NB9xoOIRNl43TaQS-wEETcTgswM4KGqQr5Yq410VJLqZ85YAVrYR4csmIxoJpLXW8hCTO1DYZP0VjThJRPx3mykEmFKKcBN2sgaizQt1-yiVXx075N_eVVz-ts95D7kCkixZ9f4XsKQrOf2k-DwcZ8oEbRbxn8pJIGMe-NXijKfznz9EljpqtnVubs82OjPUyEecNdBliBaqvh9N5LjKaR2CsmfY5EvJ8b1YPns2kPlbz8jUfvtkJdIPyxF3xM9GwjNaEVUd0fNMlYOIrB7tGxHl3EkYEIQ-KP0AuqOwZPJKZZ8lBwpLQ3hicTLJYC3blIK4HZDLgKUZFhmRbjWnBmZmEX_mTOUNo-qJlo41yYypFBQ_son8HEdPEgNLNkRJxXR2vAtIrHbIoG-9IGIk3ynD6S44f3yja9Xq-ri3Xxc5FeSn5ZGeiipJLgRHPufJEU0VpEytJhTLDai2HoDzCW96vFGDVruLj3ZAPt3Dm2sGHbiYMil8tUrRDhHNpxJwQHWjgG2tdvPcIZrcH0UI2BCCPSN-aHccQNgZpYamaRVi5-tqyuybGspNalxH-Zzj4jC_jcYFT-lrzbiRj9-iQ6LdfVOLLajQAs33qozzF9V1_F94lnrGG_aTCTDbFXa7iDCUCX0ao8VoeogKXx1FUE3FZloFhro1b5hi1orPcUvNZX7OgSJof9bmwY-yxf3h2RHeHmRI5Jdueq2T9UYGcYJJQfyN0Q3MS0TG6k08qL7OaPQoCESXXG49KzVyvmTCdDcaBkjFkS3toiTrS37Z4DR7c71bz7vfTwfwR23No9gak010-ToK5_xNk9DVD3SxGk4PgkVw2KTXYRwpSKNuJYH7OG9CTzwrQYof4WL02sakvnpu90hPn9KMc_EXF3mGIsx11K_GWbA5riTxN9eSRjyHSNBE1HbK6xVDSEA3uSZZzufiiGOFJM4Vs8dXoNArzKwF0yppDpuwEzT5iIOc2KPi2IvpH6lSWUM9buu-JSSTZpIXTDRWQSTMdpYiN5ZrQuDvaB8Og28rNmOkIq76-64bVf-bkVxPy8r_9Cm15CyYBKJ-97wFgGBQP-yOA9_g84qUmea66CZBivCeJ0PMzd-1n5z83cdosZgxeXrM36gIUW3dlIofGv_N8ciRNmcty6en1Qx2c4m2nl6s2t0__CT3HWOywwm1TriEBYjiX8zenefwwQQHbgstO10U6tbb8nRModkL8ferJpiaNSbY346vnXtxcemqOFmEhFbRCyPHpeEh8iL0JbXyeQErb3qYDRagNt0ua9nv-tfrZL66apQTCvadZDx96UqvSqlkthefiZ-dSQAG_SO3fnPbmAtA_yYmdXEzfrE6I8M88ojaAWza9eJXynC1G8xpgwtNFS4KuSr3Tyc3N0i6FpY&cid=CAASEuRohWaFhNXRk-PKX1TgSDjPRA&rfl=2%2Chttps%253A%252F%252Fsecurityaffairs.co%242%2Chttps%253A%252F%252Fsecurityaffairs.co%252F%240
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81c::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
9db8a678d1681c1c4a3f15e1769c3f54d96f126db4a7b00cea65127c820a7763
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:44:05 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
241
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
3140
x-xss-protection
0
server
cafe
etag
17163059639670574047
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Mon, 22 Nov 2021 15:44:05 GMT
view
googleads4.g.doubleclick.net/pcs/ Frame F442 		0
61 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvQv4HaOUh-oR419GRfV1uBS3Y1TJ48FRl9zqfXLybf9iwqeyaQdwdjxemI3dT711vm-o-LA7ezK40uKl0L66DqcmpDeQqi6G_D75qAzto2cUdHoE9tQ6b_IC4-E_ha83hDvjtnt4sU6HefI-XcBA8miOTE6rU56qEaR0U3l4UEMAOXHVEbrTC-4YuLMEC0PDLQ8aByGTXMShaZUASqpMn6dcwQcVbnVryENu_6qJt68XvtmNtTdiolrBhIKOY-weWV2NmEgOjekHoAJYfLIYKaKejsSY-z2ZlP04Tnxzo_WPqm1vUZEKOe0_jWobBhnJKkQNSP5HxchG7JBV-5HfMcJhXFFh7UoT3yvQ3GXod_tkSdyC-Es-AFy9eZrtpl6MRdI-AyFg6PplNahnQbRAku-zOtGxF2CFmNIRuFOWQZaehGBDTqNwELiDzUxCaoFFJF9xVIEqaDMVFq8pjDCPfeWRShb1M2Nsu16_4PRkKfcYJLVVDdCpw6CZB2j1-WFiUE46_x3JnQSzkaGxWFGOlaLyQ5i8uE3eq_FmEyZk3SOFtJ4J0k6TcHU4bGmmeXUbV4_ZWJxshG06X3uBkWZG9ZR1fqm-DJ_S1TtbTYYiW0jU1-JsmWQsHHXHj-FqE3NHpwiy0qVcoY7WluT7rz1E6Ibq_070Z5BeP4HRG865lhUMmYYK_C_fpc-C1iFfCkNc97YbwvY4En_gn_Pj1C9HxR7VWQllkchxDFcF-QQwAX2dFLmEJD8oUArfx1JpA41i0ptXb2lUutw9lHBX5s9oSS6izwN7-CDF5zUtMLCQv9JEvWyszGKzQksMkuYnDeESYCnMKIDeXDTb7o_xTJa54-0Pjm04IlEOAlgm4QcRKyiZTcXj55dKpCCj0UHISrNyPMWQrmnxb8ZcQ6p9DvQwa_20s-4it8tTapQ40M0cO2USjDDyveHcEvmE4UedIirUvMrLT9AfZ1sixCXJ1QokSLlIgIxogN1_0NR-nn72DDakE7YQlgDX5kBgfLczrD7DJEVuSAV5mtW8CV9MauI2tMlrqsrdsYWY3FZR5XBy6Iqj6fOFHmqoJfGr_3swG4RFHW4S2yJCYPDVEAaOAmKgaV2i67e0N9vG8pc_HveXAQvCFSi7zR6onKdRIkZOe7QxYF8mRYLNFJTfwukNDapkY5NQ&sai=AMfl-YSL6xezDfOerDRL0SaRUdJk9SYAWgeG-6ERkM6jbGGYtB98m375VbuBTa_rtMmJRntNa8COXcuBwVPCv_ouFVeYD6tPV_SKF6czmMG7m5pMSFn3JhxJjGxSMX5-bHENVyym2xchAC8-0qLoB1Tctxgj6lkmww&sig=Cg0ArKJSzC0_LcbGfr5rEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1&cbvp=1&cstd=0&cisv=r20211103.96139&adurl=
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DPK7D0U45VmWqoWAJ00Ctz_hG9BfCXkHRab9pwbrOacom15pWTg3tP-h5rMNrS1GtgWOz-NoFIpfTQZUqPx1lpQukKnyH2ldmLM3nJwlCbR_kOQe67GaBf5fRd_9xreXlXkHarkPwMDlahNey38OI-2onVnA&cry=1&dbm_d=AKAmf-C4Frw8vf_y__db68hK3R1nGvJeA-LkldeVfwDC1XvxSUVqT9BsHsv3VclwaoeXjBblOV5IhR59f2tAHUZ1GyeSjOZewWi02i9FUcerqy5hBZDB7QzixXa4Ko3-QPmD7w1joLJS8xZdMNT0LllB7_w528q7_dcOp9aLwQQMx-_B2BVH_Q7UOBYl8R4m7dYURZz3MNa9cK4I-V1XhjU2fV6aAJVthDVWb_0W8_Hr8hKC7VEfm3tCG4171HJer60b6x-8yyysAt6SfMiVaz0M6CPCUdDXj9f1qX7mRHymOD3a9KkTaiqeYy7QmSCFtzkN828rBwx-rJuATPbTME3gBmZreVPDvkxjIiODiVbXxpdRR2ukkYKIvamoBq6sQW1ygi0o74Cob6w22or4vVll2uoCFHE6HJGpz3fMmS3C_-xCjflXMq1Bvg-5SA60xqAlpPOiFLBaz6_G0oCiMEE7sqLvNTNzYiHqQgftpBk03U6IXbEbBdr0fQ9PbMgOrw_PreFUHv1pT_DUZsk_fY8qNiMb2s9NhEcQ3U-5K6EIH_e3mKXttXDqOKAS1TXqB5KZHbk62D0cU18FEV6lvYuqp5FqcdxOZERWjM-9ymsmS2NDP7u_czwH1Q5LBhRr5Bo1I8VdGWgvQrjktw3SyBwhqU2_2Qs3Bt1ZEEW3pLcaTd_dn5VtOhtBwUCUL5YQPbrDp8W5A7O9qyMK3lKTpTdzo7F_tVj_AO7vOrlCQbKWPX1hIJb3Rq2Nax6JlDkZJXl7ia_po5xPPkKYy3GIyEbNxKSORMzczuzf049JVrDP1XLiIturrK5E-kh7P3urAgerIhc9K82Zt6pu8BAoS66EAbWySGWSC_eEK0bDXxtr_NxkeAmBnM7cY7hV-irkm4m_9Dat6e1tU8WPZfDqgSA6nLpixPWQPxrc8P3UhNRqqI2VNX1Q_GPp8PjrRH9VYsnqxa0e0dENLebXHaKqkWs0zds4aZi8_3oU5QwwYYBGVrPEw2P2Iz0b2Q6xuIitYkrxBU7hD-UhXH7KXwzunPr0RqYiCPo1Nu0qBd-uwzPgHdCSvHbRysQKNd141tMHpWZukfbDnyyTAQmG1hEqZs_Wwx4FXM0FPQ-LQjOfZa6cCpIG75FIvioGLkXxjllrtzxHoAmbMjYy3AqYu3HsL6KuPn3uPHTbYzpjsQFbLoj0FWNT3DbhDlFS1pH2tvwyWrzhVYMj-l0N6HzWzXdpTlXUPt_9VEAP72ZdBeiysXUM5yj3ZFzq_OBQZHmyGF19k_ay0tXG4cNsX5xfN0OIb94xAfk3JU2q37VJmDCeDqgzGiRCcZZNq1pss4EB4mNEhbvJK4iyATPupu4JJDIdkrBlAFHPpkHJ9Mm0lvJA8mLwXqcCUsqchUhCThoFomokS-G5d0cYk5H_IhPDpspfMl5pCO6gPcCjwMEs_nRT2lYq49WW3etOTNOB29aIJev8sOxmGRSMwBKCycDn6o27vdgT2YZheLR3IPasn6LYIw-dt8RgN2BNEVE8WGS92HfCnwhOCOPSwKEw5ggTNwDTT9nUS4mO_Ilxz_C_URmIvv1JbzcaDgOLc2hXUD_8XwQELyJHR3NRz6l-uchCIuDPx-wBNLuCvqCbinbrOpFES8Al0tFuT11DzXlNKmvHPTX7ZpqBIeHotFIkOICFlm5vYOvzBuM8d_elG45v2f4xUHvoSj10g8wCrjj14dqg0fjTfxYSTBJPN92REIHCXRcR7tHmsk9TtVKrgrnOZR7ueecJ6C53b8rlVXKLkwE3CPUwHiLfHii-WbiDkoNaM-kwUKvwemFsmygeIDUEpsn1fhelUH29x_0xZSHCQae5NB9xoOIRNl43TaQS-wEETcTgswM4KGqQr5Yq410VJLqZ85YAVrYR4csmIxoJpLXW8hCTO1DYZP0VjThJRPx3mykEmFKKcBN2sgaizQt1-yiVXx075N_eVVz-ts95D7kCkixZ9f4XsKQrOf2k-DwcZ8oEbRbxn8pJIGMe-NXijKfznz9EljpqtnVubs82OjPUyEecNdBliBaqvh9N5LjKaR2CsmfY5EvJ8b1YPns2kPlbz8jUfvtkJdIPyxF3xM9GwjNaEVUd0fNMlYOIrB7tGxHl3EkYEIQ-KP0AuqOwZPJKZZ8lBwpLQ3hicTLJYC3blIK4HZDLgKUZFhmRbjWnBmZmEX_mTOUNo-qJlo41yYypFBQ_son8HEdPEgNLNkRJxXR2vAtIrHbIoG-9IGIk3ynD6S44f3yja9Xq-ri3Xxc5FeSn5ZGeiipJLgRHPufJEU0VpEytJhTLDai2HoDzCW96vFGDVruLj3ZAPt3Dm2sGHbiYMil8tUrRDhHNpxJwQHWjgG2tdvPcIZrcH0UI2BCCPSN-aHccQNgZpYamaRVi5-tqyuybGspNalxH-Zzj4jC_jcYFT-lrzbiRj9-iQ6LdfVOLLajQAs33qozzF9V1_F94lnrGG_aTCTDbFXa7iDCUCX0ao8VoeogKXx1FUE3FZloFhro1b5hi1orPcUvNZX7OgSJof9bmwY-yxf3h2RHeHmRI5Jdueq2T9UYGcYJJQfyN0Q3MS0TG6k08qL7OaPQoCESXXG49KzVyvmTCdDcaBkjFkS3toiTrS37Z4DR7c71bz7vfTwfwR23No9gak010-ToK5_xNk9DVD3SxGk4PgkVw2KTXYRwpSKNuJYH7OG9CTzwrQYof4WL02sakvnpu90hPn9KMc_EXF3mGIsx11K_GWbA5riTxN9eSRjyHSNBE1HbK6xVDSEA3uSZZzufiiGOFJM4Vs8dXoNArzKwF0yppDpuwEzT5iIOc2KPi2IvpH6lSWUM9buu-JSSTZpIXTDRWQSTMdpYiN5ZrQuDvaB8Og28rNmOkIq76-64bVf-bkVxPy8r_9Cm15CyYBKJ-97wFgGBQP-yOA9_g84qUmea66CZBivCeJ0PMzd-1n5z83cdosZgxeXrM36gIUW3dlIofGv_N8ciRNmcty6en1Qx2c4m2nl6s2t0__CT3HWOywwm1TriEBYjiX8zenefwwQQHbgstO10U6tbb8nRModkL8ferJpiaNSbY346vnXtxcemqOFmEhFbRCyPHpeEh8iL0JbXyeQErb3qYDRagNt0ua9nv-tfrZL66apQTCvadZDx96UqvSqlkthefiZ-dSQAG_SO3fnPbmAtA_yYmdXEzfrE6I8M88ojaAWza9eJXynC1G8xpgwtNFS4KuSr3Tyc3N0i6FpY&cid=CAASEuRohWaFhNXRk-PKX1TgSDjPRA&rfl=2%2Chttps%253A%252F%252Fsecurityaffairs.co%242%2Chttps%253A%252F%252Fsecurityaffairs.co%252F%240
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.64.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s30-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

timing-allow-origin
*
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
date
Mon, 08 Nov 2021 15:48:06 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
UFYwWwmt.js
tpc.googlesyndication.com/sodar/ Frame F442 		41 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DPK7D0U45VmWqoWAJ00Ctz_hG9BfCXkHRab9pwbrOacom15pWTg3tP-h5rMNrS1GtgWOz-NoFIpfTQZUqPx1lpQukKnyH2ldmLM3nJwlCbR_kOQe67GaBf5fRd_9xreXlXkHarkPwMDlahNey38OI-2onVnA&cry=1&dbm_d=AKAmf-C4Frw8vf_y__db68hK3R1nGvJeA-LkldeVfwDC1XvxSUVqT9BsHsv3VclwaoeXjBblOV5IhR59f2tAHUZ1GyeSjOZewWi02i9FUcerqy5hBZDB7QzixXa4Ko3-QPmD7w1joLJS8xZdMNT0LllB7_w528q7_dcOp9aLwQQMx-_B2BVH_Q7UOBYl8R4m7dYURZz3MNa9cK4I-V1XhjU2fV6aAJVthDVWb_0W8_Hr8hKC7VEfm3tCG4171HJer60b6x-8yyysAt6SfMiVaz0M6CPCUdDXj9f1qX7mRHymOD3a9KkTaiqeYy7QmSCFtzkN828rBwx-rJuATPbTME3gBmZreVPDvkxjIiODiVbXxpdRR2ukkYKIvamoBq6sQW1ygi0o74Cob6w22or4vVll2uoCFHE6HJGpz3fMmS3C_-xCjflXMq1Bvg-5SA60xqAlpPOiFLBaz6_G0oCiMEE7sqLvNTNzYiHqQgftpBk03U6IXbEbBdr0fQ9PbMgOrw_PreFUHv1pT_DUZsk_fY8qNiMb2s9NhEcQ3U-5K6EIH_e3mKXttXDqOKAS1TXqB5KZHbk62D0cU18FEV6lvYuqp5FqcdxOZERWjM-9ymsmS2NDP7u_czwH1Q5LBhRr5Bo1I8VdGWgvQrjktw3SyBwhqU2_2Qs3Bt1ZEEW3pLcaTd_dn5VtOhtBwUCUL5YQPbrDp8W5A7O9qyMK3lKTpTdzo7F_tVj_AO7vOrlCQbKWPX1hIJb3Rq2Nax6JlDkZJXl7ia_po5xPPkKYy3GIyEbNxKSORMzczuzf049JVrDP1XLiIturrK5E-kh7P3urAgerIhc9K82Zt6pu8BAoS66EAbWySGWSC_eEK0bDXxtr_NxkeAmBnM7cY7hV-irkm4m_9Dat6e1tU8WPZfDqgSA6nLpixPWQPxrc8P3UhNRqqI2VNX1Q_GPp8PjrRH9VYsnqxa0e0dENLebXHaKqkWs0zds4aZi8_3oU5QwwYYBGVrPEw2P2Iz0b2Q6xuIitYkrxBU7hD-UhXH7KXwzunPr0RqYiCPo1Nu0qBd-uwzPgHdCSvHbRysQKNd141tMHpWZukfbDnyyTAQmG1hEqZs_Wwx4FXM0FPQ-LQjOfZa6cCpIG75FIvioGLkXxjllrtzxHoAmbMjYy3AqYu3HsL6KuPn3uPHTbYzpjsQFbLoj0FWNT3DbhDlFS1pH2tvwyWrzhVYMj-l0N6HzWzXdpTlXUPt_9VEAP72ZdBeiysXUM5yj3ZFzq_OBQZHmyGF19k_ay0tXG4cNsX5xfN0OIb94xAfk3JU2q37VJmDCeDqgzGiRCcZZNq1pss4EB4mNEhbvJK4iyATPupu4JJDIdkrBlAFHPpkHJ9Mm0lvJA8mLwXqcCUsqchUhCThoFomokS-G5d0cYk5H_IhPDpspfMl5pCO6gPcCjwMEs_nRT2lYq49WW3etOTNOB29aIJev8sOxmGRSMwBKCycDn6o27vdgT2YZheLR3IPasn6LYIw-dt8RgN2BNEVE8WGS92HfCnwhOCOPSwKEw5ggTNwDTT9nUS4mO_Ilxz_C_URmIvv1JbzcaDgOLc2hXUD_8XwQELyJHR3NRz6l-uchCIuDPx-wBNLuCvqCbinbrOpFES8Al0tFuT11DzXlNKmvHPTX7ZpqBIeHotFIkOICFlm5vYOvzBuM8d_elG45v2f4xUHvoSj10g8wCrjj14dqg0fjTfxYSTBJPN92REIHCXRcR7tHmsk9TtVKrgrnOZR7ueecJ6C53b8rlVXKLkwE3CPUwHiLfHii-WbiDkoNaM-kwUKvwemFsmygeIDUEpsn1fhelUH29x_0xZSHCQae5NB9xoOIRNl43TaQS-wEETcTgswM4KGqQr5Yq410VJLqZ85YAVrYR4csmIxoJpLXW8hCTO1DYZP0VjThJRPx3mykEmFKKcBN2sgaizQt1-yiVXx075N_eVVz-ts95D7kCkixZ9f4XsKQrOf2k-DwcZ8oEbRbxn8pJIGMe-NXijKfznz9EljpqtnVubs82OjPUyEecNdBliBaqvh9N5LjKaR2CsmfY5EvJ8b1YPns2kPlbz8jUfvtkJdIPyxF3xM9GwjNaEVUd0fNMlYOIrB7tGxHl3EkYEIQ-KP0AuqOwZPJKZZ8lBwpLQ3hicTLJYC3blIK4HZDLgKUZFhmRbjWnBmZmEX_mTOUNo-qJlo41yYypFBQ_son8HEdPEgNLNkRJxXR2vAtIrHbIoG-9IGIk3ynD6S44f3yja9Xq-ri3Xxc5FeSn5ZGeiipJLgRHPufJEU0VpEytJhTLDai2HoDzCW96vFGDVruLj3ZAPt3Dm2sGHbiYMil8tUrRDhHNpxJwQHWjgG2tdvPcIZrcH0UI2BCCPSN-aHccQNgZpYamaRVi5-tqyuybGspNalxH-Zzj4jC_jcYFT-lrzbiRj9-iQ6LdfVOLLajQAs33qozzF9V1_F94lnrGG_aTCTDbFXa7iDCUCX0ao8VoeogKXx1FUE3FZloFhro1b5hi1orPcUvNZX7OgSJof9bmwY-yxf3h2RHeHmRI5Jdueq2T9UYGcYJJQfyN0Q3MS0TG6k08qL7OaPQoCESXXG49KzVyvmTCdDcaBkjFkS3toiTrS37Z4DR7c71bz7vfTwfwR23No9gak010-ToK5_xNk9DVD3SxGk4PgkVw2KTXYRwpSKNuJYH7OG9CTzwrQYof4WL02sakvnpu90hPn9KMc_EXF3mGIsx11K_GWbA5riTxN9eSRjyHSNBE1HbK6xVDSEA3uSZZzufiiGOFJM4Vs8dXoNArzKwF0yppDpuwEzT5iIOc2KPi2IvpH6lSWUM9buu-JSSTZpIXTDRWQSTMdpYiN5ZrQuDvaB8Og28rNmOkIq76-64bVf-bkVxPy8r_9Cm15CyYBKJ-97wFgGBQP-yOA9_g84qUmea66CZBivCeJ0PMzd-1n5z83cdosZgxeXrM36gIUW3dlIofGv_N8ciRNmcty6en1Qx2c4m2nl6s2t0__CT3HWOywwm1TriEBYjiX8zenefwwQQHbgstO10U6tbb8nRModkL8ferJpiaNSbY346vnXtxcemqOFmEhFbRCyPHpeEh8iL0JbXyeQErb3qYDRagNt0ua9nv-tfrZL66apQTCvadZDx96UqvSqlkthefiZ-dSQAG_SO3fnPbmAtA_yYmdXEzfrE6I8M88ojaAWza9eJXynC1G8xpgwtNFS4KuSr3Tyc3N0i6FpY&cid=CAASEuRohWaFhNXRk-PKX1TgSDjPRA&rfl=2%2Chttps%253A%252F%252Fsecurityaffairs.co%242%2Chttps%253A%252F%252Fsecurityaffairs.co%252F%240
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:816::2001 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 14:21:58 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
5168
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15207
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="adspam-signals-scs"
expires
Tue, 08 Nov 2022 14:21:58 GMT
cookie_push_onload.html
pagead2.googlesyndication.com/pagead/s/ Frame 55F9 		1 KB
864 B 		Document
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=90&slotname=Internal_728x90_0.10&adk=1194620937&adf=1480696129&pi=t.ma~as.Internal_728x90_0.10&w=728&lmt=1636386485&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F112825%2Fmalware%2Fgolang-based-worm-windows-linux.html&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1636386485752&bpp=6&bdt=145&idt=196&shv=r20211103&mjsv=m202111020101&ptt=5&saldr=sa&correlator=6653099393600&frm=21&ife=1&pv=1&ga_vid=826445048.1636386485&ga_sid=1636386486&ga_hid=1670877418&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=320&ady=518&biw=1600&bih=1200&isw=728&ish=90&ifk=1904614804&scr_x=0&scr_y=0&eid=31062938&oid=2&pvsid=1757560233294358&pem=843&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.xa1tfz6tg05z&fsb=1&xpc=jgpFHxDAe2&p=https%3A//securityaffairs.co&dtd=211
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81c::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://googleads.g.doubleclick.net/

Response headers

p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
vary
Accept-Encoding
date
Sun, 07 Nov 2021 21:56:09 GMT
expires
Mon, 08 Nov 2021 21:56:09 GMT
content-type
text/html; charset=UTF-8
etag
48472445140208031
x-content-type-options
nosniff
content-encoding
gzip
server
cafe
content-length
724
x-xss-protection
0
age
64317
cache-control
public, max-age=86400
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
si
googleads.g.doubleclick.net/pagead/drt/ Frame 77CE
Redirect Chain
  • https://www.google.com/pagead/drt/ui
  • https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
0
16 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=50&slotname=Internal_320x50_0.10&adk=468307373&adf=1480696131&pi=t.ma~as.Internal_320x50_0.10&w=320&lmt=1636386485&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F112825%2Fmalware%2Fgolang-based-worm-windows-linux.html&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1636386485719&bpp=15&bdt=185&idt=191&shv=r20211103&mjsv=m202111020101&ptt=5&saldr=sa&correlator=6653099393600&frm=21&ife=1&pv=2&ga_vid=826445048.1636386485&ga_sid=1636386486&ga_hid=1089796484&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=320&ady=820&biw=1600&bih=1200&isw=320&ish=50&ifk=1908481605&scr_x=0&scr_y=0&eid=21065724&oid=2&pvsid=3372795393941806&pem=843&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.h7hnysjkfh1q&fsb=1&xpc=fF2ziKw2Ol&p=https%3A//securityaffairs.co&dtd=210
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.65.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s71-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
date
Mon, 08 Nov 2021 15:48:06 GMT
server
cafe
content-length
0
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires
Mon, 08 Nov 2021 15:48:06 GMT
cache-control
private

Redirect headers

location
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
cache-control
private
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
date
Mon, 08 Nov 2021 15:48:06 GMT
server
cafe
content-length
0
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
vtr.php
served-by.pixfuture.com/www/headerbid/library/tracking/ 		0
309 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://served-by.pixfuture.com/www/headerbid/library/tracking/vtr.php
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://securityaffairs.co/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:06 GMT
server
nginx/1.10.3 (Ubuntu)
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
cache-control
max-age=172800
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
expires
Wed, 10 Nov 2021 15:48:06 GMT
merge
ce.lijit.com/ Frame 79EB
Redirect Chain
  • https://match.prod.bidr.io/cookie-sync/svr?gdpr=0&gdpr_consent=
  • https://ce.lijit.com/merge?pid=85&3pid=AACqDk7DEo0AABkfKQPxKQ&gdpr=0
43 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ce.lijit.com/merge?pid=85&3pid=AACqDk7DEo0AABkfKQPxKQ&gdpr=0
Requested by
Host: ap.lijit.com
URL: https://ap.lijit.com/beacon?informer=13480300
Protocol
HTTP/1.1
Server
63.251.86.49 , United States, ASN10913 (INTERNAP-BLK, US),
Reverse DNS
Software
nginx / raptor
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ap.lijit.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:06 GMT
Server
nginx
X-Powered-By
raptor
P3P
CP="CUR ADM OUR NOR STA NID"
Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod
ad_ap1dca1
Content-Type
image/gif
Content-Length
43
Expires
Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

location
https://ce.lijit.com/merge?pid=85&3pid=AACqDk7DEo0AABkfKQPxKQ&gdpr=0
Date
Mon, 08 Nov 2021 15:48:06 GMT
Server
nginx
Connection
keep-alive
Content-Length
0
strict-transport-security
max-age=2592000; includeSubDomains
merge
ce.lijit.com/ Frame 79EB
Redirect Chain
  • https://p.rfihub.com/cm?in=1&pub=1827&gdpr=0&gdpr_consent=
  • https://ce.lijit.com/merge?pid=10&3pid=978758875032371846
43 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ce.lijit.com/merge?pid=10&3pid=978758875032371846
Requested by
Host: ap.lijit.com
URL: https://ap.lijit.com/beacon?informer=13480300
Protocol
HTTP/1.1
Server
63.251.86.49 , United States, ASN10913 (INTERNAP-BLK, US),
Reverse DNS
Software
nginx / raptor
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ap.lijit.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:07 GMT
Server
nginx
X-Powered-By
raptor
P3P
CP="CUR ADM OUR NOR STA NID"
Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod
ad_ap1dca1
Content-Type
image/gif
Content-Length
43
Expires
Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

Location
https://ce.lijit.com/merge?pid=10&3pid=978758875032371846
Date
Mon, 08 Nov 2021 15:48:06 GMT
Server
Jetty(9.3.29.v20201019)
Content-Length
0
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
merge
ce.lijit.com/ Frame 79EB
Redirect Chain
  • https://secure.adnxs.com/getuid?https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D12%263pid%3D%24UID&gdpr=0&gdpr_consent=
  • https://ce.lijit.com/merge?pid=12&3pid=6624566760367890375&gdpr=0&gdpr_consent=
43 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ce.lijit.com/merge?pid=12&3pid=6624566760367890375&gdpr=0&gdpr_consent=
Requested by
Host: ap.lijit.com
URL: https://ap.lijit.com/beacon?informer=13480300
Protocol
HTTP/1.1
Server
63.251.86.49 , United States, ASN10913 (INTERNAP-BLK, US),
Reverse DNS
Software
nginx / raptor
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ap.lijit.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:07 GMT
Server
nginx
X-Powered-By
raptor
P3P
CP="CUR ADM OUR NOR STA NID"
Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod
ad_ap1dca1
Content-Type
image/gif
Content-Length
43
Expires
Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:06 GMT
X-Proxy-Origin
37.120.205.149; 37.120.205.149; 550.bm-nginx-loadbalancer.mgmt.nym2; adnxs.com
AN-X-Request-Uuid
a5eb941e-986c-421f-ab98-24dea848ca67
Server
nginx/1.17.9
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://ce.lijit.com/merge?pid=12&3pid=6624566760367890375&gdpr=0&gdpr_consent=
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
merge
ce.lijit.com/ Frame 79EB
Redirect Chain
  • https://ums.acuityplatform.com/tum?umid=27&uid=f184a978f0e8c2d1833e39ce&gdpr=0&gdpr_consent=
  • https://ce.lijit.com/merge?pid=66&3pid=620923216780
43 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ce.lijit.com/merge?pid=66&3pid=620923216780
Requested by
Host: ap.lijit.com
URL: https://ap.lijit.com/beacon?informer=13480300
Protocol
HTTP/1.1
Server
63.251.86.49 , United States, ASN10913 (INTERNAP-BLK, US),
Reverse DNS
Software
nginx / raptor
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ap.lijit.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:07 GMT
Server
nginx
X-Powered-By
raptor
P3P
CP="CUR ADM OUR NOR STA NID"
Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod
ad_ap1dca1
Content-Type
image/gif
Content-Length
43
Expires
Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

Access-Control-Allow-Origin
*
Content-Length
0
Location
https://ce.lijit.com/merge?pid=66&3pid=620923216780
merge
ce.lijit.com/ Frame 79EB
Redirect Chain
  • https://pixel-us-east.rubiconproject.com/exchange/sync.php?p=sovrn&gdpr=0&gdpr_consent=
  • https://ce.lijit.com/merge?pid=80&3pid=KVQU9H03-1P-5D30&gdpr=0
43 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ce.lijit.com/merge?pid=80&3pid=KVQU9H03-1P-5D30&gdpr=0
Requested by
Host: ap.lijit.com
URL: https://ap.lijit.com/beacon?informer=13480300
Protocol
HTTP/1.1
Server
63.251.86.49 , United States, ASN10913 (INTERNAP-BLK, US),
Reverse DNS
Software
nginx / raptor
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ap.lijit.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:07 GMT
Server
nginx
X-Powered-By
raptor
P3P
CP="CUR ADM OUR NOR STA NID"
Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod
ad_ap1dca1
Content-Type
image/gif
Content-Length
43
Expires
Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

Pragma
no-cache
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location
https://ce.lijit.com/merge?pid=80&3pid=KVQU9H03-1P-5D30&gdpr=0
Cache-Control
no-cache,no-store,must-revalidate
Content-Type
text/html
content-length
0
X-RPHost
e1bf03b8e0c0366715a8d9abd31b9f35
Expires
0
merge
ce.lijit.com/ Frame 79EB
Redirect Chain
  • https://rtb.mfadsrvr.com/sync?ssp=sovrn&gdpr=0&gdpr_consent=
  • https://rtb.mfadsrvr.com/ul_cb/sync?ssp=sovrn&gdpr=0&gdpr_consent=
  • https://ce.lijit.com/merge?pid=87&3pid=26295e74-e49e-4fdb-bc3c-d6eea2adfd9f
43 B
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ce.lijit.com/merge?pid=87&3pid=26295e74-e49e-4fdb-bc3c-d6eea2adfd9f
Requested by
Host: ap.lijit.com
URL: https://ap.lijit.com/beacon?informer=13480300
Protocol
HTTP/1.1
Server
63.251.86.49 , United States, ASN10913 (INTERNAP-BLK, US),
Reverse DNS
Software
nginx / raptor
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ap.lijit.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:07 GMT
Server
nginx
X-Powered-By
raptor
P3P
CP="CUR ADM OUR NOR STA NID"
Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod
ad_ap1dca1
Content-Type
image/gif
Content-Length
43
Expires
Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

location
//ce.lijit.com/merge?pid=87&3pid=26295e74-e49e-4fdb-bc3c-d6eea2adfd9f
date
Mon, 08 Nov 2021 15:48:07 GMT
cache-control
no-cache, no-store, must-revalidate
alt-svc
clear
content-length
0
via
1.1 google
merge
ce.lijit.com/ Frame 79EB
Redirect Chain
  • https://data.adsrvr.org/track/cmf/generic?ttd_pid=federatedmedia&gdpr=0&gdpr_consent=
  • https://ce.lijit.com/merge?pid=27&3pid=bef21cd7-0fed-4f87-bc0f-da97b65f7cb9&gdpr=0&gdpr_consent=
43 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ce.lijit.com/merge?pid=27&3pid=bef21cd7-0fed-4f87-bc0f-da97b65f7cb9&gdpr=0&gdpr_consent=
Requested by
Host: ap.lijit.com
URL: https://ap.lijit.com/beacon?informer=13480300
Protocol
HTTP/1.1
Server
63.251.86.49 , United States, ASN10913 (INTERNAP-BLK, US),
Reverse DNS
Software
nginx / raptor
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ap.lijit.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:07 GMT
Server
nginx
X-Powered-By
raptor
P3P
CP="CUR ADM OUR NOR STA NID"
Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod
ad_ap1dca1
Content-Type
image/gif
Content-Length
43
Expires
Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:06 GMT
x-aspnet-version
4.0.30319
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location
https://ce.lijit.com/merge?pid=27&3pid=bef21cd7-0fed-4f87-bc0f-da97b65f7cb9&gdpr=0&gdpr_consent=
cache-control
private,no-cache, must-revalidate
content-type
text/html
content-length
223
merge
ce.lijit.com/ Frame 79EB
Redirect Chain
  • https://pixel-eu.rubiconproject.com/exchange/sync.php?p=sovrn-onscroll&gdpr=0&gdpr_consent=
  • https://ce.lijit.com/merge?pid=83&3pid=KVQU9H03-1P-5D30&gdpr=0
43 B
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ce.lijit.com/merge?pid=83&3pid=KVQU9H03-1P-5D30&gdpr=0
Requested by
Host: ap.lijit.com
URL: https://ap.lijit.com/beacon?informer=13480300
Protocol
HTTP/1.1
Server
63.251.86.49 , United States, ASN10913 (INTERNAP-BLK, US),
Reverse DNS
Software
nginx / raptor
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ap.lijit.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:07 GMT
Server
nginx
X-Powered-By
raptor
P3P
CP="CUR ADM OUR NOR STA NID"
Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod
ad_ap1dca1
Content-Type
image/gif
Content-Length
43
Expires
Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

Pragma
no-cache
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location
https://ce.lijit.com/merge?pid=83&3pid=KVQU9H03-1P-5D30&gdpr=0
Cache-Control
no-cache,no-store,must-revalidate
Content-Type
text/html
content-length
0
X-RPHost
0163a7456b0a5605e8b1fb1d4fba3e4d
Expires
0
merge
ce.lijit.com/ Frame 79EB
Redirect Chain
  • https://bh.contextweb.com/bh/rtset?pid=558511&ev=1&rurl=https%3A%2F%2Fce.lijit.com/merge?pid=49&3pid=%%VGUID%%&gdpr=0&gdpr_consent=
  • https://ce.lijit.com/merge?pid=49&3pid=H8Pc5X87Q0ue&ev=1&pid=558511&gdpr_consent=&gdpr=0
43 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ce.lijit.com/merge?pid=49&3pid=H8Pc5X87Q0ue&ev=1&pid=558511&gdpr_consent=&gdpr=0
Requested by
Host: ap.lijit.com
URL: https://ap.lijit.com/beacon?informer=13480300
Protocol
HTTP/1.1
Server
63.251.86.49 , United States, ASN10913 (INTERNAP-BLK, US),
Reverse DNS
Software
nginx / raptor
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ap.lijit.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:07 GMT
Server
nginx
X-Powered-By
raptor
P3P
CP="CUR ADM OUR NOR STA NID"
Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod
ad_ap1dca1
Content-Type
image/gif
Content-Length
43
Expires
Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

strict-transport-security
max-age=15768000
server
Jetty(9.4.14.v20181114)
p3p
policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
content-language
en-CA
location
https://ce.lijit.com/merge?pid=49&3pid=H8Pc5X87Q0ue&ev=1&pid=558511&gdpr_consent=&gdpr=0
cache-control
private, max-age=0, no-cache, no-store
cw-server
bh-deployment-857fc6c844-vxjjb
expires
-1
merge
ce.lijit.com/ Frame 79EB
Redirect Chain
  • https://sync.1rx.io/usersync2/sovrn?gdpr=0&gdpr_consent=
  • https://pixel-sync.sitescout.com/dmp/pixelSync?nid=110&redir=https%3A%2F%2Fsync.1rx.io%2Fusersync3%2Fcentro%2F2032%2F%7BuserId%7D%3Fzcc%3D0%26sspret%3D1&rndcb=5193799295
  • https://sync.1rx.io/usersync3/centro/2032/c5a8c34f-a2af-431f-bc5a-09806d7b694f-618946b5-4341?zcc=0&sspret=1&rndcb=5193799295
  • https://sync.targeting.unrulymedia.com/csync/RX-af56c6db-498f-42fc-9369-e44a2dbc1924-005?redir=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D56%263pid%3DRX-af56c6db-498f-42fc-9369-e44a2dbc1924-005
  • https://ce.lijit.com/merge?pid=56&3pid=RX-af56c6db-498f-42fc-9369-e44a2dbc1924-005
43 B
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ce.lijit.com/merge?pid=56&3pid=RX-af56c6db-498f-42fc-9369-e44a2dbc1924-005
Requested by
Host: ap.lijit.com
URL: https://ap.lijit.com/beacon?informer=13480300
Protocol
HTTP/1.1
Server
63.251.86.49 , United States, ASN10913 (INTERNAP-BLK, US),
Reverse DNS
Software
nginx / raptor
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ap.lijit.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:08 GMT
Server
nginx
X-Powered-By
raptor
P3P
CP="CUR ADM OUR NOR STA NID"
Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod
ad_ap1dca1
Content-Type
image/gif
Content-Length
43
Expires
Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

Date
Mon, 08 Nov 2021 15:48:07 GMT
Server
Tengine
ETag
RXaf56c6db498f42fc9369e44a2dbc1924005
Transfer-Encoding
chunked
P3P
CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
Location
https://ce.lijit.com/merge?pid=56&3pid=RX-af56c6db-498f-42fc-9369-e44a2dbc1924-005
Connection
keep-alive
Content-Type
text/html
ae12848777b41970a5f2
s.amazon-adsystem.com/x/ Frame 79EB 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.amazon-adsystem.com/x/ae12848777b41970a5f2?gdpr=0&gdpr_consent=
Requested by
Host: ap.lijit.com
URL: https://ap.lijit.com/beacon?informer=13480300
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
209.54.176.128 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ap.lijit.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers
epx.gif
px.owneriq.net/fr/ Frame 79EB
Redirect Chain
  • https://px.owneriq.net/eucm/p/sv?gdpr=0&gdpr_consent=
  • https://px.owneriq.net/fr/epx.gif
43 B
402 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.owneriq.net/fr/epx.gif
Requested by
Host: ap.lijit.com
URL: https://ap.lijit.com/beacon?informer=13480300
Protocol
HTTP/1.1
Server
23.46.249.89 Atlanta, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-46-249-89.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ap.lijit.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date
Mon, 08 Nov 2021 15:48:07 GMT
Server
Apache/2.2.15 (CentOS)
X-Powered-By
PHP/5.3.3
P3P
policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control
max-age=370331
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Fri, 12 Nov 2021 22:40:18 GMT

Redirect headers

Date
Mon, 08 Nov 2021 15:48:07 GMT
Server
Apache/2.2.15 (CentOS)
X-Powered-By
PHP/5.3.3
Vary
Accept-Encoding
P3P
policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Location
https://px.owneriq.net/fr/epx.gif
Cache-Control
max-age=12183
Connection
keep-alive
Content-Type
text/html
Content-Length
154
merge
ce.lijit.com/ Frame 79EB
Redirect Chain
  • https://x.bidswitch.net/sync?ssp=fmx&gdpr=0&gdpr_consent=
  • https://ads.creative-serving.com/bsw_sync?bidswitch_ssp_id=fmx&bsw_custom_parameter=85c87065-7ef7-4b17-88e8-8c602c265f67
  • https://ads.creative-serving.com/ul_cb/bsw_sync?bidswitch_ssp_id=fmx&bsw_custom_parameter=85c87065-7ef7-4b17-88e8-8c602c265f67
  • https://x.bidswitch.net/sync?dsp_id=4&user_id=acaccc5b-16df-46aa-89a5-cf714a54628c&ssp=fmx&expires=30&user_group=5&bsw_param=85c87065-7ef7-4b17-88e8-8c602c265f67
  • https://ce.lijit.com/merge?pid=26&3pid=85c87065-7ef7-4b17-88e8-8c602c265f67
43 B
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ce.lijit.com/merge?pid=26&3pid=85c87065-7ef7-4b17-88e8-8c602c265f67
Requested by
Host: ap.lijit.com
URL: https://ap.lijit.com/beacon?informer=13480300
Protocol
HTTP/1.1
Server
63.251.86.49 , United States, ASN10913 (INTERNAP-BLK, US),
Reverse DNS
Software
nginx / raptor
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ap.lijit.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:08 GMT
Server
nginx
X-Powered-By
raptor
P3P
CP="CUR ADM OUR NOR STA NID"
Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod
ad_ap1dca1
Content-Type
image/gif
Content-Length
43
Expires
Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

Location
//ce.lijit.com/merge?pid=26&3pid=85c87065-7ef7-4b17-88e8-8c602c265f67
Date
Mon, 08 Nov 2021 15:48:07 GMT
Cache-Control
no-cache, no-store, must-revalidate
Server
nginx
Connection
keep-alive
Content-Length
0
merge
ce.lijit.com/ Frame 79EB
Redirect Chain
  • https://sync.mathtag.com/sync/img?mt_exid=17&mt_exuid=f184a978f0e8c2d1833e39ce&redirect=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D3%263pid%3D%5BUUID%5D&gdpr=0&gdpr_consent=
  • https://ce.lijit.com/merge?pid=3&3pid=47ba6189-46b6-4f00-a922-0724bc220c16&gdpr=0&gdpr_consent=
43 B
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ce.lijit.com/merge?pid=3&3pid=47ba6189-46b6-4f00-a922-0724bc220c16&gdpr=0&gdpr_consent=
Requested by
Host: ap.lijit.com
URL: https://ap.lijit.com/beacon?informer=13480300
Protocol
HTTP/1.1
Server
63.251.86.49 , United States, ASN10913 (INTERNAP-BLK, US),
Reverse DNS
Software
nginx / raptor
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ap.lijit.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:07 GMT
Server
nginx
X-Powered-By
raptor
P3P
CP="CUR ADM OUR NOR STA NID"
Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod
ad_ap1dca1
Content-Type
image/gif
Content-Length
43
Expires
Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

Date
Mon, 08 Nov 2021 15:48:07 GMT
Server
MT3 4067 88cc6bf master iad-pixel-x3 config:1.0.0
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location
https://ce.lijit.com/merge?pid=3&3pid=47ba6189-46b6-4f00-a922-0724bc220c16&gdpr=0&gdpr_consent=
Cache-Control
no-cache
Connection
keep-alive
Content-Type
image/gif
Keep-Alive
timeout=360
Content-Length
0
Expires
Mon, 08 Nov 2021 15:48:06 GMT
pixel
cm.g.doubleclick.net/ Frame 79EB
Redirect Chain
  • https://ap.lijit.com/dsp/google/cookiematch/dv?gdpr=0&gdpr_consent=
  • https://cm.g.doubleclick.net/pixel?google_nid=lijit_dbm&google_hm=ZjE4NGE5NzhmMGU4YzJkMTgzM2UzOWNl&gdpr=0
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=lijit_dbm&google_hm=ZjE4NGE5NzhmMGU4YzJkMTgzM2UzOWNl&gdpr=0
Requested by
Host: ap.lijit.com
URL: https://ap.lijit.com/beacon?informer=13480300
Protocol
H3
Server
142.250.65.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s71-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ap.lijit.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:07 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date
Mon, 08 Nov 2021 15:48:07 GMT
Access-Control-Allow-Origin
*
Access-Control-Allow-Methods
GET, POST, DELETE, PUT
Location
https://cm.g.doubleclick.net/pixel?google_nid=lijit_dbm&google_hm=ZjE4NGE5NzhmMGU4YzJkMTgzM2UzOWNl&gdpr=0
Access-Control-Allow-Credentials
true
Connection
close
X-Sovrn-Pod
ad_ap3ord1
Access-Control-Allow-Headers
X-Requested-With, Content-Type
merge
ce.lijit.com/ Frame 79EB
Redirect Chain
  • https://aorta.clickagy.com/pixel.gif?ch=185&cm=f184a978f0e8c2d1833e39ce&redir=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D84%263pid%3D%7Bvisitor_id%7D&gdpr=0&gdpr_consent=
  • https://ce.lijit.com/merge?pid=84&3pid=c:78971647e6cca795f33714a1b8203b60
43 B
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ce.lijit.com/merge?pid=84&3pid=c:78971647e6cca795f33714a1b8203b60
Requested by
Host: ap.lijit.com
URL: https://ap.lijit.com/beacon?informer=13480300
Protocol
HTTP/1.1
Server
63.251.86.49 , United States, ASN10913 (INTERNAP-BLK, US),
Reverse DNS
Software
nginx / raptor
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ap.lijit.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:07 GMT
Server
nginx
X-Powered-By
raptor
P3P
CP="CUR ADM OUR NOR STA NID"
Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod
ad_ap1dca1
Content-Type
image/gif
Content-Length
43
Expires
Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

date
Mon, 8 Nov 2021 15:48:07 GMT
server
Aorta/20211029.2f91d75
access-control-allow-origin
access-control-max-age
31536000
access-control-allow-methods
POST, GET, OPTIONS
content-type
text/plain
Location
https://ce.lijit.com/merge?pid=84&3pid=c:78971647e6cca795f33714a1b8203b60
access-control-expose-headers
Set-Cookie
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
X-Aorta-Region
us-east-1
Connection
keep-alive
X-Aorta-Host
ip-10-42-20-94.ec2.internal
access-control-allow-headers
Origin,cache-control,content-type,man,messagetype,soapaction
Content-Length
0
merge
ce.lijit.com/ Frame 79EB
Redirect Chain
  • https://pixel-sync.sitescout.com/dmp/pixelSync?nid=23&gdpr=0&gdpr_consent=
  • https://tags.bluekai.com/site/17724?id=c5a8c34f-a2af-431f-bc5a-09806d7b694f-618946b5-4341&redir=https%3A%2F%2Fbcp.crwdcntrl.net%2Fmap%2Fc%3D1389%2Ftp%3DSTSC%2Ftpid%3Dc5a8c34f-a2af-431f-bc5a-09806d7...
  • https://bcp.crwdcntrl.net/map/c=1389/tp=STSC/tpid=c5a8c34f-a2af-431f-bc5a-09806d7b694f-618946b5-4341?https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D16%263pid%3Dc5a8c34f-a2af-431f-bc5a-09806d7b694f-6189...
  • https://ce.lijit.com/merge?pid=16&3pid=c5a8c34f-a2af-431f-bc5a-09806d7b694f-618946b5-4341&gdpr=0&gdpr_consent=
43 B
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ce.lijit.com/merge?pid=16&3pid=c5a8c34f-a2af-431f-bc5a-09806d7b694f-618946b5-4341&gdpr=0&gdpr_consent=
Requested by
Host: ap.lijit.com
URL: https://ap.lijit.com/beacon?informer=13480300
Protocol
HTTP/1.1
Server
63.251.86.49 , United States, ASN10913 (INTERNAP-BLK, US),
Reverse DNS
Software
nginx / raptor
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ap.lijit.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:07 GMT
Server
nginx
X-Powered-By
raptor
P3P
CP="CUR ADM OUR NOR STA NID"
Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod
ad_ap1dca1
Content-Type
image/gif
Content-Length
43
Expires
Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:07 GMT
server
Jetty(9.4.38.v20210224)
p3p
CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
location
https://ce.lijit.com/merge?pid=16&3pid=c5a8c34f-a2af-431f-bc5a-09806d7b694f-618946b5-4341&gdpr=0&gdpr_consent=
cache-control
no-cache
x-server
10.40.38.117
content-length
0
expires
0
merge
ce.lijit.com/ Frame 79EB
Redirect Chain
  • https://jadserve.postrelease.com/suid/101957?ntv_r=https://ce.lijit.com/merge?pid=90&3pid=NTV_USER_ID&gdpr=0&gdpr_consent=
  • https://ce.lijit.com/merge?pid=90&3pid=789d06c7-a154-4038-be75-24adf78e8e7e&gdpr=0&gdpr_consent=
43 B
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ce.lijit.com/merge?pid=90&3pid=789d06c7-a154-4038-be75-24adf78e8e7e&gdpr=0&gdpr_consent=
Requested by
Host: ap.lijit.com
URL: https://ap.lijit.com/beacon?informer=13480300
Protocol
HTTP/1.1
Server
63.251.86.49 , United States, ASN10913 (INTERNAP-BLK, US),
Reverse DNS
Software
nginx / raptor
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ap.lijit.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:07 GMT
Server
nginx
X-Powered-By
raptor
P3P
CP="CUR ADM OUR NOR STA NID"
Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod
ad_ap1dca1
Content-Type
image/gif
Content-Length
43
Expires
Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:07 GMT
server
nginx/1.12.1
location
https://ce.lijit.com/merge?pid=90&3pid=789d06c7-a154-4038-be75-24adf78e8e7e&gdpr=0&gdpr_consent=
p3p
CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-length
0
expires
Mon, 1 Jan 1990 12:00:00 GMT
merge
ce.lijit.com/ Frame 79EB
Redirect Chain
  • https://um.simpli.fi/lj_match?r=1636386486584&gdpr=0&gdpr_consent=
  • https://ce.lijit.com/merge?pid=2&3pid=961AF1076BCA42258C4489EC777AF824
43 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ce.lijit.com/merge?pid=2&3pid=961AF1076BCA42258C4489EC777AF824
Requested by
Host: ap.lijit.com
URL: https://ap.lijit.com/beacon?informer=13480300
Protocol
HTTP/1.1
Server
63.251.86.49 , United States, ASN10913 (INTERNAP-BLK, US),
Reverse DNS
Software
nginx / raptor
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ap.lijit.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:07 GMT
Server
nginx
X-Powered-By
raptor
P3P
CP="CUR ADM OUR NOR STA NID"
Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod
ad_ap1dca1
Content-Type
image/gif
Content-Length
43
Expires
Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

date
Mon, 08 Nov 2021 15:48:06 GMT
x-content-type-options
nosniff
server
nginx
location
https://ce.lijit.com/merge?pid=2&3pid=961AF1076BCA42258C4489EC777AF824
strict-transport-security
max-age=63072000; includeSubdomains; preload
access-control-allow-methods
GET, POST, OPTIONS
content-type
text/html
access-control-allow-origin
*
cache-control
no-cache
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length
138
expires
Sun, 07 Nov 2021 15:48:06 GMT
reporting
ap.lijit.com/dsp/google/ Frame 79EB
Redirect Chain
  • https://ap.lijit.com/dsp/google/cookiematch/beacon?gdpr=0&gdpr_consent=
  • https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_hm=ZjE4NGE5NzhmMGU4YzJkMTgzM2UzOWNl&gdpr=0
  • https://ap.lijit.com/dsp/google/reporting?gdpr=0
43 B
552 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ap.lijit.com/dsp/google/reporting?gdpr=0
Requested by
Host: ap.lijit.com
URL: https://ap.lijit.com/beacon?informer=13480300
Protocol
HTTP/1.1
Server
69.175.41.32 Downers Grove, United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
sovrn-193627-chi03-placeholder
Software
/
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ap.lijit.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:08 GMT
Access-Control-Allow-Methods
GET, POST, DELETE, PUT
P3P
CP="CUR ADM OUR NOR STA NID"
Access-Control-Allow-Origin
*
Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
Access-Control-Allow-Credentials
true
X-Sovrn-Pod
ad_ap3ord1
Content-Type
image/gif
Access-Control-Allow-Headers
X-Requested-With, Content-Type
Content-Length
43
Expires
Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:07 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://ap.lijit.com/dsp/google/reporting?gdpr=0
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
245
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
merge
ce.lijit.com/ Frame 79EB
Redirect Chain
  • https://pixel.quantserve.com/pixel/p-CXt61zNBpKUt1.gif?idmatch=0&gdpr=0&gdpr_consent=
  • https://ce.lijit.com/merge?pid=43&gdpr=0&gdpr_consent=&us_privacy=&3pid=rqv37KysreO1rv3trPni5Kij-Oe1qPjkr6scz64_
43 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ce.lijit.com/merge?pid=43&gdpr=0&gdpr_consent=&us_privacy=&3pid=rqv37KysreO1rv3trPni5Kij-Oe1qPjkr6scz64_
Requested by
Host: ap.lijit.com
URL: https://ap.lijit.com/beacon?informer=13480300
Protocol
HTTP/1.1
Server
63.251.86.49 , United States, ASN10913 (INTERNAP-BLK, US),
Reverse DNS
Software
nginx / raptor
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ap.lijit.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:07 GMT
Server
nginx
X-Powered-By
raptor
P3P
CP="CUR ADM OUR NOR STA NID"
Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod
ad_ap1dca1
Content-Type
image/gif
Content-Length
43
Expires
Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:06 GMT
strict-transport-security
max-age=86400
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
location
https://ce.lijit.com/merge?pid=43&gdpr=0&gdpr_consent=&us_privacy=&3pid=rqv37KysreO1rv3trPni5Kij-Oe1qPjkr6scz64_
cache-control
private, no-cache, no-store, proxy-revalidate
content-length
0
expires
Fri, 04 Aug 1978 12:00:00 GMT
merge
ce.lijit.com/ Frame 79EB
Redirect Chain
  • https://creativecdn.com/cm-notify?pi=sovrn&gdpr=0&gdpr_consent=
  • https://creativecdn.com/cm-notify?pi=sovrn&gdpr=0&gdpr_consent=&tc=1
  • https://ce.lijit.com/merge?pid=86&3pid=tQ69bRhylMgWIwynDRVw&pi=sovrn&gdpr_consent=&gdpr=0&tc=1
43 B
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ce.lijit.com/merge?pid=86&3pid=tQ69bRhylMgWIwynDRVw&pi=sovrn&gdpr_consent=&gdpr=0&tc=1
Requested by
Host: ap.lijit.com
URL: https://ap.lijit.com/beacon?informer=13480300
Protocol
HTTP/1.1
Server
63.251.86.49 , United States, ASN10913 (INTERNAP-BLK, US),
Reverse DNS
Software
nginx / raptor
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ap.lijit.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:08 GMT
Server
nginx
X-Powered-By
raptor
P3P
CP="CUR ADM OUR NOR STA NID"
Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod
ad_ap1dca1
Content-Type
image/gif
Content-Length
43
Expires
Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

location
https://ce.lijit.com/merge?pid=86&3pid=tQ69bRhylMgWIwynDRVw&pi=sovrn&gdpr_consent=&gdpr=0&tc=1
pragma
no-cache
date
Mon, 08 Nov 2021 15:48:07 GMT, Mon, 08 Nov 2021 15:48:07 GMT
cache-control
no-cache, no-store, must-revalidate, private, max-age=0
content-length
0
expires
Thu, 01 Jan 1970 00:00:00 GMT
view
googleads4.g.doubleclick.net/pcs/ Frame B1D3 		0
23 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvcNrC1w5AsthhE6nlRi36AJ9arlnKf_N_VQkxFeO0lLdAwi9vJlLGJRqp701OJI5sWiYK6eITVzuhHUR6giTgotTK0n989i33d7PLpm3fO1JbTNcUTwdI2qaYwDWwGUf6puGZTVG7cmQK8blTawtoR1ha18-Ef0inT1Do1xHkOmy5MKx5Ii7_u28R_yOeCz-66vVs34eNp9kLqixcs9jkyhgjUKUcPZdqJBYUQ0lftx7Lt2FCLtmUwAxEEICbFLceHhShWD1YQVU_TVL7TQtwf6_4j_jtFg1ljjmOTJGQlVVoxgq3yEJWTU5EgL6Hcon-WWXOSTgDgKoyn8C6hH8G20RZufbbpsHW3Fbjezf8Z26AjzcrAcBw2e9gSRWoV9OCup3bRdzzU8QFDWa8cgR3gVY9N92hW9aZSmRchIHeZr-7-fE0s9BdNfe6ikCQBSszvJVnTcOyuuYSkBtH3OQFdyZ5txEp3bzIVAfDxjOElZ3X6feXNMuc1krz1ulecArFIghb0pODgO8unJGLP-W_hfeymRhEWrUCpQSm88lrKbzwlDjvgw1rnEKNc2yJdns6-TAnmxiOGze2bWPUgnwq_fzsFrQbyVhTteXZJKp-oTxM6ljN-1z6RdH900s0Lzvd1kU9w99lGAlz2XsbKIMehxiaJDcISHJCmEN2QDlUnImd1MY5W1yqz4jXZavM0oULA3BtnN_MC_tNL2HlD5JKHz0FRFzcWMc3Ai68W7VRlIpRJA5cieRIkr3gKFELBHDtH-eKHknMjyOHNlBKjqp6EmJ0gwPrGvRIfLzxQTDPr1i4yl4dH2_6t1AT-hLn7zSAd3-Ao9mLXbWPQ4OJTGE5PMycfjqTCPAL3ZZEHFH_MRitODtid47zZDJJzzX6_W6fsmFGBwfW_t80KnalqUpZJEOdfOzyMUk77nzKnZuVzaeQ5j4XHOAKJvQaPdC4_pSTxY6eKj13qa1mAU3yXieiBT6_8GSDIXc0-N53Ff_d90CWMZtSOoF7TYkkuaP90naskoSIgs0ys_YF05qtfHVEhPFENabZohPzBontYIR9uxM6WA8saueNBI2dZvSM4IY_rzMHpwXWRPDPnVntnm9G8wjzaPwcVUGZUBjYi4Vv-d-y6fu817KZ0PC8hakUKTfHCGQ--M9KZ3EwmYL9lAG3cKbUwHMlLnCfdN9MmipEphvCX&sai=AMfl-YQ6blj9fGVtE_uAt_KxNVgK8QOokTC5Dzl6qZfLlKyStsCJnI7EdpT44EMph3lKFJUHa0gN8TUC2EP7GZDR294odszg93G5dNyOwKCEHoHoctjXQk-tO1-ZuAP1sRQ3nRA4UGsMneVQrj5rFOnbPcg0P4aKNw&sig=Cg0ArKJSzFWnt3yfRd1dEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=280&vt=11&dtpt=278&dett=2&cstd=0&cisv=r20211103.76324&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&adurl=
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-A9Qn_CpOL1Tlr6a1fggPTMp-OLcP1UZR4LBETBEsfW4aygeWbH2jruJ1f6KJPbOHsVf4xilEko2lXhdvccMtxAjcfrv_dP_Uco9EuX35CFFUcmf2an71SD8e-ICpI-QV_KDR4iQuLp0h8N6VkOlc4atRXnwQ&dbm_d=AKAmf-Ank46oWlCdbWt6kmJTbTE7cmaH2913tGYFZB50T-nF_rgD9spmy0BykAT18NpwMJSD6Igfkq_fmmnskv8pHF67P9EiAbLYVmn6-j8uvIiqRGj6Mto1f73_S_aSQLBqRwnjUWzias0r5uf0tHOeTGh6dAnksyDNtmrORs93lVSbTM9itr7rz4qQYcK1N87D0_ZHGKab8Rn2nWSe4yr3UKNXXfrUV6qrOsCBI0twTIQzs3lN3K7qhg5K2dElKc7S6IMXoiEwQGV3uxGn6dFBZbBpQibqfvZ2DVL_vWByk8Yrdb0J75nBFfx6icsWnZV6-b_mZJDVGTGOJz7y3wE6MdHA13esOeQH4AdGWeg8lQSM0hiqgFeAVHTS8qChfoPxEVrtr_dltQ9ieHA5MyBeFNyRPYCov0u0wQEfLGNIn90R4iIvvtElOUBLiJcV8aKvt5OTpgym7SC_JGDm7upBveKv-MuAXvRHNytanKDNai75b4CIwKP9pfETQOjvzkRuFyBYqxr9ppUy3OxnG2GM5IBy8x0pioa3KC7O_9eKgFKbaOzy_5twEizevlYGVJpTrv544BphO-JCBKe2tifdyWXYrPb-qnqa7yHn-q5LgFMTX2c426aPgFLJNkiucHz6PIYwdUEM70i1PmE4ov6cqCFwvgQK80zql0GbbZWoA74GjCw1kc9NWoHb20rJZf6YSioRQBUPZ0N1rBZrEip8zckrVAOlJ1qIUJ_UYof05oHxcKni0zy-6UQbSsEcVtgjKNUsg2bz8VOxHpNSzYTK0jZKUjFZVC0_aMMX194-Nam8GDL2q2Aq2aFuM-HmXPtiAFSNQHoyAvkWQHgcVhDepsYYyRgUjqpuAgpE-keeTEhl0KXi1bSm-xxGLFFmmx2js79836cD-KcgKRdD947rfrA3F5CUa8eXuj5vJhrzO0VJ7DDnW1B2qKKMuktwy4XY2ETKVaCslNNlCVDaDpjTxVKw6uq9UrqpQUGI0GaJ2LAs8W9ou9KHJuJ0VkH4d_JIKlM6N217YvkocjSA8FozixWFhHfWvNMeONixhgJ-YRhQN7UxdhkeH_LpYfbYsYlVKIJTkFOlL_TEpT6IwjVZOPeihlEyH9PhyihIqc-TctNK4yJAgDd3MRDaHnLh7SielYX_CC9Q86ifZNkypoGZ0RE9mZaWLJZ81TNXKOy7GPTb7ULM3UGLBPcrQLsgy6yq2T37WVsMvnqzYXe_WdYM9_-iWQEi8AOmPlAuwCYRVcRR_H6TZz8pWwbbokz-C76APLz5GoUkCtoAotLLDpd7_hkDxLgCw2QPcQ0_-3uXs3_d9gPZJTIiX249y2oXTFKGZzhKBYniyM8X56TiKCwBuajP1XsmlYzY4i7on981szaqbD8NYpgOA4Qk0aappTOWwEWRgCPTcOiqWtZWB6DE1zUTTItiNGWasPOQwuEPVfpfWNgueb_RPFyAtAMBD4Iirp-8SrzWs41S8QfIXwghnSrHo4DKo-pRgHZqiI48AbUT6Y29cnfETgE-N6Jfy7v44f9g399yF4g5VxPFWhdgNyIxQlzK7G82beZ2jS39hSwJWA-u2Aiezx18YUJsGLi5_MMU9qqUuxmGP26slpKNYL0X2c3R2rPZ4hishd6HZvQVzZc2Z5KiZFZDiL4rU5YkX14yvD2jVDkUck4fuEzzjS5PY_FrQzWZ1meE8mKGc2In9UIdFf3Li06rHHQj2qFNXYUysNYPN3ObrteWcvBdSmZVBypcDMNTc-PKA7O_e3BQvW_GgsHQD7fSyZ1Imf1-Hsyrq4b5_nQc2IKA8_F2EFRZ8YtrEgnGJiHNufp1RG7f9d5PrshEG1auDCqGnK1t9Tf50a-d0t2phA-DK1FFA2DyFJ8ry20onIz0sQAzTni5W0qsQQeL6g0zmtUKPS70SBWB6Qi5JbGiXtmmAK0mmjdJrxNO5bF1hYasLx6G4hyUQCJnlWS669JjFT6ktCGuQrqazHNIt2Abm0a7Ndq6DlOjf2l0HPheFDoSoKmKUPg70fUDSic1T46W25ZN4N1gMo4XAFW2S592eO_SrLN61bh9GcmZal7ySg5hj5_9d3XJLXBbCWJGBc1u1IWldZiVVlWPfB5_4XEBPbBBp89-rcTAXtexybXaPM0gq8BLOGfk4BVzwT2mj5WuTUa8foYYzwzVKoaDjCwxfqZv3AehOBQPjJx_JLbnK5-2DOaBv8wDpgzRCi8ff0Q1-_RGS4Aj6I1gNJ1auK32bT9Z2GTDxJVesz9ETGGKzMsBpMNKwnQ_2c3dTCYd3_38aDXSP7XOZRrNm8XwxdypKH_nJ-Jz1muapjn35kBBNO4kFlhxEq4c7qJVo7cNL9vyF6qiD2QeVTWH9BRJ92PAKhIY27xtNh-cWYBCGpdHWlRXKaD7u66aGxG68Z5w4oYjHzd_NPuYutGEKEkjgEYKnav06jkM2fRQSkaZVdK4aVDkG5JAE2ah0dsFGuyd0feQhniGa4d2pn_3EyWIz3kLbquCET1tKthT4dx1ZqJzHzpPN3jEWNtbvnUachB0yyHRrRW6Au8dmzZjUwk6l-19NSWn30ZWLKDOUSNBmuj34b6bng8VCQtm2xzhcs5lu5tufYlWquw1SP_Rj0kozHakc_pM7ElCJIioOubr_2etxume-xW5OaB2P0tw0c136EKka4_S1ZK9uZiKffCQvEn1pwYsaG1Ht8SM4qy49_B7Eg5GfwkRcs0eqIPr_fyaY94MqQvocAFRur5MEDCtq39pAXml0VzDFg8qwa39knclQ-QIPwq2IYzCXlB-hDwvwgsHU9m5kesZ2M40YzvjSnwPxAjr1WLhj_ybkqTRg_W2JJQeTOnkQRvGKy3_hpUCAHfH0oFstpe0Rl55CaM5lp3z1dbMG78PHIKO41sG-Q&cid=CAASEuRofDh7RneN00UcPGc_tsS3EQ&rfl=2%2Chttps%253A%252F%252Fsecurityaffairs.co%242%2Chttps%253A%252F%252Fsecurityaffairs.co%252F%240
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.64.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s30-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

timing-allow-origin
*
date
Mon, 08 Nov 2021 15:48:06 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame A04B 		14 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=137711&s=137812&predirect=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D58%263pid%3D&gdpr=0&gdpr_consent=
Requested by
Host: ap.lijit.com
URL: https://ap.lijit.com/beacon?informer=13480300
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
184.29.128.213 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-29-128-213.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
2295c7a89c8ac4a19e2641283109be472d8f58bd78e42a38a0d16e34203e4bba

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://ap.lijit.com/

Response headers

last-modified
Tue, 15 Jun 2021 06:08:03 GMT
etag
"1300708-3945-5c4c7cc02bd56"
server
Apache/2.2.15 (CentOS)
accept-ranges
bytes
content-encoding
gzip
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length
5054
content-type
text/html; charset=UTF-8
cache-control
max-age=124973
expires
Wed, 10 Nov 2021 02:30:59 GMT
date
Mon, 08 Nov 2021 15:48:06 GMT
vary
Accept-Encoding
cm
us-u.openx.net/w/1.0/ Frame 3800 		887 B
546 B 		Document
General
Check archive.org
Download Go to
Full URL
https://us-u.openx.net/w/1.0/cm?id=dc2068a3-fa3d-4b5f-8a61-3d5a1a58fc05&ph=21f03281-5b83-4670-a0e0-dc15f7542014&r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D76%263pid%3D%7BOPENX_ID%7D&gdpr=0&gdpr_consent=
Requested by
Host: ap.lijit.com
URL: https://ap.lijit.com/beacon?informer=13480300
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/16.218.0 /
Resource Hash
aeeb5997c8333e15230c42db87efbdda8907bd989cc854fd6d3a06f1112ec1fc

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://ap.lijit.com/

Response headers

vary
Accept, Accept-Encoding
server
OXGW/16.218.0
p3p
CP="CUR ADM OUR NOR STA NID"
date
Mon, 08 Nov 2021 15:48:06 GMT
content-type
text/html
content-length
527
content-encoding
gzip
via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
0608867b
rtb.gumgum.com/usync/ Frame FFBB 		4 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=0&gdpr_consent=
Requested by
Host: ap.lijit.com
URL: https://ap.lijit.com/beacon?informer=13480300
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.233.157.225 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-233-157-225.compute-1.amazonaws.com
Software
nginx /
Resource Hash
5ac5028ea59d7c4d9f8a189149081deee7f2a4dd92c71df9001db0d3410f37eb

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://ap.lijit.com/

Response headers

date
Mon, 08 Nov 2021 15:48:06 GMT
content-type
text/html;charset=UTF-8
server
nginx
p3p
CP="This is not a P3P policy"
etag
W/"0a507e27e512d1bb4780633751003c63a"
timing-allow-origin
*
content-encoding
gzip
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame 7359 		14 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156212&predirect=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D71%263pid%3D&gdpr=1&gdpr_consent=ABCFETYFDJLNBFCV&gdpr=0&gdpr_consent=
Requested by
Host: ap.lijit.com
URL: https://ap.lijit.com/beacon?informer=13480300
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
184.29.128.213 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-29-128-213.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
2295c7a89c8ac4a19e2641283109be472d8f58bd78e42a38a0d16e34203e4bba

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://ap.lijit.com/

Response headers

last-modified
Tue, 15 Jun 2021 06:08:03 GMT
etag
"1300708-3945-5c4c7cc02bd56"
server
Apache/2.2.15 (CentOS)
accept-ranges
bytes
content-encoding
gzip
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length
5054
content-type
text/html; charset=UTF-8
cache-control
max-age=124973
expires
Wed, 10 Nov 2021 02:30:59 GMT
date
Mon, 08 Nov 2021 15:48:06 GMT
vary
Accept-Encoding
merge
ce.lijit.com/ Frame 930E
Redirect Chain
  • https://d.turn.com/r/dd/id/L21rdC8xMjcvY2lkLzI4NTUyOTczL3QvMg/url/https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D1%263pid%3D%24!%7BTURN_UUID%7D&gdpr=0&gdpr_consent=
  • https://ce.lijit.com/merge?pid=1&3pid=3101355994236352031&gdpr=0&gdpr_consent=
43 B
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ce.lijit.com/merge?pid=1&3pid=3101355994236352031&gdpr=0&gdpr_consent=
Requested by
Host: ap.lijit.com
URL: https://ap.lijit.com/beacon?informer=13480300
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
63.251.86.49 , United States, ASN10913 (INTERNAP-BLK, US),
Reverse DNS
Software
nginx / raptor
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://ap.lijit.com/

Response headers

Server
nginx
Date
Mon, 08 Nov 2021 15:48:07 GMT
Content-Type
image/gif
Content-Length
43
Expires
Fri, 20 Mar 2009 00:00:00 GMT
Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
Pragma
no-cache
P3P
CP="CUR ADM OUR NOR STA NID"
X-Powered-By
raptor
X-Sovrn-Pod
ad_ap1dca1

Redirect headers

p3p
policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
cache-control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
pragma
no-cache
location
https://ce.lijit.com/merge?pid=1&3pid=3101355994236352031&gdpr=0&gdpr_consent=
content-length
0
date
Mon, 08 Nov 2021 15:48:06 GMT
truncated
/ Frame 0402 		213 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
d462af4d9803c28d57f79fec02519d8b86d8d8a4f5200d0cff209959449d8b0c

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Content-Type
image/png
view
googleads4.g.doubleclick.net/pcs/ Frame F442 		0
23 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvQv4HaOUh-oR419GRfV1uBS3Y1TJ48FRl9zqfXLybf9iwqeyaQdwdjxemI3dT711vm-o-LA7ezK40uKl0L66DqcmpDeQqi6G_D75qAzto2cUdHoE9tQ6b_IC4-E_ha83hDvjtnt4sU6HefI-XcBA8miOTE6rU56qEaR0U3l4UEMAOXHVEbrTC-4YuLMEC0PDLQ8aByGTXMShaZUASqpMn6dcwQcVbnVryENu_6qJt68XvtmNtTdiolrBhIKOY-weWV2NmEgOjekHoAJYfLIYKaKejsSY-z2ZlP04Tnxzo_WPqm1vUZEKOe0_jWobBhnJKkQNSP5HxchG7JBV-5HfMcJhXFFh7UoT3yvQ3GXod_tkSdyC-Es-AFy9eZrtpl6MRdI-AyFg6PplNahnQbRAku-zOtGxF2CFmNIRuFOWQZaehGBDTqNwELiDzUxCaoFFJF9xVIEqaDMVFq8pjDCPfeWRShb1M2Nsu16_4PRkKfcYJLVVDdCpw6CZB2j1-WFiUE46_x3JnQSzkaGxWFGOlaLyQ5i8uE3eq_FmEyZk3SOFtJ4J0k6TcHU4bGmmeXUbV4_ZWJxshG06X3uBkWZG9ZR1fqm-DJ_S1TtbTYYiW0jU1-JsmWQsHHXHj-FqE3NHpwiy0qVcoY7WluT7rz1E6Ibq_070Z5BeP4HRG865lhUMmYYK_C_fpc-C1iFfCkNc97YbwvY4En_gn_Pj1C9HxR7VWQllkchxDFcF-QQwAX2dFLmEJD8oUArfx1JpA41i0ptXb2lUutw9lHBX5s9oSS6izwN7-CDF5zUtMLCQv9JEvWyszGKzQksMkuYnDeESYCnMKIDeXDTb7o_xTJa54-0Pjm04IlEOAlgm4QcRKyiZTcXj55dKpCCj0UHISrNyPMWQrmnxb8ZcQ6p9DvQwa_20s-4it8tTapQ40M0cO2USjDDyveHcEvmE4UedIirUvMrLT9AfZ1sixCXJ1QokSLlIgIxogN1_0NR-nn72DDakE7YQlgDX5kBgfLczrD7DJEVuSAV5mtW8CV9MauI2tMlrqsrdsYWY3FZR5XBy6Iqj6fOFHmqoJfGr_3swG4RFHW4S2yJCYPDVEAaOAmKgaV2i67e0N9vG8pc_HveXAQvCFSi7zR6onKdRIkZOe7QxYF8mRYLNFJTfwukNDapkY5NQ&sai=AMfl-YSL6xezDfOerDRL0SaRUdJk9SYAWgeG-6ERkM6jbGGYtB98m375VbuBTa_rtMmJRntNa8COXcuBwVPCv_ouFVeYD6tPV_SKF6czmMG7m5pMSFn3JhxJjGxSMX5-bHENVyym2xchAC8-0qLoB1Tctxgj6lkmww&sig=Cg0ArKJSzC0_LcbGfr5rEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=314&vt=11&dtpt=313&dett=2&cstd=0&cisv=r20211103.96139&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&adurl=
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DPK7D0U45VmWqoWAJ00Ctz_hG9BfCXkHRab9pwbrOacom15pWTg3tP-h5rMNrS1GtgWOz-NoFIpfTQZUqPx1lpQukKnyH2ldmLM3nJwlCbR_kOQe67GaBf5fRd_9xreXlXkHarkPwMDlahNey38OI-2onVnA&cry=1&dbm_d=AKAmf-C4Frw8vf_y__db68hK3R1nGvJeA-LkldeVfwDC1XvxSUVqT9BsHsv3VclwaoeXjBblOV5IhR59f2tAHUZ1GyeSjOZewWi02i9FUcerqy5hBZDB7QzixXa4Ko3-QPmD7w1joLJS8xZdMNT0LllB7_w528q7_dcOp9aLwQQMx-_B2BVH_Q7UOBYl8R4m7dYURZz3MNa9cK4I-V1XhjU2fV6aAJVthDVWb_0W8_Hr8hKC7VEfm3tCG4171HJer60b6x-8yyysAt6SfMiVaz0M6CPCUdDXj9f1qX7mRHymOD3a9KkTaiqeYy7QmSCFtzkN828rBwx-rJuATPbTME3gBmZreVPDvkxjIiODiVbXxpdRR2ukkYKIvamoBq6sQW1ygi0o74Cob6w22or4vVll2uoCFHE6HJGpz3fMmS3C_-xCjflXMq1Bvg-5SA60xqAlpPOiFLBaz6_G0oCiMEE7sqLvNTNzYiHqQgftpBk03U6IXbEbBdr0fQ9PbMgOrw_PreFUHv1pT_DUZsk_fY8qNiMb2s9NhEcQ3U-5K6EIH_e3mKXttXDqOKAS1TXqB5KZHbk62D0cU18FEV6lvYuqp5FqcdxOZERWjM-9ymsmS2NDP7u_czwH1Q5LBhRr5Bo1I8VdGWgvQrjktw3SyBwhqU2_2Qs3Bt1ZEEW3pLcaTd_dn5VtOhtBwUCUL5YQPbrDp8W5A7O9qyMK3lKTpTdzo7F_tVj_AO7vOrlCQbKWPX1hIJb3Rq2Nax6JlDkZJXl7ia_po5xPPkKYy3GIyEbNxKSORMzczuzf049JVrDP1XLiIturrK5E-kh7P3urAgerIhc9K82Zt6pu8BAoS66EAbWySGWSC_eEK0bDXxtr_NxkeAmBnM7cY7hV-irkm4m_9Dat6e1tU8WPZfDqgSA6nLpixPWQPxrc8P3UhNRqqI2VNX1Q_GPp8PjrRH9VYsnqxa0e0dENLebXHaKqkWs0zds4aZi8_3oU5QwwYYBGVrPEw2P2Iz0b2Q6xuIitYkrxBU7hD-UhXH7KXwzunPr0RqYiCPo1Nu0qBd-uwzPgHdCSvHbRysQKNd141tMHpWZukfbDnyyTAQmG1hEqZs_Wwx4FXM0FPQ-LQjOfZa6cCpIG75FIvioGLkXxjllrtzxHoAmbMjYy3AqYu3HsL6KuPn3uPHTbYzpjsQFbLoj0FWNT3DbhDlFS1pH2tvwyWrzhVYMj-l0N6HzWzXdpTlXUPt_9VEAP72ZdBeiysXUM5yj3ZFzq_OBQZHmyGF19k_ay0tXG4cNsX5xfN0OIb94xAfk3JU2q37VJmDCeDqgzGiRCcZZNq1pss4EB4mNEhbvJK4iyATPupu4JJDIdkrBlAFHPpkHJ9Mm0lvJA8mLwXqcCUsqchUhCThoFomokS-G5d0cYk5H_IhPDpspfMl5pCO6gPcCjwMEs_nRT2lYq49WW3etOTNOB29aIJev8sOxmGRSMwBKCycDn6o27vdgT2YZheLR3IPasn6LYIw-dt8RgN2BNEVE8WGS92HfCnwhOCOPSwKEw5ggTNwDTT9nUS4mO_Ilxz_C_URmIvv1JbzcaDgOLc2hXUD_8XwQELyJHR3NRz6l-uchCIuDPx-wBNLuCvqCbinbrOpFES8Al0tFuT11DzXlNKmvHPTX7ZpqBIeHotFIkOICFlm5vYOvzBuM8d_elG45v2f4xUHvoSj10g8wCrjj14dqg0fjTfxYSTBJPN92REIHCXRcR7tHmsk9TtVKrgrnOZR7ueecJ6C53b8rlVXKLkwE3CPUwHiLfHii-WbiDkoNaM-kwUKvwemFsmygeIDUEpsn1fhelUH29x_0xZSHCQae5NB9xoOIRNl43TaQS-wEETcTgswM4KGqQr5Yq410VJLqZ85YAVrYR4csmIxoJpLXW8hCTO1DYZP0VjThJRPx3mykEmFKKcBN2sgaizQt1-yiVXx075N_eVVz-ts95D7kCkixZ9f4XsKQrOf2k-DwcZ8oEbRbxn8pJIGMe-NXijKfznz9EljpqtnVubs82OjPUyEecNdBliBaqvh9N5LjKaR2CsmfY5EvJ8b1YPns2kPlbz8jUfvtkJdIPyxF3xM9GwjNaEVUd0fNMlYOIrB7tGxHl3EkYEIQ-KP0AuqOwZPJKZZ8lBwpLQ3hicTLJYC3blIK4HZDLgKUZFhmRbjWnBmZmEX_mTOUNo-qJlo41yYypFBQ_son8HEdPEgNLNkRJxXR2vAtIrHbIoG-9IGIk3ynD6S44f3yja9Xq-ri3Xxc5FeSn5ZGeiipJLgRHPufJEU0VpEytJhTLDai2HoDzCW96vFGDVruLj3ZAPt3Dm2sGHbiYMil8tUrRDhHNpxJwQHWjgG2tdvPcIZrcH0UI2BCCPSN-aHccQNgZpYamaRVi5-tqyuybGspNalxH-Zzj4jC_jcYFT-lrzbiRj9-iQ6LdfVOLLajQAs33qozzF9V1_F94lnrGG_aTCTDbFXa7iDCUCX0ao8VoeogKXx1FUE3FZloFhro1b5hi1orPcUvNZX7OgSJof9bmwY-yxf3h2RHeHmRI5Jdueq2T9UYGcYJJQfyN0Q3MS0TG6k08qL7OaPQoCESXXG49KzVyvmTCdDcaBkjFkS3toiTrS37Z4DR7c71bz7vfTwfwR23No9gak010-ToK5_xNk9DVD3SxGk4PgkVw2KTXYRwpSKNuJYH7OG9CTzwrQYof4WL02sakvnpu90hPn9KMc_EXF3mGIsx11K_GWbA5riTxN9eSRjyHSNBE1HbK6xVDSEA3uSZZzufiiGOFJM4Vs8dXoNArzKwF0yppDpuwEzT5iIOc2KPi2IvpH6lSWUM9buu-JSSTZpIXTDRWQSTMdpYiN5ZrQuDvaB8Og28rNmOkIq76-64bVf-bkVxPy8r_9Cm15CyYBKJ-97wFgGBQP-yOA9_g84qUmea66CZBivCeJ0PMzd-1n5z83cdosZgxeXrM36gIUW3dlIofGv_N8ciRNmcty6en1Qx2c4m2nl6s2t0__CT3HWOywwm1TriEBYjiX8zenefwwQQHbgstO10U6tbb8nRModkL8ferJpiaNSbY346vnXtxcemqOFmEhFbRCyPHpeEh8iL0JbXyeQErb3qYDRagNt0ua9nv-tfrZL66apQTCvadZDx96UqvSqlkthefiZ-dSQAG_SO3fnPbmAtA_yYmdXEzfrE6I8M88ojaAWza9eJXynC1G8xpgwtNFS4KuSr3Tyc3N0i6FpY&cid=CAASEuRohWaFhNXRk-PKX1TgSDjPRA&rfl=2%2Chttps%253A%252F%252Fsecurityaffairs.co%242%2Chttps%253A%252F%252Fsecurityaffairs.co%252F%240
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.64.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s30-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

timing-allow-origin
*
date
Mon, 08 Nov 2021 15:48:06 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
sd
us-u.openx.net/w/1.0/ Frame B71D
Redirect Chain
  • https://ad.turn.com/r/cs?pid=9&gdpr=0
  • https://us-u.openx.net/w/1.0/sd?id=537073061&val=3101355994236352031&gdpr=0&gdpr_consent=&us_privacy=
43 B
61 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://us-u.openx.net/w/1.0/sd?id=537073061&val=3101355994236352031&gdpr=0&gdpr_consent=&us_privacy=
Requested by
Host: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0
Protocol
H3
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/16.218.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://us-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:07 GMT
via
1.1 google
server
OXGW/16.218.0
vary
Accept
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

location
https://us-u.openx.net/w/1.0/sd?id=537073061&val=3101355994236352031&gdpr=0&gdpr_consent=&us_privacy=
pragma
no-cache
date
Mon, 08 Nov 2021 15:48:06 GMT
cache-control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length
0
p3p
policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
sd
us-u.openx.net/w/1.0/ Frame B71D
Redirect Chain
  • https://sync-tm.everesttech.net/upi/pid/ny75r2x0?redir=https%3A%2F%2Fus-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537148856%26val%3D%24%7BTM_USER_ID%7D
  • https://us-u.openx.net/w/1.0/sd?id=537148856&val=YYlGtQADCzBZAQAz
43 B
61 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://us-u.openx.net/w/1.0/sd?id=537148856&val=YYlGtQADCzBZAQAz
Requested by
Host: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0
Protocol
H3
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/16.218.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://us-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:07 GMT
via
1.1 google
server
OXGW/16.218.0
vary
Accept
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:06 GMT
via
1.1 varnish
server
Varnish
x-timer
S1636386487.917088,VS0,VE0
x-served-by
cache-yul12822-YUL
x-cache
HIT
location
https://us-u.openx.net/w/1.0/sd?id=537148856&val=YYlGtQADCzBZAQAz
cache-control
no-cache
accept-ranges
bytes
content-length
0
retry-after
0
x-cache-hits
0
26ec143f-1dca-e05a-e044-5cca56999753
pr-bh.ybp.yahoo.com/sync/openx/ Frame B71D 		43 B
876 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pr-bh.ybp.yahoo.com/sync/openx/26ec143f-1dca-e05a-e044-5cca56999753?gdpr=0
Requested by
Host: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f18:4e9:5a01:90f9:19e1:7d5f:7568 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
ATS /
Resource Hash
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://us-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:07 GMT
referrer-policy
strict-origin-when-cross-origin
server
ATS
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security
max-age=31536000
content-type
image/gif
x-xss-protection
1; mode=block
content-length
43
x-content-type-options
nosniff
sd
us-u.openx.net/w/1.0/ Frame B71D
Redirect Chain
  • https://match.adsrvr.org/track/cmf/openx?oxid=b22b727b-8d66-7213-d193-4a3fa9ce5a1a&gdpr=0
  • https://us-u.openx.net/w/1.0/sd?id=537072971&val=bef21cd7-0fed-4f87-bc0f-da97b65f7cb9&ttd_puid=b22b727b-8d66-7213-d193-4a3fa9ce5a1a
43 B
62 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://us-u.openx.net/w/1.0/sd?id=537072971&val=bef21cd7-0fed-4f87-bc0f-da97b65f7cb9&ttd_puid=b22b727b-8d66-7213-d193-4a3fa9ce5a1a
Requested by
Host: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0
Protocol
H3
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/16.218.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://us-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:07 GMT
via
1.1 google
server
OXGW/16.218.0
vary
Accept
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:07 GMT
x-aspnet-version
4.0.30319
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location
https://us-u.openx.net/w/1.0/sd?id=537072971&val=bef21cd7-0fed-4f87-bc0f-da97b65f7cb9&ttd_puid=b22b727b-8d66-7213-d193-4a3fa9ce5a1a
cache-control
private,no-cache, must-revalidate
content-type
text/html
content-length
293
pixel
cm.g.doubleclick.net/ Frame B71D 		170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=OWU0NGExYjEtNDQxMS0yY2I3LWM0NzMtMTA4NjYzMmM5NDdh
Requested by
Host: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.65.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s71-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://us-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:07 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
sd
us-u.openx.net/w/1.0/ Frame B71D
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc
  • https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEGqm2VVdeJoiFl1uZReuOcQ&google_cver=1
43 B
61 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEGqm2VVdeJoiFl1uZReuOcQ&google_cver=1
Requested by
Host: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0
Protocol
H3
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/16.218.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://us-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:07 GMT
via
1.1 google
server
OXGW/16.218.0
vary
Accept
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:07 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEGqm2VVdeJoiFl1uZReuOcQ&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
295
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
sd
us-u.openx.net/w/1.0/ Frame DDEE
Redirect Chain
  • https://ad.turn.com/r/cs?pid=9&gdpr=0
  • https://us-u.openx.net/w/1.0/sd?id=537073061&val=3101355994236352031&gdpr=0&gdpr_consent=&us_privacy=
43 B
61 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://us-u.openx.net/w/1.0/sd?id=537073061&val=3101355994236352031&gdpr=0&gdpr_consent=&us_privacy=
Requested by
Host: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0
Protocol
H3
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/16.218.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://us-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:07 GMT
via
1.1 google
server
OXGW/16.218.0
vary
Accept
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

location
https://us-u.openx.net/w/1.0/sd?id=537073061&val=3101355994236352031&gdpr=0&gdpr_consent=&us_privacy=
pragma
no-cache
date
Mon, 08 Nov 2021 15:48:06 GMT
cache-control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length
0
p3p
policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
sd
us-u.openx.net/w/1.0/ Frame DDEE
Redirect Chain
  • https://sync-tm.everesttech.net/upi/pid/ny75r2x0?redir=https%3A%2F%2Fus-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537148856%26val%3D%24%7BTM_USER_ID%7D
  • https://us-u.openx.net/w/1.0/sd?id=537148856&val=YYlGtQADCzBZAQAz
43 B
61 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://us-u.openx.net/w/1.0/sd?id=537148856&val=YYlGtQADCzBZAQAz
Requested by
Host: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0
Protocol
H3
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/16.218.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://us-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:07 GMT
via
1.1 google
server
OXGW/16.218.0
vary
Accept
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:06 GMT
via
1.1 varnish
server
Varnish
x-timer
S1636386487.929722,VS0,VE0
x-served-by
cache-yul12822-YUL
x-cache
HIT
location
https://us-u.openx.net/w/1.0/sd?id=537148856&val=YYlGtQADCzBZAQAz
cache-control
no-cache
accept-ranges
bytes
content-length
0
retry-after
0
x-cache-hits
0
26ec143f-1dca-e05a-e044-5cca56999753
pr-bh.ybp.yahoo.com/sync/openx/ Frame DDEE 		43 B
876 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pr-bh.ybp.yahoo.com/sync/openx/26ec143f-1dca-e05a-e044-5cca56999753?gdpr=0
Requested by
Host: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f18:4e9:5a01:90f9:19e1:7d5f:7568 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
ATS /
Resource Hash
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://us-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:07 GMT
referrer-policy
strict-origin-when-cross-origin
server
ATS
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security
max-age=31536000
content-type
image/gif
x-xss-protection
1; mode=block
content-length
43
x-content-type-options
nosniff
sd
us-u.openx.net/w/1.0/ Frame DDEE
Redirect Chain
  • https://match.adsrvr.org/track/cmf/openx?oxid=b22b727b-8d66-7213-d193-4a3fa9ce5a1a&gdpr=0
  • https://us-u.openx.net/w/1.0/sd?id=537072971&val=bef21cd7-0fed-4f87-bc0f-da97b65f7cb9&ttd_puid=b22b727b-8d66-7213-d193-4a3fa9ce5a1a
43 B
62 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://us-u.openx.net/w/1.0/sd?id=537072971&val=bef21cd7-0fed-4f87-bc0f-da97b65f7cb9&ttd_puid=b22b727b-8d66-7213-d193-4a3fa9ce5a1a
Requested by
Host: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0
Protocol
H3
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/16.218.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://us-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:07 GMT
via
1.1 google
server
OXGW/16.218.0
vary
Accept
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:07 GMT
x-aspnet-version
4.0.30319
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location
https://us-u.openx.net/w/1.0/sd?id=537072971&val=bef21cd7-0fed-4f87-bc0f-da97b65f7cb9&ttd_puid=b22b727b-8d66-7213-d193-4a3fa9ce5a1a
cache-control
private,no-cache, must-revalidate
content-type
text/html
content-length
293
pixel
cm.g.doubleclick.net/ Frame DDEE 		170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=OWU0NGExYjEtNDQxMS0yY2I3LWM0NzMtMTA4NjYzMmM5NDdh
Requested by
Host: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.65.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s71-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://us-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:07 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
sd
us-u.openx.net/w/1.0/ Frame DDEE
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc
  • https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEGqm2VVdeJoiFl1uZReuOcQ&google_cver=1
43 B
61 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEGqm2VVdeJoiFl1uZReuOcQ&google_cver=1
Requested by
Host: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0
Protocol
H3
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/16.218.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://us-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:07 GMT
via
1.1 google
server
OXGW/16.218.0
vary
Accept
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:07 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEGqm2VVdeJoiFl1uZReuOcQ&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
295
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
epx.gif
px.owneriq.net/fr/ Frame 7945
Redirect Chain
  • https://px.owneriq.net/eucm/p/sv?gdpr=0&gdpr_consent=
  • https://px.owneriq.net/fr/epx.gif
43 B
402 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.owneriq.net/fr/epx.gif
Requested by
Host: ap.lijit.com
URL: https://ap.lijit.com/beacon?informer=13480300
Protocol
HTTP/1.1
Server
23.46.249.89 Atlanta, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-46-249-89.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ap.lijit.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date
Mon, 08 Nov 2021 15:48:07 GMT
Server
Apache/2.2.15 (CentOS)
X-Powered-By
PHP/5.3.3
P3P
policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control
max-age=370331
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Fri, 12 Nov 2021 22:40:18 GMT

Redirect headers

Date
Mon, 08 Nov 2021 15:48:07 GMT
Server
Apache/2.2.15 (CentOS)
X-Powered-By
PHP/5.3.3
Vary
Accept-Encoding
P3P
policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Location
https://px.owneriq.net/fr/epx.gif
Cache-Control
max-age=12183
Connection
keep-alive
Content-Type
text/html
Content-Length
154
merge
ce.lijit.com/ Frame 7945
Redirect Chain
  • https://jadserve.postrelease.com/suid/101957?ntv_r=https://ce.lijit.com/merge?pid=90&3pid=NTV_USER_ID&gdpr=0&gdpr_consent=
  • https://ce.lijit.com/merge?pid=90&3pid=789d06c7-a154-4038-be75-24adf78e8e7e&gdpr=0&gdpr_consent=
43 B
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ce.lijit.com/merge?pid=90&3pid=789d06c7-a154-4038-be75-24adf78e8e7e&gdpr=0&gdpr_consent=
Requested by
Host: ap.lijit.com
URL: https://ap.lijit.com/beacon?informer=13480300
Protocol
HTTP/1.1
Server
63.251.86.49 , United States, ASN10913 (INTERNAP-BLK, US),
Reverse DNS
Software
nginx / raptor
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ap.lijit.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:07 GMT
Server
nginx
X-Powered-By
raptor
P3P
CP="CUR ADM OUR NOR STA NID"
Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod
ad_ap1dca1
Content-Type
image/gif
Content-Length
43
Expires
Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:07 GMT
server
nginx/1.12.1
location
https://ce.lijit.com/merge?pid=90&3pid=789d06c7-a154-4038-be75-24adf78e8e7e&gdpr=0&gdpr_consent=
p3p
CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-length
0
expires
Mon, 1 Jan 1990 12:00:00 GMT
merge
ce.lijit.com/ Frame 7945
Redirect Chain
  • https://bh.contextweb.com/bh/rtset?pid=558511&ev=1&rurl=https%3A%2F%2Fce.lijit.com/merge?pid=49&3pid=%%VGUID%%&gdpr=0&gdpr_consent=
  • https://ce.lijit.com/merge?pid=49&3pid=H8Pc5X87Q0ue&ev=1&pid=558511&gdpr_consent=&gdpr=0
43 B
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ce.lijit.com/merge?pid=49&3pid=H8Pc5X87Q0ue&ev=1&pid=558511&gdpr_consent=&gdpr=0
Requested by
Host: ap.lijit.com
URL: https://ap.lijit.com/beacon?informer=13480300
Protocol
HTTP/1.1
Server
63.251.86.49 , United States, ASN10913 (INTERNAP-BLK, US),
Reverse DNS
Software
nginx / raptor
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ap.lijit.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:07 GMT
Server
nginx
X-Powered-By
raptor
P3P
CP="CUR ADM OUR NOR STA NID"
Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod
ad_ap1dca1
Content-Type
image/gif
Content-Length
43
Expires
Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

strict-transport-security
max-age=15768000
server
Jetty(9.4.14.v20181114)
p3p
policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
content-language
en-CA
location
https://ce.lijit.com/merge?pid=49&3pid=H8Pc5X87Q0ue&ev=1&pid=558511&gdpr_consent=&gdpr=0
cache-control
private, max-age=0, no-cache, no-store
cw-server
bh-deployment-857fc6c844-vxjjb
expires
-1
merge
ce.lijit.com/ Frame 7945
Redirect Chain
  • https://pixel-us-east.rubiconproject.com/exchange/sync.php?p=sovrn&gdpr=0&gdpr_consent=
  • https://ce.lijit.com/merge?pid=80&3pid=KVQU9H03-1P-5D30&gdpr=0
43 B
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ce.lijit.com/merge?pid=80&3pid=KVQU9H03-1P-5D30&gdpr=0
Requested by
Host: ap.lijit.com
URL: https://ap.lijit.com/beacon?informer=13480300
Protocol
HTTP/1.1
Server
63.251.86.49 , United States, ASN10913 (INTERNAP-BLK, US),
Reverse DNS
Software
nginx / raptor
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ap.lijit.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:07 GMT
Server
nginx
X-Powered-By
raptor
P3P
CP="CUR ADM OUR NOR STA NID"
Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod
ad_ap1dca1
Content-Type
image/gif
Content-Length
43
Expires
Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

Pragma
no-cache
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location
https://ce.lijit.com/merge?pid=80&3pid=KVQU9H03-1P-5D30&gdpr=0
Cache-Control
no-cache,no-store,must-revalidate
Content-Type
text/html
content-length
0
X-RPHost
e1bf03b8e0c0366715a8d9abd31b9f35
Expires
0
ae12848777b41970a5f2
s.amazon-adsystem.com/x/ Frame 7945 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.amazon-adsystem.com/x/ae12848777b41970a5f2?gdpr=0&gdpr_consent=
Requested by
Host: ap.lijit.com
URL: https://ap.lijit.com/beacon?informer=13480300
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
209.54.176.128 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ap.lijit.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers
sync
x.bidswitch.net/ Frame 7945
Redirect Chain
  • https://x.bidswitch.net/sync?ssp=fmx&gdpr=0&gdpr_consent=
  • https://odr.mookie1.com/t/v2/sync?tagid=V2_790378&src.visitorId=85c87065-7ef7-4b17-88e8-8c602c265f67&ssp=fmx&gdpr=0&gdpr_consent=
  • https://pixel.tapad.com/idsync/ex/receive?partner_id=2910&partner_device_id=10600910574261568507&gdpr=0&gdpr_consent=&partner_url=https%3A%2F%2Fodr.mookie1.com%2Ft%2Fv2%3Ftagid%3DV2_948118%26src.vi...
  • https://odr.mookie1.com/t/v2?tagid=V2_948118&src.visitorid=aec29ca0-3c0f-4554-9025-2ee595f559f2&ssp=fmx&gdpr_consent=&gdpr=0
  • https://aa.agkn.com/adscores/g.pixel?sid=9212302828&puid=[mPlatform_cookie_ID]&ssp=%3CSSP_VALUE%3E&gdpr=0&gdpr_consent=
  • https://odr.mookie1.com/t/v2?tagid=V2_785409&src.visitorId=205010203964021695505&ssp=%3CSSP_VALUE%3E&gdpr=0&gdpr_consent=
  • https://x.bidswitch.net/sync?dsp_id=419&user_id=10600910574261568507&ssp=%3CSSP_VALUE%3E&gdpr=0&gdpr_consent=
43 B
235 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://x.bidswitch.net/sync?dsp_id=419&user_id=10600910574261568507&ssp=%3CSSP_VALUE%3E&gdpr=0&gdpr_consent=
Requested by
Host: ap.lijit.com
URL: https://ap.lijit.com/beacon?informer=13480300
Protocol
HTTP/1.1
Server
35.211.178.172 North Charleston, United States, ASN19527 (GOOGLE-2, US),
Reverse DNS
172.178.211.35.bc.googleusercontent.com
Software
nginx /
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ap.lijit.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date
Mon, 08 Nov 2021 15:48:09 GMT
Cache-Control
no-cache, no-store, must-revalidate
Server
nginx
Connection
keep-alive
Content-Length
43
Content-Type
image/gif

Redirect headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:09 GMT
via
1.1 google
server
Apache
p3p
CP="NON DSP COR NID CURa PSAa PSDa OUR STP UNI COM NAV STA LOC OTC",policyref="/w3c/p3p.xml"
location
https://x.bidswitch.net/sync?dsp_id=419&user_id=10600910574261568507&ssp=<SSP_VALUE>&gdpr=0&gdpr_consent=
cache-control
no-cache, no-store, must-revalidate
alt-svc
clear
content-length
0
x-application-context
application
expires
Thu, 01 Jan 1970 00:00:00 GMT
reporting
ap.lijit.com/dsp/google/ Frame 7945
Redirect Chain
  • https://ap.lijit.com/dsp/google/cookiematch/beacon?gdpr=0&gdpr_consent=
  • https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_hm=ZjE4NGE5NzhmMGU4YzJkMTgzM2UzOWNl&gdpr=0
  • https://ap.lijit.com/dsp/google/reporting?gdpr=0
43 B
552 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ap.lijit.com/dsp/google/reporting?gdpr=0
Requested by
Host: ap.lijit.com
URL: https://ap.lijit.com/beacon?informer=13480300
Protocol
HTTP/1.1
Server
69.175.41.32 Downers Grove, United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
sovrn-193627-chi03-placeholder
Software
/
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ap.lijit.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:07 GMT
Access-Control-Allow-Methods
GET, POST, DELETE, PUT
P3P
CP="CUR ADM OUR NOR STA NID"
Access-Control-Allow-Origin
*
Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
Access-Control-Allow-Credentials
true
X-Sovrn-Pod
ad_ap3ord1
Content-Type
image/gif
Access-Control-Allow-Headers
X-Requested-With, Content-Type
Content-Length
43
Expires
Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:07 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://ap.lijit.com/dsp/google/reporting?gdpr=0
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
245
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
merge
ce.lijit.com/ Frame 7945
Redirect Chain
  • https://um.simpli.fi/lj_match?r=1636386486599&gdpr=0&gdpr_consent=
  • https://ce.lijit.com/merge?pid=2&3pid=961AF1076BCA42258C4489EC777AF824
43 B
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ce.lijit.com/merge?pid=2&3pid=961AF1076BCA42258C4489EC777AF824
Requested by
Host: ap.lijit.com
URL: https://ap.lijit.com/beacon?informer=13480300
Protocol
HTTP/1.1
Server
63.251.86.49 , United States, ASN10913 (INTERNAP-BLK, US),
Reverse DNS
Software
nginx / raptor
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ap.lijit.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:07 GMT
Server
nginx
X-Powered-By
raptor
P3P
CP="CUR ADM OUR NOR STA NID"
Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod
ad_ap1dca1
Content-Type
image/gif
Content-Length
43
Expires
Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

date
Mon, 08 Nov 2021 15:48:07 GMT
x-content-type-options
nosniff
server
nginx
location
https://ce.lijit.com/merge?pid=2&3pid=961AF1076BCA42258C4489EC777AF824
strict-transport-security
max-age=63072000; includeSubdomains; preload
access-control-allow-methods
GET, POST, OPTIONS
content-type
text/html
access-control-allow-origin
*
cache-control
no-cache
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length
138
expires
Sun, 07 Nov 2021 15:48:07 GMT
merge
ce.lijit.com/ Frame 7945
Redirect Chain
  • https://creativecdn.com/cm-notify?pi=sovrn&gdpr=0&gdpr_consent=
  • https://creativecdn.com/cm-notify?pi=sovrn&gdpr=0&gdpr_consent=&tc=1
  • https://ce.lijit.com/merge?pid=86&3pid=tQ69bRhylMgWIwynDRVw&pi=sovrn&gdpr_consent=&gdpr=0&tc=1
43 B
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ce.lijit.com/merge?pid=86&3pid=tQ69bRhylMgWIwynDRVw&pi=sovrn&gdpr_consent=&gdpr=0&tc=1
Requested by
Host: ap.lijit.com
URL: https://ap.lijit.com/beacon?informer=13480300
Protocol
HTTP/1.1
Server
63.251.86.49 , United States, ASN10913 (INTERNAP-BLK, US),
Reverse DNS
Software
nginx / raptor
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ap.lijit.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:08 GMT
Server
nginx
X-Powered-By
raptor
P3P
CP="CUR ADM OUR NOR STA NID"
Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod
ad_ap1dca1
Content-Type
image/gif
Content-Length
43
Expires
Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

location
https://ce.lijit.com/merge?pid=86&3pid=tQ69bRhylMgWIwynDRVw&pi=sovrn&gdpr_consent=&gdpr=0&tc=1
pragma
no-cache
date
Mon, 08 Nov 2021 15:48:07 GMT, Mon, 08 Nov 2021 15:48:07 GMT
cache-control
no-cache, no-store, must-revalidate, private, max-age=0
content-length
0
expires
Thu, 01 Jan 1970 00:00:00 GMT
merge
ce.lijit.com/ Frame 7945
Redirect Chain
  • https://pixel-eu.rubiconproject.com/exchange/sync.php?p=sovrn-onscroll&gdpr=0&gdpr_consent=
  • https://ce.lijit.com/merge?pid=83&3pid=KVQU9H03-1P-5D30&gdpr=0
43 B
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ce.lijit.com/merge?pid=83&3pid=KVQU9H03-1P-5D30&gdpr=0
Requested by
Host: ap.lijit.com
URL: https://ap.lijit.com/beacon?informer=13480300
Protocol
HTTP/1.1
Server
63.251.86.49 , United States, ASN10913 (INTERNAP-BLK, US),
Reverse DNS
Software
nginx / raptor
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ap.lijit.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:07 GMT
Server
nginx
X-Powered-By
raptor
P3P
CP="CUR ADM OUR NOR STA NID"
Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod
ad_ap1dca1
Content-Type
image/gif
Content-Length
43
Expires
Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

Pragma
no-cache
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location
https://ce.lijit.com/merge?pid=83&3pid=KVQU9H03-1P-5D30&gdpr=0
Cache-Control
no-cache,no-store,must-revalidate
Content-Type
text/html
content-length
0
X-RPHost
0163a7456b0a5605e8b1fb1d4fba3e4d
Expires
0
merge
ce.lijit.com/ Frame 7945
Redirect Chain
  • https://aorta.clickagy.com/pixel.gif?ch=185&cm=f184a978f0e8c2d1833e39ce&redir=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D84%263pid%3D%7Bvisitor_id%7D&gdpr=0&gdpr_consent=
  • https://ce.lijit.com/merge?pid=84&3pid=c:78971647e6cca795f33714a1b8203b60
43 B
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ce.lijit.com/merge?pid=84&3pid=c:78971647e6cca795f33714a1b8203b60
Requested by
Host: ap.lijit.com
URL: https://ap.lijit.com/beacon?informer=13480300
Protocol
HTTP/1.1
Server
63.251.86.49 , United States, ASN10913 (INTERNAP-BLK, US),
Reverse DNS
Software
nginx / raptor
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ap.lijit.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:07 GMT
Server
nginx
X-Powered-By
raptor
P3P
CP="CUR ADM OUR NOR STA NID"
Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod
ad_ap1dca1
Content-Type
image/gif
Content-Length
43
Expires
Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

date
Mon, 8 Nov 2021 15:48:07 GMT
server
Aorta/20211029.2f91d75
access-control-allow-origin
access-control-max-age
31536000
access-control-allow-methods
POST, GET, OPTIONS
content-type
text/plain
Location
https://ce.lijit.com/merge?pid=84&3pid=c:78971647e6cca795f33714a1b8203b60
access-control-expose-headers
Set-Cookie
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
X-Aorta-Region
us-east-1
Connection
keep-alive
X-Aorta-Host
ip-10-42-17-201.ec2.internal
access-control-allow-headers
Origin,cache-control,content-type,man,messagetype,soapaction
Content-Length
0
merge
ce.lijit.com/ Frame 7945
Redirect Chain
  • https://sync.mathtag.com/sync/img?mt_exid=17&mt_exuid=f184a978f0e8c2d1833e39ce&redirect=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D3%263pid%3D%5BUUID%5D&gdpr=0&gdpr_consent=
  • https://ce.lijit.com/merge?pid=3&3pid=47ba6189-46b6-4f00-a922-0724bc220c16&gdpr=0&gdpr_consent=
43 B
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ce.lijit.com/merge?pid=3&3pid=47ba6189-46b6-4f00-a922-0724bc220c16&gdpr=0&gdpr_consent=
Requested by
Host: ap.lijit.com
URL: https://ap.lijit.com/beacon?informer=13480300
Protocol
HTTP/1.1
Server
63.251.86.49 , United States, ASN10913 (INTERNAP-BLK, US),
Reverse DNS
Software
nginx / raptor
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ap.lijit.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:07 GMT
Server
nginx
X-Powered-By
raptor
P3P
CP="CUR ADM OUR NOR STA NID"
Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod
ad_ap1dca1
Content-Type
image/gif
Content-Length
43
Expires
Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

Date
Mon, 08 Nov 2021 15:48:07 GMT
Server
MT3 4067 88cc6bf master iad-pixel-x22 config:1.0.0
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location
https://ce.lijit.com/merge?pid=3&3pid=47ba6189-46b6-4f00-a922-0724bc220c16&gdpr=0&gdpr_consent=
Cache-Control
no-cache
Connection
keep-alive
Content-Type
image/gif
Keep-Alive
timeout=360
Content-Length
0
Expires
Mon, 08 Nov 2021 15:48:06 GMT
merge
ce.lijit.com/ Frame 7945
Redirect Chain
  • https://rtb.mfadsrvr.com/sync?ssp=sovrn&gdpr=0&gdpr_consent=
  • https://ce.lijit.com/merge?pid=87&3pid=26295e74-e49e-4fdb-bc3c-d6eea2adfd9f
43 B
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ce.lijit.com/merge?pid=87&3pid=26295e74-e49e-4fdb-bc3c-d6eea2adfd9f
Requested by
Host: ap.lijit.com
URL: https://ap.lijit.com/beacon?informer=13480300
Protocol
HTTP/1.1
Server
63.251.86.49 , United States, ASN10913 (INTERNAP-BLK, US),
Reverse DNS
Software
nginx / raptor
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ap.lijit.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:07 GMT
Server
nginx
X-Powered-By
raptor
P3P
CP="CUR ADM OUR NOR STA NID"
Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod
ad_ap1dca1
Content-Type
image/gif
Content-Length
43
Expires
Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

location
//ce.lijit.com/merge?pid=87&3pid=26295e74-e49e-4fdb-bc3c-d6eea2adfd9f
date
Mon, 08 Nov 2021 15:48:07 GMT
cache-control
no-cache, no-store, must-revalidate
alt-svc
clear
content-length
0
via
1.1 google
merge
ce.lijit.com/ Frame 7945
Redirect Chain
  • https://pixel-sync.sitescout.com/dmp/pixelSync?nid=23&gdpr=0&gdpr_consent=
  • https://ce.lijit.com/merge?pid=16&3pid=c5a8c34f-a2af-431f-bc5a-09806d7b694f-618946b5-4341&gdpr=0&gdpr_consent=
43 B
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ce.lijit.com/merge?pid=16&3pid=c5a8c34f-a2af-431f-bc5a-09806d7b694f-618946b5-4341&gdpr=0&gdpr_consent=
Requested by
Host: ap.lijit.com
URL: https://ap.lijit.com/beacon?informer=13480300
Protocol
HTTP/1.1
Server
63.251.86.49 , United States, ASN10913 (INTERNAP-BLK, US),
Reverse DNS
Software
nginx / raptor
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ap.lijit.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:07 GMT
Server
nginx
X-Powered-By
raptor
P3P
CP="CUR ADM OUR NOR STA NID"
Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod
ad_ap1dca1
Content-Type
image/gif
Content-Length
43
Expires
Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:06 GMT
server
AC1.1
p3p
CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
location
https://ce.lijit.com/merge?pid=16&3pid=c5a8c34f-a2af-431f-bc5a-09806d7b694f-618946b5-4341&gdpr=0&gdpr_consent=
cache-control
max-age=0,no-cache,no-store
content-length
0
expires
Tue, 11 Oct 1977 12:34:56 GMT
merge
ce.lijit.com/ Frame 7945
Redirect Chain
  • https://sync.1rx.io/usersync2/sovrn?gdpr=0&gdpr_consent=
  • https://pixel-sync.sitescout.com/dmp/pixelSync?nid=110&redir=https%3A%2F%2Fsync.1rx.io%2Fusersync3%2Fcentro%2F2032%2F%7BuserId%7D%3Fzcc%3D0%26sspret%3D1&rndcb=6463126803
  • https://sync.1rx.io/usersync3/centro/2032/c5a8c34f-a2af-431f-bc5a-09806d7b694f-618946b5-4341?zcc=0&sspret=1&rndcb=6463126803
  • https://sync.targeting.unrulymedia.com/csync/RX-af56c6db-498f-42fc-9369-e44a2dbc1924-005?redir=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D56%263pid%3DRX-af56c6db-498f-42fc-9369-e44a2dbc1924-005
  • https://ce.lijit.com/merge?pid=56&3pid=RX-af56c6db-498f-42fc-9369-e44a2dbc1924-005
43 B
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ce.lijit.com/merge?pid=56&3pid=RX-af56c6db-498f-42fc-9369-e44a2dbc1924-005
Requested by
Host: ap.lijit.com
URL: https://ap.lijit.com/beacon?informer=13480300
Protocol
HTTP/1.1
Server
63.251.86.49 , United States, ASN10913 (INTERNAP-BLK, US),
Reverse DNS
Software
nginx / raptor
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ap.lijit.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:08 GMT
Server
nginx
X-Powered-By
raptor
P3P
CP="CUR ADM OUR NOR STA NID"
Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod
ad_ap1dca1
Content-Type
image/gif
Content-Length
43
Expires
Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

Date
Mon, 08 Nov 2021 15:48:08 GMT
Server
Tengine
ETag
RXaf56c6db498f42fc9369e44a2dbc1924005
Transfer-Encoding
chunked
P3P
CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
Location
https://ce.lijit.com/merge?pid=56&3pid=RX-af56c6db-498f-42fc-9369-e44a2dbc1924-005
Connection
keep-alive
Content-Type
text/html
merge
ce.lijit.com/ Frame 7945
Redirect Chain
  • https://pixel.quantserve.com/pixel/p-CXt61zNBpKUt1.gif?idmatch=0&gdpr=0&gdpr_consent=
  • https://ce.lijit.com/merge?pid=43&gdpr=0&gdpr_consent=&us_privacy=&3pid=rqv37KysreO1rv3trPni5Kij-Oe1qPjkr6scz64_
43 B
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ce.lijit.com/merge?pid=43&gdpr=0&gdpr_consent=&us_privacy=&3pid=rqv37KysreO1rv3trPni5Kij-Oe1qPjkr6scz64_
Requested by
Host: ap.lijit.com
URL: https://ap.lijit.com/beacon?informer=13480300
Protocol
HTTP/1.1
Server
63.251.86.49 , United States, ASN10913 (INTERNAP-BLK, US),
Reverse DNS
Software
nginx / raptor
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ap.lijit.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:07 GMT
Server
nginx
X-Powered-By
raptor
P3P
CP="CUR ADM OUR NOR STA NID"
Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod
ad_ap1dca1
Content-Type
image/gif
Content-Length
43
Expires
Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

location
https://ce.lijit.com/merge?pid=43&gdpr=0&gdpr_consent=&us_privacy=&3pid=rqv37KysreO1rv3trPni5Kij-Oe1qPjkr6scz64_
pragma
no-cache
date
Mon, 08 Nov 2021 15:48:07 GMT
cache-control
private, no-cache, no-store, proxy-revalidate
content-length
0
strict-transport-security
max-age=86400
expires
Fri, 04 Aug 1978 12:00:00 GMT
merge
ce.lijit.com/ Frame 7945
Redirect Chain
  • https://p.rfihub.com/cm?in=1&pub=1827&gdpr=0&gdpr_consent=
  • https://ce.lijit.com/merge?pid=10&3pid=978758875032371846
43 B
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ce.lijit.com/merge?pid=10&3pid=978758875032371846
Requested by
Host: ap.lijit.com
URL: https://ap.lijit.com/beacon?informer=13480300
Protocol
HTTP/1.1
Server
63.251.86.49 , United States, ASN10913 (INTERNAP-BLK, US),
Reverse DNS
Software
nginx / raptor
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ap.lijit.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:07 GMT
Server
nginx
X-Powered-By
raptor
P3P
CP="CUR ADM OUR NOR STA NID"
Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod
ad_ap1dca1
Content-Type
image/gif
Content-Length
43
Expires
Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

Location
https://ce.lijit.com/merge?pid=10&3pid=978758875032371846
Date
Mon, 08 Nov 2021 15:48:07 GMT
Server
Jetty(9.3.29.v20201019)
Content-Length
0
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
merge
ce.lijit.com/ Frame 7945
Redirect Chain
  • https://ums.acuityplatform.com/tum?umid=27&uid=f184a978f0e8c2d1833e39ce&gdpr=0&gdpr_consent=
  • https://ce.lijit.com/merge?pid=66&3pid=620923216780
43 B
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ce.lijit.com/merge?pid=66&3pid=620923216780
Requested by
Host: ap.lijit.com
URL: https://ap.lijit.com/beacon?informer=13480300
Protocol
HTTP/1.1
Server
63.251.86.49 , United States, ASN10913 (INTERNAP-BLK, US),
Reverse DNS
Software
nginx / raptor
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ap.lijit.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:07 GMT
Server
nginx
X-Powered-By
raptor
P3P
CP="CUR ADM OUR NOR STA NID"
Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod
ad_ap1dca1
Content-Type
image/gif
Content-Length
43
Expires
Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

Access-Control-Allow-Origin
*
Content-Length
0
Location
https://ce.lijit.com/merge?pid=66&3pid=620923216780
merge
ce.lijit.com/ Frame 7945
Redirect Chain
  • https://secure.adnxs.com/getuid?https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D12%263pid%3D%24UID&gdpr=0&gdpr_consent=
  • https://ce.lijit.com/merge?pid=12&3pid=6624566760367890375&gdpr=0&gdpr_consent=
43 B
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ce.lijit.com/merge?pid=12&3pid=6624566760367890375&gdpr=0&gdpr_consent=
Requested by
Host: ap.lijit.com
URL: https://ap.lijit.com/beacon?informer=13480300
Protocol
HTTP/1.1
Server
63.251.86.49 , United States, ASN10913 (INTERNAP-BLK, US),
Reverse DNS
Software
nginx / raptor
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ap.lijit.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:07 GMT
Server
nginx
X-Powered-By
raptor
P3P
CP="CUR ADM OUR NOR STA NID"
Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod
ad_ap1dca1
Content-Type
image/gif
Content-Length
43
Expires
Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:07 GMT
X-Proxy-Origin
37.120.205.149; 37.120.205.149; 550.bm-nginx-loadbalancer.mgmt.nym2; adnxs.com
AN-X-Request-Uuid
b8f76cc7-a724-4e86-b9ab-9d1978179cd7
Server
nginx/1.17.9
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://ce.lijit.com/merge?pid=12&3pid=6624566760367890375&gdpr=0&gdpr_consent=
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame 7945
Redirect Chain
  • https://ap.lijit.com/dsp/google/cookiematch/dv?gdpr=0&gdpr_consent=
  • https://cm.g.doubleclick.net/pixel?google_nid=lijit_dbm&google_hm=ZjE4NGE5NzhmMGU4YzJkMTgzM2UzOWNl&gdpr=0
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=lijit_dbm&google_hm=ZjE4NGE5NzhmMGU4YzJkMTgzM2UzOWNl&gdpr=0
Requested by
Host: ap.lijit.com
URL: https://ap.lijit.com/beacon?informer=13480300
Protocol
H3
Server
142.250.65.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s71-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ap.lijit.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:07 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date
Mon, 08 Nov 2021 15:48:07 GMT
Access-Control-Allow-Origin
*
Access-Control-Allow-Methods
GET, POST, DELETE, PUT
Location
https://cm.g.doubleclick.net/pixel?google_nid=lijit_dbm&google_hm=ZjE4NGE5NzhmMGU4YzJkMTgzM2UzOWNl&gdpr=0
Access-Control-Allow-Credentials
true
Connection
close
X-Sovrn-Pod
ad_ap3ord1
Access-Control-Allow-Headers
X-Requested-With, Content-Type
merge
ce.lijit.com/ Frame 7945
Redirect Chain
  • https://match.prod.bidr.io/cookie-sync/svr?gdpr=0&gdpr_consent=
  • https://ce.lijit.com/merge?pid=85&3pid=AACqDk7DEo0AABkfKQPxKQ&gdpr=0
43 B
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ce.lijit.com/merge?pid=85&3pid=AACqDk7DEo0AABkfKQPxKQ&gdpr=0
Requested by
Host: ap.lijit.com
URL: https://ap.lijit.com/beacon?informer=13480300
Protocol
HTTP/1.1
Server
63.251.86.49 , United States, ASN10913 (INTERNAP-BLK, US),
Reverse DNS
Software
nginx / raptor
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ap.lijit.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:08 GMT
Server
nginx
X-Powered-By
raptor
P3P
CP="CUR ADM OUR NOR STA NID"
Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod
ad_ap1dca1
Content-Type
image/gif
Content-Length
43
Expires
Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

location
https://ce.lijit.com/merge?pid=85&3pid=AACqDk7DEo0AABkfKQPxKQ&gdpr=0
Date
Mon, 08 Nov 2021 15:48:07 GMT
Server
nginx
Connection
keep-alive
Content-Length
0
strict-transport-security
max-age=2592000; includeSubDomains
merge
ce.lijit.com/ Frame 7945
Redirect Chain
  • https://data.adsrvr.org/track/cmf/generic?ttd_pid=federatedmedia&gdpr=0&gdpr_consent=
  • https://ce.lijit.com/merge?pid=27&3pid=bef21cd7-0fed-4f87-bc0f-da97b65f7cb9&gdpr=0&gdpr_consent=
43 B
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ce.lijit.com/merge?pid=27&3pid=bef21cd7-0fed-4f87-bc0f-da97b65f7cb9&gdpr=0&gdpr_consent=
Requested by
Host: ap.lijit.com
URL: https://ap.lijit.com/beacon?informer=13480300
Protocol
HTTP/1.1
Server
63.251.86.49 , United States, ASN10913 (INTERNAP-BLK, US),
Reverse DNS
Software
nginx / raptor
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ap.lijit.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:08 GMT
Server
nginx
X-Powered-By
raptor
P3P
CP="CUR ADM OUR NOR STA NID"
Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod
ad_ap1dca1
Content-Type
image/gif
Content-Length
43
Expires
Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:07 GMT
x-aspnet-version
4.0.30319
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location
https://ce.lijit.com/merge?pid=27&3pid=bef21cd7-0fed-4f87-bc0f-da97b65f7cb9&gdpr=0&gdpr_consent=
cache-control
private,no-cache, must-revalidate
content-type
text/html
content-length
223
sd
us-u.openx.net/w/1.0/ Frame DDF0
Redirect Chain
  • https://ad.turn.com/r/cs?pid=9&gdpr=0
  • https://us-u.openx.net/w/1.0/sd?id=537073061&val=3101355994236352031&gdpr=0&gdpr_consent=&us_privacy=
43 B
61 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://us-u.openx.net/w/1.0/sd?id=537073061&val=3101355994236352031&gdpr=0&gdpr_consent=&us_privacy=
Requested by
Host: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0
Protocol
H3
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/16.218.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://us-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:07 GMT
via
1.1 google
server
OXGW/16.218.0
vary
Accept
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

location
https://us-u.openx.net/w/1.0/sd?id=537073061&val=3101355994236352031&gdpr=0&gdpr_consent=&us_privacy=
pragma
no-cache
date
Mon, 08 Nov 2021 15:48:06 GMT
cache-control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length
0
p3p
policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
sd
us-u.openx.net/w/1.0/ Frame DDF0
Redirect Chain
  • https://sync-tm.everesttech.net/upi/pid/ny75r2x0?redir=https%3A%2F%2Fus-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537148856%26val%3D%24%7BTM_USER_ID%7D
  • https://us-u.openx.net/w/1.0/sd?id=537148856&val=YYlGtQADCzBZAQAz
43 B
61 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://us-u.openx.net/w/1.0/sd?id=537148856&val=YYlGtQADCzBZAQAz
Requested by
Host: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0
Protocol
H3
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/16.218.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://us-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:07 GMT
via
1.1 google
server
OXGW/16.218.0
vary
Accept
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:06 GMT
via
1.1 varnish
server
Varnish
x-timer
S1636386487.944773,VS0,VE0
x-served-by
cache-yul12822-YUL
x-cache
HIT
location
https://us-u.openx.net/w/1.0/sd?id=537148856&val=YYlGtQADCzBZAQAz
cache-control
no-cache
accept-ranges
bytes
content-length
0
retry-after
0
x-cache-hits
0
26ec143f-1dca-e05a-e044-5cca56999753
pr-bh.ybp.yahoo.com/sync/openx/ Frame DDF0 		43 B
876 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pr-bh.ybp.yahoo.com/sync/openx/26ec143f-1dca-e05a-e044-5cca56999753?gdpr=0
Requested by
Host: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f18:4e9:5a01:90f9:19e1:7d5f:7568 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
ATS /
Resource Hash
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://us-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:07 GMT
referrer-policy
strict-origin-when-cross-origin
server
ATS
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security
max-age=31536000
content-type
image/gif
x-xss-protection
1; mode=block
content-length
43
x-content-type-options
nosniff
sd
us-u.openx.net/w/1.0/ Frame DDF0
Redirect Chain
  • https://match.adsrvr.org/track/cmf/openx?oxid=b22b727b-8d66-7213-d193-4a3fa9ce5a1a&gdpr=0
  • https://us-u.openx.net/w/1.0/sd?id=537072971&val=bef21cd7-0fed-4f87-bc0f-da97b65f7cb9&ttd_puid=b22b727b-8d66-7213-d193-4a3fa9ce5a1a
43 B
62 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://us-u.openx.net/w/1.0/sd?id=537072971&val=bef21cd7-0fed-4f87-bc0f-da97b65f7cb9&ttd_puid=b22b727b-8d66-7213-d193-4a3fa9ce5a1a
Requested by
Host: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0
Protocol
H3
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/16.218.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://us-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:07 GMT
via
1.1 google
server
OXGW/16.218.0
vary
Accept
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:07 GMT
x-aspnet-version
4.0.30319
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location
https://us-u.openx.net/w/1.0/sd?id=537072971&val=bef21cd7-0fed-4f87-bc0f-da97b65f7cb9&ttd_puid=b22b727b-8d66-7213-d193-4a3fa9ce5a1a
cache-control
private,no-cache, must-revalidate
content-type
text/html
content-length
293
pixel
cm.g.doubleclick.net/ Frame DDF0 		170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=OWU0NGExYjEtNDQxMS0yY2I3LWM0NzMtMTA4NjYzMmM5NDdh
Requested by
Host: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.65.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s71-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://us-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:07 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
sd
us-u.openx.net/w/1.0/ Frame DDF0
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc
  • https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEGqm2VVdeJoiFl1uZReuOcQ&google_cver=1
43 B
61 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEGqm2VVdeJoiFl1uZReuOcQ&google_cver=1
Requested by
Host: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0
Protocol
H3
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/16.218.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://us-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:07 GMT
via
1.1 google
server
OXGW/16.218.0
vary
Accept
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:07 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEGqm2VVdeJoiFl1uZReuOcQ&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
295
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
pixel.gif
px.moatads.com/ Frame B1D3 		43 B
260 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.moatads.com/pixel.gif?e=17&i=SENDGRID_DCM1&hp=1&ra=1&pxm=7&sgs=3&vb=-1&kq=1&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&bq=0&f=1&nh=1&j=https%3A%2F%2Fsecurityaffairs.co&lp=https%3A%2F%2Fsecurityaffairs.co&t=1636386486929&de=974024140004&m=0&ar=553ffc12ef5-clean&iw=9a4f3d2&q=2&cb=0&ym=0&cu=1636386486929&ll=2&lm=2&ln=1&r=0&em=0&en=0&d=22143192%3A3112338%3A318428647%3A160158782&zGSRC=1&gu=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F112825%2Fmalware%2Fgolang-based-worm-windows-linux.html&id=0&ii=6&bo=securityaffairs.co&bd=securityaffairs.co&zMoatOrigSlicer1=N%2FA&zMoatOrigSlicer2=N%2FA&gw=sendgriddcm593119715704&fd=1&ac=1&it=500&ti=0&ih=1&pe=0%3A523%3A523%3A0%3A0&jm=-1&fs=195402&na=1827172003&cs=0
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=90&slotname=Internal_728x90_0.10&adk=1194620937&adf=1480696129&pi=t.ma~as.Internal_728x90_0.10&w=728&lmt=1636386485&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F112825%2Fmalware%2Fgolang-based-worm-windows-linux.html&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1636386485752&bpp=6&bdt=145&idt=196&shv=r20211103&mjsv=m202111020101&ptt=5&saldr=sa&correlator=6653099393600&frm=21&ife=1&pv=1&ga_vid=826445048.1636386485&ga_sid=1636386486&ga_hid=1670877418&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=320&ady=518&biw=1600&bih=1200&isw=728&ish=90&ifk=1904614804&scr_x=0&scr_y=0&eid=31062938&oid=2&pvsid=1757560233294358&pem=843&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.xa1tfz6tg05z&fsb=1&xpc=jgpFHxDAe2&p=https%3A//securityaffairs.co&dtd=211
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
184.29.129.187 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-29-129-187.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:07 GMT
last-modified
Fri, 20 May 2016 15:16:00 GMT
server
AkamaiNetStorage
etag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type
image/gif
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-length
43
expires
Mon, 08 Nov 2021 15:48:07 GMT
sd
us-u.openx.net/w/1.0/ Frame 6C63
Redirect Chain
  • https://ad.turn.com/r/cs?pid=9&gdpr=0
  • https://us-u.openx.net/w/1.0/sd?id=537073061&val=3101355994236352031&gdpr=0&gdpr_consent=&us_privacy=
43 B
61 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://us-u.openx.net/w/1.0/sd?id=537073061&val=3101355994236352031&gdpr=0&gdpr_consent=&us_privacy=
Requested by
Host: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0
Protocol
H3
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/16.218.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://us-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:07 GMT
via
1.1 google
server
OXGW/16.218.0
vary
Accept
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

location
https://us-u.openx.net/w/1.0/sd?id=537073061&val=3101355994236352031&gdpr=0&gdpr_consent=&us_privacy=
pragma
no-cache
date
Mon, 08 Nov 2021 15:48:06 GMT
cache-control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length
0
p3p
policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
sd
us-u.openx.net/w/1.0/ Frame 6C63
Redirect Chain
  • https://sync-tm.everesttech.net/upi/pid/ny75r2x0?redir=https%3A%2F%2Fus-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537148856%26val%3D%24%7BTM_USER_ID%7D
  • https://us-u.openx.net/w/1.0/sd?id=537148856&val=YYlGtQADCzBZAQAz
43 B
61 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://us-u.openx.net/w/1.0/sd?id=537148856&val=YYlGtQADCzBZAQAz
Requested by
Host: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0
Protocol
H3
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/16.218.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://us-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:07 GMT
via
1.1 google
server
OXGW/16.218.0
vary
Accept
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:07 GMT
via
1.1 varnish
server
Varnish
x-timer
S1636386487.054821,VS0,VE0
x-served-by
cache-yul12822-YUL
x-cache
HIT
location
https://us-u.openx.net/w/1.0/sd?id=537148856&val=YYlGtQADCzBZAQAz
cache-control
no-cache
accept-ranges
bytes
content-length
0
retry-after
0
x-cache-hits
0
26ec143f-1dca-e05a-e044-5cca56999753
pr-bh.ybp.yahoo.com/sync/openx/ Frame 6C63 		43 B
876 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pr-bh.ybp.yahoo.com/sync/openx/26ec143f-1dca-e05a-e044-5cca56999753?gdpr=0
Requested by
Host: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f18:4e9:5a01:90f9:19e1:7d5f:7568 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
ATS /
Resource Hash
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://us-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:07 GMT
referrer-policy
strict-origin-when-cross-origin
server
ATS
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security
max-age=31536000
content-type
image/gif
x-xss-protection
1; mode=block
content-length
43
x-content-type-options
nosniff
sd
us-u.openx.net/w/1.0/ Frame 6C63
Redirect Chain
  • https://match.adsrvr.org/track/cmf/openx?oxid=b22b727b-8d66-7213-d193-4a3fa9ce5a1a&gdpr=0
  • https://us-u.openx.net/w/1.0/sd?id=537072971&val=bef21cd7-0fed-4f87-bc0f-da97b65f7cb9&ttd_puid=b22b727b-8d66-7213-d193-4a3fa9ce5a1a
43 B
62 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://us-u.openx.net/w/1.0/sd?id=537072971&val=bef21cd7-0fed-4f87-bc0f-da97b65f7cb9&ttd_puid=b22b727b-8d66-7213-d193-4a3fa9ce5a1a
Requested by
Host: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0
Protocol
H3
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/16.218.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://us-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:07 GMT
via
1.1 google
server
OXGW/16.218.0
vary
Accept
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:07 GMT
x-aspnet-version
4.0.30319
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location
https://us-u.openx.net/w/1.0/sd?id=537072971&val=bef21cd7-0fed-4f87-bc0f-da97b65f7cb9&ttd_puid=b22b727b-8d66-7213-d193-4a3fa9ce5a1a
cache-control
private,no-cache, must-revalidate
content-type
text/html
content-length
293
pixel
cm.g.doubleclick.net/ Frame 6C63 		170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=OWU0NGExYjEtNDQxMS0yY2I3LWM0NzMtMTA4NjYzMmM5NDdh
Requested by
Host: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.65.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s71-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://us-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:07 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
sd
us-u.openx.net/w/1.0/ Frame 6C63
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc
  • https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEGqm2VVdeJoiFl1uZReuOcQ&google_cver=1
43 B
61 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEGqm2VVdeJoiFl1uZReuOcQ&google_cver=1
Requested by
Host: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0
Protocol
H3
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/16.218.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://us-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:07 GMT
via
1.1 google
server
OXGW/16.218.0
vary
Accept
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:07 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEGqm2VVdeJoiFl1uZReuOcQ&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
295
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
truncated
/ Frame B1D3 		213 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
46301d14c7c0a72aab269b32a3148a7b65b6cebda290d04c7ff0a3f0c194601d

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Content-Type
image/png
merge
ce.lijit.com/ Frame DFA0
Redirect Chain
  • https://ums.acuityplatform.com/tum?umid=27&uid=f184a978f0e8c2d1833e39ce&gdpr=0&gdpr_consent=
  • https://ce.lijit.com/merge?pid=66&3pid=620923216780
43 B
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ce.lijit.com/merge?pid=66&3pid=620923216780
Requested by
Host: ap.lijit.com
URL: https://ap.lijit.com/beacon?informer=13480300
Protocol
HTTP/1.1
Server
63.251.86.49 , United States, ASN10913 (INTERNAP-BLK, US),
Reverse DNS
Software
nginx / raptor
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ap.lijit.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:07 GMT
Server
nginx
X-Powered-By
raptor
P3P
CP="CUR ADM OUR NOR STA NID"
Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod
ad_ap1dca1
Content-Type
image/gif
Content-Length
43
Expires
Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

Access-Control-Allow-Origin
*
Content-Length
0
Location
https://ce.lijit.com/merge?pid=66&3pid=620923216780
merge
ce.lijit.com/ Frame DFA0
Redirect Chain
  • https://pixel-eu.rubiconproject.com/exchange/sync.php?p=sovrn-onscroll&gdpr=0&gdpr_consent=
  • https://ce.lijit.com/merge?pid=83&3pid=KVQU9H03-1P-5D30&gdpr=0
43 B
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ce.lijit.com/merge?pid=83&3pid=KVQU9H03-1P-5D30&gdpr=0
Requested by
Host: ap.lijit.com
URL: https://ap.lijit.com/beacon?informer=13480300
Protocol
HTTP/1.1
Server
63.251.86.49 , United States, ASN10913 (INTERNAP-BLK, US),
Reverse DNS
Software
nginx / raptor
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ap.lijit.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:07 GMT
Server
nginx
X-Powered-By
raptor
P3P
CP="CUR ADM OUR NOR STA NID"
Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod
ad_ap1dca1
Content-Type
image/gif
Content-Length
43
Expires
Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

Pragma
no-cache
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location
https://ce.lijit.com/merge?pid=83&3pid=KVQU9H03-1P-5D30&gdpr=0
Cache-Control
no-cache,no-store,must-revalidate
Content-Type
text/html
content-length
0
X-RPHost
0163a7456b0a5605e8b1fb1d4fba3e4d
Expires
0
merge
ce.lijit.com/ Frame DFA0
Redirect Chain
  • https://sync.mathtag.com/sync/img?mt_exid=17&mt_exuid=f184a978f0e8c2d1833e39ce&redirect=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D3%263pid%3D%5BUUID%5D&gdpr=0&gdpr_consent=
  • https://ce.lijit.com/merge?pid=3&3pid=47ba6189-46b6-4f00-a922-0724bc220c16&gdpr=0&gdpr_consent=
43 B
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ce.lijit.com/merge?pid=3&3pid=47ba6189-46b6-4f00-a922-0724bc220c16&gdpr=0&gdpr_consent=
Requested by
Host: ap.lijit.com
URL: https://ap.lijit.com/beacon?informer=13480300
Protocol
HTTP/1.1
Server
63.251.86.49 , United States, ASN10913 (INTERNAP-BLK, US),
Reverse DNS
Software
nginx / raptor
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ap.lijit.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:07 GMT
Server
nginx
X-Powered-By
raptor
P3P
CP="CUR ADM OUR NOR STA NID"
Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod
ad_ap1dca1
Content-Type
image/gif
Content-Length
43
Expires
Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

Date
Mon, 08 Nov 2021 15:48:07 GMT
Server
MT3 4067 88cc6bf master iad-pixel-x8 config:1.0.0
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location
https://ce.lijit.com/merge?pid=3&3pid=47ba6189-46b6-4f00-a922-0724bc220c16&gdpr=0&gdpr_consent=
Cache-Control
no-cache
Connection
keep-alive
Content-Type
image/gif
Keep-Alive
timeout=360
Content-Length
0
Expires
Mon, 08 Nov 2021 15:48:06 GMT
merge
ce.lijit.com/ Frame DFA0
Redirect Chain
  • https://bcp.crwdcntrl.net/5/c=5436/tp=SVRN/tpid=f184a978f0e8c2d1833e39ce/pv=y?https://ce.lijit.com%2Fmerge%3Fpid%3D5001%263pid%3D%24%7Bprofile_id%7D&gdpr=0&gdpr_consent=
  • https://ce.lijit.com/merge?pid=5001&3pid=5570d12073d005d655e3b9671c26cbf9&gdpr=0&gdpr_consent=
43 B
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ce.lijit.com/merge?pid=5001&3pid=5570d12073d005d655e3b9671c26cbf9&gdpr=0&gdpr_consent=
Requested by
Host: ap.lijit.com
URL: https://ap.lijit.com/beacon?informer=13480300
Protocol
HTTP/1.1
Server
63.251.86.49 , United States, ASN10913 (INTERNAP-BLK, US),
Reverse DNS
Software
nginx / raptor
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ap.lijit.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:07 GMT
Server
nginx
X-Powered-By
raptor
P3P
CP="CUR ADM OUR NOR STA NID"
Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod
ad_ap1dca1
Content-Type
image/gif
Content-Length
43
Expires
Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:07 GMT
server
Jetty(9.4.38.v20210224)
p3p
CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
location
https://ce.lijit.com/merge?pid=5001&3pid=5570d12073d005d655e3b9671c26cbf9&gdpr=0&gdpr_consent=
cache-control
no-cache
x-server
10.40.40.95
content-length
0
expires
0
merge
ce.lijit.com/ Frame DFA0
Redirect Chain
  • https://data.adsrvr.org/track/cmf/generic?ttd_pid=federatedmedia&gdpr=0&gdpr_consent=
  • https://ce.lijit.com/merge?pid=27&3pid=bef21cd7-0fed-4f87-bc0f-da97b65f7cb9&gdpr=0&gdpr_consent=
43 B
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ce.lijit.com/merge?pid=27&3pid=bef21cd7-0fed-4f87-bc0f-da97b65f7cb9&gdpr=0&gdpr_consent=
Requested by
Host: ap.lijit.com
URL: https://ap.lijit.com/beacon?informer=13480300
Protocol
HTTP/1.1
Server
63.251.86.49 , United States, ASN10913 (INTERNAP-BLK, US),
Reverse DNS
Software
nginx / raptor
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ap.lijit.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:07 GMT
Server
nginx
X-Powered-By
raptor
P3P
CP="CUR ADM OUR NOR STA NID"
Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod
ad_ap1dca1
Content-Type
image/gif
Content-Length
43
Expires
Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:07 GMT
x-aspnet-version
4.0.30319
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location
https://ce.lijit.com/merge?pid=27&3pid=bef21cd7-0fed-4f87-bc0f-da97b65f7cb9&gdpr=0&gdpr_consent=
cache-control
private,no-cache, must-revalidate
content-type
text/html
content-length
223
merge
ce.lijit.com/ Frame DFA0
Redirect Chain
  • https://bh.contextweb.com/bh/rtset?pid=558511&ev=1&rurl=https%3A%2F%2Fce.lijit.com/merge?pid=49&3pid=%%VGUID%%&gdpr=0&gdpr_consent=
  • https://ce.lijit.com/merge?pid=49&3pid=H8Pc5X87Q0ue&ev=1&pid=558511&gdpr_consent=&gdpr=0
43 B
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ce.lijit.com/merge?pid=49&3pid=H8Pc5X87Q0ue&ev=1&pid=558511&gdpr_consent=&gdpr=0
Requested by
Host: ap.lijit.com
URL: https://ap.lijit.com/beacon?informer=13480300
Protocol
HTTP/1.1
Server
63.251.86.49 , United States, ASN10913 (INTERNAP-BLK, US),
Reverse DNS
Software
nginx / raptor
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ap.lijit.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:07 GMT
Server
nginx
X-Powered-By
raptor
P3P
CP="CUR ADM OUR NOR STA NID"
Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod
ad_ap1dca1
Content-Type
image/gif
Content-Length
43
Expires
Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

strict-transport-security
max-age=15768000
server
Jetty(9.4.14.v20181114)
p3p
policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
content-language
en-CA
location
https://ce.lijit.com/merge?pid=49&3pid=H8Pc5X87Q0ue&ev=1&pid=558511&gdpr_consent=&gdpr=0
cache-control
private, max-age=0, no-cache, no-store
cw-server
bh-deployment-857fc6c844-vxjjb
expires
-1
merge
ce.lijit.com/ Frame DFA0
Redirect Chain
  • https://um.simpli.fi/lj_match?r=1636386486593&gdpr=0&gdpr_consent=
  • https://ce.lijit.com/merge?pid=2&3pid=961AF1076BCA42258C4489EC777AF824
43 B
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ce.lijit.com/merge?pid=2&3pid=961AF1076BCA42258C4489EC777AF824
Requested by
Host: ap.lijit.com
URL: https://ap.lijit.com/beacon?informer=13480300
Protocol
HTTP/1.1
Server
63.251.86.49 , United States, ASN10913 (INTERNAP-BLK, US),
Reverse DNS
Software
nginx / raptor
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ap.lijit.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:07 GMT
Server
nginx
X-Powered-By
raptor
P3P
CP="CUR ADM OUR NOR STA NID"
Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod
ad_ap1dca1
Content-Type
image/gif
Content-Length
43
Expires
Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

date
Mon, 08 Nov 2021 15:48:07 GMT
x-content-type-options
nosniff
server
nginx
location
https://ce.lijit.com/merge?pid=2&3pid=961AF1076BCA42258C4489EC777AF824
strict-transport-security
max-age=63072000; includeSubdomains; preload
access-control-allow-methods
GET, POST, OPTIONS
content-type
text/html
access-control-allow-origin
*
cache-control
no-cache
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length
138
expires
Sun, 07 Nov 2021 15:48:07 GMT
merge
ce.lijit.com/ Frame DFA0
Redirect Chain
  • https://pixel-sync.sitescout.com/dmp/pixelSync?nid=23&gdpr=0&gdpr_consent=
  • https://ce.lijit.com/merge?pid=16&3pid=c5a8c34f-a2af-431f-bc5a-09806d7b694f-618946b5-4341&gdpr=0&gdpr_consent=
43 B
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ce.lijit.com/merge?pid=16&3pid=c5a8c34f-a2af-431f-bc5a-09806d7b694f-618946b5-4341&gdpr=0&gdpr_consent=
Requested by
Host: ap.lijit.com
URL: https://ap.lijit.com/beacon?informer=13480300
Protocol
HTTP/1.1
Server
63.251.86.49 , United States, ASN10913 (INTERNAP-BLK, US),
Reverse DNS
Software
nginx / raptor
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ap.lijit.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:07 GMT
Server
nginx
X-Powered-By
raptor
P3P
CP="CUR ADM OUR NOR STA NID"
Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod
ad_ap1dca1
Content-Type
image/gif
Content-Length
43
Expires
Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:06 GMT
server
AC1.1
p3p
CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
location
https://ce.lijit.com/merge?pid=16&3pid=c5a8c34f-a2af-431f-bc5a-09806d7b694f-618946b5-4341&gdpr=0&gdpr_consent=
cache-control
max-age=0,no-cache,no-store
content-length
0
expires
Tue, 11 Oct 1977 12:34:56 GMT
merge
ce.lijit.com/ Frame DFA0
Redirect Chain
  • https://pixel-us-east.rubiconproject.com/exchange/sync.php?p=sovrn&gdpr=0&gdpr_consent=
  • https://ce.lijit.com/merge?pid=80&3pid=KVQU9H03-1P-5D30&gdpr=0
43 B
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ce.lijit.com/merge?pid=80&3pid=KVQU9H03-1P-5D30&gdpr=0
Requested by
Host: ap.lijit.com
URL: https://ap.lijit.com/beacon?informer=13480300
Protocol
HTTP/1.1
Server
63.251.86.49 , United States, ASN10913 (INTERNAP-BLK, US),
Reverse DNS
Software
nginx / raptor
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ap.lijit.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:07 GMT
Server
nginx
X-Powered-By
raptor
P3P
CP="CUR ADM OUR NOR STA NID"
Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod
ad_ap1dca1
Content-Type
image/gif
Content-Length
43
Expires
Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

Pragma
no-cache
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location
https://ce.lijit.com/merge?pid=80&3pid=KVQU9H03-1P-5D30&gdpr=0
Cache-Control
no-cache,no-store,must-revalidate
Content-Type
text/html
content-length
0
X-RPHost
e1bf03b8e0c0366715a8d9abd31b9f35
Expires
0
merge
ce.lijit.com/ Frame DFA0
Redirect Chain
  • https://match.prod.bidr.io/cookie-sync/svr?gdpr=0&gdpr_consent=
  • https://ce.lijit.com/merge?pid=85&3pid=AACqDk7DEo0AABkfKQPxKQ&gdpr=0
43 B
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ce.lijit.com/merge?pid=85&3pid=AACqDk7DEo0AABkfKQPxKQ&gdpr=0
Requested by
Host: ap.lijit.com
URL: https://ap.lijit.com/beacon?informer=13480300
Protocol
HTTP/1.1
Server
63.251.86.49 , United States, ASN10913 (INTERNAP-BLK, US),
Reverse DNS
Software
nginx / raptor
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ap.lijit.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:07 GMT
Server
nginx
X-Powered-By
raptor
P3P
CP="CUR ADM OUR NOR STA NID"
Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod
ad_ap1dca1
Content-Type
image/gif
Content-Length
43
Expires
Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

location
https://ce.lijit.com/merge?pid=85&3pid=AACqDk7DEo0AABkfKQPxKQ&gdpr=0
Date
Mon, 08 Nov 2021 15:48:07 GMT
Server
nginx
Connection
keep-alive
Content-Length
0
strict-transport-security
max-age=2592000; includeSubDomains
merge
ce.lijit.com/ Frame DFA0
Redirect Chain
  • https://creativecdn.com/cm-notify?pi=sovrn&gdpr=0&gdpr_consent=
  • https://creativecdn.com/cm-notify?pi=sovrn&gdpr=0&gdpr_consent=&tc=1
  • https://ce.lijit.com/merge?pid=86&3pid=tQ69bRhylMgWIwynDRVw&pi=sovrn&gdpr_consent=&gdpr=0&tc=1
43 B
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ce.lijit.com/merge?pid=86&3pid=tQ69bRhylMgWIwynDRVw&pi=sovrn&gdpr_consent=&gdpr=0&tc=1
Requested by
Host: ap.lijit.com
URL: https://ap.lijit.com/beacon?informer=13480300
Protocol
HTTP/1.1
Server
63.251.86.49 , United States, ASN10913 (INTERNAP-BLK, US),
Reverse DNS
Software
nginx / raptor
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ap.lijit.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:08 GMT
Server
nginx
X-Powered-By
raptor
P3P
CP="CUR ADM OUR NOR STA NID"
Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod
ad_ap1dca1
Content-Type
image/gif
Content-Length
43
Expires
Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

location
https://ce.lijit.com/merge?pid=86&3pid=tQ69bRhylMgWIwynDRVw&pi=sovrn&gdpr_consent=&gdpr=0&tc=1
pragma
no-cache
date
Mon, 08 Nov 2021 15:48:07 GMT, Mon, 08 Nov 2021 15:48:07 GMT
cache-control
no-cache, no-store, must-revalidate, private, max-age=0
content-length
0
expires
Thu, 01 Jan 1970 00:00:00 GMT
merge
ce.lijit.com/ Frame DFA0
Redirect Chain
  • https://x.bidswitch.net/sync?ssp=fmx&gdpr=0&gdpr_consent=
  • https://p.rfihub.com/cm?in=1&pub=20513&ssp=fmx
  • https://x.bidswitch.net/sync?dsp_id=119&user_id=978758875032371846&expires=30&ssp=fmx
  • https://ce.lijit.com/merge?pid=26&3pid=85c87065-7ef7-4b17-88e8-8c602c265f67
43 B
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ce.lijit.com/merge?pid=26&3pid=85c87065-7ef7-4b17-88e8-8c602c265f67
Requested by
Host: ap.lijit.com
URL: https://ap.lijit.com/beacon?informer=13480300
Protocol
HTTP/1.1
Server
63.251.86.49 , United States, ASN10913 (INTERNAP-BLK, US),
Reverse DNS
Software
nginx / raptor
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ap.lijit.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:08 GMT
Server
nginx
X-Powered-By
raptor
P3P
CP="CUR ADM OUR NOR STA NID"
Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod
ad_ap1dca1
Content-Type
image/gif
Content-Length
43
Expires
Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

Location
//ce.lijit.com/merge?pid=26&3pid=85c87065-7ef7-4b17-88e8-8c602c265f67
Date
Mon, 08 Nov 2021 15:48:07 GMT
Cache-Control
no-cache, no-store, must-revalidate
Server
nginx
Connection
keep-alive
Content-Length
0
epx.gif
px.owneriq.net/fr/ Frame DFA0
Redirect Chain
  • https://px.owneriq.net/eucm/p/sv?gdpr=0&gdpr_consent=
  • https://px.owneriq.net/fr/epx.gif
43 B
402 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.owneriq.net/fr/epx.gif
Requested by
Host: ap.lijit.com
URL: https://ap.lijit.com/beacon?informer=13480300
Protocol
HTTP/1.1
Server
23.46.249.89 Atlanta, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-46-249-89.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ap.lijit.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date
Mon, 08 Nov 2021 15:48:07 GMT
Server
Apache/2.2.15 (CentOS)
X-Powered-By
PHP/5.3.3
P3P
policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control
max-age=370331
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Fri, 12 Nov 2021 22:40:18 GMT

Redirect headers

Date
Mon, 08 Nov 2021 15:48:07 GMT
Server
Apache/2.2.15 (CentOS)
X-Powered-By
PHP/5.3.3
Vary
Accept-Encoding
P3P
policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Location
https://px.owneriq.net/fr/epx.gif
Cache-Control
max-age=12183
Connection
keep-alive
Content-Type
text/html
Content-Length
154
merge
ce.lijit.com/ Frame DFA0
Redirect Chain
  • https://secure.adnxs.com/getuid?https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D12%263pid%3D%24UID&gdpr=0&gdpr_consent=
  • https://ce.lijit.com/merge?pid=12&3pid=6624566760367890375&gdpr=0&gdpr_consent=
43 B
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ce.lijit.com/merge?pid=12&3pid=6624566760367890375&gdpr=0&gdpr_consent=
Requested by
Host: ap.lijit.com
URL: https://ap.lijit.com/beacon?informer=13480300
Protocol
HTTP/1.1
Server
63.251.86.49 , United States, ASN10913 (INTERNAP-BLK, US),
Reverse DNS
Software
nginx / raptor
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ap.lijit.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:07 GMT
Server
nginx
X-Powered-By
raptor
P3P
CP="CUR ADM OUR NOR STA NID"
Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod
ad_ap1dca1
Content-Type
image/gif
Content-Length
43
Expires
Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:07 GMT
X-Proxy-Origin
37.120.205.149; 37.120.205.149; 550.bm-nginx-loadbalancer.mgmt.nym2; adnxs.com
AN-X-Request-Uuid
1f09ecd6-63eb-45cf-b835-fef2031f0e0d
Server
nginx/1.17.9
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://ce.lijit.com/merge?pid=12&3pid=6624566760367890375&gdpr=0&gdpr_consent=
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
merge
ce.lijit.com/ Frame DFA0
Redirect Chain
  • https://aorta.clickagy.com/pixel.gif?ch=185&cm=f184a978f0e8c2d1833e39ce&redir=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D84%263pid%3D%7Bvisitor_id%7D&gdpr=0&gdpr_consent=
  • https://ce.lijit.com/merge?pid=84&3pid=c:78971647e6cca795f33714a1b8203b60
43 B
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ce.lijit.com/merge?pid=84&3pid=c:78971647e6cca795f33714a1b8203b60
Requested by
Host: ap.lijit.com
URL: https://ap.lijit.com/beacon?informer=13480300
Protocol
HTTP/1.1
Server
63.251.86.49 , United States, ASN10913 (INTERNAP-BLK, US),
Reverse DNS
Software
nginx / raptor
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ap.lijit.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:07 GMT
Server
nginx
X-Powered-By
raptor
P3P
CP="CUR ADM OUR NOR STA NID"
Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod
ad_ap1dca1
Content-Type
image/gif
Content-Length
43
Expires
Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

date
Mon, 8 Nov 2021 15:48:07 GMT
server
Aorta/20211029.2f91d75
access-control-allow-origin
access-control-max-age
31536000
access-control-allow-methods
POST, GET, OPTIONS
content-type
text/plain
Location
https://ce.lijit.com/merge?pid=84&3pid=c:78971647e6cca795f33714a1b8203b60
access-control-expose-headers
Set-Cookie
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
X-Aorta-Region
us-east-1
Connection
keep-alive
X-Aorta-Host
ip-10-42-19-142.ec2.internal
access-control-allow-headers
Origin,cache-control,content-type,man,messagetype,soapaction
Content-Length
0
merge
ce.lijit.com/ Frame DFA0
Redirect Chain
  • https://sync.1rx.io/usersync2/sovrn?gdpr=0&gdpr_consent=
  • https://ib.adnxs.com/getuid?https%3A%2F%2Fsync.1rx.io%2Fusersync3%2Fappnexus%2F2032%2F%24UID%3Fzcc%3D0%26sspret%3D1&rndcb=4115772403
  • https://sync.1rx.io/usersync3/appnexus/2032/6624566760367890375?zcc=0&sspret=1&rndcb=4115772403
  • https://sync.targeting.unrulymedia.com/csync/RX-af56c6db-498f-42fc-9369-e44a2dbc1924-005?redir=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D56%263pid%3DRX-af56c6db-498f-42fc-9369-e44a2dbc1924-005
  • https://ce.lijit.com/merge?pid=56&3pid=RX-af56c6db-498f-42fc-9369-e44a2dbc1924-005
43 B
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ce.lijit.com/merge?pid=56&3pid=RX-af56c6db-498f-42fc-9369-e44a2dbc1924-005
Requested by
Host: ap.lijit.com
URL: https://ap.lijit.com/beacon?informer=13480300
Protocol
HTTP/1.1
Server
63.251.86.49 , United States, ASN10913 (INTERNAP-BLK, US),
Reverse DNS
Software
nginx / raptor
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ap.lijit.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:09 GMT
Server
nginx
X-Powered-By
raptor
P3P
CP="CUR ADM OUR NOR STA NID"
Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod
ad_ap1dca1
Content-Type
image/gif
Content-Length
43
Expires
Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

Date
Mon, 08 Nov 2021 15:48:08 GMT
Server
Tengine
ETag
RXaf56c6db498f42fc9369e44a2dbc1924005
Transfer-Encoding
chunked
P3P
CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
Location
https://ce.lijit.com/merge?pid=56&3pid=RX-af56c6db-498f-42fc-9369-e44a2dbc1924-005
Connection
keep-alive
Content-Type
text/html
merge
ce.lijit.com/ Frame DFA0
Redirect Chain
  • https://rtb.mfadsrvr.com/sync?ssp=sovrn&gdpr=0&gdpr_consent=
  • https://ce.lijit.com/merge?pid=87&3pid=26295e74-e49e-4fdb-bc3c-d6eea2adfd9f
43 B
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ce.lijit.com/merge?pid=87&3pid=26295e74-e49e-4fdb-bc3c-d6eea2adfd9f
Requested by
Host: ap.lijit.com
URL: https://ap.lijit.com/beacon?informer=13480300
Protocol
HTTP/1.1
Server
63.251.86.49 , United States, ASN10913 (INTERNAP-BLK, US),
Reverse DNS
Software
nginx / raptor
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ap.lijit.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:07 GMT
Server
nginx
X-Powered-By
raptor
P3P
CP="CUR ADM OUR NOR STA NID"
Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod
ad_ap1dca1
Content-Type
image/gif
Content-Length
43
Expires
Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

location
//ce.lijit.com/merge?pid=87&3pid=26295e74-e49e-4fdb-bc3c-d6eea2adfd9f
date
Mon, 08 Nov 2021 15:48:07 GMT
cache-control
no-cache, no-store, must-revalidate
alt-svc
clear
content-length
0
via
1.1 google
ae12848777b41970a5f2
s.amazon-adsystem.com/x/ Frame DFA0 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.amazon-adsystem.com/x/ae12848777b41970a5f2?gdpr=0&gdpr_consent=
Requested by
Host: ap.lijit.com
URL: https://ap.lijit.com/beacon?informer=13480300
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
209.54.176.128 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ap.lijit.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers
merge
ce.lijit.com/ Frame DFA0
Redirect Chain
  • https://pixel.quantserve.com/pixel/p-CXt61zNBpKUt1.gif?idmatch=0&gdpr=0&gdpr_consent=
  • https://ce.lijit.com/merge?pid=43&gdpr=0&gdpr_consent=&us_privacy=&3pid=rqv37KysreO1rv3trPni5Kij-Oe1qPjkr6scz64_
43 B
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ce.lijit.com/merge?pid=43&gdpr=0&gdpr_consent=&us_privacy=&3pid=rqv37KysreO1rv3trPni5Kij-Oe1qPjkr6scz64_
Requested by
Host: ap.lijit.com
URL: https://ap.lijit.com/beacon?informer=13480300
Protocol
HTTP/1.1
Server
63.251.86.49 , United States, ASN10913 (INTERNAP-BLK, US),
Reverse DNS
Software
nginx / raptor
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ap.lijit.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:07 GMT
Server
nginx
X-Powered-By
raptor
P3P
CP="CUR ADM OUR NOR STA NID"
Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod
ad_ap1dca1
Content-Type
image/gif
Content-Length
43
Expires
Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

location
https://ce.lijit.com/merge?pid=43&gdpr=0&gdpr_consent=&us_privacy=&3pid=rqv37KysreO1rv3trPni5Kij-Oe1qPjkr6scz64_
pragma
no-cache
date
Mon, 08 Nov 2021 15:48:07 GMT
cache-control
private, no-cache, no-store, proxy-revalidate
content-length
0
strict-transport-security
max-age=86400
expires
Fri, 04 Aug 1978 12:00:00 GMT
reporting
ap.lijit.com/dsp/google/ Frame DFA0
Redirect Chain
  • https://ap.lijit.com/dsp/google/cookiematch/beacon?gdpr=0&gdpr_consent=
  • https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_hm=ZjE4NGE5NzhmMGU4YzJkMTgzM2UzOWNl&gdpr=0
  • https://ap.lijit.com/dsp/google/reporting?gdpr=0
43 B
552 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ap.lijit.com/dsp/google/reporting?gdpr=0
Requested by
Host: ap.lijit.com
URL: https://ap.lijit.com/beacon?informer=13480300
Protocol
HTTP/1.1
Server
69.175.41.32 Downers Grove, United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
sovrn-193627-chi03-placeholder
Software
/
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ap.lijit.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:08 GMT
Access-Control-Allow-Methods
GET, POST, DELETE, PUT
P3P
CP="CUR ADM OUR NOR STA NID"
Access-Control-Allow-Origin
*
Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
Access-Control-Allow-Credentials
true
X-Sovrn-Pod
ad_ap3ord1
Content-Type
image/gif
Access-Control-Allow-Headers
X-Requested-With, Content-Type
Content-Length
43
Expires
Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:07 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://ap.lijit.com/dsp/google/reporting?gdpr=0
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
245
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
merge
ce.lijit.com/ Frame DFA0
Redirect Chain
  • https://jadserve.postrelease.com/suid/101957?ntv_r=https://ce.lijit.com/merge?pid=90&3pid=NTV_USER_ID&gdpr=0&gdpr_consent=
  • https://ce.lijit.com/merge?pid=90&3pid=789d06c7-a154-4038-be75-24adf78e8e7e&gdpr=0&gdpr_consent=
43 B
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ce.lijit.com/merge?pid=90&3pid=789d06c7-a154-4038-be75-24adf78e8e7e&gdpr=0&gdpr_consent=
Requested by
Host: ap.lijit.com
URL: https://ap.lijit.com/beacon?informer=13480300
Protocol
HTTP/1.1
Server
63.251.86.49 , United States, ASN10913 (INTERNAP-BLK, US),
Reverse DNS
Software
nginx / raptor
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ap.lijit.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:07 GMT
Server
nginx
X-Powered-By
raptor
P3P
CP="CUR ADM OUR NOR STA NID"
Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod
ad_ap1dca1
Content-Type
image/gif
Content-Length
43
Expires
Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:07 GMT
server
nginx/1.12.1
location
https://ce.lijit.com/merge?pid=90&3pid=789d06c7-a154-4038-be75-24adf78e8e7e&gdpr=0&gdpr_consent=
p3p
CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-length
0
expires
Mon, 1 Jan 1990 12:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame DFA0
Redirect Chain
  • https://ap.lijit.com/dsp/google/cookiematch/dv?gdpr=0&gdpr_consent=
  • https://cm.g.doubleclick.net/pixel?google_nid=lijit_dbm&google_hm=ZjE4NGE5NzhmMGU4YzJkMTgzM2UzOWNl&gdpr=0
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=lijit_dbm&google_hm=ZjE4NGE5NzhmMGU4YzJkMTgzM2UzOWNl&gdpr=0
Requested by
Host: ap.lijit.com
URL: https://ap.lijit.com/beacon?informer=13480300
Protocol
H3
Server
142.250.65.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s71-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ap.lijit.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:08 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date
Mon, 08 Nov 2021 15:48:07 GMT
Access-Control-Allow-Origin
*
Access-Control-Allow-Methods
GET, POST, DELETE, PUT
Location
https://cm.g.doubleclick.net/pixel?google_nid=lijit_dbm&google_hm=ZjE4NGE5NzhmMGU4YzJkMTgzM2UzOWNl&gdpr=0
Access-Control-Allow-Credentials
true
Connection
close
X-Sovrn-Pod
ad_ap3ord1
Access-Control-Allow-Headers
X-Requested-With, Content-Type
cksync.php
contextual.media.net/ Frame DFA0 		45 B
455 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://contextual.media.net/cksync.php?cs=3&type=sov&ovsid=f184a978f0e8c2d1833e39ce&redirect=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D1023%263pid%3D%24%7BUSER%7D&gdpr=0&gdpr_consent=
Requested by
Host: ap.lijit.com
URL: https://ap.lijit.com/beacon?informer=13480300
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.205.72.10 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-205-72-10.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
832f63f4187160c195b04f1911c2e623a75e805f4b23abb9b0bea214b4283a43
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ap.lijit.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=604800
server
Apache
date
Mon, 08 Nov 2021 15:48:07 GMT
p3p
CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
cache-control
max-age=0, no-cache, no-store
content-type
image/gif
content-length
45
x-mnet-hl2
E
expires
Mon, 08 Nov 2021 15:48:07 GMT
merge
ce.lijit.com/ Frame DFA0
Redirect Chain
  • https://p.rfihub.com/cm?in=1&pub=1827&gdpr=0&gdpr_consent=
  • https://ce.lijit.com/merge?pid=10&3pid=978758875032371846
43 B
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ce.lijit.com/merge?pid=10&3pid=978758875032371846
Requested by
Host: ap.lijit.com
URL: https://ap.lijit.com/beacon?informer=13480300
Protocol
HTTP/1.1
Server
63.251.86.49 , United States, ASN10913 (INTERNAP-BLK, US),
Reverse DNS
Software
nginx / raptor
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ap.lijit.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:07 GMT
Server
nginx
X-Powered-By
raptor
P3P
CP="CUR ADM OUR NOR STA NID"
Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod
ad_ap1dca1
Content-Type
image/gif
Content-Length
43
Expires
Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

Location
https://ce.lijit.com/merge?pid=10&3pid=978758875032371846
Date
Mon, 08 Nov 2021 15:48:07 GMT
Server
Jetty(9.3.29.v20201019)
Content-Length
0
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
merge
ce.lijit.com/ Frame 7BF8
Redirect Chain
  • https://sync.1rx.io/usersync2/sovrn?gdpr=0&gdpr_consent=
  • https://pixel-sync.sitescout.com/dmp/pixelSync?nid=110&redir=https%3A%2F%2Fsync.1rx.io%2Fusersync3%2Fcentro%2F2032%2F%7BuserId%7D%3Fzcc%3D0%26sspret%3D1&rndcb=1379673608
  • https://sync.1rx.io/usersync3/centro/2032/c5a8c34f-a2af-431f-bc5a-09806d7b694f-618946b5-4341?zcc=0&sspret=1&rndcb=1379673608
  • https://sync.targeting.unrulymedia.com/csync/RX-af56c6db-498f-42fc-9369-e44a2dbc1924-005?redir=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D56%263pid%3DRX-af56c6db-498f-42fc-9369-e44a2dbc1924-005
  • https://ce.lijit.com/merge?pid=56&3pid=RX-af56c6db-498f-42fc-9369-e44a2dbc1924-005
43 B
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ce.lijit.com/merge?pid=56&3pid=RX-af56c6db-498f-42fc-9369-e44a2dbc1924-005
Requested by
Host: ap.lijit.com
URL: https://ap.lijit.com/beacon?informer=13480300
Protocol
HTTP/1.1
Server
63.251.86.49 , United States, ASN10913 (INTERNAP-BLK, US),
Reverse DNS
Software
nginx / raptor
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ap.lijit.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:08 GMT
Server
nginx
X-Powered-By
raptor
P3P
CP="CUR ADM OUR NOR STA NID"
Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod
ad_ap1dca1
Content-Type
image/gif
Content-Length
43
Expires
Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

Date
Mon, 08 Nov 2021 15:48:08 GMT
Server
Tengine
ETag
RXaf56c6db498f42fc9369e44a2dbc1924005
Transfer-Encoding
chunked
P3P
CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
Location
https://ce.lijit.com/merge?pid=56&3pid=RX-af56c6db-498f-42fc-9369-e44a2dbc1924-005
Connection
keep-alive
Content-Type
text/html
merge
ce.lijit.com/ Frame 7BF8
Redirect Chain
  • https://pixel-sync.sitescout.com/dmp/pixelSync?nid=23&gdpr=0&gdpr_consent=
  • https://ce.lijit.com/merge?pid=16&3pid=c5a8c34f-a2af-431f-bc5a-09806d7b694f-618946b5-4341&gdpr=0&gdpr_consent=
43 B
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ce.lijit.com/merge?pid=16&3pid=c5a8c34f-a2af-431f-bc5a-09806d7b694f-618946b5-4341&gdpr=0&gdpr_consent=
Requested by
Host: ap.lijit.com
URL: https://ap.lijit.com/beacon?informer=13480300
Protocol
HTTP/1.1
Server
63.251.86.49 , United States, ASN10913 (INTERNAP-BLK, US),
Reverse DNS
Software
nginx / raptor
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ap.lijit.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:07 GMT
Server
nginx
X-Powered-By
raptor
P3P
CP="CUR ADM OUR NOR STA NID"
Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod
ad_ap1dca1
Content-Type
image/gif
Content-Length
43
Expires
Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:06 GMT
server
AC1.1
p3p
CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
location
https://ce.lijit.com/merge?pid=16&3pid=c5a8c34f-a2af-431f-bc5a-09806d7b694f-618946b5-4341&gdpr=0&gdpr_consent=
cache-control
max-age=0,no-cache,no-store
content-length
0
expires
Tue, 11 Oct 1977 12:34:56 GMT
reporting
ap.lijit.com/dsp/google/ Frame 7BF8
Redirect Chain
  • https://ap.lijit.com/dsp/google/cookiematch/beacon?gdpr=0&gdpr_consent=
  • https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_hm=ZjE4NGE5NzhmMGU4YzJkMTgzM2UzOWNl&gdpr=0
  • https://ap.lijit.com/dsp/google/reporting?gdpr=0
43 B
552 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ap.lijit.com/dsp/google/reporting?gdpr=0
Requested by
Host: ap.lijit.com
URL: https://ap.lijit.com/beacon?informer=13480300
Protocol
HTTP/1.1
Server
69.175.41.32 Downers Grove, United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
sovrn-193627-chi03-placeholder
Software
/
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ap.lijit.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:07 GMT
Access-Control-Allow-Methods
GET, POST, DELETE, PUT
P3P
CP="CUR ADM OUR NOR STA NID"
Access-Control-Allow-Origin
*
Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
Access-Control-Allow-Credentials
true
X-Sovrn-Pod
ad_ap3ord1
Content-Type
image/gif
Access-Control-Allow-Headers
X-Requested-With, Content-Type
Content-Length
43
Expires
Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:07 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://ap.lijit.com/dsp/google/reporting?gdpr=0
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
245
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
merge
ce.lijit.com/ Frame 7BF8
Redirect Chain
  • https://p.rfihub.com/cm?in=1&pub=1827&gdpr=0&gdpr_consent=
  • https://ce.lijit.com/merge?pid=10&3pid=978758875032371846
43 B
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ce.lijit.com/merge?pid=10&3pid=978758875032371846
Requested by
Host: ap.lijit.com
URL: https://ap.lijit.com/beacon?informer=13480300
Protocol
HTTP/1.1
Server
63.251.86.49 , United States, ASN10913 (INTERNAP-BLK, US),
Reverse DNS
Software
nginx / raptor
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ap.lijit.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:07 GMT
Server
nginx
X-Powered-By
raptor
P3P
CP="CUR ADM OUR NOR STA NID"
Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod
ad_ap1dca1
Content-Type
image/gif
Content-Length
43
Expires
Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

Location
https://ce.lijit.com/merge?pid=10&3pid=978758875032371846
Date
Mon, 08 Nov 2021 15:48:07 GMT
Server
Jetty(9.3.29.v20201019)
Content-Length
0
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
merge
ce.lijit.com/ Frame 7BF8
Redirect Chain
  • https://um.simpli.fi/lj_match?r=1636386486588&gdpr=0&gdpr_consent=
  • https://ce.lijit.com/merge?pid=2&3pid=961AF1076BCA42258C4489EC777AF824
43 B
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ce.lijit.com/merge?pid=2&3pid=961AF1076BCA42258C4489EC777AF824
Requested by
Host: ap.lijit.com
URL: https://ap.lijit.com/beacon?informer=13480300
Protocol
HTTP/1.1
Server
63.251.86.49 , United States, ASN10913 (INTERNAP-BLK, US),
Reverse DNS
Software
nginx / raptor
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ap.lijit.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:07 GMT
Server
nginx
X-Powered-By
raptor
P3P
CP="CUR ADM OUR NOR STA NID"
Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod
ad_ap1dca1
Content-Type
image/gif
Content-Length
43
Expires
Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

date
Mon, 08 Nov 2021 15:48:07 GMT
x-content-type-options
nosniff
server
nginx
location
https://ce.lijit.com/merge?pid=2&3pid=961AF1076BCA42258C4489EC777AF824
strict-transport-security
max-age=63072000; includeSubdomains; preload
access-control-allow-methods
GET, POST, OPTIONS
content-type
text/html
access-control-allow-origin
*
cache-control
no-cache
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length
138
expires
Sun, 07 Nov 2021 15:48:07 GMT
cksync.php
contextual.media.net/ Frame 7BF8 		45 B
455 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://contextual.media.net/cksync.php?cs=3&type=sov&ovsid=f184a978f0e8c2d1833e39ce&redirect=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D1023%263pid%3D%24%7BUSER%7D&gdpr=0&gdpr_consent=
Requested by
Host: ap.lijit.com
URL: https://ap.lijit.com/beacon?informer=13480300
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.205.72.10 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-205-72-10.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
832f63f4187160c195b04f1911c2e623a75e805f4b23abb9b0bea214b4283a43
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ap.lijit.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=604800
server
Apache
date
Mon, 08 Nov 2021 15:48:07 GMT
p3p
CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
cache-control
max-age=0, no-cache, no-store
content-type
image/gif
content-length
45
x-mnet-hl2
E
expires
Mon, 08 Nov 2021 15:48:07 GMT
epx.gif
px.owneriq.net/fr/ Frame 7BF8
Redirect Chain
  • https://px.owneriq.net/eucm/p/sv?gdpr=0&gdpr_consent=
  • https://px.owneriq.net/fr/epx.gif
43 B
402 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.owneriq.net/fr/epx.gif
Requested by
Host: ap.lijit.com
URL: https://ap.lijit.com/beacon?informer=13480300
Protocol
HTTP/1.1
Server
23.46.249.89 Atlanta, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-46-249-89.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ap.lijit.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date
Mon, 08 Nov 2021 15:48:07 GMT
Server
Apache/2.2.15 (CentOS)
X-Powered-By
PHP/5.3.3
P3P
policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control
max-age=370331
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Fri, 12 Nov 2021 22:40:18 GMT

Redirect headers

Date
Mon, 08 Nov 2021 15:48:07 GMT
Server
Apache/2.2.15 (CentOS)
X-Powered-By
PHP/5.3.3
Vary
Accept-Encoding
P3P
policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Location
https://px.owneriq.net/fr/epx.gif
Cache-Control
max-age=12183
Connection
keep-alive
Content-Type
text/html
Content-Length
154
merge
ce.lijit.com/ Frame 7BF8
Redirect Chain
  • https://pixel-us-east.rubiconproject.com/exchange/sync.php?p=sovrn&gdpr=0&gdpr_consent=
  • https://ce.lijit.com/merge?pid=80&3pid=KVQU9H03-1P-5D30&gdpr=0
43 B
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ce.lijit.com/merge?pid=80&3pid=KVQU9H03-1P-5D30&gdpr=0
Requested by
Host: ap.lijit.com
URL: https://ap.lijit.com/beacon?informer=13480300
Protocol
HTTP/1.1
Server
63.251.86.49 , United States, ASN10913 (INTERNAP-BLK, US),
Reverse DNS
Software
nginx / raptor
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ap.lijit.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:07 GMT
Server
nginx
X-Powered-By
raptor
P3P
CP="CUR ADM OUR NOR STA NID"
Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod
ad_ap1dca1
Content-Type
image/gif
Content-Length
43
Expires
Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

Pragma
no-cache
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location
https://ce.lijit.com/merge?pid=80&3pid=KVQU9H03-1P-5D30&gdpr=0
Cache-Control
no-cache,no-store,must-revalidate
Content-Type
text/html
content-length
0
X-RPHost
e1bf03b8e0c0366715a8d9abd31b9f35
Expires
0
merge
ce.lijit.com/ Frame 7BF8
Redirect Chain
  • https://bcp.crwdcntrl.net/5/c=5436/tp=SVRN/tpid=f184a978f0e8c2d1833e39ce/pv=y?https://ce.lijit.com%2Fmerge%3Fpid%3D5001%263pid%3D%24%7Bprofile_id%7D&gdpr=0&gdpr_consent=
  • https://ce.lijit.com/merge?pid=5001&3pid=5570d12073d005d655e3b9671c26cbf9&gdpr=0&gdpr_consent=
43 B
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ce.lijit.com/merge?pid=5001&3pid=5570d12073d005d655e3b9671c26cbf9&gdpr=0&gdpr_consent=
Requested by
Host: ap.lijit.com
URL: https://ap.lijit.com/beacon?informer=13480300
Protocol
HTTP/1.1
Server
63.251.86.49 , United States, ASN10913 (INTERNAP-BLK, US),
Reverse DNS
Software
nginx / raptor
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ap.lijit.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:07 GMT
Server
nginx
X-Powered-By
raptor
P3P
CP="CUR ADM OUR NOR STA NID"
Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod
ad_ap1dca1
Content-Type
image/gif
Content-Length
43
Expires
Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:07 GMT
server
Jetty(9.4.38.v20210224)
p3p
CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
location
https://ce.lijit.com/merge?pid=5001&3pid=5570d12073d005d655e3b9671c26cbf9&gdpr=0&gdpr_consent=
cache-control
no-cache
x-server
10.40.33.143
content-length
0
expires
0
merge
ce.lijit.com/ Frame 7BF8
Redirect Chain
  • https://aorta.clickagy.com/pixel.gif?ch=185&cm=f184a978f0e8c2d1833e39ce&redir=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D84%263pid%3D%7Bvisitor_id%7D&gdpr=0&gdpr_consent=
  • https://ce.lijit.com/merge?pid=84&3pid=c:78971647e6cca795f33714a1b8203b60
43 B
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ce.lijit.com/merge?pid=84&3pid=c:78971647e6cca795f33714a1b8203b60
Requested by
Host: ap.lijit.com
URL: https://ap.lijit.com/beacon?informer=13480300
Protocol
HTTP/1.1
Server
63.251.86.49 , United States, ASN10913 (INTERNAP-BLK, US),
Reverse DNS
Software
nginx / raptor
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ap.lijit.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:07 GMT
Server
nginx
X-Powered-By
raptor
P3P
CP="CUR ADM OUR NOR STA NID"
Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod
ad_ap1dca1
Content-Type
image/gif
Content-Length
43
Expires
Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

date
Mon, 8 Nov 2021 15:48:07 GMT
server
Aorta/20211029.2f91d75
access-control-allow-origin
access-control-max-age
31536000
access-control-allow-methods
POST, GET, OPTIONS
content-type
text/plain
Location
https://ce.lijit.com/merge?pid=84&3pid=c:78971647e6cca795f33714a1b8203b60
access-control-expose-headers
Set-Cookie
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
X-Aorta-Region
us-east-1
Connection
keep-alive
X-Aorta-Host
ip-10-42-18-198.ec2.internal
access-control-allow-headers
Origin,cache-control,content-type,man,messagetype,soapaction
Content-Length
0
merge
ce.lijit.com/ Frame 7BF8
Redirect Chain
  • https://rtb.mfadsrvr.com/sync?ssp=sovrn&gdpr=0&gdpr_consent=
  • https://ce.lijit.com/merge?pid=87&3pid=26295e74-e49e-4fdb-bc3c-d6eea2adfd9f
43 B
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ce.lijit.com/merge?pid=87&3pid=26295e74-e49e-4fdb-bc3c-d6eea2adfd9f
Requested by
Host: ap.lijit.com
URL: https://ap.lijit.com/beacon?informer=13480300
Protocol
HTTP/1.1
Server
63.251.86.49 , United States, ASN10913 (INTERNAP-BLK, US),
Reverse DNS
Software
nginx / raptor
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ap.lijit.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:07 GMT
Server
nginx
X-Powered-By
raptor
P3P
CP="CUR ADM OUR NOR STA NID"
Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod
ad_ap1dca1
Content-Type
image/gif
Content-Length
43
Expires
Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

location
//ce.lijit.com/merge?pid=87&3pid=26295e74-e49e-4fdb-bc3c-d6eea2adfd9f
date
Mon, 08 Nov 2021 15:48:07 GMT
cache-control
no-cache, no-store, must-revalidate
alt-svc
clear
content-length
0
via
1.1 google
merge
ce.lijit.com/ Frame 7BF8
Redirect Chain
  • https://sync.mathtag.com/sync/img?mt_exid=17&mt_exuid=f184a978f0e8c2d1833e39ce&redirect=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D3%263pid%3D%5BUUID%5D&gdpr=0&gdpr_consent=
  • https://ce.lijit.com/merge?pid=3&3pid=47ba6189-46b6-4f00-a922-0724bc220c16&gdpr=0&gdpr_consent=
43 B
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ce.lijit.com/merge?pid=3&3pid=47ba6189-46b6-4f00-a922-0724bc220c16&gdpr=0&gdpr_consent=
Requested by
Host: ap.lijit.com
URL: https://ap.lijit.com/beacon?informer=13480300
Protocol
HTTP/1.1
Server
63.251.86.49 , United States, ASN10913 (INTERNAP-BLK, US),
Reverse DNS
Software
nginx / raptor
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ap.lijit.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:07 GMT
Server
nginx
X-Powered-By
raptor
P3P
CP="CUR ADM OUR NOR STA NID"
Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod
ad_ap1dca1
Content-Type
image/gif
Content-Length
43
Expires
Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

Date
Mon, 08 Nov 2021 15:48:07 GMT
Server
MT3 4067 88cc6bf master iad-pixel-x31 config:1.0.0
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location
https://ce.lijit.com/merge?pid=3&3pid=47ba6189-46b6-4f00-a922-0724bc220c16&gdpr=0&gdpr_consent=
Cache-Control
no-cache
Connection
keep-alive
Content-Type
image/gif
Keep-Alive
timeout=360
Content-Length
0
Expires
Mon, 08 Nov 2021 15:48:06 GMT
merge
ce.lijit.com/ Frame 7BF8
Redirect Chain
  • https://match.prod.bidr.io/cookie-sync/svr?gdpr=0&gdpr_consent=
  • https://ce.lijit.com/merge?pid=85&3pid=AACqDk7DEo0AABkfKQPxKQ&gdpr=0
43 B
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ce.lijit.com/merge?pid=85&3pid=AACqDk7DEo0AABkfKQPxKQ&gdpr=0
Requested by
Host: ap.lijit.com
URL: https://ap.lijit.com/beacon?informer=13480300
Protocol
HTTP/1.1
Server
63.251.86.49 , United States, ASN10913 (INTERNAP-BLK, US),
Reverse DNS
Software
nginx / raptor
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ap.lijit.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:07 GMT
Server
nginx
X-Powered-By
raptor
P3P
CP="CUR ADM OUR NOR STA NID"
Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod
ad_ap1dca1
Content-Type
image/gif
Content-Length
43
Expires
Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

location
https://ce.lijit.com/merge?pid=85&3pid=AACqDk7DEo0AABkfKQPxKQ&gdpr=0
Date
Mon, 08 Nov 2021 15:48:07 GMT
Server
nginx
Connection
keep-alive
Content-Length
0
strict-transport-security
max-age=2592000; includeSubDomains
merge
ce.lijit.com/ Frame 7BF8
Redirect Chain
  • https://pixel-eu.rubiconproject.com/exchange/sync.php?p=sovrn-onscroll&gdpr=0&gdpr_consent=
  • https://ce.lijit.com/merge?pid=83&3pid=KVQU9H03-1P-5D30&gdpr=0
43 B
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ce.lijit.com/merge?pid=83&3pid=KVQU9H03-1P-5D30&gdpr=0
Requested by
Host: ap.lijit.com
URL: https://ap.lijit.com/beacon?informer=13480300
Protocol
HTTP/1.1
Server
63.251.86.49 , United States, ASN10913 (INTERNAP-BLK, US),
Reverse DNS
Software
nginx / raptor
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ap.lijit.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:08 GMT
Server
nginx
X-Powered-By
raptor
P3P
CP="CUR ADM OUR NOR STA NID"
Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod
ad_ap1dca1
Content-Type
image/gif
Content-Length
43
Expires
Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

Pragma
no-cache
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location
https://ce.lijit.com/merge?pid=83&3pid=KVQU9H03-1P-5D30&gdpr=0
Cache-Control
no-cache,no-store,must-revalidate
Content-Type
text/html
content-length
0
X-RPHost
0163a7456b0a5605e8b1fb1d4fba3e4d
Expires
0
merge
ce.lijit.com/ Frame 7BF8
Redirect Chain
  • https://data.adsrvr.org/track/cmf/generic?ttd_pid=federatedmedia&gdpr=0&gdpr_consent=
  • https://ce.lijit.com/merge?pid=27&3pid=bef21cd7-0fed-4f87-bc0f-da97b65f7cb9&gdpr=0&gdpr_consent=
43 B
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ce.lijit.com/merge?pid=27&3pid=bef21cd7-0fed-4f87-bc0f-da97b65f7cb9&gdpr=0&gdpr_consent=
Requested by
Host: ap.lijit.com
URL: https://ap.lijit.com/beacon?informer=13480300
Protocol
HTTP/1.1
Server
63.251.86.49 , United States, ASN10913 (INTERNAP-BLK, US),
Reverse DNS
Software
nginx / raptor
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ap.lijit.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:07 GMT
Server
nginx
X-Powered-By
raptor
P3P
CP="CUR ADM OUR NOR STA NID"
Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod
ad_ap1dca1
Content-Type
image/gif
Content-Length
43
Expires
Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:07 GMT
x-aspnet-version
4.0.30319
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location
https://ce.lijit.com/merge?pid=27&3pid=bef21cd7-0fed-4f87-bc0f-da97b65f7cb9&gdpr=0&gdpr_consent=
cache-control
private,no-cache, must-revalidate
content-type
text/html
content-length
223
merge
ce.lijit.com/ Frame 7BF8
Redirect Chain
  • https://ums.acuityplatform.com/tum?umid=27&uid=f184a978f0e8c2d1833e39ce&gdpr=0&gdpr_consent=
  • https://ce.lijit.com/merge?pid=66&3pid=620923216780
43 B
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ce.lijit.com/merge?pid=66&3pid=620923216780
Requested by
Host: ap.lijit.com
URL: https://ap.lijit.com/beacon?informer=13480300
Protocol
HTTP/1.1
Server
63.251.86.49 , United States, ASN10913 (INTERNAP-BLK, US),
Reverse DNS
Software
nginx / raptor
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ap.lijit.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:07 GMT
Server
nginx
X-Powered-By
raptor
P3P
CP="CUR ADM OUR NOR STA NID"
Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod
ad_ap1dca1
Content-Type
image/gif
Content-Length
43
Expires
Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

Access-Control-Allow-Origin
*
Content-Length
0
Location
https://ce.lijit.com/merge?pid=66&3pid=620923216780
merge
ce.lijit.com/ Frame 7BF8
Redirect Chain
  • https://creativecdn.com/cm-notify?pi=sovrn&gdpr=0&gdpr_consent=
  • https://ce.lijit.com/merge?pid=86&3pid=tQ69bRhylMgWIwynDRVw&pi=sovrn&gdpr_consent=&gdpr=0
43 B
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ce.lijit.com/merge?pid=86&3pid=tQ69bRhylMgWIwynDRVw&pi=sovrn&gdpr_consent=&gdpr=0
Requested by
Host: ap.lijit.com
URL: https://ap.lijit.com/beacon?informer=13480300
Protocol
HTTP/1.1
Server
63.251.86.49 , United States, ASN10913 (INTERNAP-BLK, US),
Reverse DNS
Software
nginx / raptor
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ap.lijit.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:07 GMT
Server
nginx
X-Powered-By
raptor
P3P
CP="CUR ADM OUR NOR STA NID"
Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod
ad_ap1dca1
Content-Type
image/gif
Content-Length
43
Expires
Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

location
https://ce.lijit.com/merge?pid=86&3pid=tQ69bRhylMgWIwynDRVw&pi=sovrn&gdpr_consent=&gdpr=0
pragma
no-cache
date
Mon, 08 Nov 2021 15:48:07 GMT, Mon, 08 Nov 2021 15:48:07 GMT
cache-control
no-cache, no-store, must-revalidate, private, max-age=0
content-length
0
expires
Thu, 01 Jan 1970 00:00:00 GMT
merge
ce.lijit.com/ Frame 7BF8
Redirect Chain
  • https://jadserve.postrelease.com/suid/101957?ntv_r=https://ce.lijit.com/merge?pid=90&3pid=NTV_USER_ID&gdpr=0&gdpr_consent=
  • https://ce.lijit.com/merge?pid=90&3pid=789d06c7-a154-4038-be75-24adf78e8e7e&gdpr=0&gdpr_consent=
43 B
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ce.lijit.com/merge?pid=90&3pid=789d06c7-a154-4038-be75-24adf78e8e7e&gdpr=0&gdpr_consent=
Requested by
Host: ap.lijit.com
URL: https://ap.lijit.com/beacon?informer=13480300
Protocol
HTTP/1.1
Server
63.251.86.49 , United States, ASN10913 (INTERNAP-BLK, US),
Reverse DNS
Software
nginx / raptor
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ap.lijit.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:07 GMT
Server
nginx
X-Powered-By
raptor
P3P
CP="CUR ADM OUR NOR STA NID"
Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod
ad_ap1dca1
Content-Type
image/gif
Content-Length
43
Expires
Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:07 GMT
server
nginx/1.12.1
location
https://ce.lijit.com/merge?pid=90&3pid=789d06c7-a154-4038-be75-24adf78e8e7e&gdpr=0&gdpr_consent=
p3p
CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-length
0
expires
Mon, 1 Jan 1990 12:00:00 GMT
ae12848777b41970a5f2
s.amazon-adsystem.com/x/ Frame 7BF8 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.amazon-adsystem.com/x/ae12848777b41970a5f2?gdpr=0&gdpr_consent=
Requested by
Host: ap.lijit.com
URL: https://ap.lijit.com/beacon?informer=13480300
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
209.54.176.128 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ap.lijit.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers
merge
ce.lijit.com/ Frame 7BF8
Redirect Chain
  • https://bh.contextweb.com/bh/rtset?pid=558511&ev=1&rurl=https%3A%2F%2Fce.lijit.com/merge?pid=49&3pid=%%VGUID%%&gdpr=0&gdpr_consent=
  • https://ce.lijit.com/merge?pid=49&3pid=H8Pc5X87Q0ue&ev=1&pid=558511&gdpr_consent=&gdpr=0
43 B
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ce.lijit.com/merge?pid=49&3pid=H8Pc5X87Q0ue&ev=1&pid=558511&gdpr_consent=&gdpr=0
Requested by
Host: ap.lijit.com
URL: https://ap.lijit.com/beacon?informer=13480300
Protocol
HTTP/1.1
Server
63.251.86.49 , United States, ASN10913 (INTERNAP-BLK, US),
Reverse DNS
Software
nginx / raptor
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ap.lijit.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:07 GMT
Server
nginx
X-Powered-By
raptor
P3P
CP="CUR ADM OUR NOR STA NID"
Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod
ad_ap1dca1
Content-Type
image/gif
Content-Length
43
Expires
Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

strict-transport-security
max-age=15768000
server
Jetty(9.4.14.v20181114)
p3p
policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
content-language
en-CA
location
https://ce.lijit.com/merge?pid=49&3pid=H8Pc5X87Q0ue&ev=1&pid=558511&gdpr_consent=&gdpr=0
cache-control
private, max-age=0, no-cache, no-store
cw-server
bh-deployment-857fc6c844-vxjjb
expires
-1
merge
ce.lijit.com/ Frame 7BF8
Redirect Chain
  • https://pixel.quantserve.com/pixel/p-CXt61zNBpKUt1.gif?idmatch=0&gdpr=0&gdpr_consent=
  • https://ce.lijit.com/merge?pid=43&gdpr=0&gdpr_consent=&us_privacy=&3pid=rqv37KysreO1rv3trPni5Kij-Oe1qPjkr6scz64_
43 B
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ce.lijit.com/merge?pid=43&gdpr=0&gdpr_consent=&us_privacy=&3pid=rqv37KysreO1rv3trPni5Kij-Oe1qPjkr6scz64_
Requested by
Host: ap.lijit.com
URL: https://ap.lijit.com/beacon?informer=13480300
Protocol
HTTP/1.1
Server
63.251.86.49 , United States, ASN10913 (INTERNAP-BLK, US),
Reverse DNS
Software
nginx / raptor
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ap.lijit.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:07 GMT
Server
nginx
X-Powered-By
raptor
P3P
CP="CUR ADM OUR NOR STA NID"
Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod
ad_ap1dca1
Content-Type
image/gif
Content-Length
43
Expires
Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

location
https://ce.lijit.com/merge?pid=43&gdpr=0&gdpr_consent=&us_privacy=&3pid=rqv37KysreO1rv3trPni5Kij-Oe1qPjkr6scz64_
pragma
no-cache
date
Mon, 08 Nov 2021 15:48:07 GMT
cache-control
private, no-cache, no-store, proxy-revalidate
content-length
0
strict-transport-security
max-age=86400
expires
Fri, 04 Aug 1978 12:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame 7BF8
Redirect Chain
  • https://ap.lijit.com/dsp/google/cookiematch/dv?gdpr=0&gdpr_consent=
  • https://cm.g.doubleclick.net/pixel?google_nid=lijit_dbm&google_hm=ZjE4NGE5NzhmMGU4YzJkMTgzM2UzOWNl&gdpr=0
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=lijit_dbm&google_hm=ZjE4NGE5NzhmMGU4YzJkMTgzM2UzOWNl&gdpr=0
Requested by
Host: ap.lijit.com
URL: https://ap.lijit.com/beacon?informer=13480300
Protocol
H3
Server
142.250.65.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s71-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ap.lijit.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:08 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date
Mon, 08 Nov 2021 15:48:07 GMT
Access-Control-Allow-Origin
*
Access-Control-Allow-Methods
GET, POST, DELETE, PUT
Location
https://cm.g.doubleclick.net/pixel?google_nid=lijit_dbm&google_hm=ZjE4NGE5NzhmMGU4YzJkMTgzM2UzOWNl&gdpr=0
Access-Control-Allow-Credentials
true
Connection
close
X-Sovrn-Pod
ad_ap3ord1
Access-Control-Allow-Headers
X-Requested-With, Content-Type
merge
ce.lijit.com/ Frame 7BF8
Redirect Chain
  • https://secure.adnxs.com/getuid?https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D12%263pid%3D%24UID&gdpr=0&gdpr_consent=
  • https://ce.lijit.com/merge?pid=12&3pid=6624566760367890375&gdpr=0&gdpr_consent=
43 B
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ce.lijit.com/merge?pid=12&3pid=6624566760367890375&gdpr=0&gdpr_consent=
Requested by
Host: ap.lijit.com
URL: https://ap.lijit.com/beacon?informer=13480300
Protocol
HTTP/1.1
Server
63.251.86.49 , United States, ASN10913 (INTERNAP-BLK, US),
Reverse DNS
Software
nginx / raptor
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ap.lijit.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:07 GMT
Server
nginx
X-Powered-By
raptor
P3P
CP="CUR ADM OUR NOR STA NID"
Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod
ad_ap1dca1
Content-Type
image/gif
Content-Length
43
Expires
Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:07 GMT
X-Proxy-Origin
37.120.205.149; 37.120.205.149; 550.bm-nginx-loadbalancer.mgmt.nym2; adnxs.com
AN-X-Request-Uuid
ee1bf28f-5838-40bc-9bde-ed186666c21c
Server
nginx/1.17.9
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://ce.lijit.com/merge?pid=12&3pid=6624566760367890375&gdpr=0&gdpr_consent=
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
merge
ce.lijit.com/ Frame 7BF8
Redirect Chain
  • https://x.bidswitch.net/sync?ssp=fmx&gdpr=0&gdpr_consent=
  • https://rtb.mfadsrvr.com/sync?ssp=bidswitch&bidswitch_ssp_id=fmx&bsw_user_id=85c87065-7ef7-4b17-88e8-8c602c265f67
  • https://x.bidswitch.net/sync?dsp_id=250&expires=14&user_id=26295e74-e49e-4fdb-bc3c-d6eea2adfd9f&ssp=fmx
  • https://ce.lijit.com/merge?pid=26&3pid=85c87065-7ef7-4b17-88e8-8c602c265f67
43 B
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ce.lijit.com/merge?pid=26&3pid=85c87065-7ef7-4b17-88e8-8c602c265f67
Requested by
Host: ap.lijit.com
URL: https://ap.lijit.com/beacon?informer=13480300
Protocol
HTTP/1.1
Server
63.251.86.49 , United States, ASN10913 (INTERNAP-BLK, US),
Reverse DNS
Software
nginx / raptor
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ap.lijit.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:09 GMT
Server
nginx
X-Powered-By
raptor
P3P
CP="CUR ADM OUR NOR STA NID"
Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod
ad_ap1dca1
Content-Type
image/gif
Content-Length
43
Expires
Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

Location
//ce.lijit.com/merge?pid=26&3pid=85c87065-7ef7-4b17-88e8-8c602c265f67
Date
Mon, 08 Nov 2021 15:48:08 GMT
Cache-Control
no-cache, no-store, must-revalidate
Server
nginx
Connection
keep-alive
Content-Length
0
usync.js
eus.rubiconproject.com/ Frame 89EC 		32 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.js
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.73.244.44 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-73-244-44.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash
4ac95c59a70b7c78d9dcfce05d1dcfd512e8f083d1525cf5d34ee3f57bf8e325

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://eus.rubiconproject.com/usync.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date
Mon, 08 Nov 2021 15:48:07 GMT
Content-Encoding
gzip
Last-Modified
Wed, 03 Nov 2021 21:03:19 GMT
Server
Apache/2.2.15 (CentOS)
X-Powered-By
PHP/5.3.3
Vary
Accept-Encoding
p3p
CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control
max-age=62569
Connection
keep-alive
Content-Type
text/html; charset=UTF-8
Content-Length
9506
Expires
Tue, 09 Nov 2021 09:10:56 GMT
0608867b
rtb.gumgum.com/usync/ Frame 73AC 		4 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=0&gdpr_consent=
Requested by
Host: ap.lijit.com
URL: https://ap.lijit.com/beacon?informer=13480300
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.233.157.225 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-233-157-225.compute-1.amazonaws.com
Software
nginx /
Resource Hash
5ac5028ea59d7c4d9f8a189149081deee7f2a4dd92c71df9001db0d3410f37eb

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://ap.lijit.com/

Response headers

date
Mon, 08 Nov 2021 15:48:07 GMT
content-type
text/html;charset=UTF-8
server
nginx
p3p
CP="This is not a P3P policy"
etag
W/"0a507e27e512d1bb4780633751003c63a"
timing-allow-origin
*
content-encoding
gzip
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame 719F 		14 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156212&predirect=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D71%263pid%3D&gdpr=1&gdpr_consent=ABCFETYFDJLNBFCV&gdpr=0&gdpr_consent=
Requested by
Host: ap.lijit.com
URL: https://ap.lijit.com/beacon?informer=13480300
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
184.29.128.213 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-29-128-213.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
2295c7a89c8ac4a19e2641283109be472d8f58bd78e42a38a0d16e34203e4bba

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://ap.lijit.com/

Response headers

last-modified
Tue, 15 Jun 2021 06:08:03 GMT
etag
"1300708-3945-5c4c7cc02bd56"
server
Apache/2.2.15 (CentOS)
accept-ranges
bytes
content-encoding
gzip
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length
5054
content-type
text/html; charset=UTF-8
cache-control
max-age=124972
expires
Wed, 10 Nov 2021 02:30:59 GMT
date
Mon, 08 Nov 2021 15:48:07 GMT
vary
Accept-Encoding
merge
ce.lijit.com/ Frame 92B1
Redirect Chain
  • https://d.turn.com/r/dd/id/L21rdC8xMjcvY2lkLzI4NTUyOTczL3QvMg/url/https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D1%263pid%3D%24!%7BTURN_UUID%7D&gdpr=0&gdpr_consent=
  • https://ce.lijit.com/merge?pid=1&3pid=3101355994236352031&gdpr=0&gdpr_consent=
43 B
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ce.lijit.com/merge?pid=1&3pid=3101355994236352031&gdpr=0&gdpr_consent=
Requested by
Host: ap.lijit.com
URL: https://ap.lijit.com/beacon?informer=13480300
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
63.251.86.49 , United States, ASN10913 (INTERNAP-BLK, US),
Reverse DNS
Software
nginx / raptor
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://ap.lijit.com/

Response headers

Server
nginx
Date
Mon, 08 Nov 2021 15:48:07 GMT
Content-Type
image/gif
Content-Length
43
Expires
Fri, 20 Mar 2009 00:00:00 GMT
Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
Pragma
no-cache
P3P
CP="CUR ADM OUR NOR STA NID"
X-Powered-By
raptor
X-Sovrn-Pod
ad_ap1dca1

Redirect headers

p3p
policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
cache-control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
pragma
no-cache
location
https://ce.lijit.com/merge?pid=1&3pid=3101355994236352031&gdpr=0&gdpr_consent=
content-length
0
date
Mon, 08 Nov 2021 15:48:06 GMT
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame 7AFC 		14 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=137711&s=137812&predirect=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D58%263pid%3D&gdpr=0&gdpr_consent=
Requested by
Host: ap.lijit.com
URL: https://ap.lijit.com/beacon?informer=13480300
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
184.29.128.213 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-29-128-213.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
2295c7a89c8ac4a19e2641283109be472d8f58bd78e42a38a0d16e34203e4bba

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://ap.lijit.com/

Response headers

last-modified
Tue, 15 Jun 2021 06:08:03 GMT
etag
"1300708-3945-5c4c7cc02bd56"
server
Apache/2.2.15 (CentOS)
accept-ranges
bytes
content-encoding
gzip
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length
5054
content-type
text/html; charset=UTF-8
cache-control
max-age=124972
expires
Wed, 10 Nov 2021 02:30:59 GMT
date
Mon, 08 Nov 2021 15:48:07 GMT
vary
Accept-Encoding
cm
us-u.openx.net/w/1.0/ Frame 50E5 		679 B
448 B 		Document
General
Check archive.org
Download Go to
Full URL
https://us-u.openx.net/w/1.0/cm?id=dc2068a3-fa3d-4b5f-8a61-3d5a1a58fc05&ph=21f03281-5b83-4670-a0e0-dc15f7542014&r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D76%263pid%3D%7BOPENX_ID%7D&gdpr=0&gdpr_consent=
Requested by
Host: ap.lijit.com
URL: https://ap.lijit.com/beacon?informer=13480300
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/16.218.0 /
Resource Hash
19951e5b020502f96f0d1eee9aa14624aac2beb7513ca2461b083f5f7b935712

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://ap.lijit.com/

Response headers

vary
Accept, Accept-Encoding
server
OXGW/16.218.0
p3p
CP="CUR ADM OUR NOR STA NID"
date
Mon, 08 Nov 2021 15:48:07 GMT
content-type
text/html
content-length
429
content-encoding
gzip
via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
ptmd
dt.clnmde.com/ 		70 B
330 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dt.clnmde.com/ptmd?t=16363864849763280910398_N4IgpghgNiBcDaBdANOCAHO8QGYDsAdAIwBMADAeQKzEAsAnCCiALYCeW8RyOJVy9HPxI5aJZH3okU8cb36DhVevQkAOBjJwC1ZZKV3JaRbQDZTOGbR16DevCIF5LzAO4BHLM3YAnL6gBjFgCAIzgQNSJTPDU1fCIQQJ8WTAQQKJwLNVNaDTx8qkyxNQB9FggASwA7EoTUDKycjRwcNUK8MloqMsqakkT0i0bcsS7TEgZWnuqSnAGG1qbaTPxTKnySaZraJlRoABcsPWPkMmYAZwB7OGsQCoA3OHEQc-2IfYBXc6wiNR5-7TaIj0ZgALwgcG4IHQAHNwo9UGAqo9YNCBjCABbhBbZEb0PAWEi6ehEMg4ehqAb7b6oohiClkPC0cZUKiU1D3GkgUwECi0YwDaBwbQgABmATgAFooWB9hVsUNFiMBq84bA9C8ANYKla4jQlSJSKhkUxkIlEgZgCqpXCEUgUah0RgcsB+VHoHyXAAmlo+ENgUI+8vViPuMAQoCqEBYYHCIQqXq9rpKCYGXve-tA8cTydTsCqHygUA5FRTPtpir1y1a7U6VBAAF8G8hI9HY6js0mfGW0xm4FmE12e-nC8WQPdS3nBrqlhMqONJpSmy2QFGY3HB7mfah029+yBO1u4AWiyXh9PhnkCkULcvW+uO5vu6md33YAOc8-yyexxPzzilhWAl1gcRsG2YdBOX8F4oFeHVLwYUxnRAKBRUhM8pwAkYgLWDYBgCL59nPNQAGEAFUqAAIQAEVMABRAB1dEJQDSsmjwKJnncdsoVFYMyAbIA
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.211.217.109 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-18-211-217-109.compute-1.amazonaws.com
Software
/ Express
Resource Hash
c414cd0e204de974f73753c7e28d7638e7b3691bb8b1a2bab6b25bb7fed7ce77

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

access-control-allow-origin
*
date
Mon, 08 Nov 2021 15:48:07 GMT
x-powered-by
Express
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Bafp-Eg, Bafp-Ec, Bafp-Eg-T, Bafp-Ec-T
access-control-max-age
1800
access-control-allow-methods
GET,PUT,POST,DELETE,OPTIONS
content-type
image/gif
cookie_push_onload.html
pagead2.googlesyndication.com/pagead/s/ Frame 717F 		1 KB
788 B 		Document
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=250&slotname=Internal_300x250_0.10&adk=1639670682&adf=1480696128&pi=t.ma~as.Internal_300x250_0._&w=300&lmt=1636386485&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F112825%2Fmalware%2Fgolang-based-worm-windows-linux.html&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1636386485746&bpp=5&bdt=180&idt=229&shv=r20211103&mjsv=m202111020101&ptt=5&saldr=sa&correlator=6653099393600&frm=21&ife=1&pv=1&ga_vid=826445048.1636386485&ga_sid=1636386486&ga_hid=1444845079&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=320&ady=2972&biw=1600&bih=1200&isw=300&ish=250&ifk=612157785&scr_x=0&scr_y=0&eid=31063374%2C31062930&oid=2&pvsid=530218145386761&pem=843&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C250&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.huopeqk60154&btvi=1&fsb=1&xpc=yFCYGbik1C&p=https%3A//securityaffairs.co&dtd=244
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81c::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://googleads.g.doubleclick.net/

Response headers

p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
vary
Accept-Encoding
date
Sun, 07 Nov 2021 21:56:09 GMT
expires
Mon, 08 Nov 2021 21:56:09 GMT
content-type
text/html; charset=UTF-8
etag
48472445140208031
x-content-type-options
nosniff
content-encoding
gzip
server
cafe
content-length
724
x-xss-protection
0
age
64318
cache-control
public, max-age=86400
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
truncated
/ Frame F442 		210 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
0472d47ef402f41ee0233f80f2ce3f457a22bc957ae69c92149a772d9d5510b0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Content-Type
image/png
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame 8A3A 		14 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=137711&s=137812&predirect=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D58%263pid%3D&gdpr=0&gdpr_consent=
Requested by
Host: ap.lijit.com
URL: https://ap.lijit.com/beacon?informer=13480300
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
184.29.128.213 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-29-128-213.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
2295c7a89c8ac4a19e2641283109be472d8f58bd78e42a38a0d16e34203e4bba

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://ap.lijit.com/

Response headers

last-modified
Tue, 15 Jun 2021 06:08:03 GMT
etag
"1300708-3945-5c4c7cc02bd56"
server
Apache/2.2.15 (CentOS)
accept-ranges
bytes
content-encoding
gzip
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length
5054
content-type
text/html; charset=UTF-8
cache-control
max-age=124972
expires
Wed, 10 Nov 2021 02:30:59 GMT
date
Mon, 08 Nov 2021 15:48:07 GMT
vary
Accept-Encoding
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame DFB2 		14 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156212&predirect=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D71%263pid%3D&gdpr=1&gdpr_consent=ABCFETYFDJLNBFCV&gdpr=0&gdpr_consent=
Requested by
Host: ap.lijit.com
URL: https://ap.lijit.com/beacon?informer=13480300
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
184.29.128.213 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-29-128-213.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
2295c7a89c8ac4a19e2641283109be472d8f58bd78e42a38a0d16e34203e4bba

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://ap.lijit.com/

Response headers

last-modified
Tue, 15 Jun 2021 06:08:03 GMT
etag
"1300708-3945-5c4c7cc02bd56"
server
Apache/2.2.15 (CentOS)
accept-ranges
bytes
content-encoding
gzip
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length
5054
content-type
text/html; charset=UTF-8
cache-control
max-age=124972
expires
Wed, 10 Nov 2021 02:30:59 GMT
date
Mon, 08 Nov 2021 15:48:07 GMT
vary
Accept-Encoding
0608867b
rtb.gumgum.com/usync/ Frame 657A 		4 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=0&gdpr_consent=
Requested by
Host: ap.lijit.com
URL: https://ap.lijit.com/beacon?informer=13480300
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.233.157.225 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-233-157-225.compute-1.amazonaws.com
Software
nginx /
Resource Hash
5ac5028ea59d7c4d9f8a189149081deee7f2a4dd92c71df9001db0d3410f37eb

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://ap.lijit.com/

Response headers

date
Mon, 08 Nov 2021 15:48:07 GMT
content-type
text/html;charset=UTF-8
server
nginx
p3p
CP="This is not a P3P policy"
etag
W/"0a507e27e512d1bb4780633751003c63a"
timing-allow-origin
*
content-encoding
gzip
merge
ce.lijit.com/ Frame 4104
Redirect Chain
  • https://d.turn.com/r/dd/id/L21rdC8xMjcvY2lkLzI4NTUyOTczL3QvMg/url/https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D1%263pid%3D%24!%7BTURN_UUID%7D&gdpr=0&gdpr_consent=
  • https://ce.lijit.com/merge?pid=1&3pid=3101355994236352031&gdpr=0&gdpr_consent=
43 B
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ce.lijit.com/merge?pid=1&3pid=3101355994236352031&gdpr=0&gdpr_consent=
Requested by
Host: ap.lijit.com
URL: https://ap.lijit.com/beacon?informer=13480300
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
63.251.86.49 , United States, ASN10913 (INTERNAP-BLK, US),
Reverse DNS
Software
nginx / raptor
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://ap.lijit.com/

Response headers

Server
nginx
Date
Mon, 08 Nov 2021 15:48:07 GMT
Content-Type
image/gif
Content-Length
43
Expires
Fri, 20 Mar 2009 00:00:00 GMT
Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
Pragma
no-cache
P3P
CP="CUR ADM OUR NOR STA NID"
X-Powered-By
raptor
X-Sovrn-Pod
ad_ap1dca1

Redirect headers

p3p
policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
cache-control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
pragma
no-cache
location
https://ce.lijit.com/merge?pid=1&3pid=3101355994236352031&gdpr=0&gdpr_consent=
content-length
0
date
Mon, 08 Nov 2021 15:48:06 GMT
cm
us-u.openx.net/w/1.0/ Frame D4C6 		648 B
433 B 		Document
General
Check archive.org
Download Go to
Full URL
https://us-u.openx.net/w/1.0/cm?id=dc2068a3-fa3d-4b5f-8a61-3d5a1a58fc05&ph=21f03281-5b83-4670-a0e0-dc15f7542014&r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D76%263pid%3D%7BOPENX_ID%7D&gdpr=0&gdpr_consent=
Requested by
Host: ap.lijit.com
URL: https://ap.lijit.com/beacon?informer=13480300
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/16.218.0 /
Resource Hash
d99118365aebd8dec52624664c1bf5cdce9d001912acab42ca355735d8f10745

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://ap.lijit.com/

Response headers

vary
Accept, Accept-Encoding
server
OXGW/16.218.0
p3p
CP="CUR ADM OUR NOR STA NID"
date
Mon, 08 Nov 2021 15:48:07 GMT
content-type
text/html
content-length
414
content-encoding
gzip
via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
0608867b
rtb.gumgum.com/usync/ Frame 7D0E 		4 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=0&gdpr_consent=
Requested by
Host: ap.lijit.com
URL: https://ap.lijit.com/beacon?informer=13480300
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.233.157.225 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-233-157-225.compute-1.amazonaws.com
Software
nginx /
Resource Hash
5ac5028ea59d7c4d9f8a189149081deee7f2a4dd92c71df9001db0d3410f37eb

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://ap.lijit.com/

Response headers

date
Mon, 08 Nov 2021 15:48:07 GMT
content-type
text/html;charset=UTF-8
server
nginx
p3p
CP="This is not a P3P policy"
etag
W/"0a507e27e512d1bb4780633751003c63a"
timing-allow-origin
*
content-encoding
gzip
merge
ce.lijit.com/ Frame 9A31
Redirect Chain
  • https://d.turn.com/r/dd/id/L21rdC8xMjcvY2lkLzI4NTUyOTczL3QvMg/url/https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D1%263pid%3D%24!%7BTURN_UUID%7D&gdpr=0&gdpr_consent=
  • https://ce.lijit.com/merge?pid=1&3pid=3101355994236352031&gdpr=0&gdpr_consent=
43 B
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ce.lijit.com/merge?pid=1&3pid=3101355994236352031&gdpr=0&gdpr_consent=
Requested by
Host: ap.lijit.com
URL: https://ap.lijit.com/beacon?informer=13480300
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
63.251.86.49 , United States, ASN10913 (INTERNAP-BLK, US),
Reverse DNS
Software
nginx / raptor
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://ap.lijit.com/

Response headers

Server
nginx
Date
Mon, 08 Nov 2021 15:48:07 GMT
Content-Type
image/gif
Content-Length
43
Expires
Fri, 20 Mar 2009 00:00:00 GMT
Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
Pragma
no-cache
P3P
CP="CUR ADM OUR NOR STA NID"
X-Powered-By
raptor
X-Sovrn-Pod
ad_ap1dca1

Redirect headers

p3p
policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
cache-control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
pragma
no-cache
location
https://ce.lijit.com/merge?pid=1&3pid=3101355994236352031&gdpr=0&gdpr_consent=
content-length
0
date
Mon, 08 Nov 2021 15:48:06 GMT
cm
us-u.openx.net/w/1.0/ Frame 0C8E 		648 B
433 B 		Document
General
Check archive.org
Download Go to
Full URL
https://us-u.openx.net/w/1.0/cm?id=dc2068a3-fa3d-4b5f-8a61-3d5a1a58fc05&ph=21f03281-5b83-4670-a0e0-dc15f7542014&r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D76%263pid%3D%7BOPENX_ID%7D&gdpr=0&gdpr_consent=
Requested by
Host: ap.lijit.com
URL: https://ap.lijit.com/beacon?informer=13480300
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/16.218.0 /
Resource Hash
d99118365aebd8dec52624664c1bf5cdce9d001912acab42ca355735d8f10745

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://ap.lijit.com/

Response headers

vary
Accept, Accept-Encoding
server
OXGW/16.218.0
p3p
CP="CUR ADM OUR NOR STA NID"
date
Mon, 08 Nov 2021 15:48:07 GMT
content-type
text/html
content-length
414
content-encoding
gzip
via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame 4B4E 		14 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156212&predirect=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D71%263pid%3D&gdpr=1&gdpr_consent=ABCFETYFDJLNBFCV&gdpr=0&gdpr_consent=
Requested by
Host: ap.lijit.com
URL: https://ap.lijit.com/beacon?informer=13480300
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
184.29.128.213 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-29-128-213.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
2295c7a89c8ac4a19e2641283109be472d8f58bd78e42a38a0d16e34203e4bba

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://ap.lijit.com/

Response headers

last-modified
Tue, 15 Jun 2021 06:08:03 GMT
etag
"1300708-3945-5c4c7cc02bd56"
server
Apache/2.2.15 (CentOS)
accept-ranges
bytes
content-encoding
gzip
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length
5054
content-type
text/html; charset=UTF-8
cache-control
max-age=124972
expires
Wed, 10 Nov 2021 02:30:59 GMT
date
Mon, 08 Nov 2021 15:48:07 GMT
vary
Accept-Encoding
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame 8BD5 		14 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=137711&s=137812&predirect=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D58%263pid%3D&gdpr=0&gdpr_consent=
Requested by
Host: ap.lijit.com
URL: https://ap.lijit.com/beacon?informer=13480300
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
184.29.128.213 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-29-128-213.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
2295c7a89c8ac4a19e2641283109be472d8f58bd78e42a38a0d16e34203e4bba

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://ap.lijit.com/

Response headers

last-modified
Tue, 15 Jun 2021 06:08:03 GMT
etag
"1300708-3945-5c4c7cc02bd56"
server
Apache/2.2.15 (CentOS)
accept-ranges
bytes
content-encoding
gzip
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length
5054
content-type
text/html; charset=UTF-8
cache-control
max-age=124972
expires
Wed, 10 Nov 2021 02:30:59 GMT
date
Mon, 08 Nov 2021 15:48:07 GMT
vary
Accept-Encoding
sodar
pagead2.googlesyndication.com/getconfig/ Frame 991D 		12 KB
9 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20211103&st=env
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202111020101/show_ads_impl_fy2019.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81c::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
77243f779560b23caf9b2646e37c8dfba4a48ff999b2c1d561f409828bfb39d4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

timing-allow-origin
*
date
Mon, 08 Nov 2021 15:48:07 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
9206
x-xss-protection
0
sync
gum.criteo.com/ Frame 59CB 		61 B
372 B 		Script
General
Check archive.org
Download Go to
Full URL
https://gum.criteo.com/sync?r=2&c=321&gdpr=0&gdpr_pd=0&gdpr_consent=&us_privacy=&j=window.advBidxc.mnetRtusId
Requested by
Host: contextual.media.net
URL: https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUIUMTP7&prvid=2034%2C2033%2C2031%2C2030%2C273%2C2029%2C2028%2C2027%2C236%2C237%2C2025%2C238%2C117%2C97%2C99%2C3012%2C3011%2C3010%2C3007%2C201%2C4%2C246%2C2037%2C203%2C9%2C2011%2C3022%2C3020%2C251%2C175%2C2009%2C255%2C178%2C3018%2C3017%2C3016%2C214%2C3014%2C70%2C77%2C38%2C182%2C261%2C141%2C222%2C301%2C225%2C80%2C10000%2C108&purpose1=1&gdprconsent=1&gdpr=0&usp_status=0&usp_consent=1&itype=PREBID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2620:100:a001::c , United States, ASN19750 (AS-CRITEO, US),
Reverse DNS
Software
/
Resource Hash
f77f47058428a1c21dad5a75ac13fbfdeb9858947218fee2112fded5972a0b5d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://contextual.media.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
date
Mon, 08 Nov 2021 15:48:07 GMT
vary
Accept-Encoding
content-type
text/javascript; charset=utf-8
cache-control
private, max-age=3600
server-processing-duration-in-ticks
1560
content-length
175
expires
60
cksync.html
contextual.media.net/ Frame 1BB2
Redirect Chain
  • https://p.rfihub.com/cm?pub=19967&in=1&forward=https%3A%2F%2Fcontextual.media.net%2Fcksync.html%3Fcs%3D8%26vsid%3D2793880847394129000V10%26type%3Drkt%26refUrl%3D%26vid%3D638648727127938808473941290...
  • https://contextual.media.net/cksync.html?cs=8&vsid=2793880847394129000V10&type=rkt&refUrl=&vid=63864872712793880847394129000V10&ovsid=978758875032371846
219 B
649 B 		Document
General
Check archive.org
Download Go to
Full URL
https://contextual.media.net/cksync.html?cs=8&vsid=2793880847394129000V10&type=rkt&refUrl=&vid=63864872712793880847394129000V10&ovsid=978758875032371846
Requested by
Host: contextual.media.net
URL: https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUIUMTP7&prvid=2034%2C2033%2C2031%2C2030%2C273%2C2029%2C2028%2C2027%2C236%2C237%2C2025%2C238%2C117%2C97%2C99%2C3012%2C3011%2C3010%2C3007%2C201%2C4%2C246%2C2037%2C203%2C9%2C2011%2C3022%2C3020%2C251%2C175%2C2009%2C255%2C178%2C3018%2C3017%2C3016%2C214%2C3014%2C70%2C77%2C38%2C182%2C261%2C141%2C222%2C301%2C225%2C80%2C10000%2C108&purpose1=1&gdprconsent=1&gdpr=0&usp_status=0&usp_consent=1&itype=PREBID
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.205.72.10 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-205-72-10.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
85af3052d288ffd9157258dfe4daf5309f0b64d0067ab8221cd0c62909c18419
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://contextual.media.net/

Response headers

server
Apache
content-length
219
content-type
text/html;charset=UTF-8
p3p
CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA" CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
strict-transport-security
max-age=604800
vary
Accept-Encoding
x-mnet-hl2
E
expires
Mon, 08 Nov 2021 15:48:07 GMT
cache-control
max-age=0, no-cache, no-store
pragma
no-cache
date
Mon, 08 Nov 2021 15:48:07 GMT

Redirect headers

Date
Mon, 08 Nov 2021 15:48:07 GMT
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location
https://contextual.media.net/cksync.html?cs=8&vsid=2793880847394129000V10&type=rkt&refUrl=&vid=63864872712793880847394129000V10&ovsid=978758875032371846
Content-Length
0
Server
Jetty(9.3.29.v20201019)
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame 7076 		14 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=159463&userIdMacro=PM_UID&predirect=https%3A%2F%2Fcontextual.media.net%2Fcksync.php%3Fcs%3D8%26vsid%3D2793880847394129000V10%26type%3Dpba%26refUrl%3D%26vid%3D63864872712793880847394129000V10%26ovsid%3DPM_UID
Requested by
Host: contextual.media.net
URL: https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUIUMTP7&prvid=2034%2C2033%2C2031%2C2030%2C273%2C2029%2C2028%2C2027%2C236%2C237%2C2025%2C238%2C117%2C97%2C99%2C3012%2C3011%2C3010%2C3007%2C201%2C4%2C246%2C2037%2C203%2C9%2C2011%2C3022%2C3020%2C251%2C175%2C2009%2C255%2C178%2C3018%2C3017%2C3016%2C214%2C3014%2C70%2C77%2C38%2C182%2C261%2C141%2C222%2C301%2C225%2C80%2C10000%2C108&purpose1=1&gdprconsent=1&gdpr=0&usp_status=0&usp_consent=1&itype=PREBID
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
184.29.128.213 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-29-128-213.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
2295c7a89c8ac4a19e2641283109be472d8f58bd78e42a38a0d16e34203e4bba

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://contextual.media.net/

Response headers

last-modified
Tue, 15 Jun 2021 06:08:03 GMT
etag
"1300708-3945-5c4c7cc02bd56"
server
Apache/2.2.15 (CentOS)
accept-ranges
bytes
content-encoding
gzip
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length
5054
content-type
text/html; charset=UTF-8
cache-control
max-age=124972
expires
Wed, 10 Nov 2021 02:30:59 GMT
date
Mon, 08 Nov 2021 15:48:07 GMT
vary
Accept-Encoding
cksync.php
contextual.media.net/ Frame 59CB
Redirect Chain
  • https://sync.go.sonobi.com/us?https://contextual.media.net/cksync.php?cs=8&vsid=2793880847394129000V10&type=son&refUrl=&vid=63864872712793880847394129000V10&ovsid=[UID]
  • https://contextual.media.net/cksync.php?cs=8&vsid=2793880847394129000V10&type=son&refUrl=&vid=63864872712793880847394129000V10&ovsid=f3bb0ca7-bd05-4942-8f6c-d6a9657e2b3f
45 B
463 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://contextual.media.net/cksync.php?cs=8&vsid=2793880847394129000V10&type=son&refUrl=&vid=63864872712793880847394129000V10&ovsid=f3bb0ca7-bd05-4942-8f6c-d6a9657e2b3f
Requested by
Host: contextual.media.net
URL: https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUIUMTP7&prvid=2034%2C2033%2C2031%2C2030%2C273%2C2029%2C2028%2C2027%2C236%2C237%2C2025%2C238%2C117%2C97%2C99%2C3012%2C3011%2C3010%2C3007%2C201%2C4%2C246%2C2037%2C203%2C9%2C2011%2C3022%2C3020%2C251%2C175%2C2009%2C255%2C178%2C3018%2C3017%2C3016%2C214%2C3014%2C70%2C77%2C38%2C182%2C261%2C141%2C222%2C301%2C225%2C80%2C10000%2C108&purpose1=1&gdprconsent=1&gdpr=0&usp_status=0&usp_consent=1&itype=PREBID
Protocol
H2
Server
23.205.72.10 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-205-72-10.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
832f63f4187160c195b04f1911c2e623a75e805f4b23abb9b0bea214b4283a43
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://contextual.media.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=604800
server
Apache
date
Mon, 08 Nov 2021 15:48:07 GMT
p3p
CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
cache-control
max-age=0, no-cache, no-store
content-type
image/gif
content-length
45
x-mnet-hl2
E
expires
Mon, 08 Nov 2021 15:48:07 GMT

Redirect headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:07 GMT
Server
sonobi-go
Vary
negotiate,Accept-Encoding
X-Go-Server
go-iad-2-5-36
P3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Location
https://contextual.media.net/cksync.php?cs=8&vsid=2793880847394129000V10&type=son&refUrl=&vid=63864872712793880847394129000V10&ovsid=f3bb0ca7-bd05-4942-8f6c-d6a9657e2b3f
Cache-Control
no-cache, no-store, private
Tcn
Choice
Content-Type
text/plain; charset=utf8
Content-Length
0
X-Xss-Protection
0
Expires
Sat, 26 Jul 1997 05:00:00 GMT
c5a8c34f-a2af-431f-bc5a-09806d7b694f-618946b5-4341
sync.1rx.io/usersync3/centro/2057.4/ Frame 59CB
Redirect Chain
  • https://sync.1rx.io/usersync2/rmp1r1?sub=medianet&redir=https%3A%2F%2Fcontextual.media.net%2Fcksync.php%3Fcs%3D8%26vsid%3D2793880847394129000V10%26type%3Dr1%26refUrl%3D%26vid%3D63864872712793880847...
  • https://pixel-sync.sitescout.com/dmp/pixelSync?nid=110&redir=https%3A%2F%2Fsync.1rx.io%2Fusersync3%2Fcentro%2F2057.4%2F%7BuserId%7D%3Fzcc%3D0%26sspret%3D1&rndcb=8932081801
  • https://sync.1rx.io/usersync3/centro/2057.4/c5a8c34f-a2af-431f-bc5a-09806d7b694f-618946b5-4341?zcc=0&sspret=1&rndcb=8932081801
43 B
242 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.1rx.io/usersync3/centro/2057.4/c5a8c34f-a2af-431f-bc5a-09806d7b694f-618946b5-4341?zcc=0&sspret=1&rndcb=8932081801
Requested by
Host: contextual.media.net
URL: https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUIUMTP7&prvid=2034%2C2033%2C2031%2C2030%2C273%2C2029%2C2028%2C2027%2C236%2C237%2C2025%2C238%2C117%2C97%2C99%2C3012%2C3011%2C3010%2C3007%2C201%2C4%2C246%2C2037%2C203%2C9%2C2011%2C3022%2C3020%2C251%2C175%2C2009%2C255%2C178%2C3018%2C3017%2C3016%2C214%2C3014%2C70%2C77%2C38%2C182%2C261%2C141%2C222%2C301%2C225%2C80%2C10000%2C108&purpose1=1&gdprconsent=1&gdpr=0&usp_status=0&usp_consent=1&itype=PREBID
Protocol
HTTP/1.1
Server
199.127.204.142 , United States, ASN26120 (RHYTHMONE, US),
Reverse DNS
Software
Tengine /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://contextual.media.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:07 GMT
Cache-Control
no-store, no-cache, must-revalidate
Server
Tengine
Connection
keep-alive
Content-Length
43
Expires
0

Redirect headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:07 GMT
server
AC1.1
p3p
CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
location
https://sync.1rx.io/usersync3/centro/2057.4/c5a8c34f-a2af-431f-bc5a-09806d7b694f-618946b5-4341?zcc=0&sspret=1&rndcb=8932081801
cache-control
max-age=0,no-cache,no-store
content-length
0
expires
Tue, 11 Oct 1977 12:34:56 GMT
cksync
cs.media.net/ Frame 59CB
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?cs=8&google_nid=media&google_cm=1&google_hm=Mjc5Mzg4MDg0NzM5NDEyOTAwMFYxMA%3D%3D&google_sc=1
  • https://cs.media.net/cksync?type=g&cs=8&google_gid=CAESEBzLc6tc-k1Nt0oO8k_EncU&google_cver=1
45 B
445 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cs.media.net/cksync?type=g&cs=8&google_gid=CAESEBzLc6tc-k1Nt0oO8k_EncU&google_cver=1
Requested by
Host: contextual.media.net
URL: https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUIUMTP7&prvid=2034%2C2033%2C2031%2C2030%2C273%2C2029%2C2028%2C2027%2C236%2C237%2C2025%2C238%2C117%2C97%2C99%2C3012%2C3011%2C3010%2C3007%2C201%2C4%2C246%2C2037%2C203%2C9%2C2011%2C3022%2C3020%2C251%2C175%2C2009%2C255%2C178%2C3018%2C3017%2C3016%2C214%2C3014%2C70%2C77%2C38%2C182%2C261%2C141%2C222%2C301%2C225%2C80%2C10000%2C108&purpose1=1&gdprconsent=1&gdpr=0&usp_status=0&usp_consent=1&itype=PREBID
Protocol
H2
Server
23.205.72.10 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-205-72-10.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
832f63f4187160c195b04f1911c2e623a75e805f4b23abb9b0bea214b4283a43

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://contextual.media.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:07 GMT
server
Apache
p3p
CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
cache-control
max-age=0, no-cache, no-store
content-type
image/gif
content-length
45
x-mnet-hl2
E
expires
Mon, 08 Nov 2021 15:48:07 GMT

Redirect headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:07 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://cs.media.net/cksync?type=g&cs=8&google_gid=CAESEBzLc6tc-k1Nt0oO8k_EncU&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
301
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
cksync.php
contextual.media.net/ Frame 59CB
Redirect Chain
  • https://pm.w55c.net/ping_match.gif?ei=MEDIANET&rurl=https%3A%2F%2Fcontextual.media.net%2Fcksync.php%3Fcs%3D8%26vsid%3D2793880847394129000V10%26type%3Ddxu%26refUrl%3D%26vid%3D63864872712793880847394...
  • https://contextual.media.net/cksync.php?cs=8&vsid=2793880847394129000V10&type=dxu&refUrl=&vid=63864872712793880847394129000V10&ovsid=XuW5Oh981MK6Sp5
45 B
450 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://contextual.media.net/cksync.php?cs=8&vsid=2793880847394129000V10&type=dxu&refUrl=&vid=63864872712793880847394129000V10&ovsid=XuW5Oh981MK6Sp5
Requested by
Host: contextual.media.net
URL: https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUIUMTP7&prvid=2034%2C2033%2C2031%2C2030%2C273%2C2029%2C2028%2C2027%2C236%2C237%2C2025%2C238%2C117%2C97%2C99%2C3012%2C3011%2C3010%2C3007%2C201%2C4%2C246%2C2037%2C203%2C9%2C2011%2C3022%2C3020%2C251%2C175%2C2009%2C255%2C178%2C3018%2C3017%2C3016%2C214%2C3014%2C70%2C77%2C38%2C182%2C261%2C141%2C222%2C301%2C225%2C80%2C10000%2C108&purpose1=1&gdprconsent=1&gdpr=0&usp_status=0&usp_consent=1&itype=PREBID
Protocol
H2
Server
23.205.72.10 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-205-72-10.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
832f63f4187160c195b04f1911c2e623a75e805f4b23abb9b0bea214b4283a43
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://contextual.media.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=604800
server
Apache
date
Mon, 08 Nov 2021 15:48:07 GMT
p3p
CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
cache-control
max-age=0, no-cache, no-store
content-type
image/gif
content-length
45
x-mnet-hl2
E
expires
Mon, 08 Nov 2021 15:48:07 GMT

Redirect headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:06 GMT
Server
PingMatch/v2.0.30-691-gbabbd08#rel-ec2-master i-0abd6a2c06619c796@us-east-1b@dxedge-app-us-east-1-prod-asg
Strict-Transport-Security
max-age=2592000; includeSubDomains
P3P
policyref="https://cts.w55c.net/ct/p3p_policy_ref.xml", CP="UNI PUR COM INT STA OTC STP OUR CUR TAIo COR DSP NOI"
Location
https://contextual.media.net/cksync.php?cs=8&vsid=2793880847394129000V10&type=dxu&refUrl=&vid=63864872712793880847394129000V10&ovsid=XuW5Oh981MK6Sp5
Cache-Control
no-cache, must-revalidate
Connection
keep-alive
Content-Length
0
Expires
Fri, 01 Jan 1990 00:00:00 GMT
cksync.php
contextual.media.net/ Frame 59CB
Redirect Chain
  • https://dis.criteo.com/dis/usersync.aspx?r=115&p=259&cp=medianet&cu=1&url=https%3A%2F%2Fcontextual.media.net%2Fcksync.php%3Fcs%3D1%26type%3Dcrt%26ovsid%3D%40%40CRITEO_USERID%40%40
  • https://contextual.media.net/cksync.php?cs=1&type=crt&ovsid=5cba545f-43f7-4e60-9846-afe9aa88eb6c
45 B
614 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://contextual.media.net/cksync.php?cs=1&type=crt&ovsid=5cba545f-43f7-4e60-9846-afe9aa88eb6c
Requested by
Host: contextual.media.net
URL: https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUIUMTP7&prvid=2034%2C2033%2C2031%2C2030%2C273%2C2029%2C2028%2C2027%2C236%2C237%2C2025%2C238%2C117%2C97%2C99%2C3012%2C3011%2C3010%2C3007%2C201%2C4%2C246%2C2037%2C203%2C9%2C2011%2C3022%2C3020%2C251%2C175%2C2009%2C255%2C178%2C3018%2C3017%2C3016%2C214%2C3014%2C70%2C77%2C38%2C182%2C261%2C141%2C222%2C301%2C225%2C80%2C10000%2C108&purpose1=1&gdprconsent=1&gdpr=0&usp_status=0&usp_consent=1&itype=PREBID
Protocol
H2
Server
23.205.72.10 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-205-72-10.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
832f63f4187160c195b04f1911c2e623a75e805f4b23abb9b0bea214b4283a43
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://contextual.media.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=604800
server
Apache
date
Mon, 08 Nov 2021 15:48:07 GMT
p3p
CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA, CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
cache-control
max-age=0, no-cache, no-store
content-type
image/gif
content-length
45
x-mnet-hl2
E
expires
Mon, 08 Nov 2021 15:48:07 GMT

Redirect headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:06 GMT
server
Kestrel
x-errorlevel
0
p3p
CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
location
https://contextual.media.net/cksync.php?cs=1&type=crt&ovsid=5cba545f-43f7-4e60-9846-afe9aa88eb6c
cache-control
no-cache
cross-origin-resource-policy
cross-origin
server-processing-duration-in-ticks
1035959
content-length
0
expires
Mon, 08 Nov 2021 00:00:00 GMT
cksync.php
contextual.media.net/ Frame 59CB
Redirect Chain
  • https://x.bidswitch.net/sync?ssp=medianet&gdpr=0&gdpr_consent=&gdpr_pd=1
  • https://rtb.mfadsrvr.com/sync?ssp=bidswitch&bidswitch_ssp_id=medianet&bsw_user_id=85c87065-7ef7-4b17-88e8-8c602c265f67
  • https://x.bidswitch.net/sync?dsp_id=250&expires=14&user_id=26295e74-e49e-4fdb-bc3c-d6eea2adfd9f&ssp=medianet
  • https://contextual.media.net/cksync.php?cs=1&type=bs&ovsid=85c87065-7ef7-4b17-88e8-8c602c265f67&gdpr=&gdpr_consent=&gdpr_pd=
45 B
463 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://contextual.media.net/cksync.php?cs=1&type=bs&ovsid=85c87065-7ef7-4b17-88e8-8c602c265f67&gdpr=&gdpr_consent=&gdpr_pd=
Requested by
Host: contextual.media.net
URL: https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUIUMTP7&prvid=2034%2C2033%2C2031%2C2030%2C273%2C2029%2C2028%2C2027%2C236%2C237%2C2025%2C238%2C117%2C97%2C99%2C3012%2C3011%2C3010%2C3007%2C201%2C4%2C246%2C2037%2C203%2C9%2C2011%2C3022%2C3020%2C251%2C175%2C2009%2C255%2C178%2C3018%2C3017%2C3016%2C214%2C3014%2C70%2C77%2C38%2C182%2C261%2C141%2C222%2C301%2C225%2C80%2C10000%2C108&purpose1=1&gdprconsent=1&gdpr=0&usp_status=0&usp_consent=1&itype=PREBID
Protocol
H2
Server
23.205.72.10 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-205-72-10.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
832f63f4187160c195b04f1911c2e623a75e805f4b23abb9b0bea214b4283a43
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://contextual.media.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=604800
server
Apache
date
Mon, 08 Nov 2021 15:48:08 GMT
p3p
CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
cache-control
max-age=0, no-cache, no-store
content-type
image/gif
content-length
45
x-mnet-hl2
E
expires
Mon, 08 Nov 2021 15:48:08 GMT

Redirect headers

Location
//contextual.media.net/cksync.php?cs=1&type=bs&ovsid=85c87065-7ef7-4b17-88e8-8c602c265f67&gdpr=&gdpr_consent=&gdpr_pd=
Date
Mon, 08 Nov 2021 15:48:07 GMT
Cache-Control
no-cache, no-store, must-revalidate
Server
nginx
Connection
keep-alive
Content-Length
0
cksync.php
contextual.media.net/ Frame 59CB
Redirect Chain
  • https://b1sync.zemanta.com/usersync/medianet/?cb=https%3A%2F%2Fcontextual.media.net%2Fcksync.php%3Fcs%3D8%26vsid%3D2793880847394129000V10%26type%3Dzem%26refUrl%3D%26vid%3D63864872712793880847394129...
  • https://stags.bluekai.com/site/23178?id=Gh7yPYuPo3KShf4_DFqa&redir=https%3A%2F%2Fb1sync.zemanta.com%2Fusersync%2Fbluekai%2Fcallback%2F%3Fd%3DNB2HI4DTHIXS6Y3PNZ2GK6DUOVQWYLTNMVSGSYJONZSXIL3DNNZXS3TD...
  • https://b1sync.zemanta.com/usersync/bluekai/callback/?d=NB2HI4DTHIXS6Y3PNZ2GK6DUOVQWYLTNMVSGSYJONZSXIL3DNNZXS3TDFZYGQ4B7MNZT2OBGMV4GG2DBNZTWKPLNMVSGSYLOMV2CM33WONUWIPKHNA3XSUCZOVIG6M2LKNUGMNC7IRDHC...
  • https://contextual.media.net/cksync.php?cs=8&ovsid=Gh7yPYuPo3KShf4_DFqa&refUrl=&type=zem&vid=63864872712793880847394129000V10&vsid=2793880847394129000V10
45 B
454 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://contextual.media.net/cksync.php?cs=8&ovsid=Gh7yPYuPo3KShf4_DFqa&refUrl=&type=zem&vid=63864872712793880847394129000V10&vsid=2793880847394129000V10
Requested by
Host: contextual.media.net
URL: https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUIUMTP7&prvid=2034%2C2033%2C2031%2C2030%2C273%2C2029%2C2028%2C2027%2C236%2C237%2C2025%2C238%2C117%2C97%2C99%2C3012%2C3011%2C3010%2C3007%2C201%2C4%2C246%2C2037%2C203%2C9%2C2011%2C3022%2C3020%2C251%2C175%2C2009%2C255%2C178%2C3018%2C3017%2C3016%2C214%2C3014%2C70%2C77%2C38%2C182%2C261%2C141%2C222%2C301%2C225%2C80%2C10000%2C108&purpose1=1&gdprconsent=1&gdpr=0&usp_status=0&usp_consent=1&itype=PREBID
Protocol
H2
Server
23.205.72.10 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-205-72-10.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
832f63f4187160c195b04f1911c2e623a75e805f4b23abb9b0bea214b4283a43
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://contextual.media.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=604800
server
Apache
date
Mon, 08 Nov 2021 15:48:08 GMT
p3p
CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
cache-control
max-age=0, no-cache, no-store
content-type
image/gif
content-length
45
x-mnet-hl2
E
expires
Mon, 08 Nov 2021 15:48:08 GMT

Redirect headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:08 GMT
P3p
CP="We do not support P3P header."
Location
https://contextual.media.net/cksync.php?cs=8&ovsid=Gh7yPYuPo3KShf4_DFqa&refUrl=&type=zem&vid=63864872712793880847394129000V10&vsid=2793880847394129000V10
Cache-Control
no-cache, no-store, must-revalidate
Content-Type
text/html; charset=utf-8
Content-Length
196
Expires
Thu, 01 Dec 1994 16:00:00 GMT
cksync.php
contextual.media.net/ Frame 59CB
Redirect Chain
  • https://rtb.mfadsrvr.com/sync?ssp=medianet&ssp_user_id=2793880847394129000V10
  • https://contextual.media.net/cksync.php?type=mf&ovsid=26295e74-e49e-4fdb-bc3c-d6eea2adfd9f&cs=1
45 B
463 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://contextual.media.net/cksync.php?type=mf&ovsid=26295e74-e49e-4fdb-bc3c-d6eea2adfd9f&cs=1
Requested by
Host: contextual.media.net
URL: https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUIUMTP7&prvid=2034%2C2033%2C2031%2C2030%2C273%2C2029%2C2028%2C2027%2C236%2C237%2C2025%2C238%2C117%2C97%2C99%2C3012%2C3011%2C3010%2C3007%2C201%2C4%2C246%2C2037%2C203%2C9%2C2011%2C3022%2C3020%2C251%2C175%2C2009%2C255%2C178%2C3018%2C3017%2C3016%2C214%2C3014%2C70%2C77%2C38%2C182%2C261%2C141%2C222%2C301%2C225%2C80%2C10000%2C108&purpose1=1&gdprconsent=1&gdpr=0&usp_status=0&usp_consent=1&itype=PREBID
Protocol
H2
Server
23.205.72.10 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-205-72-10.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
832f63f4187160c195b04f1911c2e623a75e805f4b23abb9b0bea214b4283a43
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://contextual.media.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=604800
server
Apache
date
Mon, 08 Nov 2021 15:48:07 GMT
p3p
CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
cache-control
max-age=0, no-cache, no-store
content-type
image/gif
content-length
45
x-mnet-hl2
E
expires
Mon, 08 Nov 2021 15:48:07 GMT

Redirect headers

location
//contextual.media.net/cksync.php?type=mf&ovsid=26295e74-e49e-4fdb-bc3c-d6eea2adfd9f&cs=1
date
Mon, 08 Nov 2021 15:48:07 GMT
cache-control
no-cache, no-store, must-revalidate
alt-svc
clear
content-length
0
via
1.1 google
cksync
cs.media.net/ Frame 59CB
Redirect Chain
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=8m33zk4&ttd_tpi=1
  • https://cs.media.net/cksync?cs=1&type=ttd&ovsid=bef21cd7-0fed-4f87-bc0f-da97b65f7cb9
45 B
451 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cs.media.net/cksync?cs=1&type=ttd&ovsid=bef21cd7-0fed-4f87-bc0f-da97b65f7cb9
Requested by
Host: contextual.media.net
URL: https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUIUMTP7&prvid=2034%2C2033%2C2031%2C2030%2C273%2C2029%2C2028%2C2027%2C236%2C237%2C2025%2C238%2C117%2C97%2C99%2C3012%2C3011%2C3010%2C3007%2C201%2C4%2C246%2C2037%2C203%2C9%2C2011%2C3022%2C3020%2C251%2C175%2C2009%2C255%2C178%2C3018%2C3017%2C3016%2C214%2C3014%2C70%2C77%2C38%2C182%2C261%2C141%2C222%2C301%2C225%2C80%2C10000%2C108&purpose1=1&gdprconsent=1&gdpr=0&usp_status=0&usp_consent=1&itype=PREBID
Protocol
H2
Server
23.205.72.10 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-205-72-10.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
832f63f4187160c195b04f1911c2e623a75e805f4b23abb9b0bea214b4283a43

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://contextual.media.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:07 GMT
server
Apache
p3p
CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
cache-control
max-age=0, no-cache, no-store
content-type
image/gif
content-length
45
x-mnet-hl2
E
expires
Mon, 08 Nov 2021 15:48:07 GMT

Redirect headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:07 GMT
x-aspnet-version
4.0.30319
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location
https://cs.media.net/cksync?cs=1&type=ttd&ovsid=bef21cd7-0fed-4f87-bc0f-da97b65f7cb9
cache-control
private,no-cache, must-revalidate
content-type
text/html
content-length
199
cksync.php
contextual.media.net/ Frame 59CB
Redirect Chain
  • https://ad.turn.com/r/cs?pid=59&redir=https%3A%2F%2Fcontextual.media.net%2Fcksync.php%3Fcs%3D8%26vsid%3D2793880847394129000V10%26type%3Damb%26refUrl%3D%26vid%3D63864872712793880847394129000V10%26ov...
  • https://contextual.media.net/cksync.php?cs=8&vsid=2793880847394129000V10&type=amb&refUrl=&vid=63864872712793880847394129000V10&ovsid=3101355994236352031
45 B
452 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://contextual.media.net/cksync.php?cs=8&vsid=2793880847394129000V10&type=amb&refUrl=&vid=63864872712793880847394129000V10&ovsid=3101355994236352031
Requested by
Host: contextual.media.net
URL: https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUIUMTP7&prvid=2034%2C2033%2C2031%2C2030%2C273%2C2029%2C2028%2C2027%2C236%2C237%2C2025%2C238%2C117%2C97%2C99%2C3012%2C3011%2C3010%2C3007%2C201%2C4%2C246%2C2037%2C203%2C9%2C2011%2C3022%2C3020%2C251%2C175%2C2009%2C255%2C178%2C3018%2C3017%2C3016%2C214%2C3014%2C70%2C77%2C38%2C182%2C261%2C141%2C222%2C301%2C225%2C80%2C10000%2C108&purpose1=1&gdprconsent=1&gdpr=0&usp_status=0&usp_consent=1&itype=PREBID
Protocol
H2
Server
23.205.72.10 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-205-72-10.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
832f63f4187160c195b04f1911c2e623a75e805f4b23abb9b0bea214b4283a43
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://contextual.media.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=604800
server
Apache
date
Mon, 08 Nov 2021 15:48:07 GMT
p3p
CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
cache-control
max-age=0, no-cache, no-store
content-type
image/gif
content-length
45
x-mnet-hl2
E
expires
Mon, 08 Nov 2021 15:48:07 GMT

Redirect headers

location
https://contextual.media.net/cksync.php?cs=8&vsid=2793880847394129000V10&type=amb&refUrl=&vid=63864872712793880847394129000V10&ovsid=3101355994236352031
pragma
no-cache
date
Mon, 08 Nov 2021 15:48:06 GMT
cache-control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length
0
p3p
policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
sync
gum.criteo.com/ Frame 8EFF 		61 B
372 B 		Script
General
Check archive.org
Download Go to
Full URL
https://gum.criteo.com/sync?r=2&c=321&gdpr=0&gdpr_pd=0&gdpr_consent=&us_privacy=&j=window.advBidxc.mnetRtusId
Requested by
Host: contextual.media.net
URL: https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUIUMTP7&prvid=2034%2C2033%2C2031%2C2030%2C273%2C2029%2C2028%2C2027%2C236%2C237%2C2025%2C238%2C117%2C97%2C99%2C3012%2C3011%2C3010%2C3007%2C201%2C4%2C246%2C2037%2C203%2C9%2C2011%2C3022%2C3020%2C251%2C175%2C2009%2C255%2C178%2C3018%2C3017%2C3016%2C214%2C3014%2C70%2C77%2C38%2C182%2C261%2C141%2C222%2C301%2C225%2C80%2C10000%2C108&purpose1=1&gdprconsent=1&gdpr=0&usp_status=0&usp_consent=1&itype=PREBID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2620:100:a001::c , United States, ASN19750 (AS-CRITEO, US),
Reverse DNS
Software
/
Resource Hash
f77f47058428a1c21dad5a75ac13fbfdeb9858947218fee2112fded5972a0b5d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://contextual.media.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
date
Mon, 08 Nov 2021 15:48:06 GMT
vary
Accept-Encoding
content-type
text/javascript; charset=utf-8
cache-control
private, max-age=3600
server-processing-duration-in-ticks
2124
content-length
175
expires
60
cksync
cs.media.net/ Frame 8EFF
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?cs=8&google_nid=media&google_cm=1&google_hm=Mjc5Mzg4MDg0NzM5NDEyOTAwMFYxMA%3D%3D&google_sc=1
  • https://cs.media.net/cksync?type=g&cs=8&google_gid=CAESEBzLc6tc-k1Nt0oO8k_EncU&google_cver=1
45 B
445 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cs.media.net/cksync?type=g&cs=8&google_gid=CAESEBzLc6tc-k1Nt0oO8k_EncU&google_cver=1
Requested by
Host: contextual.media.net
URL: https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUIUMTP7&prvid=2034%2C2033%2C2031%2C2030%2C273%2C2029%2C2028%2C2027%2C236%2C237%2C2025%2C238%2C117%2C97%2C99%2C3012%2C3011%2C3010%2C3007%2C201%2C4%2C246%2C2037%2C203%2C9%2C2011%2C3022%2C3020%2C251%2C175%2C2009%2C255%2C178%2C3018%2C3017%2C3016%2C214%2C3014%2C70%2C77%2C38%2C182%2C261%2C141%2C222%2C301%2C225%2C80%2C10000%2C108&purpose1=1&gdprconsent=1&gdpr=0&usp_status=0&usp_consent=1&itype=PREBID
Protocol
H2
Server
23.205.72.10 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-205-72-10.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
832f63f4187160c195b04f1911c2e623a75e805f4b23abb9b0bea214b4283a43

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://contextual.media.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:07 GMT
server
Apache
p3p
CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
cache-control
max-age=0, no-cache, no-store
content-type
image/gif
content-length
45
x-mnet-hl2
E
expires
Mon, 08 Nov 2021 15:48:07 GMT

Redirect headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:07 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://cs.media.net/cksync?type=g&cs=8&google_gid=CAESEBzLc6tc-k1Nt0oO8k_EncU&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
301
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
cksync.html
contextual.media.net/ Frame F20C
Redirect Chain
  • https://p.rfihub.com/cm?pub=19967&in=1&forward=https%3A%2F%2Fcontextual.media.net%2Fcksync.html%3Fcs%3D8%26vsid%3D2793880847394129000V10%26type%3Drkt%26refUrl%3D%26vid%3D638648734627938808473941290...
  • https://contextual.media.net/cksync.html?cs=8&vsid=2793880847394129000V10&type=rkt&refUrl=&vid=63864873462793880847394129000V10&ovsid=978758875032371846
219 B
649 B 		Document
General
Check archive.org
Download Go to
Full URL
https://contextual.media.net/cksync.html?cs=8&vsid=2793880847394129000V10&type=rkt&refUrl=&vid=63864873462793880847394129000V10&ovsid=978758875032371846
Requested by
Host: contextual.media.net
URL: https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUIUMTP7&prvid=2034%2C2033%2C2031%2C2030%2C273%2C2029%2C2028%2C2027%2C236%2C237%2C2025%2C238%2C117%2C97%2C99%2C3012%2C3011%2C3010%2C3007%2C201%2C4%2C246%2C2037%2C203%2C9%2C2011%2C3022%2C3020%2C251%2C175%2C2009%2C255%2C178%2C3018%2C3017%2C3016%2C214%2C3014%2C70%2C77%2C38%2C182%2C261%2C141%2C222%2C301%2C225%2C80%2C10000%2C108&purpose1=1&gdprconsent=1&gdpr=0&usp_status=0&usp_consent=1&itype=PREBID
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.205.72.10 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-205-72-10.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
85af3052d288ffd9157258dfe4daf5309f0b64d0067ab8221cd0c62909c18419
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://contextual.media.net/

Response headers

server
Apache
content-length
219
content-type
text/html;charset=UTF-8
p3p
CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA" CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
strict-transport-security
max-age=604800
vary
Accept-Encoding
x-mnet-hl2
E
expires
Mon, 08 Nov 2021 15:48:07 GMT
cache-control
max-age=0, no-cache, no-store
pragma
no-cache
date
Mon, 08 Nov 2021 15:48:07 GMT

Redirect headers

Date
Mon, 08 Nov 2021 15:48:07 GMT
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location
https://contextual.media.net/cksync.html?cs=8&vsid=2793880847394129000V10&type=rkt&refUrl=&vid=63864873462793880847394129000V10&ovsid=978758875032371846
Content-Length
0
Server
Jetty(9.3.29.v20201019)
cksync.php
contextual.media.net/ Frame 8EFF
Redirect Chain
  • https://dis.criteo.com/dis/usersync.aspx?r=115&p=259&cp=medianet&cu=1&url=https%3A%2F%2Fcontextual.media.net%2Fcksync.php%3Fcs%3D1%26type%3Dcrt%26ovsid%3D%40%40CRITEO_USERID%40%40
  • https://contextual.media.net/cksync.php?cs=1&type=crt&ovsid=551ef6f7-5dc1-4e5f-9bfd-d061d6f90f5b
45 B
614 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://contextual.media.net/cksync.php?cs=1&type=crt&ovsid=551ef6f7-5dc1-4e5f-9bfd-d061d6f90f5b
Requested by
Host: contextual.media.net
URL: https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUIUMTP7&prvid=2034%2C2033%2C2031%2C2030%2C273%2C2029%2C2028%2C2027%2C236%2C237%2C2025%2C238%2C117%2C97%2C99%2C3012%2C3011%2C3010%2C3007%2C201%2C4%2C246%2C2037%2C203%2C9%2C2011%2C3022%2C3020%2C251%2C175%2C2009%2C255%2C178%2C3018%2C3017%2C3016%2C214%2C3014%2C70%2C77%2C38%2C182%2C261%2C141%2C222%2C301%2C225%2C80%2C10000%2C108&purpose1=1&gdprconsent=1&gdpr=0&usp_status=0&usp_consent=1&itype=PREBID
Protocol
H2
Server
23.205.72.10 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-205-72-10.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
832f63f4187160c195b04f1911c2e623a75e805f4b23abb9b0bea214b4283a43
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://contextual.media.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=604800
server
Apache
date
Mon, 08 Nov 2021 15:48:07 GMT
p3p
CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA, CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
cache-control
max-age=0, no-cache, no-store
content-type
image/gif
content-length
45
x-mnet-hl2
E
expires
Mon, 08 Nov 2021 15:48:07 GMT

Redirect headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:06 GMT
server
Kestrel
x-errorlevel
0
p3p
CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
location
https://contextual.media.net/cksync.php?cs=1&type=crt&ovsid=551ef6f7-5dc1-4e5f-9bfd-d061d6f90f5b
cache-control
no-cache
cross-origin-resource-policy
cross-origin
server-processing-duration-in-ticks
1095975
content-length
0
expires
Mon, 08 Nov 2021 00:00:00 GMT
cksync.php
contextual.media.net/ Frame 8EFF
Redirect Chain
  • https://x.bidswitch.net/sync?ssp=medianet&gdpr=0&gdpr_consent=&gdpr_pd=1
  • https://pr-bh.ybp.yahoo.com/sync/iponweb?bidswitch_ssp_id=medianet&ssp_user_id=85c87065-7ef7-4b17-88e8-8c602c265f67
  • https://x.bidswitch.net/sync?dsp_id=74&&user_id=171118614&expires=5&ssp=medianet
  • https://contextual.media.net/cksync.php?cs=1&type=bs&ovsid=85c87065-7ef7-4b17-88e8-8c602c265f67&gdpr=&gdpr_consent=&gdpr_pd=
45 B
463 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://contextual.media.net/cksync.php?cs=1&type=bs&ovsid=85c87065-7ef7-4b17-88e8-8c602c265f67&gdpr=&gdpr_consent=&gdpr_pd=
Requested by
Host: contextual.media.net
URL: https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUIUMTP7&prvid=2034%2C2033%2C2031%2C2030%2C273%2C2029%2C2028%2C2027%2C236%2C237%2C2025%2C238%2C117%2C97%2C99%2C3012%2C3011%2C3010%2C3007%2C201%2C4%2C246%2C2037%2C203%2C9%2C2011%2C3022%2C3020%2C251%2C175%2C2009%2C255%2C178%2C3018%2C3017%2C3016%2C214%2C3014%2C70%2C77%2C38%2C182%2C261%2C141%2C222%2C301%2C225%2C80%2C10000%2C108&purpose1=1&gdprconsent=1&gdpr=0&usp_status=0&usp_consent=1&itype=PREBID
Protocol
H2
Server
23.205.72.10 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-205-72-10.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
832f63f4187160c195b04f1911c2e623a75e805f4b23abb9b0bea214b4283a43
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://contextual.media.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=604800
server
Apache
date
Mon, 08 Nov 2021 15:48:08 GMT
p3p
CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
cache-control
max-age=0, no-cache, no-store
content-type
image/gif
content-length
45
x-mnet-hl2
E
expires
Mon, 08 Nov 2021 15:48:08 GMT

Redirect headers

Location
//contextual.media.net/cksync.php?cs=1&type=bs&ovsid=85c87065-7ef7-4b17-88e8-8c602c265f67&gdpr=&gdpr_consent=&gdpr_pd=
Date
Mon, 08 Nov 2021 15:48:08 GMT
Cache-Control
no-cache, no-store, must-revalidate
Server
nginx
Connection
keep-alive
Content-Length
0
cksync.php
contextual.media.net/ Frame 8EFF
Redirect Chain
  • https://rtb.mfadsrvr.com/sync?ssp=medianet&ssp_user_id=2793880847394129000V10
  • https://contextual.media.net/cksync.php?type=mf&ovsid=26295e74-e49e-4fdb-bc3c-d6eea2adfd9f&cs=1
45 B
463 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://contextual.media.net/cksync.php?type=mf&ovsid=26295e74-e49e-4fdb-bc3c-d6eea2adfd9f&cs=1
Requested by
Host: contextual.media.net
URL: https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUIUMTP7&prvid=2034%2C2033%2C2031%2C2030%2C273%2C2029%2C2028%2C2027%2C236%2C237%2C2025%2C238%2C117%2C97%2C99%2C3012%2C3011%2C3010%2C3007%2C201%2C4%2C246%2C2037%2C203%2C9%2C2011%2C3022%2C3020%2C251%2C175%2C2009%2C255%2C178%2C3018%2C3017%2C3016%2C214%2C3014%2C70%2C77%2C38%2C182%2C261%2C141%2C222%2C301%2C225%2C80%2C10000%2C108&purpose1=1&gdprconsent=1&gdpr=0&usp_status=0&usp_consent=1&itype=PREBID
Protocol
H2
Server
23.205.72.10 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-205-72-10.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
832f63f4187160c195b04f1911c2e623a75e805f4b23abb9b0bea214b4283a43
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://contextual.media.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=604800
server
Apache
date
Mon, 08 Nov 2021 15:48:07 GMT
p3p
CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
cache-control
max-age=0, no-cache, no-store
content-type
image/gif
content-length
45
x-mnet-hl2
E
expires
Mon, 08 Nov 2021 15:48:07 GMT

Redirect headers

location
//contextual.media.net/cksync.php?type=mf&ovsid=26295e74-e49e-4fdb-bc3c-d6eea2adfd9f&cs=1
date
Mon, 08 Nov 2021 15:48:07 GMT
cache-control
no-cache, no-store, must-revalidate
alt-svc
clear
content-length
0
via
1.1 google
cksync
cs.media.net/ Frame 8EFF
Redirect Chain
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=8m33zk4&ttd_tpi=1
  • https://cs.media.net/cksync?cs=1&type=ttd&ovsid=bef21cd7-0fed-4f87-bc0f-da97b65f7cb9
45 B
451 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cs.media.net/cksync?cs=1&type=ttd&ovsid=bef21cd7-0fed-4f87-bc0f-da97b65f7cb9
Requested by
Host: contextual.media.net
URL: https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUIUMTP7&prvid=2034%2C2033%2C2031%2C2030%2C273%2C2029%2C2028%2C2027%2C236%2C237%2C2025%2C238%2C117%2C97%2C99%2C3012%2C3011%2C3010%2C3007%2C201%2C4%2C246%2C2037%2C203%2C9%2C2011%2C3022%2C3020%2C251%2C175%2C2009%2C255%2C178%2C3018%2C3017%2C3016%2C214%2C3014%2C70%2C77%2C38%2C182%2C261%2C141%2C222%2C301%2C225%2C80%2C10000%2C108&purpose1=1&gdprconsent=1&gdpr=0&usp_status=0&usp_consent=1&itype=PREBID
Protocol
H2
Server
23.205.72.10 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-205-72-10.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
832f63f4187160c195b04f1911c2e623a75e805f4b23abb9b0bea214b4283a43

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://contextual.media.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:07 GMT
server
Apache
p3p
CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
cache-control
max-age=0, no-cache, no-store
content-type
image/gif
content-length
45
x-mnet-hl2
E
expires
Mon, 08 Nov 2021 15:48:07 GMT

Redirect headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:07 GMT
x-aspnet-version
4.0.30319
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location
https://cs.media.net/cksync?cs=1&type=ttd&ovsid=bef21cd7-0fed-4f87-bc0f-da97b65f7cb9
cache-control
private,no-cache, must-revalidate
content-type
text/html
content-length
199
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame 9AF2 		14 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=159463&userIdMacro=PM_UID&predirect=https%3A%2F%2Fcontextual.media.net%2Fcksync.php%3Fcs%3D8%26vsid%3D2793880847394129000V10%26type%3Dpba%26refUrl%3D%26vid%3D63864873462793880847394129000V10%26ovsid%3DPM_UID
Requested by
Host: contextual.media.net
URL: https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUIUMTP7&prvid=2034%2C2033%2C2031%2C2030%2C273%2C2029%2C2028%2C2027%2C236%2C237%2C2025%2C238%2C117%2C97%2C99%2C3012%2C3011%2C3010%2C3007%2C201%2C4%2C246%2C2037%2C203%2C9%2C2011%2C3022%2C3020%2C251%2C175%2C2009%2C255%2C178%2C3018%2C3017%2C3016%2C214%2C3014%2C70%2C77%2C38%2C182%2C261%2C141%2C222%2C301%2C225%2C80%2C10000%2C108&purpose1=1&gdprconsent=1&gdpr=0&usp_status=0&usp_consent=1&itype=PREBID
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
184.29.128.213 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-29-128-213.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
2295c7a89c8ac4a19e2641283109be472d8f58bd78e42a38a0d16e34203e4bba

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://contextual.media.net/

Response headers

last-modified
Tue, 15 Jun 2021 06:08:03 GMT
etag
"1300708-3945-5c4c7cc02bd56"
server
Apache/2.2.15 (CentOS)
accept-ranges
bytes
content-encoding
gzip
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length
5054
content-type
text/html; charset=UTF-8
cache-control
max-age=124972
expires
Wed, 10 Nov 2021 02:30:59 GMT
date
Mon, 08 Nov 2021 15:48:07 GMT
vary
Accept-Encoding
cksync.php
contextual.media.net/ Frame 8EFF
Redirect Chain
  • https://sync.go.sonobi.com/us?https://contextual.media.net/cksync.php?cs=8&vsid=2793880847394129000V10&type=son&refUrl=&vid=63864873462793880847394129000V10&ovsid=[UID]
  • https://contextual.media.net/cksync.php?cs=8&vsid=2793880847394129000V10&type=son&refUrl=&vid=63864873462793880847394129000V10&ovsid=f3bb0ca7-bd05-4942-8f6c-d6a9657e2b3f
45 B
463 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://contextual.media.net/cksync.php?cs=8&vsid=2793880847394129000V10&type=son&refUrl=&vid=63864873462793880847394129000V10&ovsid=f3bb0ca7-bd05-4942-8f6c-d6a9657e2b3f
Requested by
Host: contextual.media.net
URL: https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUIUMTP7&prvid=2034%2C2033%2C2031%2C2030%2C273%2C2029%2C2028%2C2027%2C236%2C237%2C2025%2C238%2C117%2C97%2C99%2C3012%2C3011%2C3010%2C3007%2C201%2C4%2C246%2C2037%2C203%2C9%2C2011%2C3022%2C3020%2C251%2C175%2C2009%2C255%2C178%2C3018%2C3017%2C3016%2C214%2C3014%2C70%2C77%2C38%2C182%2C261%2C141%2C222%2C301%2C225%2C80%2C10000%2C108&purpose1=1&gdprconsent=1&gdpr=0&usp_status=0&usp_consent=1&itype=PREBID
Protocol
H2
Server
23.205.72.10 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-205-72-10.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
832f63f4187160c195b04f1911c2e623a75e805f4b23abb9b0bea214b4283a43
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://contextual.media.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=604800
server
Apache
date
Mon, 08 Nov 2021 15:48:07 GMT
p3p
CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
cache-control
max-age=0, no-cache, no-store
content-type
image/gif
content-length
45
x-mnet-hl2
E
expires
Mon, 08 Nov 2021 15:48:07 GMT

Redirect headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:07 GMT
Server
sonobi-go
Vary
negotiate,Accept-Encoding
X-Go-Server
go-iad-2-5-36
P3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Location
https://contextual.media.net/cksync.php?cs=8&vsid=2793880847394129000V10&type=son&refUrl=&vid=63864873462793880847394129000V10&ovsid=f3bb0ca7-bd05-4942-8f6c-d6a9657e2b3f
Cache-Control
no-cache, no-store, private
Tcn
Choice
Content-Type
text/plain; charset=utf8
Content-Length
0
X-Xss-Protection
0
Expires
Sat, 26 Jul 1997 05:00:00 GMT
c5a8c34f-a2af-431f-bc5a-09806d7b694f-618946b5-4341
sync.1rx.io/usersync3/centro/2057.4/ Frame 8EFF
Redirect Chain
  • https://sync.1rx.io/usersync2/rmp1r1?sub=medianet&redir=https%3A%2F%2Fcontextual.media.net%2Fcksync.php%3Fcs%3D8%26vsid%3D2793880847394129000V10%26type%3Dr1%26refUrl%3D%26vid%3D63864873462793880847...
  • https://pixel-sync.sitescout.com/dmp/pixelSync?nid=110&redir=https%3A%2F%2Fsync.1rx.io%2Fusersync3%2Fcentro%2F2057.4%2F%7BuserId%7D%3Fzcc%3D0%26sspret%3D1&rndcb=7124866955
  • https://sync.1rx.io/usersync3/centro/2057.4/c5a8c34f-a2af-431f-bc5a-09806d7b694f-618946b5-4341?zcc=0&sspret=1&rndcb=7124866955
43 B
242 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.1rx.io/usersync3/centro/2057.4/c5a8c34f-a2af-431f-bc5a-09806d7b694f-618946b5-4341?zcc=0&sspret=1&rndcb=7124866955
Requested by
Host: contextual.media.net
URL: https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUIUMTP7&prvid=2034%2C2033%2C2031%2C2030%2C273%2C2029%2C2028%2C2027%2C236%2C237%2C2025%2C238%2C117%2C97%2C99%2C3012%2C3011%2C3010%2C3007%2C201%2C4%2C246%2C2037%2C203%2C9%2C2011%2C3022%2C3020%2C251%2C175%2C2009%2C255%2C178%2C3018%2C3017%2C3016%2C214%2C3014%2C70%2C77%2C38%2C182%2C261%2C141%2C222%2C301%2C225%2C80%2C10000%2C108&purpose1=1&gdprconsent=1&gdpr=0&usp_status=0&usp_consent=1&itype=PREBID
Protocol
HTTP/1.1
Server
199.127.204.142 , United States, ASN26120 (RHYTHMONE, US),
Reverse DNS
Software
Tengine /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://contextual.media.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:07 GMT
Cache-Control
no-store, no-cache, must-revalidate
Server
Tengine
Connection
keep-alive
Content-Length
43
Expires
0

Redirect headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:07 GMT
server
AC1.1
p3p
CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
location
https://sync.1rx.io/usersync3/centro/2057.4/c5a8c34f-a2af-431f-bc5a-09806d7b694f-618946b5-4341?zcc=0&sspret=1&rndcb=7124866955
cache-control
max-age=0,no-cache,no-store
content-length
0
expires
Tue, 11 Oct 1977 12:34:56 GMT
cksync.php
contextual.media.net/ Frame 8EFF
Redirect Chain
  • https://pm.w55c.net/ping_match.gif?ei=MEDIANET&rurl=https%3A%2F%2Fcontextual.media.net%2Fcksync.php%3Fcs%3D8%26vsid%3D2793880847394129000V10%26type%3Ddxu%26refUrl%3D%26vid%3D63864873462793880847394...
  • https://contextual.media.net/cksync.php?cs=8&vsid=2793880847394129000V10&type=dxu&refUrl=&vid=63864873462793880847394129000V10&ovsid=XuW5Oh981MK6Sp5
45 B
450 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://contextual.media.net/cksync.php?cs=8&vsid=2793880847394129000V10&type=dxu&refUrl=&vid=63864873462793880847394129000V10&ovsid=XuW5Oh981MK6Sp5
Requested by
Host: contextual.media.net
URL: https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUIUMTP7&prvid=2034%2C2033%2C2031%2C2030%2C273%2C2029%2C2028%2C2027%2C236%2C237%2C2025%2C238%2C117%2C97%2C99%2C3012%2C3011%2C3010%2C3007%2C201%2C4%2C246%2C2037%2C203%2C9%2C2011%2C3022%2C3020%2C251%2C175%2C2009%2C255%2C178%2C3018%2C3017%2C3016%2C214%2C3014%2C70%2C77%2C38%2C182%2C261%2C141%2C222%2C301%2C225%2C80%2C10000%2C108&purpose1=1&gdprconsent=1&gdpr=0&usp_status=0&usp_consent=1&itype=PREBID
Protocol
H2
Server
23.205.72.10 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-205-72-10.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
832f63f4187160c195b04f1911c2e623a75e805f4b23abb9b0bea214b4283a43
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://contextual.media.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=604800
server
Apache
date
Mon, 08 Nov 2021 15:48:07 GMT
p3p
CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
cache-control
max-age=0, no-cache, no-store
content-type
image/gif
content-length
45
x-mnet-hl2
E
expires
Mon, 08 Nov 2021 15:48:07 GMT

Redirect headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:06 GMT
Server
PingMatch/v2.0.30-691-gbabbd08#rel-ec2-master i-0705d816a3df65089@us-east-1e@dxedge-app-us-east-1-prod-asg
Strict-Transport-Security
max-age=2592000; includeSubDomains
P3P
policyref="https://cts.w55c.net/ct/p3p_policy_ref.xml", CP="UNI PUR COM INT STA OTC STP OUR CUR TAIo COR DSP NOI"
Location
https://contextual.media.net/cksync.php?cs=8&vsid=2793880847394129000V10&type=dxu&refUrl=&vid=63864873462793880847394129000V10&ovsid=XuW5Oh981MK6Sp5
Cache-Control
no-cache, must-revalidate
Connection
keep-alive
Content-Length
0
Expires
Fri, 01 Jan 1990 00:00:00 GMT
cksync.php
contextual.media.net/ Frame 8EFF
Redirect Chain
  • https://b1sync.zemanta.com/usersync/medianet/?cb=https%3A%2F%2Fcontextual.media.net%2Fcksync.php%3Fcs%3D8%26vsid%3D2793880847394129000V10%26type%3Dzem%26refUrl%3D%26vid%3D63864873462793880847394129...
  • https://stags.bluekai.com/site/23178?id=dc0acWdifNMAKMlxx4lt&redir=https%3A%2F%2Fb1sync.zemanta.com%2Fusersync%2Fbluekai%2Fcallback%2F%3Fd%3DNB2HI4DTHIXS6Y3PNZ2GK6DUOVQWYLTNMVSGSYJONZSXIL3DNNZXS3TD...
  • https://b1sync.zemanta.com/usersync/bluekai/callback/?d=NB2HI4DTHIXS6Y3PNZ2GK6DUOVQWYLTNMVSGSYJONZSXIL3DNNZXS3TDFZYGQ4B7MNZT2OBGMV4GG2DBNZTWKPLNMVSGSYLOMV2CM33WONUWIPLEMMYGCY2XMRUWMTSNIFFU23DYPA2GY...
  • https://contextual.media.net/cksync.php?cs=8&ovsid=dc0acWdifNMAKMlxx4lt&refUrl=&type=zem&vid=63864873462793880847394129000V10&vsid=2793880847394129000V10
45 B
453 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://contextual.media.net/cksync.php?cs=8&ovsid=dc0acWdifNMAKMlxx4lt&refUrl=&type=zem&vid=63864873462793880847394129000V10&vsid=2793880847394129000V10
Requested by
Host: contextual.media.net
URL: https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUIUMTP7&prvid=2034%2C2033%2C2031%2C2030%2C273%2C2029%2C2028%2C2027%2C236%2C237%2C2025%2C238%2C117%2C97%2C99%2C3012%2C3011%2C3010%2C3007%2C201%2C4%2C246%2C2037%2C203%2C9%2C2011%2C3022%2C3020%2C251%2C175%2C2009%2C255%2C178%2C3018%2C3017%2C3016%2C214%2C3014%2C70%2C77%2C38%2C182%2C261%2C141%2C222%2C301%2C225%2C80%2C10000%2C108&purpose1=1&gdprconsent=1&gdpr=0&usp_status=0&usp_consent=1&itype=PREBID
Protocol
H2
Server
23.205.72.10 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-205-72-10.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
832f63f4187160c195b04f1911c2e623a75e805f4b23abb9b0bea214b4283a43
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://contextual.media.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=604800
server
Apache
date
Mon, 08 Nov 2021 15:48:09 GMT
p3p
CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
cache-control
max-age=0, no-cache, no-store
content-type
image/gif
content-length
45
x-mnet-hl2
E
expires
Mon, 08 Nov 2021 15:48:09 GMT

Redirect headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:08 GMT
P3p
CP="We do not support P3P header."
Location
https://contextual.media.net/cksync.php?cs=8&ovsid=dc0acWdifNMAKMlxx4lt&refUrl=&type=zem&vid=63864873462793880847394129000V10&vsid=2793880847394129000V10
Cache-Control
no-cache, no-store, must-revalidate
Content-Type
text/html; charset=utf-8
Content-Length
196
Expires
Thu, 01 Dec 1994 16:00:00 GMT
cksync.php
contextual.media.net/ Frame 8EFF
Redirect Chain
  • https://ad.turn.com/r/cs?pid=59&redir=https%3A%2F%2Fcontextual.media.net%2Fcksync.php%3Fcs%3D8%26vsid%3D2793880847394129000V10%26type%3Damb%26refUrl%3D%26vid%3D63864873462793880847394129000V10%26ov...
  • https://contextual.media.net/cksync.php?cs=8&vsid=2793880847394129000V10&type=amb&refUrl=&vid=63864873462793880847394129000V10&ovsid=3101355994236352031
45 B
452 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://contextual.media.net/cksync.php?cs=8&vsid=2793880847394129000V10&type=amb&refUrl=&vid=63864873462793880847394129000V10&ovsid=3101355994236352031
Requested by
Host: contextual.media.net
URL: https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUIUMTP7&prvid=2034%2C2033%2C2031%2C2030%2C273%2C2029%2C2028%2C2027%2C236%2C237%2C2025%2C238%2C117%2C97%2C99%2C3012%2C3011%2C3010%2C3007%2C201%2C4%2C246%2C2037%2C203%2C9%2C2011%2C3022%2C3020%2C251%2C175%2C2009%2C255%2C178%2C3018%2C3017%2C3016%2C214%2C3014%2C70%2C77%2C38%2C182%2C261%2C141%2C222%2C301%2C225%2C80%2C10000%2C108&purpose1=1&gdprconsent=1&gdpr=0&usp_status=0&usp_consent=1&itype=PREBID
Protocol
H2
Server
23.205.72.10 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-205-72-10.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
832f63f4187160c195b04f1911c2e623a75e805f4b23abb9b0bea214b4283a43
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://contextual.media.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=604800
server
Apache
date
Mon, 08 Nov 2021 15:48:07 GMT
p3p
CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
cache-control
max-age=0, no-cache, no-store
content-type
image/gif
content-length
45
x-mnet-hl2
E
expires
Mon, 08 Nov 2021 15:48:07 GMT

Redirect headers

location
https://contextual.media.net/cksync.php?cs=8&vsid=2793880847394129000V10&type=amb&refUrl=&vid=63864873462793880847394129000V10&ovsid=3101355994236352031
pragma
no-cache
date
Mon, 08 Nov 2021 15:48:06 GMT
cache-control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length
0
p3p
policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
sync
gum.criteo.com/ Frame CA67 		88 B
405 B 		Script
General
Check archive.org
Download Go to
Full URL
https://gum.criteo.com/sync?r=2&c=321&gdpr=0&gdpr_pd=0&gdpr_consent=&us_privacy=&j=window.advBidxc.mnetRtusId
Requested by
Host: contextual.media.net
URL: https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUIUMTP7&prvid=2034%2C2033%2C2031%2C2030%2C273%2C2029%2C2028%2C2027%2C236%2C237%2C2025%2C238%2C117%2C97%2C99%2C3012%2C3011%2C3010%2C3007%2C201%2C4%2C246%2C2037%2C203%2C9%2C2011%2C3022%2C3020%2C251%2C175%2C2009%2C255%2C178%2C3018%2C3017%2C3016%2C214%2C3014%2C70%2C77%2C38%2C182%2C261%2C141%2C222%2C301%2C225%2C80%2C10000%2C108&purpose1=1&gdprconsent=1&gdpr=0&usp_status=0&usp_consent=1&itype=PREBID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2620:100:a001::c , United States, ASN19750 (AS-CRITEO, US),
Reverse DNS
Software
/
Resource Hash
ac6b60cd1d7fb2d71a20dd4edbe1b4194bab5dc14ccfa1d9caff83d2cf4cf07f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://contextual.media.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
date
Mon, 08 Nov 2021 15:48:06 GMT
vary
Accept-Encoding
content-type
text/javascript; charset=utf-8
cache-control
private, max-age=3600
server-processing-duration-in-ticks
3879
content-length
208
expires
60
cksync
cs.media.net/ Frame CA67
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?cs=8&google_nid=media&google_cm=1&google_hm=Mjc5Mzg4MDg0NzM5NDEyOTAwMFYxMA%3D%3D&google_sc=1
  • https://cs.media.net/cksync?type=g&cs=8&google_gid=CAESEBzLc6tc-k1Nt0oO8k_EncU&google_cver=1
45 B
445 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cs.media.net/cksync?type=g&cs=8&google_gid=CAESEBzLc6tc-k1Nt0oO8k_EncU&google_cver=1
Requested by
Host: contextual.media.net
URL: https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUIUMTP7&prvid=2034%2C2033%2C2031%2C2030%2C273%2C2029%2C2028%2C2027%2C236%2C237%2C2025%2C238%2C117%2C97%2C99%2C3012%2C3011%2C3010%2C3007%2C201%2C4%2C246%2C2037%2C203%2C9%2C2011%2C3022%2C3020%2C251%2C175%2C2009%2C255%2C178%2C3018%2C3017%2C3016%2C214%2C3014%2C70%2C77%2C38%2C182%2C261%2C141%2C222%2C301%2C225%2C80%2C10000%2C108&purpose1=1&gdprconsent=1&gdpr=0&usp_status=0&usp_consent=1&itype=PREBID
Protocol
H2
Server
23.205.72.10 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-205-72-10.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
832f63f4187160c195b04f1911c2e623a75e805f4b23abb9b0bea214b4283a43

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://contextual.media.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:07 GMT
server
Apache
p3p
CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
cache-control
max-age=0, no-cache, no-store
content-type
image/gif
content-length
45
x-mnet-hl2
E
expires
Mon, 08 Nov 2021 15:48:07 GMT

Redirect headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:07 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://cs.media.net/cksync?type=g&cs=8&google_gid=CAESEBzLc6tc-k1Nt0oO8k_EncU&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
301
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
cksync.html
contextual.media.net/ Frame 67BA
Redirect Chain
  • https://p.rfihub.com/cm?pub=19967&in=1&forward=https%3A%2F%2Fcontextual.media.net%2Fcksync.html%3Fcs%3D8%26vsid%3D2793880847394129000V10%26type%3Drkt%26refUrl%3D%26vid%3D638648737827938808473941290...
  • https://contextual.media.net/cksync.html?cs=8&vsid=2793880847394129000V10&type=rkt&refUrl=&vid=63864873782793880847394129000V10&ovsid=978758875032371846
219 B
649 B 		Document
General
Check archive.org
Download Go to
Full URL
https://contextual.media.net/cksync.html?cs=8&vsid=2793880847394129000V10&type=rkt&refUrl=&vid=63864873782793880847394129000V10&ovsid=978758875032371846
Requested by
Host: contextual.media.net
URL: https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUIUMTP7&prvid=2034%2C2033%2C2031%2C2030%2C273%2C2029%2C2028%2C2027%2C236%2C237%2C2025%2C238%2C117%2C97%2C99%2C3012%2C3011%2C3010%2C3007%2C201%2C4%2C246%2C2037%2C203%2C9%2C2011%2C3022%2C3020%2C251%2C175%2C2009%2C255%2C178%2C3018%2C3017%2C3016%2C214%2C3014%2C70%2C77%2C38%2C182%2C261%2C141%2C222%2C301%2C225%2C80%2C10000%2C108&purpose1=1&gdprconsent=1&gdpr=0&usp_status=0&usp_consent=1&itype=PREBID
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.205.72.10 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-205-72-10.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
85af3052d288ffd9157258dfe4daf5309f0b64d0067ab8221cd0c62909c18419
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://contextual.media.net/

Response headers

server
Apache
content-length
219
content-type
text/html;charset=UTF-8
p3p
CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA" CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
strict-transport-security
max-age=604800
vary
Accept-Encoding
x-mnet-hl2
E
expires
Mon, 08 Nov 2021 15:48:07 GMT
cache-control
max-age=0, no-cache, no-store
pragma
no-cache
date
Mon, 08 Nov 2021 15:48:07 GMT

Redirect headers

Date
Mon, 08 Nov 2021 15:48:07 GMT
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location
https://contextual.media.net/cksync.html?cs=8&vsid=2793880847394129000V10&type=rkt&refUrl=&vid=63864873782793880847394129000V10&ovsid=978758875032371846
Content-Length
0
Server
Jetty(9.3.29.v20201019)
cksync.php
contextual.media.net/ Frame CA67
Redirect Chain
  • https://dis.criteo.com/dis/usersync.aspx?r=115&p=259&cp=medianet&cu=1&url=https%3A%2F%2Fcontextual.media.net%2Fcksync.php%3Fcs%3D1%26type%3Dcrt%26ovsid%3D%40%40CRITEO_USERID%40%40
  • https://contextual.media.net/cksync.php?cs=1&type=crt&ovsid=5cba545f-43f7-4e60-9846-afe9aa88eb6c
45 B
614 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://contextual.media.net/cksync.php?cs=1&type=crt&ovsid=5cba545f-43f7-4e60-9846-afe9aa88eb6c
Requested by
Host: contextual.media.net
URL: https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUIUMTP7&prvid=2034%2C2033%2C2031%2C2030%2C273%2C2029%2C2028%2C2027%2C236%2C237%2C2025%2C238%2C117%2C97%2C99%2C3012%2C3011%2C3010%2C3007%2C201%2C4%2C246%2C2037%2C203%2C9%2C2011%2C3022%2C3020%2C251%2C175%2C2009%2C255%2C178%2C3018%2C3017%2C3016%2C214%2C3014%2C70%2C77%2C38%2C182%2C261%2C141%2C222%2C301%2C225%2C80%2C10000%2C108&purpose1=1&gdprconsent=1&gdpr=0&usp_status=0&usp_consent=1&itype=PREBID
Protocol
H2
Server
23.205.72.10 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-205-72-10.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
832f63f4187160c195b04f1911c2e623a75e805f4b23abb9b0bea214b4283a43
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://contextual.media.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=604800
server
Apache
date
Mon, 08 Nov 2021 15:48:07 GMT
p3p
CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA, CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
cache-control
max-age=0, no-cache, no-store
content-type
image/gif
content-length
45
x-mnet-hl2
E
expires
Mon, 08 Nov 2021 15:48:07 GMT

Redirect headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:06 GMT
server
Kestrel
x-errorlevel
0
p3p
CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
location
https://contextual.media.net/cksync.php?cs=1&type=crt&ovsid=5cba545f-43f7-4e60-9846-afe9aa88eb6c
cache-control
no-cache
cross-origin-resource-policy
cross-origin
server-processing-duration-in-ticks
3315579
content-length
0
expires
Mon, 08 Nov 2021 00:00:00 GMT
cksync.php
contextual.media.net/ Frame CA67
Redirect Chain
  • https://x.bidswitch.net/sync?ssp=medianet&gdpr=0&gdpr_consent=&gdpr_pd=1
  • https://ads.betweendigital.com/match?bidder_id=43092&callback_url=https%3A%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D429%26user_id%3D%24%7BUSER_ID%7D%26ssp%3Dmedianet%26expires%3D30%26user_group%3D%24...
  • https://ads.betweendigital.com/match?bidder_id=43092&callback_url=https%3A%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D429%26user_id%3D%24%7BUSER_ID%7D%26ssp%3Dmedianet%26expires%3D30%26user_group%3D%24...
  • https://x.bidswitch.net/sync?dsp_id=429&user_id=fb460195-fc0b-5338-9e17-7d70ff9e3bc7&ssp=medianet&expires=30&user_group=1
  • https://contextual.media.net/cksync.php?cs=1&type=bs&ovsid=85c87065-7ef7-4b17-88e8-8c602c265f67&gdpr=&gdpr_consent=&gdpr_pd=
45 B
463 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://contextual.media.net/cksync.php?cs=1&type=bs&ovsid=85c87065-7ef7-4b17-88e8-8c602c265f67&gdpr=&gdpr_consent=&gdpr_pd=
Requested by
Host: contextual.media.net
URL: https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUIUMTP7&prvid=2034%2C2033%2C2031%2C2030%2C273%2C2029%2C2028%2C2027%2C236%2C237%2C2025%2C238%2C117%2C97%2C99%2C3012%2C3011%2C3010%2C3007%2C201%2C4%2C246%2C2037%2C203%2C9%2C2011%2C3022%2C3020%2C251%2C175%2C2009%2C255%2C178%2C3018%2C3017%2C3016%2C214%2C3014%2C70%2C77%2C38%2C182%2C261%2C141%2C222%2C301%2C225%2C80%2C10000%2C108&purpose1=1&gdprconsent=1&gdpr=0&usp_status=0&usp_consent=1&itype=PREBID
Protocol
H2
Server
23.205.72.10 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-205-72-10.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
832f63f4187160c195b04f1911c2e623a75e805f4b23abb9b0bea214b4283a43
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://contextual.media.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=604800
server
Apache
date
Mon, 08 Nov 2021 15:48:09 GMT
p3p
CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
cache-control
max-age=0, no-cache, no-store
content-type
image/gif
content-length
45
x-mnet-hl2
E
expires
Mon, 08 Nov 2021 15:48:09 GMT

Redirect headers

Location
//contextual.media.net/cksync.php?cs=1&type=bs&ovsid=85c87065-7ef7-4b17-88e8-8c602c265f67&gdpr=&gdpr_consent=&gdpr_pd=
Date
Mon, 08 Nov 2021 15:48:08 GMT
Cache-Control
no-cache, no-store, must-revalidate
Server
nginx
Connection
keep-alive
Content-Length
0
cksync.php
contextual.media.net/ Frame CA67
Redirect Chain
  • https://rtb.mfadsrvr.com/sync?ssp=medianet&ssp_user_id=2793880847394129000V10
  • https://contextual.media.net/cksync.php?type=mf&ovsid=26295e74-e49e-4fdb-bc3c-d6eea2adfd9f&cs=1
45 B
463 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://contextual.media.net/cksync.php?type=mf&ovsid=26295e74-e49e-4fdb-bc3c-d6eea2adfd9f&cs=1
Requested by
Host: contextual.media.net
URL: https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUIUMTP7&prvid=2034%2C2033%2C2031%2C2030%2C273%2C2029%2C2028%2C2027%2C236%2C237%2C2025%2C238%2C117%2C97%2C99%2C3012%2C3011%2C3010%2C3007%2C201%2C4%2C246%2C2037%2C203%2C9%2C2011%2C3022%2C3020%2C251%2C175%2C2009%2C255%2C178%2C3018%2C3017%2C3016%2C214%2C3014%2C70%2C77%2C38%2C182%2C261%2C141%2C222%2C301%2C225%2C80%2C10000%2C108&purpose1=1&gdprconsent=1&gdpr=0&usp_status=0&usp_consent=1&itype=PREBID
Protocol
H2
Server
23.205.72.10 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-205-72-10.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
832f63f4187160c195b04f1911c2e623a75e805f4b23abb9b0bea214b4283a43
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://contextual.media.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=604800
server
Apache
date
Mon, 08 Nov 2021 15:48:07 GMT
p3p
CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
cache-control
max-age=0, no-cache, no-store
content-type
image/gif
content-length
45
x-mnet-hl2
E
expires
Mon, 08 Nov 2021 15:48:07 GMT

Redirect headers

location
//contextual.media.net/cksync.php?type=mf&ovsid=26295e74-e49e-4fdb-bc3c-d6eea2adfd9f&cs=1
date
Mon, 08 Nov 2021 15:48:07 GMT
cache-control
no-cache, no-store, must-revalidate
alt-svc
clear
content-length
0
via
1.1 google
cksync
cs.media.net/ Frame CA67
Redirect Chain
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=8m33zk4&ttd_tpi=1
  • https://cs.media.net/cksync?cs=1&type=ttd&ovsid=bef21cd7-0fed-4f87-bc0f-da97b65f7cb9
45 B
451 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cs.media.net/cksync?cs=1&type=ttd&ovsid=bef21cd7-0fed-4f87-bc0f-da97b65f7cb9
Requested by
Host: contextual.media.net
URL: https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUIUMTP7&prvid=2034%2C2033%2C2031%2C2030%2C273%2C2029%2C2028%2C2027%2C236%2C237%2C2025%2C238%2C117%2C97%2C99%2C3012%2C3011%2C3010%2C3007%2C201%2C4%2C246%2C2037%2C203%2C9%2C2011%2C3022%2C3020%2C251%2C175%2C2009%2C255%2C178%2C3018%2C3017%2C3016%2C214%2C3014%2C70%2C77%2C38%2C182%2C261%2C141%2C222%2C301%2C225%2C80%2C10000%2C108&purpose1=1&gdprconsent=1&gdpr=0&usp_status=0&usp_consent=1&itype=PREBID
Protocol
H2
Server
23.205.72.10 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-205-72-10.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
832f63f4187160c195b04f1911c2e623a75e805f4b23abb9b0bea214b4283a43

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://contextual.media.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:07 GMT
server
Apache
p3p
CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
cache-control
max-age=0, no-cache, no-store
content-type
image/gif
content-length
45
x-mnet-hl2
E
expires
Mon, 08 Nov 2021 15:48:07 GMT

Redirect headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:07 GMT
x-aspnet-version
4.0.30319
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location
https://cs.media.net/cksync?cs=1&type=ttd&ovsid=bef21cd7-0fed-4f87-bc0f-da97b65f7cb9
cache-control
private,no-cache, must-revalidate
content-type
text/html
content-length
199
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame 5D6E 		14 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=159463&userIdMacro=PM_UID&predirect=https%3A%2F%2Fcontextual.media.net%2Fcksync.php%3Fcs%3D8%26vsid%3D2793880847394129000V10%26type%3Dpba%26refUrl%3D%26vid%3D63864873782793880847394129000V10%26ovsid%3DPM_UID
Requested by
Host: contextual.media.net
URL: https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUIUMTP7&prvid=2034%2C2033%2C2031%2C2030%2C273%2C2029%2C2028%2C2027%2C236%2C237%2C2025%2C238%2C117%2C97%2C99%2C3012%2C3011%2C3010%2C3007%2C201%2C4%2C246%2C2037%2C203%2C9%2C2011%2C3022%2C3020%2C251%2C175%2C2009%2C255%2C178%2C3018%2C3017%2C3016%2C214%2C3014%2C70%2C77%2C38%2C182%2C261%2C141%2C222%2C301%2C225%2C80%2C10000%2C108&purpose1=1&gdprconsent=1&gdpr=0&usp_status=0&usp_consent=1&itype=PREBID
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
184.29.128.213 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-29-128-213.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
2295c7a89c8ac4a19e2641283109be472d8f58bd78e42a38a0d16e34203e4bba

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://contextual.media.net/

Response headers

last-modified
Tue, 15 Jun 2021 06:08:03 GMT
etag
"1300708-3945-5c4c7cc02bd56"
server
Apache/2.2.15 (CentOS)
accept-ranges
bytes
content-encoding
gzip
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length
5054
content-type
text/html; charset=UTF-8
cache-control
max-age=124972
expires
Wed, 10 Nov 2021 02:30:59 GMT
date
Mon, 08 Nov 2021 15:48:07 GMT
vary
Accept-Encoding
cksync.php
contextual.media.net/ Frame CA67
Redirect Chain
  • https://sync.go.sonobi.com/us?https://contextual.media.net/cksync.php?cs=8&vsid=2793880847394129000V10&type=son&refUrl=&vid=63864873782793880847394129000V10&ovsid=[UID]
  • https://contextual.media.net/cksync.php?cs=8&vsid=2793880847394129000V10&type=son&refUrl=&vid=63864873782793880847394129000V10&ovsid=f3bb0ca7-bd05-4942-8f6c-d6a9657e2b3f
45 B
463 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://contextual.media.net/cksync.php?cs=8&vsid=2793880847394129000V10&type=son&refUrl=&vid=63864873782793880847394129000V10&ovsid=f3bb0ca7-bd05-4942-8f6c-d6a9657e2b3f
Requested by
Host: contextual.media.net
URL: https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUIUMTP7&prvid=2034%2C2033%2C2031%2C2030%2C273%2C2029%2C2028%2C2027%2C236%2C237%2C2025%2C238%2C117%2C97%2C99%2C3012%2C3011%2C3010%2C3007%2C201%2C4%2C246%2C2037%2C203%2C9%2C2011%2C3022%2C3020%2C251%2C175%2C2009%2C255%2C178%2C3018%2C3017%2C3016%2C214%2C3014%2C70%2C77%2C38%2C182%2C261%2C141%2C222%2C301%2C225%2C80%2C10000%2C108&purpose1=1&gdprconsent=1&gdpr=0&usp_status=0&usp_consent=1&itype=PREBID
Protocol
H2
Server
23.205.72.10 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-205-72-10.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
832f63f4187160c195b04f1911c2e623a75e805f4b23abb9b0bea214b4283a43
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://contextual.media.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=604800
server
Apache
date
Mon, 08 Nov 2021 15:48:07 GMT
p3p
CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
cache-control
max-age=0, no-cache, no-store
content-type
image/gif
content-length
45
x-mnet-hl2
E
expires
Mon, 08 Nov 2021 15:48:07 GMT

Redirect headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:07 GMT
Server
sonobi-go
Vary
negotiate,Accept-Encoding
X-Go-Server
go-iad-2-5-36
P3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Location
https://contextual.media.net/cksync.php?cs=8&vsid=2793880847394129000V10&type=son&refUrl=&vid=63864873782793880847394129000V10&ovsid=f3bb0ca7-bd05-4942-8f6c-d6a9657e2b3f
Cache-Control
no-cache, no-store, private
Tcn
Choice
Content-Type
text/plain; charset=utf8
Content-Length
0
X-Xss-Protection
0
Expires
Sat, 26 Jul 1997 05:00:00 GMT
c5a8c34f-a2af-431f-bc5a-09806d7b694f-618946b5-4341
sync.1rx.io/usersync3/centro/2057.4/ Frame CA67
Redirect Chain
  • https://sync.1rx.io/usersync2/rmp1r1?sub=medianet&redir=https%3A%2F%2Fcontextual.media.net%2Fcksync.php%3Fcs%3D8%26vsid%3D2793880847394129000V10%26type%3Dr1%26refUrl%3D%26vid%3D63864873782793880847...
  • https://pixel-sync.sitescout.com/dmp/pixelSync?nid=110&redir=https%3A%2F%2Fsync.1rx.io%2Fusersync3%2Fcentro%2F2057.4%2F%7BuserId%7D%3Fzcc%3D0%26sspret%3D1&rndcb=4503809472
  • https://sync.1rx.io/usersync3/centro/2057.4/c5a8c34f-a2af-431f-bc5a-09806d7b694f-618946b5-4341?zcc=0&sspret=1&rndcb=4503809472
43 B
242 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.1rx.io/usersync3/centro/2057.4/c5a8c34f-a2af-431f-bc5a-09806d7b694f-618946b5-4341?zcc=0&sspret=1&rndcb=4503809472
Requested by
Host: contextual.media.net
URL: https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUIUMTP7&prvid=2034%2C2033%2C2031%2C2030%2C273%2C2029%2C2028%2C2027%2C236%2C237%2C2025%2C238%2C117%2C97%2C99%2C3012%2C3011%2C3010%2C3007%2C201%2C4%2C246%2C2037%2C203%2C9%2C2011%2C3022%2C3020%2C251%2C175%2C2009%2C255%2C178%2C3018%2C3017%2C3016%2C214%2C3014%2C70%2C77%2C38%2C182%2C261%2C141%2C222%2C301%2C225%2C80%2C10000%2C108&purpose1=1&gdprconsent=1&gdpr=0&usp_status=0&usp_consent=1&itype=PREBID
Protocol
HTTP/1.1
Server
199.127.204.142 , United States, ASN26120 (RHYTHMONE, US),
Reverse DNS
Software
Tengine /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://contextual.media.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:07 GMT
Cache-Control
no-store, no-cache, must-revalidate
Server
Tengine
Connection
keep-alive
Content-Length
43
Expires
0

Redirect headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:07 GMT
server
AC1.1
p3p
CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
location
https://sync.1rx.io/usersync3/centro/2057.4/c5a8c34f-a2af-431f-bc5a-09806d7b694f-618946b5-4341?zcc=0&sspret=1&rndcb=4503809472
cache-control
max-age=0,no-cache,no-store
content-length
0
expires
Tue, 11 Oct 1977 12:34:56 GMT
cksync.php
contextual.media.net/ Frame CA67
Redirect Chain
  • https://pm.w55c.net/ping_match.gif?ei=MEDIANET&rurl=https%3A%2F%2Fcontextual.media.net%2Fcksync.php%3Fcs%3D8%26vsid%3D2793880847394129000V10%26type%3Ddxu%26refUrl%3D%26vid%3D63864873782793880847394...
  • https://contextual.media.net/cksync.php?cs=8&vsid=2793880847394129000V10&type=dxu&refUrl=&vid=63864873782793880847394129000V10&ovsid=XuW5Oh981MK6Sp5
45 B
450 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://contextual.media.net/cksync.php?cs=8&vsid=2793880847394129000V10&type=dxu&refUrl=&vid=63864873782793880847394129000V10&ovsid=XuW5Oh981MK6Sp5
Requested by
Host: contextual.media.net
URL: https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUIUMTP7&prvid=2034%2C2033%2C2031%2C2030%2C273%2C2029%2C2028%2C2027%2C236%2C237%2C2025%2C238%2C117%2C97%2C99%2C3012%2C3011%2C3010%2C3007%2C201%2C4%2C246%2C2037%2C203%2C9%2C2011%2C3022%2C3020%2C251%2C175%2C2009%2C255%2C178%2C3018%2C3017%2C3016%2C214%2C3014%2C70%2C77%2C38%2C182%2C261%2C141%2C222%2C301%2C225%2C80%2C10000%2C108&purpose1=1&gdprconsent=1&gdpr=0&usp_status=0&usp_consent=1&itype=PREBID
Protocol
H2
Server
23.205.72.10 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-205-72-10.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
832f63f4187160c195b04f1911c2e623a75e805f4b23abb9b0bea214b4283a43
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://contextual.media.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=604800
server
Apache
date
Mon, 08 Nov 2021 15:48:07 GMT
p3p
CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
cache-control
max-age=0, no-cache, no-store
content-type
image/gif
content-length
45
x-mnet-hl2
E
expires
Mon, 08 Nov 2021 15:48:07 GMT

Redirect headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:06 GMT
Server
PingMatch/v2.0.30-691-gbabbd08#rel-ec2-master i-0ce13a5a19ff7f3ea@us-east-1e@dxedge-app-us-east-1-prod-asg
Strict-Transport-Security
max-age=2592000; includeSubDomains
P3P
policyref="https://cts.w55c.net/ct/p3p_policy_ref.xml", CP="UNI PUR COM INT STA OTC STP OUR CUR TAIo COR DSP NOI"
Location
https://contextual.media.net/cksync.php?cs=8&vsid=2793880847394129000V10&type=dxu&refUrl=&vid=63864873782793880847394129000V10&ovsid=XuW5Oh981MK6Sp5
Cache-Control
no-cache, must-revalidate
Connection
keep-alive
Content-Length
0
Expires
Fri, 01 Jan 1990 00:00:00 GMT
cksync.php
contextual.media.net/ Frame CA67
Redirect Chain
  • https://b1sync.zemanta.com/usersync/medianet/?cb=https%3A%2F%2Fcontextual.media.net%2Fcksync.php%3Fcs%3D8%26vsid%3D2793880847394129000V10%26type%3Dzem%26refUrl%3D%26vid%3D63864873782793880847394129...
  • https://stags.bluekai.com/site/23178?id=CP1QBpRX3UdIKYUVX-Qx&redir=https%3A%2F%2Fb1sync.zemanta.com%2Fusersync%2Fbluekai%2Fcallback%2F%3Fd%3DNB2HI4DTHIXS6Y3PNZ2GK6DUOVQWYLTNMVSGSYJONZSXIL3DNNZXS3TD...
  • https://b1sync.zemanta.com/usersync/bluekai/callback/?d=NB2HI4DTHIXS6Y3PNZ2GK6DUOVQWYLTNMVSGSYJONZSXIL3DNNZXS3TDFZYGQ4B7MNZT2OBGMV4GG2DBNZTWKPLNMVSGSYLOMV2CM33WONUWIPKDKAYVCQTQKJMDGVLEJFFVSVKWLAWVC...
  • https://contextual.media.net/cksync.php?cs=8&ovsid=CP1QBpRX3UdIKYUVX-Qx&refUrl=&type=zem&vid=63864873782793880847394129000V10&vsid=2793880847394129000V10
45 B
455 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://contextual.media.net/cksync.php?cs=8&ovsid=CP1QBpRX3UdIKYUVX-Qx&refUrl=&type=zem&vid=63864873782793880847394129000V10&vsid=2793880847394129000V10
Requested by
Host: contextual.media.net
URL: https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUIUMTP7&prvid=2034%2C2033%2C2031%2C2030%2C273%2C2029%2C2028%2C2027%2C236%2C237%2C2025%2C238%2C117%2C97%2C99%2C3012%2C3011%2C3010%2C3007%2C201%2C4%2C246%2C2037%2C203%2C9%2C2011%2C3022%2C3020%2C251%2C175%2C2009%2C255%2C178%2C3018%2C3017%2C3016%2C214%2C3014%2C70%2C77%2C38%2C182%2C261%2C141%2C222%2C301%2C225%2C80%2C10000%2C108&purpose1=1&gdprconsent=1&gdpr=0&usp_status=0&usp_consent=1&itype=PREBID
Protocol
H2
Server
23.205.72.10 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-205-72-10.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
832f63f4187160c195b04f1911c2e623a75e805f4b23abb9b0bea214b4283a43
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://contextual.media.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=604800
server
Apache
date
Mon, 08 Nov 2021 15:48:08 GMT
p3p
CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
cache-control
max-age=0, no-cache, no-store
content-type
image/gif
content-length
45
x-mnet-hl2
E
expires
Mon, 08 Nov 2021 15:48:08 GMT

Redirect headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:08 GMT
P3p
CP="We do not support P3P header."
Location
https://contextual.media.net/cksync.php?cs=8&ovsid=CP1QBpRX3UdIKYUVX-Qx&refUrl=&type=zem&vid=63864873782793880847394129000V10&vsid=2793880847394129000V10
Cache-Control
no-cache, no-store, must-revalidate
Content-Type
text/html; charset=utf-8
Content-Length
196
Expires
Thu, 01 Dec 1994 16:00:00 GMT
cksync.php
contextual.media.net/ Frame CA67
Redirect Chain
  • https://ad.turn.com/r/cs?pid=59&redir=https%3A%2F%2Fcontextual.media.net%2Fcksync.php%3Fcs%3D8%26vsid%3D2793880847394129000V10%26type%3Damb%26refUrl%3D%26vid%3D63864873782793880847394129000V10%26ov...
  • https://contextual.media.net/cksync.php?cs=8&vsid=2793880847394129000V10&type=amb&refUrl=&vid=63864873782793880847394129000V10&ovsid=3101355994236352031
45 B
452 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://contextual.media.net/cksync.php?cs=8&vsid=2793880847394129000V10&type=amb&refUrl=&vid=63864873782793880847394129000V10&ovsid=3101355994236352031
Requested by
Host: contextual.media.net
URL: https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUIUMTP7&prvid=2034%2C2033%2C2031%2C2030%2C273%2C2029%2C2028%2C2027%2C236%2C237%2C2025%2C238%2C117%2C97%2C99%2C3012%2C3011%2C3010%2C3007%2C201%2C4%2C246%2C2037%2C203%2C9%2C2011%2C3022%2C3020%2C251%2C175%2C2009%2C255%2C178%2C3018%2C3017%2C3016%2C214%2C3014%2C70%2C77%2C38%2C182%2C261%2C141%2C222%2C301%2C225%2C80%2C10000%2C108&purpose1=1&gdprconsent=1&gdpr=0&usp_status=0&usp_consent=1&itype=PREBID
Protocol
H2
Server
23.205.72.10 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-205-72-10.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
832f63f4187160c195b04f1911c2e623a75e805f4b23abb9b0bea214b4283a43
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://contextual.media.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=604800
server
Apache
date
Mon, 08 Nov 2021 15:48:07 GMT
p3p
CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
cache-control
max-age=0, no-cache, no-store
content-type
image/gif
content-length
45
x-mnet-hl2
E
expires
Mon, 08 Nov 2021 15:48:07 GMT

Redirect headers

location
https://contextual.media.net/cksync.php?cs=8&vsid=2793880847394129000V10&type=amb&refUrl=&vid=63864873782793880847394129000V10&ovsid=3101355994236352031
pragma
no-cache
date
Mon, 08 Nov 2021 15:48:06 GMT
cache-control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length
0
p3p
policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
sync
gum.criteo.com/ Frame 8EDF 		88 B
407 B 		Script
General
Check archive.org
Download Go to
Full URL
https://gum.criteo.com/sync?r=2&c=321&gdpr=0&gdpr_pd=0&gdpr_consent=&us_privacy=&j=window.advBidxc.mnetRtusId
Requested by
Host: contextual.media.net
URL: https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUIUMTP7&prvid=2034%2C2033%2C2031%2C2030%2C273%2C2029%2C2028%2C2027%2C236%2C237%2C2025%2C238%2C117%2C97%2C99%2C3012%2C3011%2C3010%2C3007%2C201%2C4%2C246%2C2037%2C203%2C9%2C2011%2C3022%2C3020%2C251%2C175%2C2009%2C255%2C178%2C3018%2C3017%2C3016%2C214%2C3014%2C70%2C77%2C38%2C182%2C261%2C141%2C222%2C301%2C225%2C80%2C10000%2C108&purpose1=1&gdprconsent=1&gdpr=0&usp_status=0&usp_consent=1&itype=PREBID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2620:100:a001::c , United States, ASN19750 (AS-CRITEO, US),
Reverse DNS
Software
/
Resource Hash
3cc0624fe4f3227f9a210d31206e5e4ecae62e129037350040909946a0ef91fe
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://contextual.media.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
date
Mon, 08 Nov 2021 15:48:07 GMT
vary
Accept-Encoding
content-type
text/javascript; charset=utf-8
cache-control
private, max-age=3600
server-processing-duration-in-ticks
3797
content-length
210
expires
60
cksync
cs.media.net/ Frame 8EDF
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?cs=8&google_nid=media&google_cm=1&google_hm=Mjc5Mzg4MDg0NzM5NDEyOTAwMFYxMA%3D%3D&google_sc=1
  • https://cs.media.net/cksync?type=g&cs=8&google_gid=CAESEBzLc6tc-k1Nt0oO8k_EncU&google_cver=1
45 B
445 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cs.media.net/cksync?type=g&cs=8&google_gid=CAESEBzLc6tc-k1Nt0oO8k_EncU&google_cver=1
Requested by
Host: contextual.media.net
URL: https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUIUMTP7&prvid=2034%2C2033%2C2031%2C2030%2C273%2C2029%2C2028%2C2027%2C236%2C237%2C2025%2C238%2C117%2C97%2C99%2C3012%2C3011%2C3010%2C3007%2C201%2C4%2C246%2C2037%2C203%2C9%2C2011%2C3022%2C3020%2C251%2C175%2C2009%2C255%2C178%2C3018%2C3017%2C3016%2C214%2C3014%2C70%2C77%2C38%2C182%2C261%2C141%2C222%2C301%2C225%2C80%2C10000%2C108&purpose1=1&gdprconsent=1&gdpr=0&usp_status=0&usp_consent=1&itype=PREBID
Protocol
H2
Server
23.205.72.10 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-205-72-10.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
832f63f4187160c195b04f1911c2e623a75e805f4b23abb9b0bea214b4283a43

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://contextual.media.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:07 GMT
server
Apache
p3p
CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
cache-control
max-age=0, no-cache, no-store
content-type
image/gif
content-length
45
x-mnet-hl2
E
expires
Mon, 08 Nov 2021 15:48:07 GMT

Redirect headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:07 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://cs.media.net/cksync?type=g&cs=8&google_gid=CAESEBzLc6tc-k1Nt0oO8k_EncU&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
301
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
cksync.php
contextual.media.net/ Frame 8EDF
Redirect Chain
  • https://dis.criteo.com/dis/usersync.aspx?r=115&p=259&cp=medianet&cu=1&url=https%3A%2F%2Fcontextual.media.net%2Fcksync.php%3Fcs%3D1%26type%3Dcrt%26ovsid%3D%40%40CRITEO_USERID%40%40
  • https://contextual.media.net/cksync.php?cs=1&type=crt&ovsid=551ef6f7-5dc1-4e5f-9bfd-d061d6f90f5b
45 B
614 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://contextual.media.net/cksync.php?cs=1&type=crt&ovsid=551ef6f7-5dc1-4e5f-9bfd-d061d6f90f5b
Requested by
Host: contextual.media.net
URL: https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUIUMTP7&prvid=2034%2C2033%2C2031%2C2030%2C273%2C2029%2C2028%2C2027%2C236%2C237%2C2025%2C238%2C117%2C97%2C99%2C3012%2C3011%2C3010%2C3007%2C201%2C4%2C246%2C2037%2C203%2C9%2C2011%2C3022%2C3020%2C251%2C175%2C2009%2C255%2C178%2C3018%2C3017%2C3016%2C214%2C3014%2C70%2C77%2C38%2C182%2C261%2C141%2C222%2C301%2C225%2C80%2C10000%2C108&purpose1=1&gdprconsent=1&gdpr=0&usp_status=0&usp_consent=1&itype=PREBID
Protocol
H2
Server
23.205.72.10 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-205-72-10.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
832f63f4187160c195b04f1911c2e623a75e805f4b23abb9b0bea214b4283a43
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://contextual.media.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=604800
server
Apache
date
Mon, 08 Nov 2021 15:48:07 GMT
p3p
CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA, CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
cache-control
max-age=0, no-cache, no-store
content-type
image/gif
content-length
45
x-mnet-hl2
E
expires
Mon, 08 Nov 2021 15:48:07 GMT

Redirect headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:06 GMT
server
Kestrel
x-errorlevel
0
p3p
CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
location
https://contextual.media.net/cksync.php?cs=1&type=crt&ovsid=551ef6f7-5dc1-4e5f-9bfd-d061d6f90f5b
cache-control
no-cache
cross-origin-resource-policy
cross-origin
server-processing-duration-in-ticks
2150050
content-length
0
expires
Mon, 08 Nov 2021 00:00:00 GMT
cksync.php
contextual.media.net/ Frame 8EDF
Redirect Chain
  • https://x.bidswitch.net/sync?ssp=medianet&gdpr=0&gdpr_consent=&gdpr_pd=1
  • https://sync.mathtag.com/sync/img?mt_exid=46&redir=%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D80%26user_id%3D%5BUUID%5D%26expires%3D30%26ssp%3Dmedianet%26bsw_param%3D85c87065-7ef7-4b17-88e8-8c602c265f...
  • https://x.bidswitch.net/sync?dsp_id=80&user_id=47ba6189-46b6-4f00-a922-0724bc220c16&expires=30&ssp=medianet&bsw_param=85c87065-7ef7-4b17-88e8-8c602c265f67&gdpr=0&gdpr_consent=
  • https://contextual.media.net/cksync.php?cs=1&type=bs&ovsid=85c87065-7ef7-4b17-88e8-8c602c265f67&gdpr=0&gdpr_consent=&gdpr_pd=
45 B
463 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://contextual.media.net/cksync.php?cs=1&type=bs&ovsid=85c87065-7ef7-4b17-88e8-8c602c265f67&gdpr=0&gdpr_consent=&gdpr_pd=
Requested by
Host: contextual.media.net
URL: https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUIUMTP7&prvid=2034%2C2033%2C2031%2C2030%2C273%2C2029%2C2028%2C2027%2C236%2C237%2C2025%2C238%2C117%2C97%2C99%2C3012%2C3011%2C3010%2C3007%2C201%2C4%2C246%2C2037%2C203%2C9%2C2011%2C3022%2C3020%2C251%2C175%2C2009%2C255%2C178%2C3018%2C3017%2C3016%2C214%2C3014%2C70%2C77%2C38%2C182%2C261%2C141%2C222%2C301%2C225%2C80%2C10000%2C108&purpose1=1&gdprconsent=1&gdpr=0&usp_status=0&usp_consent=1&itype=PREBID
Protocol
H2
Server
23.205.72.10 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-205-72-10.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
832f63f4187160c195b04f1911c2e623a75e805f4b23abb9b0bea214b4283a43
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://contextual.media.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=604800
server
Apache
date
Mon, 08 Nov 2021 15:48:08 GMT
p3p
CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
cache-control
max-age=0, no-cache, no-store
content-type
image/gif
content-length
45
x-mnet-hl2
E
expires
Mon, 08 Nov 2021 15:48:08 GMT

Redirect headers

Location
//contextual.media.net/cksync.php?cs=1&type=bs&ovsid=85c87065-7ef7-4b17-88e8-8c602c265f67&gdpr=0&gdpr_consent=&gdpr_pd=
Date
Mon, 08 Nov 2021 15:48:08 GMT
Cache-Control
no-cache, no-store, must-revalidate
Server
nginx
Connection
keep-alive
Content-Length
0
cksync.php
contextual.media.net/ Frame 8EDF
Redirect Chain
  • https://rtb.mfadsrvr.com/sync?ssp=medianet&ssp_user_id=2793880847394129000V10
  • https://contextual.media.net/cksync.php?type=mf&ovsid=26295e74-e49e-4fdb-bc3c-d6eea2adfd9f&cs=1
45 B
463 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://contextual.media.net/cksync.php?type=mf&ovsid=26295e74-e49e-4fdb-bc3c-d6eea2adfd9f&cs=1
Requested by
Host: contextual.media.net
URL: https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUIUMTP7&prvid=2034%2C2033%2C2031%2C2030%2C273%2C2029%2C2028%2C2027%2C236%2C237%2C2025%2C238%2C117%2C97%2C99%2C3012%2C3011%2C3010%2C3007%2C201%2C4%2C246%2C2037%2C203%2C9%2C2011%2C3022%2C3020%2C251%2C175%2C2009%2C255%2C178%2C3018%2C3017%2C3016%2C214%2C3014%2C70%2C77%2C38%2C182%2C261%2C141%2C222%2C301%2C225%2C80%2C10000%2C108&purpose1=1&gdprconsent=1&gdpr=0&usp_status=0&usp_consent=1&itype=PREBID
Protocol
H2
Server
23.205.72.10 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-205-72-10.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
832f63f4187160c195b04f1911c2e623a75e805f4b23abb9b0bea214b4283a43
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://contextual.media.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=604800
server
Apache
date
Mon, 08 Nov 2021 15:48:07 GMT
p3p
CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
cache-control
max-age=0, no-cache, no-store
content-type
image/gif
content-length
45
x-mnet-hl2
E
expires
Mon, 08 Nov 2021 15:48:07 GMT

Redirect headers

location
//contextual.media.net/cksync.php?type=mf&ovsid=26295e74-e49e-4fdb-bc3c-d6eea2adfd9f&cs=1
date
Mon, 08 Nov 2021 15:48:07 GMT
cache-control
no-cache, no-store, must-revalidate
alt-svc
clear
content-length
0
via
1.1 google
cksync
cs.media.net/ Frame 8EDF
Redirect Chain
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=8m33zk4&ttd_tpi=1
  • https://cs.media.net/cksync?cs=1&type=ttd&ovsid=bef21cd7-0fed-4f87-bc0f-da97b65f7cb9
45 B
451 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cs.media.net/cksync?cs=1&type=ttd&ovsid=bef21cd7-0fed-4f87-bc0f-da97b65f7cb9
Requested by
Host: contextual.media.net
URL: https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUIUMTP7&prvid=2034%2C2033%2C2031%2C2030%2C273%2C2029%2C2028%2C2027%2C236%2C237%2C2025%2C238%2C117%2C97%2C99%2C3012%2C3011%2C3010%2C3007%2C201%2C4%2C246%2C2037%2C203%2C9%2C2011%2C3022%2C3020%2C251%2C175%2C2009%2C255%2C178%2C3018%2C3017%2C3016%2C214%2C3014%2C70%2C77%2C38%2C182%2C261%2C141%2C222%2C301%2C225%2C80%2C10000%2C108&purpose1=1&gdprconsent=1&gdpr=0&usp_status=0&usp_consent=1&itype=PREBID
Protocol
H2
Server
23.205.72.10 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-205-72-10.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
832f63f4187160c195b04f1911c2e623a75e805f4b23abb9b0bea214b4283a43

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://contextual.media.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:07 GMT
server
Apache
p3p
CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
cache-control
max-age=0, no-cache, no-store
content-type
image/gif
content-length
45
x-mnet-hl2
E
expires
Mon, 08 Nov 2021 15:48:07 GMT

Redirect headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:07 GMT
x-aspnet-version
4.0.30319
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location
https://cs.media.net/cksync?cs=1&type=ttd&ovsid=bef21cd7-0fed-4f87-bc0f-da97b65f7cb9
cache-control
private,no-cache, must-revalidate
content-type
text/html
content-length
199
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame 8C05 		14 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=159463&userIdMacro=PM_UID&predirect=https%3A%2F%2Fcontextual.media.net%2Fcksync.php%3Fcs%3D8%26vsid%3D2793880847394129000V10%26type%3Dpba%26refUrl%3D%26vid%3D63864874192793880847394129000V10%26ovsid%3DPM_UID
Requested by
Host: contextual.media.net
URL: https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUIUMTP7&prvid=2034%2C2033%2C2031%2C2030%2C273%2C2029%2C2028%2C2027%2C236%2C237%2C2025%2C238%2C117%2C97%2C99%2C3012%2C3011%2C3010%2C3007%2C201%2C4%2C246%2C2037%2C203%2C9%2C2011%2C3022%2C3020%2C251%2C175%2C2009%2C255%2C178%2C3018%2C3017%2C3016%2C214%2C3014%2C70%2C77%2C38%2C182%2C261%2C141%2C222%2C301%2C225%2C80%2C10000%2C108&purpose1=1&gdprconsent=1&gdpr=0&usp_status=0&usp_consent=1&itype=PREBID
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
184.29.128.213 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-29-128-213.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
2295c7a89c8ac4a19e2641283109be472d8f58bd78e42a38a0d16e34203e4bba

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://contextual.media.net/

Response headers

last-modified
Tue, 15 Jun 2021 06:08:03 GMT
etag
"1300708-3945-5c4c7cc02bd56"
server
Apache/2.2.15 (CentOS)
accept-ranges
bytes
content-encoding
gzip
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length
5054
content-type
text/html; charset=UTF-8
cache-control
max-age=124972
expires
Wed, 10 Nov 2021 02:30:59 GMT
date
Mon, 08 Nov 2021 15:48:07 GMT
vary
Accept-Encoding
cksync.php
contextual.media.net/ Frame 8EDF
Redirect Chain
  • https://sync.go.sonobi.com/us?https://contextual.media.net/cksync.php?cs=8&vsid=2793880847394129000V10&type=son&refUrl=&vid=63864874192793880847394129000V10&ovsid=[UID]
  • https://contextual.media.net/cksync.php?cs=8&vsid=2793880847394129000V10&type=son&refUrl=&vid=63864874192793880847394129000V10&ovsid=f3bb0ca7-bd05-4942-8f6c-d6a9657e2b3f
45 B
463 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://contextual.media.net/cksync.php?cs=8&vsid=2793880847394129000V10&type=son&refUrl=&vid=63864874192793880847394129000V10&ovsid=f3bb0ca7-bd05-4942-8f6c-d6a9657e2b3f
Requested by
Host: contextual.media.net
URL: https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUIUMTP7&prvid=2034%2C2033%2C2031%2C2030%2C273%2C2029%2C2028%2C2027%2C236%2C237%2C2025%2C238%2C117%2C97%2C99%2C3012%2C3011%2C3010%2C3007%2C201%2C4%2C246%2C2037%2C203%2C9%2C2011%2C3022%2C3020%2C251%2C175%2C2009%2C255%2C178%2C3018%2C3017%2C3016%2C214%2C3014%2C70%2C77%2C38%2C182%2C261%2C141%2C222%2C301%2C225%2C80%2C10000%2C108&purpose1=1&gdprconsent=1&gdpr=0&usp_status=0&usp_consent=1&itype=PREBID
Protocol
H2
Server
23.205.72.10 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-205-72-10.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
832f63f4187160c195b04f1911c2e623a75e805f4b23abb9b0bea214b4283a43
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://contextual.media.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=604800
server
Apache
date
Mon, 08 Nov 2021 15:48:07 GMT
p3p
CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
cache-control
max-age=0, no-cache, no-store
content-type
image/gif
content-length
45
x-mnet-hl2
E
expires
Mon, 08 Nov 2021 15:48:07 GMT

Redirect headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:07 GMT
Server
sonobi-go
Vary
negotiate,Accept-Encoding
X-Go-Server
go-iad-2-5-36
P3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Location
https://contextual.media.net/cksync.php?cs=8&vsid=2793880847394129000V10&type=son&refUrl=&vid=63864874192793880847394129000V10&ovsid=f3bb0ca7-bd05-4942-8f6c-d6a9657e2b3f
Cache-Control
no-cache, no-store, private
Tcn
Choice
Content-Type
text/plain; charset=utf8
Content-Length
0
X-Xss-Protection
0
Expires
Sat, 26 Jul 1997 05:00:00 GMT
c5a8c34f-a2af-431f-bc5a-09806d7b694f-618946b5-4341
sync.1rx.io/usersync3/centro/2057.4/ Frame 8EDF
Redirect Chain
  • https://sync.1rx.io/usersync2/rmp1r1?sub=medianet&redir=https%3A%2F%2Fcontextual.media.net%2Fcksync.php%3Fcs%3D8%26vsid%3D2793880847394129000V10%26type%3Dr1%26refUrl%3D%26vid%3D63864874192793880847...
  • https://pixel-sync.sitescout.com/dmp/pixelSync?nid=110&redir=https%3A%2F%2Fsync.1rx.io%2Fusersync3%2Fcentro%2F2057.4%2F%7BuserId%7D%3Fzcc%3D0%26sspret%3D1&rndcb=2044825393
  • https://sync.1rx.io/usersync3/centro/2057.4/c5a8c34f-a2af-431f-bc5a-09806d7b694f-618946b5-4341?zcc=0&sspret=1&rndcb=2044825393
43 B
242 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.1rx.io/usersync3/centro/2057.4/c5a8c34f-a2af-431f-bc5a-09806d7b694f-618946b5-4341?zcc=0&sspret=1&rndcb=2044825393
Requested by
Host: contextual.media.net
URL: https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUIUMTP7&prvid=2034%2C2033%2C2031%2C2030%2C273%2C2029%2C2028%2C2027%2C236%2C237%2C2025%2C238%2C117%2C97%2C99%2C3012%2C3011%2C3010%2C3007%2C201%2C4%2C246%2C2037%2C203%2C9%2C2011%2C3022%2C3020%2C251%2C175%2C2009%2C255%2C178%2C3018%2C3017%2C3016%2C214%2C3014%2C70%2C77%2C38%2C182%2C261%2C141%2C222%2C301%2C225%2C80%2C10000%2C108&purpose1=1&gdprconsent=1&gdpr=0&usp_status=0&usp_consent=1&itype=PREBID
Protocol
HTTP/1.1
Server
199.127.204.142 , United States, ASN26120 (RHYTHMONE, US),
Reverse DNS
Software
Tengine /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://contextual.media.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:08 GMT
Cache-Control
no-store, no-cache, must-revalidate
Server
Tengine
Connection
keep-alive
Content-Length
43
Expires
0

Redirect headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:07 GMT
server
AC1.1
p3p
CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
location
https://sync.1rx.io/usersync3/centro/2057.4/c5a8c34f-a2af-431f-bc5a-09806d7b694f-618946b5-4341?zcc=0&sspret=1&rndcb=2044825393
cache-control
max-age=0,no-cache,no-store
content-length
0
expires
Tue, 11 Oct 1977 12:34:56 GMT
cksync.php
contextual.media.net/ Frame 8EDF
Redirect Chain
  • https://pm.w55c.net/ping_match.gif?ei=MEDIANET&rurl=https%3A%2F%2Fcontextual.media.net%2Fcksync.php%3Fcs%3D8%26vsid%3D2793880847394129000V10%26type%3Ddxu%26refUrl%3D%26vid%3D63864874192793880847394...
  • https://contextual.media.net/cksync.php?cs=8&vsid=2793880847394129000V10&type=dxu&refUrl=&vid=63864874192793880847394129000V10&ovsid=XuW5Oh981MK6Sp5
45 B
450 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://contextual.media.net/cksync.php?cs=8&vsid=2793880847394129000V10&type=dxu&refUrl=&vid=63864874192793880847394129000V10&ovsid=XuW5Oh981MK6Sp5
Requested by
Host: contextual.media.net
URL: https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUIUMTP7&prvid=2034%2C2033%2C2031%2C2030%2C273%2C2029%2C2028%2C2027%2C236%2C237%2C2025%2C238%2C117%2C97%2C99%2C3012%2C3011%2C3010%2C3007%2C201%2C4%2C246%2C2037%2C203%2C9%2C2011%2C3022%2C3020%2C251%2C175%2C2009%2C255%2C178%2C3018%2C3017%2C3016%2C214%2C3014%2C70%2C77%2C38%2C182%2C261%2C141%2C222%2C301%2C225%2C80%2C10000%2C108&purpose1=1&gdprconsent=1&gdpr=0&usp_status=0&usp_consent=1&itype=PREBID
Protocol
H2
Server
23.205.72.10 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-205-72-10.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
832f63f4187160c195b04f1911c2e623a75e805f4b23abb9b0bea214b4283a43
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://contextual.media.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=604800
server
Apache
date
Mon, 08 Nov 2021 15:48:07 GMT
p3p
CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
cache-control
max-age=0, no-cache, no-store
content-type
image/gif
content-length
45
x-mnet-hl2
E
expires
Mon, 08 Nov 2021 15:48:07 GMT

Redirect headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:06 GMT
Server
PingMatch/v2.0.30-691-gbabbd08#rel-ec2-master i-07d4133ce3be25904@us-east-1d@dxedge-app-us-east-1-prod-asg
Strict-Transport-Security
max-age=2592000; includeSubDomains
P3P
policyref="https://cts.w55c.net/ct/p3p_policy_ref.xml", CP="UNI PUR COM INT STA OTC STP OUR CUR TAIo COR DSP NOI"
Location
https://contextual.media.net/cksync.php?cs=8&vsid=2793880847394129000V10&type=dxu&refUrl=&vid=63864874192793880847394129000V10&ovsid=XuW5Oh981MK6Sp5
Cache-Control
no-cache, must-revalidate
Connection
keep-alive
Content-Length
0
Expires
Fri, 01 Jan 1990 00:00:00 GMT
cksync.php
contextual.media.net/ Frame 8EDF
Redirect Chain
  • https://b1sync.zemanta.com/usersync/medianet/?cb=https%3A%2F%2Fcontextual.media.net%2Fcksync.php%3Fcs%3D8%26vsid%3D2793880847394129000V10%26type%3Dzem%26refUrl%3D%26vid%3D63864874192793880847394129...
  • https://stags.bluekai.com/site/23178?id=P5m7GJPyKk1ysTdwS0Ap&redir=https%3A%2F%2Fb1sync.zemanta.com%2Fusersync%2Fbluekai%2Fcallback%2F%3Fd%3DNB2HI4DTHIXS6Y3PNZ2GK6DUOVQWYLTNMVSGSYJONZSXIL3DNNZXS3TD...
  • https://b1sync.zemanta.com/usersync/bluekai/callback/?d=NB2HI4DTHIXS6Y3PNZ2GK6DUOVQWYLTNMVSGSYJONZSXIL3DNNZXS3TDFZYGQ4B7MNZT2OBGMV4GG2DBNZTWKPLNMVSGSYLOMV2CM33WONUWIPKQGVWTOR2KKB4UW2ZRPFZVIZDXKMYEC...
  • https://contextual.media.net/cksync.php?cs=8&ovsid=P5m7GJPyKk1ysTdwS0Ap&refUrl=&type=zem&vid=63864874192793880847394129000V10&vsid=2793880847394129000V10
45 B
454 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://contextual.media.net/cksync.php?cs=8&ovsid=P5m7GJPyKk1ysTdwS0Ap&refUrl=&type=zem&vid=63864874192793880847394129000V10&vsid=2793880847394129000V10
Requested by
Host: contextual.media.net
URL: https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUIUMTP7&prvid=2034%2C2033%2C2031%2C2030%2C273%2C2029%2C2028%2C2027%2C236%2C237%2C2025%2C238%2C117%2C97%2C99%2C3012%2C3011%2C3010%2C3007%2C201%2C4%2C246%2C2037%2C203%2C9%2C2011%2C3022%2C3020%2C251%2C175%2C2009%2C255%2C178%2C3018%2C3017%2C3016%2C214%2C3014%2C70%2C77%2C38%2C182%2C261%2C141%2C222%2C301%2C225%2C80%2C10000%2C108&purpose1=1&gdprconsent=1&gdpr=0&usp_status=0&usp_consent=1&itype=PREBID
Protocol
H2
Server
23.205.72.10 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-205-72-10.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
832f63f4187160c195b04f1911c2e623a75e805f4b23abb9b0bea214b4283a43
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://contextual.media.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=604800
server
Apache
date
Mon, 08 Nov 2021 15:48:09 GMT
p3p
CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
cache-control
max-age=0, no-cache, no-store
content-type
image/gif
content-length
45
x-mnet-hl2
E
expires
Mon, 08 Nov 2021 15:48:09 GMT

Redirect headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:08 GMT
P3p
CP="We do not support P3P header."
Location
https://contextual.media.net/cksync.php?cs=8&ovsid=P5m7GJPyKk1ysTdwS0Ap&refUrl=&type=zem&vid=63864874192793880847394129000V10&vsid=2793880847394129000V10
Cache-Control
no-cache, no-store, must-revalidate
Content-Type
text/html; charset=utf-8
Content-Length
196
Expires
Thu, 01 Dec 1994 16:00:00 GMT
cksync.php
contextual.media.net/ Frame 8EDF
Redirect Chain
  • https://ad.turn.com/r/cs?pid=59&redir=https%3A%2F%2Fcontextual.media.net%2Fcksync.php%3Fcs%3D8%26vsid%3D2793880847394129000V10%26type%3Damb%26refUrl%3D%26vid%3D63864874192793880847394129000V10%26ov...
  • https://contextual.media.net/cksync.php?cs=8&vsid=2793880847394129000V10&type=amb&refUrl=&vid=63864874192793880847394129000V10&ovsid=3101355994236352031
45 B
452 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://contextual.media.net/cksync.php?cs=8&vsid=2793880847394129000V10&type=amb&refUrl=&vid=63864874192793880847394129000V10&ovsid=3101355994236352031
Requested by
Host: contextual.media.net
URL: https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUIUMTP7&prvid=2034%2C2033%2C2031%2C2030%2C273%2C2029%2C2028%2C2027%2C236%2C237%2C2025%2C238%2C117%2C97%2C99%2C3012%2C3011%2C3010%2C3007%2C201%2C4%2C246%2C2037%2C203%2C9%2C2011%2C3022%2C3020%2C251%2C175%2C2009%2C255%2C178%2C3018%2C3017%2C3016%2C214%2C3014%2C70%2C77%2C38%2C182%2C261%2C141%2C222%2C301%2C225%2C80%2C10000%2C108&purpose1=1&gdprconsent=1&gdpr=0&usp_status=0&usp_consent=1&itype=PREBID
Protocol
H2
Server
23.205.72.10 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-205-72-10.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
832f63f4187160c195b04f1911c2e623a75e805f4b23abb9b0bea214b4283a43
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://contextual.media.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=604800
server
Apache
date
Mon, 08 Nov 2021 15:48:07 GMT
p3p
CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
cache-control
max-age=0, no-cache, no-store
content-type
image/gif
content-length
45
x-mnet-hl2
E
expires
Mon, 08 Nov 2021 15:48:07 GMT

Redirect headers

location
https://contextual.media.net/cksync.php?cs=8&vsid=2793880847394129000V10&type=amb&refUrl=&vid=63864874192793880847394129000V10&ovsid=3101355994236352031
pragma
no-cache
date
Mon, 08 Nov 2021 15:48:06 GMT
cache-control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length
0
p3p
policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
async_usersync
ib.adnxs.com/ Frame 93D0 		0
733 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/async_usersync?cbfn=queuePixels
Requested by
Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
68.67.161.183 New York, United States, ASN29990 (ASN-APPNEX, US),
Reverse DNS
803.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net
Software
nginx/1.17.9 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://acdn.adnxs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:07 GMT
X-Proxy-Origin
37.120.205.149; 37.120.205.149; 803.bm-nginx-loadbalancer.mgmt.nym2; adnxs.com
AN-X-Request-Uuid
58e7f06c-ee90-4b8d-9ca5-c4f3abcc25d4
Server
nginx/1.17.9
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
async_usersync
ib.adnxs.com/ Frame 8370 		0
733 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/async_usersync?cbfn=queuePixels
Requested by
Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
68.67.161.183 New York, United States, ASN29990 (ASN-APPNEX, US),
Reverse DNS
803.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net
Software
nginx/1.17.9 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://acdn.adnxs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:07 GMT
X-Proxy-Origin
37.120.205.149; 37.120.205.149; 803.bm-nginx-loadbalancer.mgmt.nym2; adnxs.com
AN-X-Request-Uuid
b3670936-4277-4453-ad56-144896b59900
Server
nginx/1.17.9
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
async_usersync
ib.adnxs.com/ Frame 9922 		0
733 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/async_usersync?cbfn=queuePixels
Requested by
Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
68.67.161.183 New York, United States, ASN29990 (ASN-APPNEX, US),
Reverse DNS
803.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net
Software
nginx/1.17.9 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://acdn.adnxs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:07 GMT
X-Proxy-Origin
37.120.205.149; 37.120.205.149; 803.bm-nginx-loadbalancer.mgmt.nym2; adnxs.com
AN-X-Request-Uuid
67b0def0-5d2a-4cc7-9344-635e44eb9d55
Server
nginx/1.17.9
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
Enqz_20U.html
tpc.googlesyndication.com/sodar/ Frame 8B93 		22 KB
8 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:816::2001 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://googleads.g.doubleclick.net/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
cross-origin-resource-policy
cross-origin
cross-origin-opener-policy-report-only
same-origin; report-to="adspam-signals-scs"
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
timing-allow-origin
*
content-length
8395
date
Mon, 08 Nov 2021 14:21:59 GMT
expires
Tue, 08 Nov 2022 14:21:59 GMT
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
cache-control
public, max-age=31536000
age
5168
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Enqz_20U.html
tpc.googlesyndication.com/sodar/ Frame 1D09 		22 KB
8 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:816::2001 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://googleads.g.doubleclick.net/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
cross-origin-resource-policy
cross-origin
cross-origin-opener-policy-report-only
same-origin; report-to="adspam-signals-scs"
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
timing-allow-origin
*
content-length
8395
date
Mon, 08 Nov 2021 14:21:59 GMT
expires
Tue, 08 Nov 2022 14:21:59 GMT
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
cache-control
public, max-age=31536000
age
5168
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
pixel.gif
px.moatads.com/ Frame B1D3 		43 B
260 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.moatads.com/pixel.gif?e=0&q=0&hp=1&ra=1&pxm=7&sgs=3&vb=-1&kq=1&lo=0&uk=null&pk=0&wk=0&rk=0&tk=0&ak=https%3A%2F%2Fs2.2mdn.net%2Fproxy%2FuxyFXEcgEeCM1h9D8yFVK7Egjb7uiG80umz3V9MXL9-ITJmbVXMjhSkc7cljUB2dWlpm0wwOILWpq5HKQBk_EyT5jGXuiC1XDwIYN3B0ZXLBg0ZHjqrGLyS1zffvneXHm2VTFveHdinr%3Dw728-h90-n&i=SENDGRID_DCM1&ol=453615052&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~tM!90vv9L%24%2FoDb%2FG)lKr%23l9jmUdTfN%5Bqir1fcSC%3AU%3FWOvTh%7CzFK%3F%5B%22l!j%3F%5DV%22%3BU!%2FBwj%5DUG0U20!9%3Am%5EG..%2C*%5D%407%25rxaxcpaO%2BZ%5EhG%22%3ExZq%224%7CQjw%60.%7Bi%3F%5DQZ%2CA2%2BNhloI%40s1%7CZ5*%3FVl%3Fe3%7CqL5%40J%3D%5B*EjrG%3DH%3CA.a%24%7D9H%3BatASYUby%3D(tN%23V.x%3Bm_Qrw5.W%2F84VKp%40i6AKx!f%3EUYoo813_xB%2CN22Ib%40aFB&tf=1_nMzjG---CSa7H-nHVQZC-bW7qhB-LRwqH-nMzjG-&vi=111111&rc=2%2C1%2C0%2C3%2C3326192205%2C1%2C4%2C0%2Cprobably%2Cprobably&rb=1-KyBnW%2BgiY9PHPf0uHVjPGlx1P1tMeAYh8VIp1Vf7AbESGfrl5%2FmliBNlAlwWxmRnpyWz&rs=1-3F41M1%2F1Kg7M0g%3D%3D&sc=1&os=1-aw%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MxOtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJfR0BqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=&qc=0&qd=0&qf=728&qe=90&qh=1600&qg=1200&qm=0&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&ql=%3B%5BpwxnRd%7Dt%3Aal9EU%22y%2F.D%5B5%2F%5BGI%3Fi6%5EB61%2F%3DSqcMr1%7B%2CTu9LJJ(a.P%2B)s1(uA&qo=0&qr=0&bq=0&g=0&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&h=90&w=728&zGSRC=1&gu=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F112825%2Fmalware%2Fgolang-based-worm-windows-linux.html&id=0&ii=6&f=1&j=https%3A%2F%2Fsecurityaffairs.co&lp=https%3A%2F%2Fsecurityaffairs.co&t=1636386486929&de=974024140004&cu=1636386486929&m=100&ar=553ffc12ef5-clean&iw=9a4f3d2&cb=0&ym=0&ll=2&lm=2&ln=1&r=0&dl=0&nh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=94&le=1&gm=1&io=1&vv=3&vw=0%3A3%3A0&vp=-&vx=-%3A-%3A-&pe=0%3A523%3A523%3A0%3A0&aa=0&ad=0&cn=0&gk=0&gl=0&ik=0&ic=0&im=0&in=0&pd=0&em=0&en=0&st=1&su=1&of=1&oz=1&oe=0%3A0%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=68&cd=0&ah=68&am=0&xd=00&rf=0&re=1&wb=1&cl=0&at=0&d=22143192%3A3112338%3A318428647%3A160158782&bo=securityaffairs.co&bd=securityaffairs.co&gw=sendgriddcm593119715704&zMoatOrigSlicer1=N%2FA&zMoatOrigSlicer2=N%2FA&hv=Standard%20Image%20Ad%20finding%20&ab=1&ac=1&fd=1&kt=sframe&it=500&oq=0&ot=0&zMoatJS=3%3A-&ti=0&ih=1&jm=-1&tc=0&fs=195402&na=1651503053&cs=0
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=90&slotname=Internal_728x90_0.10&adk=1194620937&adf=1480696129&pi=t.ma~as.Internal_728x90_0.10&w=728&lmt=1636386485&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F112825%2Fmalware%2Fgolang-based-worm-windows-linux.html&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1636386485752&bpp=6&bdt=145&idt=196&shv=r20211103&mjsv=m202111020101&ptt=5&saldr=sa&correlator=6653099393600&frm=21&ife=1&pv=1&ga_vid=826445048.1636386485&ga_sid=1636386486&ga_hid=1670877418&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=320&ady=518&biw=1600&bih=1200&isw=728&ish=90&ifk=1904614804&scr_x=0&scr_y=0&eid=31062938&oid=2&pvsid=1757560233294358&pem=843&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.xa1tfz6tg05z&fsb=1&xpc=jgpFHxDAe2&p=https%3A//securityaffairs.co&dtd=211
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
184.29.129.187 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-29-129-187.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:07 GMT
last-modified
Fri, 20 May 2016 15:16:00 GMT
server
AkamaiNetStorage
etag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type
image/gif
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-length
43
expires
Mon, 08 Nov 2021 15:48:07 GMT
lFqatAGMGI5ruFOuc2G8YqsaAHQUb5EGFuJALWeAUJk.js
pagead2.googlesyndication.com/bg/ Frame 4F78 		35 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/lFqatAGMGI5ruFOuc2G8YqsaAHQUb5EGFuJALWeAUJk.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=50&slotname=Internal_320x50_0.10&adk=468307373&adf=1480696131&pi=t.ma~as.Internal_320x50_0.10&w=320&lmt=1636386485&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F112825%2Fmalware%2Fgolang-based-worm-windows-linux.html&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1636386485719&bpp=15&bdt=185&idt=191&shv=r20211103&mjsv=m202111020101&ptt=5&saldr=sa&correlator=6653099393600&frm=21&ife=1&pv=2&ga_vid=826445048.1636386485&ga_sid=1636386486&ga_hid=1089796484&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=320&ady=820&biw=1600&bih=1200&isw=320&ish=50&ifk=1908481605&scr_x=0&scr_y=0&eid=21065724&oid=2&pvsid=3372795393941806&pem=843&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.h7hnysjkfh1q&fsb=1&xpc=fF2ziKw2Ol&p=https%3A//securityaffairs.co&dtd=210
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81c::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
945a9ab4018c188e6bb853ae7361bc62ab1a0074146f910616e2402d67805099
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 09:01:31 GMT
content-encoding
br
x-content-type-options
nosniff
age
24396
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13523
x-xss-protection
0
last-modified
Fri, 29 Oct 2021 13:38:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Tue, 08 Nov 2022 09:01:31 GMT
async_usersync
ib.adnxs.com/ Frame B6C4 		0
733 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/async_usersync?cbfn=queuePixels
Requested by
Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
68.67.161.183 New York, United States, ASN29990 (ASN-APPNEX, US),
Reverse DNS
803.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net
Software
nginx/1.17.9 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://acdn.adnxs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:07 GMT
X-Proxy-Origin
37.120.205.149; 37.120.205.149; 803.bm-nginx-loadbalancer.mgmt.nym2; adnxs.com
AN-X-Request-Uuid
26e707da-2041-4865-92b5-50b13d1d862e
Server
nginx/1.17.9
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
sodar2.js
tpc.googlesyndication.com/sodar/ Frame 991D 		17 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202111020101/show_ads_impl_fy2019.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:816::2001 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:07 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1624308425655142"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6467
x-xss-protection
0
cross-origin-opener-policy-report-only
same-origin; report-to="adspam-signals-scs"
expires
Mon, 08 Nov 2021 15:48:07 GMT
merge
ce.lijit.com/ Frame 3800 		43 B
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ce.lijit.com/merge?pid=76&3pid=dec5acbb-67d2-481e-962f-fc99d17f6548&gdpr=0&gdpr_consent=
Requested by
Host: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/cm?id=dc2068a3-fa3d-4b5f-8a61-3d5a1a58fc05&ph=21f03281-5b83-4670-a0e0-dc15f7542014&r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D76%263pid%3D%7BOPENX_ID%7D&gdpr=0&gdpr_consent=
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
63.251.86.49 , United States, ASN10913 (INTERNAP-BLK, US),
Reverse DNS
Software
nginx / raptor
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://us-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:07 GMT
Server
nginx
X-Powered-By
raptor
P3P
CP="CUR ADM OUR NOR STA NID"
Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod
ad_ap1dca1
Content-Type
image/gif
Content-Length
43
Expires
Fri, 20 Mar 2009 00:00:00 GMT
sd
us-u.openx.net/w/1.0/ Frame 3800
Redirect Chain
  • https://pixel-sync.sitescout.com/dmp/pixelSync?nid=4&gdpr=0
  • https://us-u.openx.net/w/1.0/sd?id=537072977&val=c5a8c34f-a2af-431f-bc5a-09806d7b694f-618946b5-4341&gdpr=0&gdpr_consent=
43 B
61 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://us-u.openx.net/w/1.0/sd?id=537072977&val=c5a8c34f-a2af-431f-bc5a-09806d7b694f-618946b5-4341&gdpr=0&gdpr_consent=
Requested by
Host: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/cm?id=dc2068a3-fa3d-4b5f-8a61-3d5a1a58fc05&ph=21f03281-5b83-4670-a0e0-dc15f7542014&r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D76%263pid%3D%7BOPENX_ID%7D&gdpr=0&gdpr_consent=
Protocol
H3
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/16.218.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://us-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:07 GMT
via
1.1 google
server
OXGW/16.218.0
vary
Accept
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:07 GMT
server
AC1.1
p3p
CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
location
https://us-u.openx.net/w/1.0/sd?id=537072977&val=c5a8c34f-a2af-431f-bc5a-09806d7b694f-618946b5-4341&gdpr=0&gdpr_consent=
cache-control
max-age=0,no-cache,no-store
content-length
0
expires
Tue, 11 Oct 1977 12:34:56 GMT
receive
pixel.tapad.com/idsync/ex/ Frame 3800 		95 B
419 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.tapad.com/idsync/ex/receive?partner_id=1955&partner_device_id=b4550187-d661-4f94-9b72-d2e99a429b16
Requested by
Host: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/cm?id=dc2068a3-fa3d-4b5f-8a61-3d5a1a58fc05&ph=21f03281-5b83-4670-a0e0-dc15f7542014&r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D76%263pid%3D%7BOPENX_ID%7D&gdpr=0&gdpr_consent=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
107.178.246.49 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
49.246.178.107.bc.googleusercontent.com
Software
/
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://us-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:07 GMT
via
1.1 google
content-type
image/png
alt-svc
clear
content-length
95
strict-transport-security
max-age=31536000
p3p
policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
sync
ups.analytics.yahoo.com/ups/58294/ Frame 3800
Redirect Chain
  • https://us-u.openx.net/w/1.0/cm?id=9e0a35ea-c8e3-4b1b-9efa-4af6f54a373e&r=https://pixel.advertising.com/ups/58294/sync?_origin=1&uid={OPENX_ID}
  • https://pixel.advertising.com/ups/58294/sync?_origin=1&uid=9ceff1f2-550c-485a-82b4-8b353e6dae73
  • https://ups.analytics.yahoo.com/ups/58294/sync?_origin=1&uid=9ceff1f2-550c-485a-82b4-8b353e6dae73&apid=UP44b8ce41-40ab-11ec-bb7b-02c4b955a223
0
168 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ups.analytics.yahoo.com/ups/58294/sync?_origin=1&uid=9ceff1f2-550c-485a-82b4-8b353e6dae73&apid=UP44b8ce41-40ab-11ec-bb7b-02c4b955a223
Requested by
Host: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/cm?id=dc2068a3-fa3d-4b5f-8a61-3d5a1a58fc05&ph=21f03281-5b83-4670-a0e0-dc15f7542014&r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D76%263pid%3D%7BOPENX_ID%7D&gdpr=0&gdpr_consent=
Protocol
H2
Server
52.45.33.138 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-45-33-138.compute-1.amazonaws.com
Software
ATS/9.1.0.33 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://us-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:08 GMT
server
ATS/9.1.0.33
age
0
strict-transport-security
max-age=31536000
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

Redirect headers

location
https://ups.analytics.yahoo.com/ups/58294/sync?_origin=1&uid=9ceff1f2-550c-485a-82b4-8b353e6dae73&apid=UP44b8ce41-40ab-11ec-bb7b-02c4b955a223
date
Mon, 08 Nov 2021 15:48:08 GMT
content-length
0
strict-transport-security
max-age=31536000
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
px
p.adsymptotic.com/d/ Frame 3800
Redirect Chain
  • https://us-u.openx.net/w/1.0/cm?id=e508c905-ddce-4732-92a4-0b0f5b72a28f&r=https%3A%2F%2Fid.rlcdn.com%2F464246.gif%3Fpartner_uid%3D
  • https://id.rlcdn.com/464246.gif?partner_uid=e7ed0d1d-4021-4473-8eea-cacc90553bc2
  • https://pippio.com/api/sync?pid=5324&it=1&iv=769dafaf4b42a5209f3ca325287365d05df3d17b41b63da5df0e5684efd6e152791426b5417dce21&_=2
  • https://p.adsymptotic.com/d/px?_pid=13553&_psign=9e62e5c043ecadc9479a0ccac401dd7d
  • https://p.adsymptotic.com/d/px?_pid=13553&_psign=9e62e5c043ecadc9479a0ccac401dd7d&_expected_cookie=6e89d44063c9dc34ed7aea95b573c19c
43 B
142 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://p.adsymptotic.com/d/px?_pid=13553&_psign=9e62e5c043ecadc9479a0ccac401dd7d&_expected_cookie=6e89d44063c9dc34ed7aea95b573c19c
Requested by
Host: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/cm?id=dc2068a3-fa3d-4b5f-8a61-3d5a1a58fc05&ph=21f03281-5b83-4670-a0e0-dc15f7542014&r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D76%263pid%3D%7BOPENX_ID%7D&gdpr=0&gdpr_consent=
Protocol
H2
Server
104.18.100.194 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://us-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:09 GMT
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
cf-ray
6aaff1a5abc2ecfe-YUL
p3p
CP='NON DSP COR CONi OUR BUS CNT'
content-type
image/gif
content-length
43

Redirect headers

location
https://p.adsymptotic.com/d/px?_pid=13553&_psign=9e62e5c043ecadc9479a0ccac401dd7d&_expected_cookie=6e89d44063c9dc34ed7aea95b573c19c
date
Mon, 08 Nov 2021 15:48:09 GMT
cf-cache-status
DYNAMIC
server
cloudflare
cf-ray
6aaff1a4bad3ecfe-YUL
content-length
0
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
sd
us-u.openx.net/w/1.0/ Frame 3800
Redirect Chain
  • https://ib.adnxs.com/getuid?https://us-u.openx.net/w/1.0/sd?id=537072399&val=$UID
  • https://us-u.openx.net/w/1.0/sd?id=537072399&val=6624566760367890375
43 B
62 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://us-u.openx.net/w/1.0/sd?id=537072399&val=6624566760367890375
Requested by
Host: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/cm?id=dc2068a3-fa3d-4b5f-8a61-3d5a1a58fc05&ph=21f03281-5b83-4670-a0e0-dc15f7542014&r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D76%263pid%3D%7BOPENX_ID%7D&gdpr=0&gdpr_consent=
Protocol
H3
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/16.218.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://us-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:08 GMT
via
1.1 google
server
OXGW/16.218.0
vary
Accept
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
clear
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:07 GMT
X-Proxy-Origin
37.120.205.149; 37.120.205.149; 803.bm-nginx-loadbalancer.mgmt.nym2; adnxs.com
AN-X-Request-Uuid
837c1a5d-c0bc-4bff-a691-30b796b48425
Server
nginx/1.17.9
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://us-u.openx.net/w/1.0/sd?id=537072399&val=6624566760367890375
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
dcm
s.amazon-adsystem.com/ Frame 3800 		43 B
932 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.amazon-adsystem.com/dcm?pid=6e1b1225-4dd8-4d7d-b277-465574a27014&id=eafd0e06-91cc-c9e9-119d-c8a8c1fd91fa
Requested by
Host: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/cm?id=dc2068a3-fa3d-4b5f-8a61-3d5a1a58fc05&ph=21f03281-5b83-4670-a0e0-dc15f7542014&r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D76%263pid%3D%7BOPENX_ID%7D&gdpr=0&gdpr_consent=
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
209.54.176.128 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://us-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:07 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
WSJY7JY1J9GG031VGWDH
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy
interest-cohort=()
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT
usersync
rtb.gumgum.com/ Frame FFBB
Redirect Chain
  • https://secure.adnxs.com/getuid?https://rtb.gumgum.com/usersync?b=apn&i=$UID
  • https://rtb.gumgum.com/usersync?b=apn&i=6624566760367890375
35 B
237 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb.gumgum.com/usersync?b=apn&i=6624566760367890375
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=0&gdpr_consent=
Protocol
H2
Server
34.233.157.225 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-233-157-225.compute-1.amazonaws.com
Software
nginx /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:07 GMT
content-type
image/gif;charset=UTF-8
server
nginx
p3p
CP="This is not a P3P policy"
cache-control
private, no-store, must-revalidate, max-age=0
timing-allow-origin
*
content-length
35
expires
0

Redirect headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:07 GMT
X-Proxy-Origin
37.120.205.149; 37.120.205.149; 550.bm-nginx-loadbalancer.mgmt.nym2; adnxs.com
AN-X-Request-Uuid
5260eac8-87d2-419e-b355-0982723ad00b
Server
nginx/1.17.9
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://rtb.gumgum.com/usersync?b=apn&i=6624566760367890375
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
usersync
rtb.gumgum.com/ Frame FFBB
Redirect Chain
  • https://x.bidswitch.net/sync?ssp=gumgum2&user_id=u_d4d7bffb-5e3e-4ba9-9b01-d2554f1b5306&gdpr=0&gdpr_consent=&us_privacy=
  • https://c1.adform.net/serving/cookie/match/?party=24&bidswitch_ssp_id=gumgum2
  • https://x.bidswitch.net/sync?dsp_id=70&user_id=4632481810353762187&ssp=gumgum2
  • https://rtb.gumgum.com/usersync?b=bsw&i=85c87065-7ef7-4b17-88e8-8c602c265f67
35 B
237 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb.gumgum.com/usersync?b=bsw&i=85c87065-7ef7-4b17-88e8-8c602c265f67
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=0&gdpr_consent=
Protocol
H2
Server
34.233.157.225 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-233-157-225.compute-1.amazonaws.com
Software
nginx /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:08 GMT
content-type
image/gif;charset=UTF-8
server
nginx
p3p
CP="This is not a P3P policy"
cache-control
private, no-store, must-revalidate, max-age=0
timing-allow-origin
*
content-length
35
expires
0

Redirect headers

Location
//rtb.gumgum.com/usersync?b=bsw&i=85c87065-7ef7-4b17-88e8-8c602c265f67
Date
Mon, 08 Nov 2021 15:48:08 GMT
Cache-Control
no-cache, no-store, must-revalidate
Server
nginx
Connection
keep-alive
Content-Length
0
usersync
rtb.gumgum.com/ Frame FFBB
Redirect Chain
  • https://sync.srv.stackadapt.com/sync?nid=1&gdpr=0&gdpr_consent=
  • https://rtb.gumgum.com/usersync?b=sta&i=0-8544da17-d2de-436c-4d9b-fd7d43708f80$ip$37.120.205.149
35 B
237 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb.gumgum.com/usersync?b=sta&i=0-8544da17-d2de-436c-4d9b-fd7d43708f80$ip$37.120.205.149
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=0&gdpr_consent=
Protocol
H2
Server
34.233.157.225 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-233-157-225.compute-1.amazonaws.com
Software
nginx /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:08 GMT
content-type
image/gif;charset=UTF-8
server
nginx
p3p
CP="This is not a P3P policy"
cache-control
private, no-store, must-revalidate, max-age=0
timing-allow-origin
*
content-length
35
expires
0

Redirect headers

Location
https://rtb.gumgum.com/usersync?b=sta&i=0-8544da17-d2de-436c-4d9b-fd7d43708f80$ip$37.120.205.149
Date
Mon, 08 Nov 2021 15:48:07 GMT
Connection
keep-alive
Content-Length
123
Content-Type
text/html; charset=utf-8
usersync
rtb.gumgum.com/ Frame FFBB
Redirect Chain
  • https://b1sync.zemanta.com/usersync/gumgum/?puid=u_d4d7bffb-5e3e-4ba9-9b01-d2554f1b5306&gdpr=0&gdpr_consent=&us_privacy=
  • https://stags.bluekai.com/site/23178?id=P5m7GJPyKk1ysTdwS0Ap&redir=https%3A%2F%2Fb1sync.zemanta.com%2Fusersync%2Fbluekai%2Fcallback%2F%3Fd%3DNB2HI4DTHIXS64TUMIXGO5LNM52W2LTDN5WS65LTMVZHG6LOMM7WEPL2...
  • https://b1sync.zemanta.com/usersync/bluekai/callback/?d=NB2HI4DTHIXS64TUMIXGO5LNM52W2LTDN5WS65LTMVZHG6LOMM7WEPL2MVWSMZLYMNUGC3THMU6WO5LNM52W2JTHMRYHEPJQEZUT2UBVNU3UOSSQPFFWWMLZONKGI52TGBAXA
  • https://rtb.gumgum.com/usersync?b=zem&gdpr=0&i=P5m7GJPyKk1ysTdwS0Ap
35 B
237 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb.gumgum.com/usersync?b=zem&gdpr=0&i=P5m7GJPyKk1ysTdwS0Ap
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=0&gdpr_consent=
Protocol
H2
Server
34.233.157.225 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-233-157-225.compute-1.amazonaws.com
Software
nginx /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:09 GMT
content-type
image/gif;charset=UTF-8
server
nginx
p3p
CP="This is not a P3P policy"
cache-control
private, no-store, must-revalidate, max-age=0
timing-allow-origin
*
content-length
35
expires
0

Redirect headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:08 GMT
P3p
CP="We do not support P3P header."
Location
https://rtb.gumgum.com/usersync?b=zem&gdpr=0&i=P5m7GJPyKk1ysTdwS0Ap
Cache-Control
no-cache, no-store, must-revalidate
Content-Type
text/html; charset=utf-8
Content-Length
98
Expires
Thu, 01 Dec 1994 16:00:00 GMT
usersync
rtb.gumgum.com/ Frame FFBB
Redirect Chain
  • https://sync.1rx.io/usersync2/floor6&gdpr=0&gdpr_consent=
  • https://ib.adnxs.com/getuid?https%3A%2F%2Fsync.1rx.io%2Fusersync3%2Fappnexus%2F1506%2F%24UID%3Fzcc%3D0%26sspret%3D1&rndcb=5208571362
  • https://sync.1rx.io/usersync3/appnexus/1506/6624566760367890375?zcc=0&sspret=1&rndcb=5208571362
  • https://sync.targeting.unrulymedia.com/csync/RX-af56c6db-498f-42fc-9369-e44a2dbc1924-005?redir=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Drhy%26i%3DRX-af56c6db-498f-42fc-9369-e44a2dbc1924-005
  • https://rtb.gumgum.com/usersync?b=rhy&i=RX-af56c6db-498f-42fc-9369-e44a2dbc1924-005
35 B
237 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb.gumgum.com/usersync?b=rhy&i=RX-af56c6db-498f-42fc-9369-e44a2dbc1924-005
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=0&gdpr_consent=
Protocol
H2
Server
34.233.157.225 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-233-157-225.compute-1.amazonaws.com
Software
nginx /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:09 GMT
content-type
image/gif;charset=UTF-8
server
nginx
p3p
CP="This is not a P3P policy"
cache-control
private, no-store, must-revalidate, max-age=0
timing-allow-origin
*
content-length
35
expires
0

Redirect headers

Date
Mon, 08 Nov 2021 15:48:09 GMT
Server
Tengine
ETag
RXaf56c6db498f42fc9369e44a2dbc1924005
Transfer-Encoding
chunked
P3P
CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
Location
https://rtb.gumgum.com/usersync?b=rhy&i=RX-af56c6db-498f-42fc-9369-e44a2dbc1924-005
Connection
keep-alive
Content-Type
text/html
usersync
rtb.gumgum.com/ Frame FFBB
Redirect Chain
  • https://bh.contextweb.com/bh/rtset?pid=558355&ev=1&rurl=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dpln%26i%3D%25%25VGUID%25%25
  • https://rtb.gumgum.com/usersync?b=pln&i=H8Pc5X87Q0ue&ev=1&pid=558355
35 B
237 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb.gumgum.com/usersync?b=pln&i=H8Pc5X87Q0ue&ev=1&pid=558355
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=0&gdpr_consent=
Protocol
H2
Server
34.233.157.225 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-233-157-225.compute-1.amazonaws.com
Software
nginx /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:08 GMT
content-type
image/gif;charset=UTF-8
server
nginx
p3p
CP="This is not a P3P policy"
cache-control
private, no-store, must-revalidate, max-age=0
timing-allow-origin
*
content-length
35
expires
0

Redirect headers

strict-transport-security
max-age=15768000
server
Jetty(9.4.14.v20181114)
p3p
policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
content-language
en-CA
location
https://rtb.gumgum.com/usersync?b=pln&i=H8Pc5X87Q0ue&ev=1&pid=558355
cache-control
private, max-age=0, no-cache, no-store
cw-server
bh-deployment-857fc6c844-vxjjb
expires
-1
cookie-sync
sync.outbrain.com/ Frame FFBB
Redirect Chain
  • https://sync.outbrain.com/redirectObuid?platformId=GUMGU18H7EL9NI653I7DPEH51&gdpr=0&gdprConsent=&platformRdUrl=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dobn%26i%3D%7BOB_UID%7D%26r%3D%7BobRdUrl%7D
  • https://rtb.gumgum.com/usersync?b=obn&i=ENC%28UiXTgp2gExnu1evYgEP77I_-3txF-_DMYRl8lXVUFRMxks7_SzK20NzkcwslqJTD%29&r=https%3A%2F%2Fsync.outbrain.com%2FsyncUser%3FplatformId%3D%7Bplatform_id%7D%26pla...
  • https://sync.outbrain.com/syncUser?platformId=GUMGU18H7EL9NI653I7DPEH51&platformUid=u_d4d7bffb-5e3e-4ba9-9b01-d2554f1b5306&obuid=ENC(UiXTgp2gExnu1evYgEP77I_-3txF-_DMYRl8lXVUFRMxks7_SzK20NzkcwslqJTD)
  • https://sync.outbrain.com/syncPartner?platformId=GUMGU18H7EL9NI653I7DPEH51
  • https://rtb.mfadsrvr.com/sync?ssp=outbrain&ssp_user_id=$D
  • https://sync.outbrain.com/cookie-sync?p=mediaforce&uid=26295e74-e49e-4fdb-bc3c-d6eea2adfd9f
0
308 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.outbrain.com/cookie-sync?p=mediaforce&uid=26295e74-e49e-4fdb-bc3c-d6eea2adfd9f
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=0&gdpr_consent=
Protocol
HTTP/1.1
Server
70.42.32.31 , United States, ASN13789 (INTERNAP-BLK3, US),
Reverse DNS
ny.outbrain.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date
Mon, 08 Nov 2021 15:48:09 GMT
Cache-Control
no-cache
X-TraceId
1a12d6a7c73854bce2d459a7e23dcb44
Content-Length
0

Redirect headers

location
//sync.outbrain.com/cookie-sync?p=mediaforce&uid=26295e74-e49e-4fdb-bc3c-d6eea2adfd9f
date
Mon, 08 Nov 2021 15:48:09 GMT
cache-control
no-cache, no-store, must-revalidate
alt-svc
clear
content-length
0
via
1.1 google
usersync
rtb.gumgum.com/ Frame FFBB
Redirect Chain
  • https://us-u.openx.net/w/1.0/cm?_={CACHEBUSTER}&id=47f31213-389c-4904-aaa6-9b11aab9c211&gdpr=0&gdpr_consent=&us_privacy=&r=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dopx%26i%3D
  • https://rtb.gumgum.com/usersync?b=opx&i=4516d60b-a573-4a45-b6e8-5ad2619e5b5c
35 B
237 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb.gumgum.com/usersync?b=opx&i=4516d60b-a573-4a45-b6e8-5ad2619e5b5c
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=0&gdpr_consent=
Protocol
H2
Server
34.233.157.225 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-233-157-225.compute-1.amazonaws.com
Software
nginx /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:08 GMT
content-type
image/gif;charset=UTF-8
server
nginx
p3p
CP="This is not a P3P policy"
cache-control
private, no-store, must-revalidate, max-age=0
timing-allow-origin
*
content-length
35
expires
0

Redirect headers

date
Mon, 08 Nov 2021 15:48:07 GMT
content-encoding
gzip
server
OXGW/16.218.0
vary
Accept, Accept-Encoding
p3p
CP="CUR ADM OUR NOR STA NID"
location
https://rtb.gumgum.com/usersync?b=opx&i=4516d60b-a573-4a45-b6e8-5ad2619e5b5c
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
via
1.1 google
gumgum
pr-bh.ybp.yahoo.com/sync/ Frame FFBB 		43 B
322 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pr-bh.ybp.yahoo.com/sync/gumgum?gdpr=0&gdpr_consent=
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=0&gdpr_consent=
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f18:4e9:5a01:90f9:19e1:7d5f:7568 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
ATS /
Resource Hash
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:07 GMT
referrer-policy
strict-origin-when-cross-origin
server
ATS
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security
max-age=31536000
content-type
image/gif
x-xss-protection
1; mode=block
content-length
43
x-content-type-options
nosniff
usersync
rtb.gumgum.com/ Frame FFBB
Redirect Chain
  • https://sync.ipredictive.com/d/sync/cookie/generic?partner=gumgum&cspid=9&append=1&cb=${ADELPHIC_CACHE_BUSTER}&gdpr=0&gdpr_consent=&us_privacy=&redirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%...
  • https://rtb.gumgum.com/usersync?b=vnt&i=43ca9dab-40ab-11ec-9d66-2b2cac59886f
35 B
237 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb.gumgum.com/usersync?b=vnt&i=43ca9dab-40ab-11ec-9d66-2b2cac59886f
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=0&gdpr_consent=
Protocol
H2
Server
34.233.157.225 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-233-157-225.compute-1.amazonaws.com
Software
nginx /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:08 GMT
content-type
image/gif;charset=UTF-8
server
nginx
p3p
CP="This is not a P3P policy"
cache-control
private, no-store, must-revalidate, max-age=0
timing-allow-origin
*
content-length
35
expires
0

Redirect headers

Location
https://rtb.gumgum.com/usersync?b=vnt&i=43ca9dab-40ab-11ec-9d66-2b2cac59886f
Date
Mon, 08 Nov 2021 15:48:07 GMT
Server
Apache-Coyote/1.1
Connection
keep-alive
Content-Length
0
X-CI-RTID
44c37c2e-40ab-11ec-b930-65692a6201a5
usersync
rtb.gumgum.com/ Frame FFBB
Redirect Chain
  • https://sync.technoratimedia.com/services?srv=cs&pid=65&us_privacy=&cb=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dsnc%26i%3D%5BUSER_ID%5D
  • https://rtb.gumgum.com/usersync?b=snc&i=2C47274610954D7599D13DE37842E238
35 B
237 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb.gumgum.com/usersync?b=snc&i=2C47274610954D7599D13DE37842E238
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=0&gdpr_consent=
Protocol
H2
Server
34.233.157.225 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-233-157-225.compute-1.amazonaws.com
Software
nginx /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:08 GMT
content-type
image/gif;charset=UTF-8
server
nginx
p3p
CP="This is not a P3P policy"
cache-control
private, no-store, must-revalidate, max-age=0
timing-allow-origin
*
content-length
35
expires
0

Redirect headers

date
Mon, 08 Nov 2021 15:48:08 GMT
via
1.1 varnish
server
nginx
age
0
location
https://rtb.gumgum.com/usersync?b=snc&i=2C47274610954D7599D13DE37842E238
access-control-allow-methods
POST,GET,HEAD,OPTIONS
content-type
text/plain
access-control-allow-origin
https://rtb.gumgum.com/
access-control-allow-credentials
true
x-varnish
629919662
content-length
0
usersync
rtb.gumgum.com/ Frame FFBB
Redirect Chain
  • https://match.deepintent.com/usersync/142
  • https://rtb.gumgum.com/usersync?b=dit&i=di_ea88ca4abc7e417ea04f8
35 B
237 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb.gumgum.com/usersync?b=dit&i=di_ea88ca4abc7e417ea04f8
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=0&gdpr_consent=
Protocol
H2
Server
34.233.157.225 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-233-157-225.compute-1.amazonaws.com
Software
nginx /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:08 GMT
content-type
image/gif;charset=UTF-8
server
nginx
p3p
CP="This is not a P3P policy"
cache-control
private, no-store, must-revalidate, max-age=0
timing-allow-origin
*
content-length
35
expires
0

Redirect headers

location
https://rtb.gumgum.com/usersync?b=dit&i=di_ea88ca4abc7e417ea04f8
date
Mon, 08 Nov 2021 15:48:07 GMT
server
a
content-type
image/gif
content-length
0
p3p
policyref='http://cdn.deepintent.com/p3p.xml', CP='NON CUR DEV TAI'
usersync
rtb.gumgum.com/ Frame FFBB
Redirect Chain
  • https://ad.360yield.com/server_match?partner_id=N&r=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Didi%26i%3D%7BPUB_USER_ID%7D
  • https://ad.360yield.com/ul_cb/server_match?partner_id=N&r=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Didi%26i%3D%7BPUB_USER_ID%7D
  • https://rtb.gumgum.com/usersync?b=idi&i=f01c79f3-9500-4d87-8696-09efc50af0a6
35 B
237 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb.gumgum.com/usersync?b=idi&i=f01c79f3-9500-4d87-8696-09efc50af0a6
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=0&gdpr_consent=
Protocol
H2
Server
34.233.157.225 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-233-157-225.compute-1.amazonaws.com
Software
nginx /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:09 GMT
content-type
image/gif;charset=UTF-8
server
nginx
p3p
CP="This is not a P3P policy"
cache-control
private, no-store, must-revalidate, max-age=0
timing-allow-origin
*
content-length
35
expires
0

Redirect headers

location
https://rtb.gumgum.com/usersync?b=idi&i=f01c79f3-9500-4d87-8696-09efc50af0a6
date
Mon, 08 Nov 2021 15:48:08 GMT
access-control-allow-origin
*
content-type
text/plain
content-length
0
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
sync
ssbsync.smartadserver.com/api/ Frame FFBB 		0
75 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ssbsync.smartadserver.com/api/sync?callerId=15
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=0&gdpr_consent=
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
199.187.193.181 , Canada, ASN47043 (SMARTADSERVER, CA),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:07 GMT
content-length
0
merge
ce.lijit.com/ Frame FFBB 		43 B
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ce.lijit.com/merge?pid=36&3pid=u_d4d7bffb-5e3e-4ba9-9b01-d2554f1b5306
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=0&gdpr_consent=
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
63.251.86.49 , United States, ASN10913 (INTERNAP-BLK, US),
Reverse DNS
Software
nginx / raptor
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:07 GMT
Server
nginx
X-Powered-By
raptor
P3P
CP="CUR ADM OUR NOR STA NID"
Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod
ad_ap1dca1
Content-Type
image/gif
Content-Length
43
Expires
Fri, 20 Mar 2009 00:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame 55F9
Redirect Chain
  • https://px.owneriq.net/ecmg?google_gid=CAESEMNJaiBEQCnHLEyUt-LJLX8&google_cver=1&google_push=AYg5qPIiZHA7bHfZzgHxe--Ov8uyqAxAg7xHqGE7vJWUHMwXciELo8UlGdTcBWkYWZXhfaZbVpJt2ihTiWu0XlnuIE4Vy2on4ws8a4zr...
  • https://cm.g.doubleclick.net/pixel?google_nid=owneriq1&google_sc&google_push=AYg5qPIiZHA7bHfZzgHxe--Ov8uyqAxAg7xHqGE7vJWUHMwXciELo8UlGdTcBWkYWZXhfaZbVpJt2ihTiWu0XlnuIE4Vy2on4ws8a4zr8PledDnzSaOrNHR2...
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=owneriq1&google_sc&google_push=AYg5qPIiZHA7bHfZzgHxe--Ov8uyqAxAg7xHqGE7vJWUHMwXciELo8UlGdTcBWkYWZXhfaZbVpJt2ihTiWu0XlnuIE4Vy2on4ws8a4zr8PledDnzSaOrNHR2F6gAXD_ZR1kHqDlXNXiH6VKPDU4-MmsZ4CA&google_cver=1&google_gid=CAESEMNJaiBEQCnHLEyUt-LJLX8&google_hm=UTY4OTY3Mjg4NTEwNDg2MDUwNDZQ
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=90&slotname=Internal_728x90_0.10&adk=1194620937&adf=1480696129&pi=t.ma~as.Internal_728x90_0.10&w=728&lmt=1636386485&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F112825%2Fmalware%2Fgolang-based-worm-windows-linux.html&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1636386485752&bpp=6&bdt=145&idt=196&shv=r20211103&mjsv=m202111020101&ptt=5&saldr=sa&correlator=6653099393600&frm=21&ife=1&pv=1&ga_vid=826445048.1636386485&ga_sid=1636386486&ga_hid=1670877418&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=320&ady=518&biw=1600&bih=1200&isw=728&ish=90&ifk=1904614804&scr_x=0&scr_y=0&eid=31062938&oid=2&pvsid=1757560233294358&pem=843&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.xa1tfz6tg05z&fsb=1&xpc=jgpFHxDAe2&p=https%3A//securityaffairs.co&dtd=211
Protocol
H3
Server
142.250.65.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s71-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:07 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date
Mon, 08 Nov 2021 15:48:07 GMT
Server
Apache/2.2.15 (CentOS)
X-Powered-By
PHP/5.3.3
Vary
Accept-Encoding
P3P
policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Location
https://cm.g.doubleclick.net/pixel?google_nid=owneriq1&google_sc&google_push=AYg5qPIiZHA7bHfZzgHxe--Ov8uyqAxAg7xHqGE7vJWUHMwXciELo8UlGdTcBWkYWZXhfaZbVpJt2ihTiWu0XlnuIE4Vy2on4ws8a4zr8PledDnzSaOrNHR2F6gAXD_ZR1kHqDlXNXiH6VKPDU4-MmsZ4CA&google_cver=1&google_gid=CAESEMNJaiBEQCnHLEyUt-LJLX8&google_hm=UTY4OTY3Mjg4NTEwNDg2MDUwNDZQ
Cache-Control
max-age=16467
Connection
keep-alive
Content-Type
text/html
Content-Length
154
pixel
cm.g.doubleclick.net/ Frame 55F9
Redirect Chain
  • https://sync.extend.tv/r.gif?exchange=googleadx&google_gid=CAESEOm-u-CaCGw3Xj87yZll_Ig&google_cver=1&google_push=AYg5qPKm6cQZ-n06tHHjdT8M1_vggUo8_EZoqphj7w0wSVr_SAjprdAE8Y9JGX5_b2f5qyRg3UwKVgPnxNcO...
  • https://cm.g.doubleclick.net/pixel?google_nid=extendtv&google_push=AYg5qPKm6cQZ-n06tHHjdT8M1_vggUo8_EZoqphj7w0wSVr_SAjprdAE8Y9JGX5_b2f5qyRg3UwKVgPnxNcOuo6cJ5WgZGCtDKUJEcPTFZiKoA-nFizVp1W4u5G2HMt9NU...
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=extendtv&google_push=AYg5qPKm6cQZ-n06tHHjdT8M1_vggUo8_EZoqphj7w0wSVr_SAjprdAE8Y9JGX5_b2f5qyRg3UwKVgPnxNcOuo6cJ5WgZGCtDKUJEcPTFZiKoA-nFizVp1W4u5G2HMt9NU2Mcu53uUbHaYqD6lIEqiyFty0
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=90&slotname=Internal_728x90_0.10&adk=1194620937&adf=1480696129&pi=t.ma~as.Internal_728x90_0.10&w=728&lmt=1636386485&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F112825%2Fmalware%2Fgolang-based-worm-windows-linux.html&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1636386485752&bpp=6&bdt=145&idt=196&shv=r20211103&mjsv=m202111020101&ptt=5&saldr=sa&correlator=6653099393600&frm=21&ife=1&pv=1&ga_vid=826445048.1636386485&ga_sid=1636386486&ga_hid=1670877418&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=320&ady=518&biw=1600&bih=1200&isw=728&ish=90&ifk=1904614804&scr_x=0&scr_y=0&eid=31062938&oid=2&pvsid=1757560233294358&pem=843&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.xa1tfz6tg05z&fsb=1&xpc=jgpFHxDAe2&p=https%3A//securityaffairs.co&dtd=211
Protocol
H3
Server
142.250.65.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s71-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:08 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:07 GMT
Access-Control-Allow-Origin
*
Content-Type
text/html; charset=utf-8
Location
https://cm.g.doubleclick.net/pixel?google_nid=extendtv&google_push=AYg5qPKm6cQZ-n06tHHjdT8M1_vggUo8_EZoqphj7w0wSVr_SAjprdAE8Y9JGX5_b2f5qyRg3UwKVgPnxNcOuo6cJ5WgZGCtDKUJEcPTFZiKoA-nFizVp1W4u5G2HMt9NU2Mcu53uUbHaYqD6lIEqiyFty0
Cache-Control
no-store, no-cache, must-revalidate, max-age=0
Connection
keep-alive
Content-Length
249
Expires
Tue, 29 May 1984 15:00:00 GMT
gg_pixel
sync.adaptv.advertising.com/ Frame 55F9 		14 B
14 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.adaptv.advertising.com/gg_pixel?google_gid=CAESEHYtxS2FaXVclZJVrcpUGwI&google_cver=1&google_push=AYg5qPLuyx1DT4OCbLEpAxwCN25JrcR5lsXgQC_GoLqfKXXG9y9AOSFtefVHTRagj6gBNfkUQe35W0srhjtI0AcLUEH-4gKDpqjIN0hxaMeHAhZygb_K8sngXFJmpUXUfg5Wq0NJk5PqnZJ-9xUcKAZJAQ
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=90&slotname=Internal_728x90_0.10&adk=1194620937&adf=1480696129&pi=t.ma~as.Internal_728x90_0.10&w=728&lmt=1636386485&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F112825%2Fmalware%2Fgolang-based-worm-windows-linux.html&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1636386485752&bpp=6&bdt=145&idt=196&shv=r20211103&mjsv=m202111020101&ptt=5&saldr=sa&correlator=6653099393600&frm=21&ife=1&pv=1&ga_vid=826445048.1636386485&ga_sid=1636386486&ga_hid=1670877418&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=320&ady=518&biw=1600&bih=1200&isw=728&ish=90&ifk=1904614804&scr_x=0&scr_y=0&eid=31062938&oid=2&pvsid=1757560233294358&pem=843&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.xa1tfz6tg05z&fsb=1&xpc=jgpFHxDAe2&p=https%3A//securityaffairs.co&dtd=211
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.200.159.188 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-200-159-188.compute-1.amazonaws.com
Software
ribs2.0 /
Resource Hash
0db80e4ae35fcf307507f9ced66fe9ccb3147c1ea12a60ea034092e6aa3ebf40

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Server
ribs2.0
Connection
keep-alive
Content-Length
14
Content-Type
text/plain
pixel
cm.g.doubleclick.net/ Frame 55F9
Redirect Chain
  • https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
  • https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=kJ1CRxlcShy3JVEMGiwZ5A%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=kJ1CRxlcShy3JVEMGiwZ5A%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPJWNPUB9_jAWIa9lNbVZed7ymW_8L6i4hflmV0TsZ7txKhkNlv8IgcWQbbmYhN59PtsnGHNRwNXPzidIFL0szEPsf8FuUVW2j6AgPsxjGVk9ufB8ba7OTjk7hQLqp10t703ppU6OKnzXfwkYNw-Uis
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=90&slotname=Internal_728x90_0.10&adk=1194620937&adf=1480696129&pi=t.ma~as.Internal_728x90_0.10&w=728&lmt=1636386485&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F112825%2Fmalware%2Fgolang-based-worm-windows-linux.html&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1636386485752&bpp=6&bdt=145&idt=196&shv=r20211103&mjsv=m202111020101&ptt=5&saldr=sa&correlator=6653099393600&frm=21&ife=1&pv=1&ga_vid=826445048.1636386485&ga_sid=1636386486&ga_hid=1670877418&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=320&ady=518&biw=1600&bih=1200&isw=728&ish=90&ifk=1904614804&scr_x=0&scr_y=0&eid=31062938&oid=2&pvsid=1757560233294358&pem=843&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.xa1tfz6tg05z&fsb=1&xpc=jgpFHxDAe2&p=https%3A//securityaffairs.co&dtd=211
Protocol
H3
Server
142.250.65.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s71-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:07 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=kJ1CRxlcShy3JVEMGiwZ5A%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPJWNPUB9_jAWIa9lNbVZed7ymW_8L6i4hflmV0TsZ7txKhkNlv8IgcWQbbmYhN59PtsnGHNRwNXPzidIFL0szEPsf8FuUVW2j6AgPsxjGVk9ufB8ba7OTjk7hQLqp10t703ppU6OKnzXfwkYNw-Uis
date
Mon, 08 Nov 2021 15:48:07 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length
0
content-type
text/html; charset=UTF-8
pixel
cm.g.doubleclick.net/ Frame 55F9
Redirect Chain
  • https://pixel.advertising.com/ups/58202/sync?gdpr=&gdpr_consent=&redir=true&google_gid=CAESEHcxf1X929TlITJiG_Ek30E&google_cver=1&google_push=AYg5qPL49ZEa_g_ehn7l29sOLT57IF8YkKagHCMatIeg7m4HyUqDXaDu...
  • https://pixel.advertising.com/ups/58202/sync?gdpr=&gdpr_consent=&redir=true&google_gid=CAESEHcxf1X929TlITJiG_Ek30E&google_cver=1&google_push=AYg5qPL49ZEa_g_ehn7l29sOLT57IF8YkKagHCMatIeg7m4HyUqDXaDu...
  • https://ups.analytics.yahoo.com/ups/58202/sync?gdpr=&gdpr_consent=&redir=true&google_gid=CAESEHcxf1X929TlITJiG_Ek30E&google_cver=1&google_push=AYg5qPL49ZEa_g_ehn7l29sOLT57IF8YkKagHCMatIeg7m4HyUqDXa...
  • https://cm.g.doubleclick.net/pixel?google_nid=oath_eb&google_hm=VVA0NGI4Y2U0MS00MGFiLTExZWMtYmI3Yi0wMmM0Yjk1NWEyMjM%3D&google_push=AYg5qPL49ZEa_g_ehn7l29sOLT57IF8YkKagHCMatIeg7m4HyUqDXaDuYsNCaqD_5w...
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=oath_eb&google_hm=VVA0NGI4Y2U0MS00MGFiLTExZWMtYmI3Yi0wMmM0Yjk1NWEyMjM%3D&google_push=AYg5qPL49ZEa_g_ehn7l29sOLT57IF8YkKagHCMatIeg7m4HyUqDXaDuYsNCaqD_5wEd2h4OUqey-pFSCWyntQJWKP79e5SjXLLixlEa67FUn8pwWkXmJAsIKa_cudg3seLEldluByL1ZxpHxEiM7xx0beE
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=90&slotname=Internal_728x90_0.10&adk=1194620937&adf=1480696129&pi=t.ma~as.Internal_728x90_0.10&w=728&lmt=1636386485&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F112825%2Fmalware%2Fgolang-based-worm-windows-linux.html&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1636386485752&bpp=6&bdt=145&idt=196&shv=r20211103&mjsv=m202111020101&ptt=5&saldr=sa&correlator=6653099393600&frm=21&ife=1&pv=1&ga_vid=826445048.1636386485&ga_sid=1636386486&ga_hid=1670877418&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=320&ady=518&biw=1600&bih=1200&isw=728&ish=90&ifk=1904614804&scr_x=0&scr_y=0&eid=31062938&oid=2&pvsid=1757560233294358&pem=843&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.xa1tfz6tg05z&fsb=1&xpc=jgpFHxDAe2&p=https%3A//securityaffairs.co&dtd=211
Protocol
H3
Server
142.250.65.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s71-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:09 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location
https://cm.g.doubleclick.net/pixel?google_nid=oath_eb&google_hm=VVA0NGI4Y2U0MS00MGFiLTExZWMtYmI3Yi0wMmM0Yjk1NWEyMjM%3D&google_push=AYg5qPL49ZEa_g_ehn7l29sOLT57IF8YkKagHCMatIeg7m4HyUqDXaDuYsNCaqD_5wEd2h4OUqey-pFSCWyntQJWKP79e5SjXLLixlEa67FUn8pwWkXmJAsIKa_cudg3seLEldluByL1ZxpHxEiM7xx0beE
date
Mon, 08 Nov 2021 15:48:08 GMT
server
ATS/9.1.0.33
age
0
content-length
0
strict-transport-security
max-age=31536000
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
pixel
cm.g.doubleclick.net/ Frame 55F9
Redirect Chain
  • https://rtb.mfadsrvr.com/sync?ssp=google&ssp_init=step1&google_gid=CAESEKOE339-WwD4sDvXf4cLI-k&google_cver=1&google_push=AYg5qPI-Iw_KbRtybx7cc1ffIMbP4mPB7oBlGwn57qvVFaZ5bD--P-_PLUW1ad8Zhwvbv2ooZuhq...
  • https://cm.g.doubleclick.net/pixel?google_nid=media_force_communications_2007_ltd&google_hm=JiledOSeT9u8PNbuoq39nw==&no_redirect=1&google_push=AYg5qPI-Iw_KbRtybx7cc1ffIMbP4mPB7oBlGwn57qvVFaZ5bD--P-...
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=media_force_communications_2007_ltd&google_hm=JiledOSeT9u8PNbuoq39nw==&no_redirect=1&google_push=AYg5qPI-Iw_KbRtybx7cc1ffIMbP4mPB7oBlGwn57qvVFaZ5bD--P-_PLUW1ad8Zhwvbv2ooZuhq6GeZFEmYE1pPSxw4q2z-rKYKaedEL2CZIO5aiWBSBM7TfL7bl14S-Tk8tzm4YGmHpCxGMUD-5tgnLOLz
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=90&slotname=Internal_728x90_0.10&adk=1194620937&adf=1480696129&pi=t.ma~as.Internal_728x90_0.10&w=728&lmt=1636386485&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F112825%2Fmalware%2Fgolang-based-worm-windows-linux.html&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1636386485752&bpp=6&bdt=145&idt=196&shv=r20211103&mjsv=m202111020101&ptt=5&saldr=sa&correlator=6653099393600&frm=21&ife=1&pv=1&ga_vid=826445048.1636386485&ga_sid=1636386486&ga_hid=1670877418&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=320&ady=518&biw=1600&bih=1200&isw=728&ish=90&ifk=1904614804&scr_x=0&scr_y=0&eid=31062938&oid=2&pvsid=1757560233294358&pem=843&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.xa1tfz6tg05z&fsb=1&xpc=jgpFHxDAe2&p=https%3A//securityaffairs.co&dtd=211
Protocol
H3
Server
142.250.65.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s71-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:07 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location
//cm.g.doubleclick.net/pixel?google_nid=media_force_communications_2007_ltd&google_hm=JiledOSeT9u8PNbuoq39nw==&no_redirect=1&google_push=AYg5qPI-Iw_KbRtybx7cc1ffIMbP4mPB7oBlGwn57qvVFaZ5bD--P-_PLUW1ad8Zhwvbv2ooZuhq6GeZFEmYE1pPSxw4q2z-rKYKaedEL2CZIO5aiWBSBM7TfL7bl14S-Tk8tzm4YGmHpCxGMUD-5tgnLOLz
date
Mon, 08 Nov 2021 15:48:07 GMT
cache-control
no-cache, no-store, must-revalidate
alt-svc
clear
content-length
0
via
1.1 google
attr
cm.g.doubleclick.net/pixel/ Frame 55F9 		0
12 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel/attr?d=AHNF13JaR4UuZr4GU7gPaMeLAn3YmzMqO2lFa04hC_MACkxT9w_bKPPP1-rxk0sMYgAE3s_A
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=90&slotname=Internal_728x90_0.10&adk=1194620937&adf=1480696129&pi=t.ma~as.Internal_728x90_0.10&w=728&lmt=1636386485&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F112825%2Fmalware%2Fgolang-based-worm-windows-linux.html&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1636386485752&bpp=6&bdt=145&idt=196&shv=r20211103&mjsv=m202111020101&ptt=5&saldr=sa&correlator=6653099393600&frm=21&ife=1&pv=1&ga_vid=826445048.1636386485&ga_sid=1636386486&ga_hid=1670877418&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=320&ady=518&biw=1600&bih=1200&isw=728&ish=90&ifk=1904614804&scr_x=0&scr_y=0&eid=31062938&oid=2&pvsid=1757560233294358&pem=843&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.xa1tfz6tg05z&fsb=1&xpc=jgpFHxDAe2&p=https%3A//securityaffairs.co&dtd=211
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.65.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s71-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:07 GMT
server
HTTP server (unknown)
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
content-type
text/html
sync
app.retargetly.com/ Frame 3D7F 		68 B
834 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://app.retargetly.com/sync?sid=47ba6189-46b6-4f00-a922-0724bc220c16&pid=10
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:118d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4443eccbe460b086b56483fdbfdaafca2c11c369a796a56c097997b15c160660

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://pixel.mathtag.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:08 GMT
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
cf-ray
6aaff19caa0aecea-YUL
p3p
policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA
cache-control
no-cache
content-type
image/png
expires
0
img
pixel.mathtag.com/misc/ Frame 3D7F 		43 B
497 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.mathtag.com/misc/img?mop_seq=1:1&mt_cb=125317&check=47ba6189-46b6-4f00-a922-0724bc220c16&mop_top=
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.41.168.211 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-41-168-211.deploy.static.akamaitechnologies.com
Software
MT3 4067 88cc6bf master ord-pixel-x52 config:1.0.0 /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://pixel.mathtag.com/sync/iframe?mt_uuid=47ba6189-46b6-4f00-a922-0724bc220c16&no_iframe=1&exsync=https%3A%2F%2Fapp.retargetly.com%2Fsync%3Fsid%3D%5BMM_UUID%5D%26pid%3D10&mt_lim=12&source=mathtag
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date
Mon, 08 Nov 2021 15:48:07 GMT
Server
MT3 4067 88cc6bf master ord-pixel-x52 config:1.0.0
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control
no-cache
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Mon, 08 Nov 2021 15:48:06 GMT
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame 6F53 		14 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=0&gdprConsent=
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=0&gdpr_consent=
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
184.29.128.213 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-29-128-213.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
2295c7a89c8ac4a19e2641283109be472d8f58bd78e42a38a0d16e34203e4bba

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://rtb.gumgum.com/

Response headers

last-modified
Tue, 15 Jun 2021 06:08:03 GMT
etag
"1300708-3945-5c4c7cc02bd56"
server
Apache/2.2.15 (CentOS)
accept-ranges
bytes
content-encoding
gzip
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length
5054
content-type
text/html; charset=UTF-8
cache-control
max-age=124972
expires
Wed, 10 Nov 2021 02:30:59 GMT
date
Mon, 08 Nov 2021 15:48:07 GMT
vary
Accept-Encoding
usersync
rtb.gumgum.com/ Frame 3110
Redirect Chain
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=gumgum&ttd_tpi=1&gdpr=0&gdpr_consent=
  • https://rtb.gumgum.com/usersync?b=ttd&i=bef21cd7-0fed-4f87-bc0f-da97b65f7cb9&t=1638978487
35 B
237 B 		Document
General
Check archive.org
Download Go to
Full URL
https://rtb.gumgum.com/usersync?b=ttd&i=bef21cd7-0fed-4f87-bc0f-da97b65f7cb9&t=1638978487
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=0&gdpr_consent=
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.233.157.225 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-233-157-225.compute-1.amazonaws.com
Software
nginx /
Resource Hash
1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://rtb.gumgum.com/

Response headers

date
Mon, 08 Nov 2021 15:48:07 GMT
content-type
image/gif;charset=UTF-8
content-length
35
server
nginx
p3p
CP="This is not a P3P policy"
cache-control
private, no-store, must-revalidate, max-age=0
expires
0
pragma
no-cache
timing-allow-origin
*

Redirect headers

date
Mon, 08 Nov 2021 15:48:07 GMT
content-type
text/html
content-length
209
location
https://rtb.gumgum.com/usersync?b=ttd&i=bef21cd7-0fed-4f87-bc0f-da97b65f7cb9&t=1638978487
cache-control
private,no-cache, must-revalidate
pragma
no-cache
x-aspnet-version
4.0.30319
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
usync.html
eus.rubiconproject.com/ Frame CE68
Redirect Chain
  • https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=gumgum
  • https://eus.rubiconproject.com/usync.html?p=gumgum
281 B
554 B 		Document
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.html?p=gumgum
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=0&gdpr_consent=
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.73.244.44 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-73-244-44.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://rtb.gumgum.com/

Response headers

Server
Apache/2.2.15 (CentOS)
Last-Modified
Tue, 26 Oct 2021 17:01:05 GMT
ETag
"40019-119-5cf446c48f640"
Accept-Ranges
bytes
Content-Encoding
gzip
Content-Length
233
Content-Type
text/html; charset=UTF-8
Date
Mon, 08 Nov 2021 15:48:11 GMT
Connection
keep-alive
Vary
Accept-Encoding

Redirect headers

Server
AkamaiGHost
Content-Length
0
Location
https://eus.rubiconproject.com/usync.html?p=gumgum
Date
Mon, 08 Nov 2021 15:48:11 GMT
Connection
keep-alive
Access-Control-Allow-Credentials
true
Access-Control-Allow-Origin
*
usersync
rtb.gumgum.com/ Frame C541
Redirect Chain
  • https://sync.mathtag.com/sync/img?mt_exid=71&gdpr=0&gdpr_consent=&redir=https%3a%2f%2frtb.gumgum.com%2fusersync%3fb%3dmmh%26i%3d%5bMM_UUID%5d
  • https://rtb.gumgum.com/usersync?b=mmh&i=47ba6189-46b6-4f00-a922-0724bc220c16&gdpr=0&gdpr_consent=
35 B
237 B 		Document
General
Check archive.org
Download Go to
Full URL
https://rtb.gumgum.com/usersync?b=mmh&i=47ba6189-46b6-4f00-a922-0724bc220c16&gdpr=0&gdpr_consent=
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=0&gdpr_consent=
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.233.157.225 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-233-157-225.compute-1.amazonaws.com
Software
nginx /
Resource Hash
1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://rtb.gumgum.com/

Response headers

date
Mon, 08 Nov 2021 15:48:07 GMT
content-type
image/gif;charset=UTF-8
content-length
35
server
nginx
p3p
CP="This is not a P3P policy"
cache-control
private, no-store, must-revalidate, max-age=0
expires
0
pragma
no-cache
timing-allow-origin
*

Redirect headers

Date
Mon, 08 Nov 2021 15:48:07 GMT
Content-Type
image/gif
Content-Length
0
Connection
keep-alive
Keep-Alive
timeout=360
Server
MT3 4067 88cc6bf master iad-pixel-x13 config:1.0.0
Cache-Control
no-cache
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location
https://rtb.gumgum.com/usersync?b=mmh&i=47ba6189-46b6-4f00-a922-0724bc220c16&gdpr=0&gdpr_consent=
Expires
Mon, 08 Nov 2021 15:48:06 GMT
usersync
rtb.gumgum.com/ Frame 9104
Redirect Chain
  • https://sync-tm.everesttech.net/upi/pid/URnmbSKM?redir=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Datm%26i%3D%24%7BTM_USER_ID%7D&gdpr=0&gdpr_consent=
  • https://rtb.gumgum.com/usersync?b=atm&i=YYlGtQADCzBZAQAz&gdpr=0&gdpr_consent=
35 B
237 B 		Document
General
Check archive.org
Download Go to
Full URL
https://rtb.gumgum.com/usersync?b=atm&i=YYlGtQADCzBZAQAz&gdpr=0&gdpr_consent=
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=0&gdpr_consent=
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.233.157.225 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-233-157-225.compute-1.amazonaws.com
Software
nginx /
Resource Hash
1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://rtb.gumgum.com/

Response headers

date
Mon, 08 Nov 2021 15:48:07 GMT
content-type
image/gif;charset=UTF-8
content-length
35
server
nginx
p3p
CP="This is not a P3P policy"
cache-control
private, no-store, must-revalidate, max-age=0
expires
0
pragma
no-cache
timing-allow-origin
*

Redirect headers

server
Varnish
retry-after
0
location
https://rtb.gumgum.com/usersync?b=atm&i=YYlGtQADCzBZAQAz&gdpr=0&gdpr_consent=
accept-ranges
bytes
date
Mon, 08 Nov 2021 15:48:07 GMT
via
1.1 varnish
x-served-by
cache-yul12822-YUL
x-cache
HIT
x-cache-hits
0
x-timer
S1636386488.906237,VS0,VE0
cache-control
no-cache
pragma
no-cache
content-length
0
pixel
cm.g.doubleclick.net/ Frame C75D 		170 B
188 B 		Document
General
Check archive.org
Download Go to
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=gumgum_dbm&google_hm=dV9kNGQ3YmZmYi01ZTNlLTRiYTktOWIwMS1kMjU1NGYxYjUzMDY=&gdpr=0&gdpr_consent=
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=0&gdpr_consent=
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.65.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s71-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://rtb.gumgum.com/

Response headers

content-type
image/png
date
Mon, 08 Nov 2021 15:48:07 GMT
pragma
no-cache
expires
Fri, 01 Jan 1990 00:00:00 GMT
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
server
HTTP server (unknown)
content-length
170
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
/
de.tynt.com/deb/ Frame 5540
Redirect Chain
  • https://ssc-cms.33across.com/ps/?m=xch&rt=html&id=0013300001r0t9mAAA&ru=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dtta%26i%3D33XUSERID33X
  • https://de.tynt.com/deb/?m=xch&rt=html&id=0013300001r0t9mAAA&ru=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dtta%26i%3D33XUSERID33X
2 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://de.tynt.com/deb/?m=xch&rt=html&id=0013300001r0t9mAAA&ru=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dtta%26i%3D33XUSERID33X
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=0&gdpr_consent=
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
67.202.105.31 , United States, ASN32748 (STEADFAST, US),
Reverse DNS
ip31.67-202-105.static.steadfastdns.net
Software
/
Resource Hash
0fd6bf62a1c1132f82de6a3a92b60eb482be7524369a39e8cb87792e84e1a0ae

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://rtb.gumgum.com/

Response headers

cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false
expires
Sat, 26 Jul 1997 05:00:00 GMT
referrer-policy
unsafe-url
content-type
text/html
content-length
2302
date
Mon, 08 Nov 2021 15:48:08 GMT
p3p
CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"

Redirect headers

p3p
CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
referrer-policy
unsafe-url
pragma
no-cache
cache-control
no-store, no-cache, must-revalidate
expires
Thu, 01-Jan-70 00:00:01 GMT
x-33x-status
8340000A
server
33XP002
location
https://de.tynt.com/deb/?m=xch&rt=html&id=0013300001r0t9mAAA&ru=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dtta%26i%3D33XUSERID33X
content-length
0
date
Mon, 08 Nov 2021 15:48:07 GMT
usersync
rtb.gumgum.com/ Frame F448
Redirect Chain
  • https://cs.emxdgt.com/um?redirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Demx%26i%3D%24UID
  • https://ib.adnxs.com/getuid?https://cs.emxdgt.com/umcheck?apnxid=$UID&redirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Demx%26i%3D%24EMXUID&b64_redirect=aHR0cHM6Ly9ydGIuZ3VtZ3VtLmNvbS91c2Vyc3l...
  • https://cs.emxdgt.com/umcheck?apnxid=6624566760367890375&redirect=https://rtb.gumgum.com/usersync?b=emx&i=$EMXUID&b64_redirect=aHR0cHM6Ly9ydGIuZ3VtZ3VtLmNvbS91c2Vyc3luYz9iPWVteCZpPSRFTVhVSUQ=
  • https://rtb.gumgum.com/usersync?b=emx&i=6624566760367890375brt76091636386488213196a6
35 B
237 B 		Document
General
Check archive.org
Download Go to
Full URL
https://rtb.gumgum.com/usersync?b=emx&i=6624566760367890375brt76091636386488213196a6
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=0&gdpr_consent=
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.233.157.225 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-233-157-225.compute-1.amazonaws.com
Software
nginx /
Resource Hash
1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://rtb.gumgum.com/

Response headers

date
Mon, 08 Nov 2021 15:48:08 GMT
content-type
image/gif;charset=UTF-8
content-length
35
server
nginx
p3p
CP="This is not a P3P policy"
cache-control
private, no-store, must-revalidate, max-age=0
expires
0
pragma
no-cache
timing-allow-origin
*

Redirect headers

content-type
text/html
date
Mon, 08 Nov 2021 15:48:07 GMT
location
https://rtb.gumgum.com/usersync?b=emx&i=6624566760367890375brt76091636386488213196a6
content-length
0
usersync
rtb.gumgum.com/ Frame 29F3
Redirect Chain
  • https://tg.socdm.com/aux/idsync?proto=gumgum
  • https://rtb.gumgum.com/usersync?b=sus&i=YYlGuMCo8XwAAPByeu4AAAAA
35 B
237 B 		Document
General
Check archive.org
Download Go to
Full URL
https://rtb.gumgum.com/usersync?b=sus&i=YYlGuMCo8XwAAPByeu4AAAAA
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=0&gdpr_consent=
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.233.157.225 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-233-157-225.compute-1.amazonaws.com
Software
nginx /
Resource Hash
1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://rtb.gumgum.com/

Response headers

date
Mon, 08 Nov 2021 15:48:08 GMT
content-type
image/gif;charset=UTF-8
content-length
35
server
nginx
p3p
CP="This is not a P3P policy"
cache-control
private, no-store, must-revalidate, max-age=0
expires
0
pragma
no-cache
timing-allow-origin
*

Redirect headers

Server
nginx
Date
Mon, 08 Nov 2021 15:48:08 GMT
Content-Length
0
Connection
keep-alive
Cache-Control
private
Location
https://rtb.gumgum.com/usersync?b=sus&i=YYlGuMCo8XwAAPByeu4AAAAA
P3P
CP="See also http://www.scaleout.jp/privacy/"
X-SO-Ads-Time
2
X-SO-HostName
a-ad40302.dc2p.scaleout.jp
X-SO-LB-Hostname
m-tgng24.dc4p.scaleout.jp
X-SO-LB-Data
{"ban":false,"clean_query":"\/aux\/idsync?proto=gumgum","cluster_id":51,"gdpr":false,"ipv4":"37.120.205.149","key":"YYlGuMCo8XwAAPByeu4AAAAA","privacy_sensitive":false,"uid":"","upstream_id":"a-ad40302"}
X-SO-Key
YYlGuMCo8XwAAPByeu4AAAAA
X-SO-IP
37.120.205.149
X-SO-Cluster-ID
51
X-SO-Upstream-ID
a-ad40302
usersync
rtb.gumgum.com/ Frame 6276
Redirect Chain
  • https://p.rfihub.com/cm?pub=42796&in=1
  • https://rtb.gumgum.com/usersync?b=zet&i=978758875032371846
35 B
237 B 		Document
General
Check archive.org
Download Go to
Full URL
https://rtb.gumgum.com/usersync?b=zet&i=978758875032371846
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=0&gdpr_consent=
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.233.157.225 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-233-157-225.compute-1.amazonaws.com
Software
nginx /
Resource Hash
1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://rtb.gumgum.com/

Response headers

date
Mon, 08 Nov 2021 15:48:07 GMT
content-type
image/gif;charset=UTF-8
content-length
35
server
nginx
p3p
CP="This is not a P3P policy"
cache-control
private, no-store, must-revalidate, max-age=0
expires
0
pragma
no-cache
timing-allow-origin
*

Redirect headers

Date
Mon, 08 Nov 2021 15:48:07 GMT
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location
https://rtb.gumgum.com/usersync?b=zet&i=978758875032371846
Content-Length
0
Server
Jetty(9.3.29.v20201019)
usersync
rtb.gumgum.com/ Frame 7D3B
Redirect Chain
  • https://creativecdn.com/cm-notify?pi=gumgum
  • https://rtb.gumgum.com/usersync?b=rth&i=tQ69bRhylMgWIwynDRVw&pi=gumgum
35 B
237 B 		Document
General
Check archive.org
Download Go to
Full URL
https://rtb.gumgum.com/usersync?b=rth&i=tQ69bRhylMgWIwynDRVw&pi=gumgum
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=0&gdpr_consent=
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.233.157.225 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-233-157-225.compute-1.amazonaws.com
Software
nginx /
Resource Hash
1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://rtb.gumgum.com/

Response headers

date
Mon, 08 Nov 2021 15:48:08 GMT
content-type
image/gif;charset=UTF-8
content-length
35
server
nginx
p3p
CP="This is not a P3P policy"
cache-control
private, no-store, must-revalidate, max-age=0
expires
0
pragma
no-cache
timing-allow-origin
*

Redirect headers

date
Mon, 08 Nov 2021 15:48:07 GMT Mon, 08 Nov 2021 15:48:07 GMT
location
https://rtb.gumgum.com/usersync?b=rth&i=tQ69bRhylMgWIwynDRVw&pi=gumgum
cache-control
no-cache, no-store, must-revalidate, private, max-age=0
pragma
no-cache
expires
Thu, 01 Jan 1970 00:00:00 GMT
content-length
0
merge
ce.lijit.com/ Frame 50E5 		43 B
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ce.lijit.com/merge?pid=76&3pid=dec5acbb-67d2-481e-962f-fc99d17f6548&gdpr=0&gdpr_consent=
Requested by
Host: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/cm?id=dc2068a3-fa3d-4b5f-8a61-3d5a1a58fc05&ph=21f03281-5b83-4670-a0e0-dc15f7542014&r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D76%263pid%3D%7BOPENX_ID%7D&gdpr=0&gdpr_consent=
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
63.251.86.49 , United States, ASN10913 (INTERNAP-BLK, US),
Reverse DNS
Software
nginx / raptor
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://us-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:07 GMT
Server
nginx
X-Powered-By
raptor
P3P
CP="CUR ADM OUR NOR STA NID"
Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod
ad_ap1dca1
Content-Type
image/gif
Content-Length
43
Expires
Fri, 20 Mar 2009 00:00:00 GMT
sd
us-u.openx.net/w/1.0/ Frame 50E5
Redirect Chain
  • https://um.simpli.fi/ox_match
  • https://us-u.openx.net/w/1.0/sd?id=537072966&val=961AF1076BCA42258C4489EC777AF824
43 B
62 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://us-u.openx.net/w/1.0/sd?id=537072966&val=961AF1076BCA42258C4489EC777AF824
Requested by
Host: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/cm?id=dc2068a3-fa3d-4b5f-8a61-3d5a1a58fc05&ph=21f03281-5b83-4670-a0e0-dc15f7542014&r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D76%263pid%3D%7BOPENX_ID%7D&gdpr=0&gdpr_consent=
Protocol
H3
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/16.218.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://us-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:08 GMT
via
1.1 google
server
OXGW/16.218.0
vary
Accept
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
clear
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

date
Mon, 08 Nov 2021 15:48:07 GMT
x-content-type-options
nosniff
server
nginx
location
https://us-u.openx.net/w/1.0/sd?id=537072966&val=961AF1076BCA42258C4489EC777AF824
strict-transport-security
max-age=63072000; includeSubdomains; preload
access-control-allow-methods
GET, POST, OPTIONS
content-type
text/html
access-control-allow-origin
*
cache-control
no-cache
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length
138
expires
Sun, 07 Nov 2021 15:48:07 GMT
64716
i6.liadm.com/s/ Frame 50E5
Redirect Chain
  • https://i.liadm.com/s/57424?bidder_id=206088&bidder_uuid=b29daeff-babc-4862-9315-b63923589bf5
  • https://i.liadm.com/s/57424?bidder_id=206088&bidder_uuid=b29daeff-babc-4862-9315-b63923589bf5&_li_chk=true&previous_uuid=e8a522baae4c4000a288b0f0fb28dc1d
  • https://i.liadm.com/s/64716?md5=&sha1=&sha2=&bidder_id=206088&bidder_uuid=b29daeff-babc-4862-9315-b63923589bf5&previous_uuid=bfd238fe80bf4ae3bed5bb0ab4ca9fcd
  • https://i6.liadm.com/s/64716?sha1=&bidder_id=206088&sha2=&bidder_uuid=b29daeff-babc-4862-9315-b63923589bf5&md5=
43 B
447 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i6.liadm.com/s/64716?sha1=&bidder_id=206088&sha2=&bidder_uuid=b29daeff-babc-4862-9315-b63923589bf5&md5=
Requested by
Host: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/cm?id=dc2068a3-fa3d-4b5f-8a61-3d5a1a58fc05&ph=21f03281-5b83-4670-a0e0-dc15f7542014&r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D76%263pid%3D%7BOPENX_ID%7D&gdpr=0&gdpr_consent=
Protocol
HTTP/1.1
Server
2600:1f18:444a:4602:b51a:2bef:14:5241 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
/
Resource Hash
caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://us-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date
Mon, 08 Nov 2021 15:48:09 GMT
Cache-Control
no-store
Connection
keep-alive
trace-id
b419c2c51ea6be37
Content-Length
43
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Type
image/gif

Redirect headers

Location
https://i6.liadm.com/s/64716?sha1=&bidder_id=206088&sha2=&bidder_uuid=b29daeff-babc-4862-9315-b63923589bf5&md5=
Date
Mon, 08 Nov 2021 15:48:08 GMT
Connection
keep-alive
trace-id
f483d4ea4e80ab23
Content-Length
0
Strict-Transport-Security
max-age=31536000; includeSubDomains
709996.gif
id.rlcdn.com/ Frame 50E5 		42 B
286 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://id.rlcdn.com/709996.gif
Requested by
Host: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/cm?id=dc2068a3-fa3d-4b5f-8a61-3d5a1a58fc05&ph=21f03281-5b83-4670-a0e0-dc15f7542014&r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D76%263pid%3D%7BOPENX_ID%7D&gdpr=0&gdpr_consent=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.190.60.146 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
146.60.190.35.bc.googleusercontent.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://us-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

timing-allow-origin
*
date
Mon, 08 Nov 2021 15:48:08 GMT
via
1.1 google
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
cache-control
no-cache, no-store
content-type
image/gif
alt-svc
clear
content-length
42
dds
rtb.openx.net/sync/ Frame 50E5
Redirect Chain
  • https://rtb.openx.net/sync/dds
  • https://cm.g.doubleclick.net/pixel?google_nid=open&google_hm=bX34RyTgyz035waIetdgoA==&ox_sc=1&ox_init=1
  • https://rtb.openx.net/sync/dds?ox_sc=1&ox_init=1
43 B
146 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb.openx.net/sync/dds?ox_sc=1&ox_init=1
Requested by
Host: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/cm?id=dc2068a3-fa3d-4b5f-8a61-3d5a1a58fc05&ph=21f03281-5b83-4670-a0e0-dc15f7542014&r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D76%263pid%3D%7BOPENX_ID%7D&gdpr=0&gdpr_consent=
Protocol
H2
Server
35.227.252.103 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
103.252.227.35.bc.googleusercontent.com
Software
Cowboy /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://us-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:08 GMT
via
1.1 google
server
Cowboy
vary
Origin
p3p
CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin
null
access-control-expose-headers
cache-control
private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials
true
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
x-request-id
0ucb7p23ukv9mop11li5gl47vpne98bk

Redirect headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:08 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://rtb.openx.net/sync/dds?ox_sc=1&ox_init=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
249
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
sd
us-u.openx.net/w/1.0/ Frame 50E5
Redirect Chain
  • https://sync.mathtag.com/sync/img?mt_exid=5&redir=https%3A%2F%2Fus-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D536872786%26val%3D%5BMM_UUID%5D
  • https://us-u.openx.net/w/1.0/sd?id=536872786&val=47ba6189-46b6-4f00-a922-0724bc220c16
43 B
106 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://us-u.openx.net/w/1.0/sd?id=536872786&val=47ba6189-46b6-4f00-a922-0724bc220c16
Requested by
Host: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/cm?id=dc2068a3-fa3d-4b5f-8a61-3d5a1a58fc05&ph=21f03281-5b83-4670-a0e0-dc15f7542014&r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D76%263pid%3D%7BOPENX_ID%7D&gdpr=0&gdpr_consent=
Protocol
H2
Server
35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
8.159.244.35.bc.googleusercontent.com
Software
OXGW/16.218.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://us-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:08 GMT
via
1.1 google
server
OXGW/16.218.0
vary
Accept
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

Date
Mon, 08 Nov 2021 15:48:08 GMT
Server
MT3 4067 88cc6bf master iad-pixel-x8 config:1.0.0
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location
https://us-u.openx.net/w/1.0/sd?id=536872786&val=47ba6189-46b6-4f00-a922-0724bc220c16
Cache-Control
no-cache
Connection
keep-alive
Content-Type
image/gif
Keep-Alive
timeout=360
Content-Length
0
Expires
Mon, 08 Nov 2021 15:48:07 GMT
sd
us-u.openx.net/w/1.0/ Frame 50E5
Redirect Chain
  • https://sync.ipredictive.com/d/sync/cookie/generic?https://us-u.openx.net/w/1.0/sd?id=537073028&val=${ADELPHIC_CUID}
  • https://us-u.openx.net/w/1.0/sd?id=537073028&val=43ca9dab-40ab-11ec-9d66-2b2cac59886f
43 B
114 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://us-u.openx.net/w/1.0/sd?id=537073028&val=43ca9dab-40ab-11ec-9d66-2b2cac59886f
Requested by
Host: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/cm?id=dc2068a3-fa3d-4b5f-8a61-3d5a1a58fc05&ph=21f03281-5b83-4670-a0e0-dc15f7542014&r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D76%263pid%3D%7BOPENX_ID%7D&gdpr=0&gdpr_consent=
Protocol
H2
Server
35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
8.159.244.35.bc.googleusercontent.com
Software
OXGW/16.218.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://us-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:08 GMT
via
1.1 google
server
OXGW/16.218.0
vary
Accept
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

Location
https://us-u.openx.net/w/1.0/sd?id=537073028&val=43ca9dab-40ab-11ec-9d66-2b2cac59886f
Date
Mon, 08 Nov 2021 15:48:07 GMT
Server
Apache-Coyote/1.1
Connection
keep-alive
Content-Length
0
X-CI-RTID
44f2c9e2-40ab-11ec-9b61-85a48326dac1
usersync
rtb.gumgum.com/ Frame 73AC
Redirect Chain
  • https://secure.adnxs.com/getuid?https://rtb.gumgum.com/usersync?b=apn&i=$UID
  • https://rtb.gumgum.com/usersync?b=apn&i=6624566760367890375
35 B
237 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb.gumgum.com/usersync?b=apn&i=6624566760367890375
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=0&gdpr_consent=
Protocol
H2
Server
34.233.157.225 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-233-157-225.compute-1.amazonaws.com
Software
nginx /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:08 GMT
content-type
image/gif;charset=UTF-8
server
nginx
p3p
CP="This is not a P3P policy"
cache-control
private, no-store, must-revalidate, max-age=0
timing-allow-origin
*
content-length
35
expires
0

Redirect headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:07 GMT
X-Proxy-Origin
37.120.205.149; 37.120.205.149; 550.bm-nginx-loadbalancer.mgmt.nym2; adnxs.com
AN-X-Request-Uuid
6c4fd4b4-1b68-437d-8eaf-85a77a29668d
Server
nginx/1.17.9
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://rtb.gumgum.com/usersync?b=apn&i=6624566760367890375
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
usersync
rtb.gumgum.com/ Frame 73AC
Redirect Chain
  • https://x.bidswitch.net/sync?ssp=gumgum2&user_id=u_d4d7bffb-5e3e-4ba9-9b01-d2554f1b5306&gdpr=0&gdpr_consent=&us_privacy=
  • https://ads.creative-serving.com/bsw_sync?bidswitch_ssp_id=gumgum2&bsw_custom_parameter=85c87065-7ef7-4b17-88e8-8c602c265f67
  • https://x.bidswitch.net/sync?dsp_id=4&user_id=acaccc5b-16df-46aa-89a5-cf714a54628c&ssp=gumgum2&expires=30&user_group=5&bsw_param=85c87065-7ef7-4b17-88e8-8c602c265f67
  • https://rtb.gumgum.com/usersync?b=bsw&i=85c87065-7ef7-4b17-88e8-8c602c265f67
35 B
237 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb.gumgum.com/usersync?b=bsw&i=85c87065-7ef7-4b17-88e8-8c602c265f67
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=0&gdpr_consent=
Protocol
H2
Server
34.233.157.225 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-233-157-225.compute-1.amazonaws.com
Software
nginx /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:09 GMT
content-type
image/gif;charset=UTF-8
server
nginx
p3p
CP="This is not a P3P policy"
cache-control
private, no-store, must-revalidate, max-age=0
timing-allow-origin
*
content-length
35
expires
0

Redirect headers

Location
//rtb.gumgum.com/usersync?b=bsw&i=85c87065-7ef7-4b17-88e8-8c602c265f67
Date
Mon, 08 Nov 2021 15:48:08 GMT
Cache-Control
no-cache, no-store, must-revalidate
Server
nginx
Connection
keep-alive
Content-Length
0
usersync
rtb.gumgum.com/ Frame 73AC
Redirect Chain
  • https://sync.srv.stackadapt.com/sync?nid=1&gdpr=0&gdpr_consent=
  • https://rtb.gumgum.com/usersync?b=sta&i=0-8544da17-d2de-436c-4d9b-fd7d43708f80$ip$37.120.205.149
35 B
237 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb.gumgum.com/usersync?b=sta&i=0-8544da17-d2de-436c-4d9b-fd7d43708f80$ip$37.120.205.149
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=0&gdpr_consent=
Protocol
H2
Server
34.233.157.225 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-233-157-225.compute-1.amazonaws.com
Software
nginx /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:08 GMT
content-type
image/gif;charset=UTF-8
server
nginx
p3p
CP="This is not a P3P policy"
cache-control
private, no-store, must-revalidate, max-age=0
timing-allow-origin
*
content-length
35
expires
0

Redirect headers

Location
https://rtb.gumgum.com/usersync?b=sta&i=0-8544da17-d2de-436c-4d9b-fd7d43708f80$ip$37.120.205.149
Date
Mon, 08 Nov 2021 15:48:08 GMT
Connection
keep-alive
Content-Length
123
Content-Type
text/html; charset=utf-8
usersync
rtb.gumgum.com/ Frame 73AC
Redirect Chain
  • https://b1sync.zemanta.com/usersync/gumgum/?puid=u_d4d7bffb-5e3e-4ba9-9b01-d2554f1b5306&gdpr=0&gdpr_consent=&us_privacy=
  • https://stags.bluekai.com/site/23178?id=P5m7GJPyKk1ysTdwS0Ap&redir=https%3A%2F%2Fb1sync.zemanta.com%2Fusersync%2Fbluekai%2Fcallback%2F%3Fd%3DNB2HI4DTHIXS64TUMIXGO5LNM52W2LTDN5WS65LTMVZHG6LOMM7WEPL2...
  • https://b1sync.zemanta.com/usersync/bluekai/callback/?d=NB2HI4DTHIXS64TUMIXGO5LNM52W2LTDN5WS65LTMVZHG6LOMM7WEPL2MVWSMZLYMNUGC3THMU6WO5LNM52W2JTHMRYHEPJQEZUT2UBVNU3UOSSQPFFWWMLZONKGI52TGBAXA
  • https://rtb.gumgum.com/usersync?b=zem&gdpr=0&i=P5m7GJPyKk1ysTdwS0Ap
35 B
237 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb.gumgum.com/usersync?b=zem&gdpr=0&i=P5m7GJPyKk1ysTdwS0Ap
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=0&gdpr_consent=
Protocol
H2
Server
34.233.157.225 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-233-157-225.compute-1.amazonaws.com
Software
nginx /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:09 GMT
content-type
image/gif;charset=UTF-8
server
nginx
p3p
CP="This is not a P3P policy"
cache-control
private, no-store, must-revalidate, max-age=0
timing-allow-origin
*
content-length
35
expires
0

Redirect headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:09 GMT
P3p
CP="We do not support P3P header."
Location
https://rtb.gumgum.com/usersync?b=zem&gdpr=0&i=P5m7GJPyKk1ysTdwS0Ap
Cache-Control
no-cache, no-store, must-revalidate
Content-Type
text/html; charset=utf-8
Content-Length
98
Expires
Thu, 01 Dec 1994 16:00:00 GMT
usersync
rtb.gumgum.com/ Frame 73AC
Redirect Chain
  • https://sync.1rx.io/usersync2/floor6&gdpr=0&gdpr_consent=
  • https://ib.adnxs.com/getuid?https%3A%2F%2Fsync.1rx.io%2Fusersync3%2Fappnexus%2F1506%2F%24UID%3Fzcc%3D0%26sspret%3D1&rndcb=3457058896
  • https://sync.1rx.io/usersync3/appnexus/1506/6624566760367890375?zcc=0&sspret=1&rndcb=3457058896
  • https://sync.targeting.unrulymedia.com/csync/RX-af56c6db-498f-42fc-9369-e44a2dbc1924-005?redir=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Drhy%26i%3DRX-af56c6db-498f-42fc-9369-e44a2dbc1924-005
  • https://rtb.gumgum.com/usersync?b=rhy&i=RX-af56c6db-498f-42fc-9369-e44a2dbc1924-005
35 B
237 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb.gumgum.com/usersync?b=rhy&i=RX-af56c6db-498f-42fc-9369-e44a2dbc1924-005
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=0&gdpr_consent=
Protocol
H2
Server
34.233.157.225 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-233-157-225.compute-1.amazonaws.com
Software
nginx /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:09 GMT
content-type
image/gif;charset=UTF-8
server
nginx
p3p
CP="This is not a P3P policy"
cache-control
private, no-store, must-revalidate, max-age=0
timing-allow-origin
*
content-length
35
expires
0

Redirect headers

Date
Mon, 08 Nov 2021 15:48:09 GMT
Server
Tengine
ETag
RXaf56c6db498f42fc9369e44a2dbc1924005
Transfer-Encoding
chunked
P3P
CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
Location
https://rtb.gumgum.com/usersync?b=rhy&i=RX-af56c6db-498f-42fc-9369-e44a2dbc1924-005
Connection
keep-alive
Content-Type
text/html
usersync
rtb.gumgum.com/ Frame 73AC
Redirect Chain
  • https://bh.contextweb.com/bh/rtset?pid=558355&ev=1&rurl=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dpln%26i%3D%25%25VGUID%25%25
  • https://rtb.gumgum.com/usersync?b=pln&i=H8Pc5X87Q0ue&ev=1&pid=558355
35 B
237 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb.gumgum.com/usersync?b=pln&i=H8Pc5X87Q0ue&ev=1&pid=558355
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=0&gdpr_consent=
Protocol
H2
Server
34.233.157.225 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-233-157-225.compute-1.amazonaws.com
Software
nginx /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:08 GMT
content-type
image/gif;charset=UTF-8
server
nginx
p3p
CP="This is not a P3P policy"
cache-control
private, no-store, must-revalidate, max-age=0
timing-allow-origin
*
content-length
35
expires
0

Redirect headers

strict-transport-security
max-age=15768000
server
Jetty(9.4.14.v20181114)
p3p
policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
content-language
en-CA
location
https://rtb.gumgum.com/usersync?b=pln&i=H8Pc5X87Q0ue&ev=1&pid=558355
cache-control
private, max-age=0, no-cache, no-store
cw-server
bh-deployment-857fc6c844-vxjjb
expires
-1
cookie-sync
sync.outbrain.com/ Frame 73AC
Redirect Chain
  • https://sync.outbrain.com/redirectObuid?platformId=GUMGU18H7EL9NI653I7DPEH51&gdpr=0&gdprConsent=&platformRdUrl=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dobn%26i%3D%7BOB_UID%7D%26r%3D%7BobRdUrl%7D
  • https://rtb.gumgum.com/usersync?b=obn&i=ENC%28IjBUqzGdQ88nJzSoDi74I71rDkt5-CXPVfn8gpdtbygGFtZj4pdzbBJCggCmbAzf%29&r=https%3A%2F%2Fsync.outbrain.com%2FsyncUser%3FplatformId%3D%7Bplatform_id%7D%26pla...
  • https://sync.outbrain.com/syncUser?platformId=GUMGU18H7EL9NI653I7DPEH51&platformUid=u_d4d7bffb-5e3e-4ba9-9b01-d2554f1b5306&obuid=ENC(IjBUqzGdQ88nJzSoDi74I71rDkt5-CXPVfn8gpdtbygGFtZj4pdzbBJCggCmbAzf)
  • https://sync.outbrain.com/syncPartner?platformId=GUMGU18H7EL9NI653I7DPEH51
  • https://b1sync.zemanta.com/usersync/outbrain/?puid=x6GjSS4Hc3J8eeGrV2Y86pVa6DEoT4nlDxD88HWhT8f95UEHpx0iva5rrLsFSylJ
  • https://sync.outbrain.com/cookie-sync?p=zemanta&uid=P5m7GJPyKk1ysTdwS0Ap
0
292 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.outbrain.com/cookie-sync?p=zemanta&uid=P5m7GJPyKk1ysTdwS0Ap
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=0&gdpr_consent=
Protocol
HTTP/1.1
Server
70.42.32.31 , United States, ASN13789 (INTERNAP-BLK3, US),
Reverse DNS
ny.outbrain.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date
Mon, 08 Nov 2021 15:48:09 GMT
Cache-Control
no-cache
X-TraceId
cdde2700aa8e6f56c8aab9d41ca51df5
Content-Length
0

Redirect headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:09 GMT
P3p
CP="We do not support P3P header."
Location
https://sync.outbrain.com/cookie-sync?p=zemanta&uid=P5m7GJPyKk1ysTdwS0Ap
Cache-Control
no-cache, no-store, must-revalidate
Content-Type
text/html; charset=utf-8
Content-Length
99
Expires
Thu, 01 Dec 1994 16:00:00 GMT
usersync
rtb.gumgum.com/ Frame 73AC
Redirect Chain
  • https://us-u.openx.net/w/1.0/cm?_={CACHEBUSTER}&id=47f31213-389c-4904-aaa6-9b11aab9c211&gdpr=0&gdpr_consent=&us_privacy=&r=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dopx%26i%3D
  • https://rtb.gumgum.com/usersync?b=opx&i=4516d60b-a573-4a45-b6e8-5ad2619e5b5c
35 B
237 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb.gumgum.com/usersync?b=opx&i=4516d60b-a573-4a45-b6e8-5ad2619e5b5c
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=0&gdpr_consent=
Protocol
H2
Server
34.233.157.225 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-233-157-225.compute-1.amazonaws.com
Software
nginx /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:08 GMT
content-type
image/gif;charset=UTF-8
server
nginx
p3p
CP="This is not a P3P policy"
cache-control
private, no-store, must-revalidate, max-age=0
timing-allow-origin
*
content-length
35
expires
0

Redirect headers

date
Mon, 08 Nov 2021 15:48:08 GMT
content-encoding
gzip
server
OXGW/16.218.0
vary
Accept, Accept-Encoding
p3p
CP="CUR ADM OUR NOR STA NID"
location
https://rtb.gumgum.com/usersync?b=opx&i=4516d60b-a573-4a45-b6e8-5ad2619e5b5c
content-type
image/gif
alt-svc
clear
content-length
0
via
1.1 google
gumgum
pr-bh.ybp.yahoo.com/sync/ Frame 73AC 		43 B
322 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pr-bh.ybp.yahoo.com/sync/gumgum?gdpr=0&gdpr_consent=
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=0&gdpr_consent=
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f18:4e9:5a01:90f9:19e1:7d5f:7568 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
ATS /
Resource Hash
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:08 GMT
referrer-policy
strict-origin-when-cross-origin
server
ATS
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security
max-age=31536000
content-type
image/gif
x-xss-protection
1; mode=block
content-length
43
x-content-type-options
nosniff
usersync
rtb.gumgum.com/ Frame 73AC
Redirect Chain
  • https://sync.ipredictive.com/d/sync/cookie/generic?partner=gumgum&cspid=9&append=1&cb=${ADELPHIC_CACHE_BUSTER}&gdpr=0&gdpr_consent=&us_privacy=&redirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%...
  • https://rtb.gumgum.com/usersync?b=vnt&i=43ca9dab-40ab-11ec-9d66-2b2cac59886f
35 B
237 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb.gumgum.com/usersync?b=vnt&i=43ca9dab-40ab-11ec-9d66-2b2cac59886f
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=0&gdpr_consent=
Protocol
H2
Server
34.233.157.225 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-233-157-225.compute-1.amazonaws.com
Software
nginx /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:08 GMT
content-type
image/gif;charset=UTF-8
server
nginx
p3p
CP="This is not a P3P policy"
cache-control
private, no-store, must-revalidate, max-age=0
timing-allow-origin
*
content-length
35
expires
0

Redirect headers

Location
https://rtb.gumgum.com/usersync?b=vnt&i=43ca9dab-40ab-11ec-9d66-2b2cac59886f
Date
Mon, 08 Nov 2021 15:48:07 GMT
Server
Apache-Coyote/1.1
Connection
keep-alive
Content-Length
0
X-CI-RTID
44f8e453-40ab-11ec-8075-29646be9ba03
usersync
rtb.gumgum.com/ Frame 73AC
Redirect Chain
  • https://sync.technoratimedia.com/services?srv=cs&pid=65&us_privacy=&cb=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dsnc%26i%3D%5BUSER_ID%5D
  • https://rtb.gumgum.com/usersync?b=snc&i=C1885AA0E2F44867B9B646ED34305A2C
35 B
237 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb.gumgum.com/usersync?b=snc&i=C1885AA0E2F44867B9B646ED34305A2C
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=0&gdpr_consent=
Protocol
H2
Server
34.233.157.225 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-233-157-225.compute-1.amazonaws.com
Software
nginx /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:08 GMT
content-type
image/gif;charset=UTF-8
server
nginx
p3p
CP="This is not a P3P policy"
cache-control
private, no-store, must-revalidate, max-age=0
timing-allow-origin
*
content-length
35
expires
0

Redirect headers

date
Mon, 08 Nov 2021 15:48:08 GMT
via
1.1 varnish
server
nginx
age
0
location
https://rtb.gumgum.com/usersync?b=snc&i=C1885AA0E2F44867B9B646ED34305A2C
access-control-allow-methods
POST,GET,HEAD,OPTIONS
content-type
text/plain
access-control-allow-origin
https://rtb.gumgum.com/
access-control-allow-credentials
true
x-varnish
271644228
content-length
0
usersync
rtb.gumgum.com/ Frame 73AC
Redirect Chain
  • https://match.deepintent.com/usersync/142
  • https://rtb.gumgum.com/usersync?b=dit&i=di_ea88ca4abc7e417ea04f8
35 B
237 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb.gumgum.com/usersync?b=dit&i=di_ea88ca4abc7e417ea04f8
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=0&gdpr_consent=
Protocol
H2
Server
34.233.157.225 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-233-157-225.compute-1.amazonaws.com
Software
nginx /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:08 GMT
content-type
image/gif;charset=UTF-8
server
nginx
p3p
CP="This is not a P3P policy"
cache-control
private, no-store, must-revalidate, max-age=0
timing-allow-origin
*
content-length
35
expires
0

Redirect headers

location
https://rtb.gumgum.com/usersync?b=dit&i=di_ea88ca4abc7e417ea04f8
date
Mon, 08 Nov 2021 15:48:07 GMT
server
a
content-type
image/gif
content-length
0
p3p
policyref='http://cdn.deepintent.com/p3p.xml', CP='NON CUR DEV TAI'
usersync
rtb.gumgum.com/ Frame 73AC
Redirect Chain
  • https://ad.360yield.com/server_match?partner_id=N&r=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Didi%26i%3D%7BPUB_USER_ID%7D
  • https://ad.360yield.com/ul_cb/server_match?partner_id=N&r=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Didi%26i%3D%7BPUB_USER_ID%7D
  • https://rtb.gumgum.com/usersync?b=idi&i=f01c79f3-9500-4d87-8696-09efc50af0a6
35 B
237 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb.gumgum.com/usersync?b=idi&i=f01c79f3-9500-4d87-8696-09efc50af0a6
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=0&gdpr_consent=
Protocol
H2
Server
34.233.157.225 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-233-157-225.compute-1.amazonaws.com
Software
nginx /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:09 GMT
content-type
image/gif;charset=UTF-8
server
nginx
p3p
CP="This is not a P3P policy"
cache-control
private, no-store, must-revalidate, max-age=0
timing-allow-origin
*
content-length
35
expires
0

Redirect headers

location
https://rtb.gumgum.com/usersync?b=idi&i=f01c79f3-9500-4d87-8696-09efc50af0a6
date
Mon, 08 Nov 2021 15:48:08 GMT
access-control-allow-origin
*
content-type
text/plain
content-length
0
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
sync
ssbsync.smartadserver.com/api/ Frame 73AC 		0
75 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ssbsync.smartadserver.com/api/sync?callerId=15
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=0&gdpr_consent=
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
199.187.193.181 , Canada, ASN47043 (SMARTADSERVER, CA),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:07 GMT
content-length
0
merge
ce.lijit.com/ Frame 73AC 		43 B
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ce.lijit.com/merge?pid=36&3pid=u_d4d7bffb-5e3e-4ba9-9b01-d2554f1b5306
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=0&gdpr_consent=
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
63.251.86.49 , United States, ASN10913 (INTERNAP-BLK, US),
Reverse DNS
Software
nginx / raptor
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:08 GMT
Server
nginx
X-Powered-By
raptor
P3P
CP="CUR ADM OUR NOR STA NID"
Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod
ad_ap1dca1
Content-Type
image/gif
Content-Length
43
Expires
Fri, 20 Mar 2009 00:00:00 GMT
pixel.gif
px.moatads.com/ Frame B1D3 		43 B
260 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.moatads.com/pixel.gif?e=37&q=0&hp=1&ra=1&pxm=7&sgs=3&vb=-1&kq=1&lo=0&uk=null&pk=0&wk=0&rk=0&tk=0&ak=-&i=SENDGRID_DCM1&ol=453615052&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~tM!90vv9L%24%2FoDb%2FG)lKr%23l9jmUdTfN%5Bqir1fcSC%3AU%3FWOvTh%7CzFK%3F%5B%22l!j%3F%5DV%22%3BU!%2FBwj%5DUG0U20!9%3Am%5EG..%2C*%5D%407%25rxaxcpaO%2BZ%5EhG%22%3ExZq%224%7CQjw%60.%7Bi%3F%5DQZ%2CA2%2BNhloI%40s1%7CZ5*%3FVl%3Fe3%7CqL5%40J%3D%5B*EjrG%3DH%3CA.a%24%7D9H%3BatASYUby%3D(tN%23V.x%3Bm_Qrw5.W%2F84VKp%40i6AKx!f%3EUYoo813_xB%2CN22Ib%40aFB&tf=1_nMzjG---CSa7H-nHVQZC-bW7qhB-LRwqH-nMzjG-&vi=111111&rc=2%2C1%2C0%2C3%2C3326192205%2C1%2C4%2C0%2Cprobably%2Cprobably&rb=1-KyBnW%2BgiY9PHPf0uHVjPGlx1P1tMeAYh8VIp1Vf7AbESGfrl5%2FmliBNlAlwWxmRnpyWz&rs=1-3F41M1%2F1Kg7M0g%3D%3D&sc=1&os=1-aw%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MxOtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJfR0BqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=&qc=0&qd=0&qf=728&qe=90&qh=1600&qg=1200&qm=0&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&ql=%3B%5BpwxnRd%7Dt%3Aal9EU%22y%2F.D%5B5%2F%5BGI%3Fi6%5EB61%2F%3DSqcMr1%7B%2CTu9LJJ(a.P%2B)s1(uA&qo=0&qr=0&bq=0&g=1&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&h=90&w=728&zGSRC=1&gu=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F112825%2Fmalware%2Fgolang-based-worm-windows-linux.html&id=0&ii=6&f=1&j=https%3A%2F%2Fsecurityaffairs.co&lp=https%3A%2F%2Fsecurityaffairs.co&t=1636386486929&de=974024140004&cu=1636386486929&m=514&ar=553ffc12ef5-clean&iw=9a4f3d2&cb=0&ym=0&ll=2&lm=2&ln=1&r=0&dl=0&nh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=94&le=1&gm=1&io=1&ch=1&vv=3&vw=0%3A3%3A0&vp=100&vx=-%3A100%3A-&pe=0%3A523%3A523%3A0%3A1100&aa=0&ad=212&cn=0&gk=212&gl=0&ik=212&ic=212&ez=1&cq=1&im=0&in=0&pd=0&em=0&en=0&st=1&su=1&of=1&oz=1&oe=0%3A0%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=68&cd=68&ah=68&am=68&xd=00&rf=0&re=1&wb=1&cl=0&at=0&d=22143192%3A3112338%3A318428647%3A160158782&bo=securityaffairs.co&bd=securityaffairs.co&gw=sendgriddcm593119715704&zMoatOrigSlicer1=N%2FA&zMoatOrigSlicer2=N%2FA&hv=Standard%20Image%20Ad%20finding%20&ab=1&ac=1&fd=1&kt=sframe&it=500&fz=1&oq=1&ot=ff&zMoatJS=3%3A-&ti=0&ih=1&jm=-1&tc=0&fs=195402&na=2110819924&cs=0
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=90&slotname=Internal_728x90_0.10&adk=1194620937&adf=1480696129&pi=t.ma~as.Internal_728x90_0.10&w=728&lmt=1636386485&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F112825%2Fmalware%2Fgolang-based-worm-windows-linux.html&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1636386485752&bpp=6&bdt=145&idt=196&shv=r20211103&mjsv=m202111020101&ptt=5&saldr=sa&correlator=6653099393600&frm=21&ife=1&pv=1&ga_vid=826445048.1636386485&ga_sid=1636386486&ga_hid=1670877418&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=320&ady=518&biw=1600&bih=1200&isw=728&ish=90&ifk=1904614804&scr_x=0&scr_y=0&eid=31062938&oid=2&pvsid=1757560233294358&pem=843&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.xa1tfz6tg05z&fsb=1&xpc=jgpFHxDAe2&p=https%3A//securityaffairs.co&dtd=211
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
184.29.129.187 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-29-129-187.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:07 GMT
last-modified
Fri, 20 May 2016 15:16:00 GMT
server
AkamaiNetStorage
etag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type
image/gif
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-length
43
expires
Mon, 08 Nov 2021 15:48:07 GMT
usersync
rtb.gumgum.com/ Frame 657A
Redirect Chain
  • https://secure.adnxs.com/getuid?https://rtb.gumgum.com/usersync?b=apn&i=$UID
  • https://rtb.gumgum.com/usersync?b=apn&i=6624566760367890375
35 B
237 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb.gumgum.com/usersync?b=apn&i=6624566760367890375
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=0&gdpr_consent=
Protocol
H2
Server
34.233.157.225 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-233-157-225.compute-1.amazonaws.com
Software
nginx /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:08 GMT
content-type
image/gif;charset=UTF-8
server
nginx
p3p
CP="This is not a P3P policy"
cache-control
private, no-store, must-revalidate, max-age=0
timing-allow-origin
*
content-length
35
expires
0

Redirect headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:07 GMT
X-Proxy-Origin
37.120.205.149; 37.120.205.149; 550.bm-nginx-loadbalancer.mgmt.nym2; adnxs.com
AN-X-Request-Uuid
52cace2c-3aa4-4c80-8920-814182a7a2c9
Server
nginx/1.17.9
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://rtb.gumgum.com/usersync?b=apn&i=6624566760367890375
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
usersync
rtb.gumgum.com/ Frame 657A
Redirect Chain
  • https://x.bidswitch.net/sync?ssp=gumgum2&user_id=u_d4d7bffb-5e3e-4ba9-9b01-d2554f1b5306&gdpr=0&gdpr_consent=&us_privacy=
  • https://a.sportradarserving.com/sync?ssp=bidswitch&bidswitch_ssp_id=gumgum2
  • https://x.bidswitch.net/sync?dsp_id=409&expires=14&user_group=1&user_id=969ab515-771e-4a36-b33b-f48fc2378c18&ssp=gumgum2
  • https://rtb.gumgum.com/usersync?b=bsw&i=85c87065-7ef7-4b17-88e8-8c602c265f67
35 B
237 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb.gumgum.com/usersync?b=bsw&i=85c87065-7ef7-4b17-88e8-8c602c265f67
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=0&gdpr_consent=
Protocol
H2
Server
34.233.157.225 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-233-157-225.compute-1.amazonaws.com
Software
nginx /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:09 GMT
content-type
image/gif;charset=UTF-8
server
nginx
p3p
CP="This is not a P3P policy"
cache-control
private, no-store, must-revalidate, max-age=0
timing-allow-origin
*
content-length
35
expires
0

Redirect headers

Location
//rtb.gumgum.com/usersync?b=bsw&i=85c87065-7ef7-4b17-88e8-8c602c265f67
Date
Mon, 08 Nov 2021 15:48:08 GMT
Cache-Control
no-cache, no-store, must-revalidate
Server
nginx
Connection
keep-alive
Content-Length
0
usersync
rtb.gumgum.com/ Frame 657A
Redirect Chain
  • https://sync.srv.stackadapt.com/sync?nid=1&gdpr=0&gdpr_consent=
  • https://rtb.gumgum.com/usersync?b=sta&i=0-8544da17-d2de-436c-4d9b-fd7d43708f80$ip$37.120.205.149
35 B
237 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb.gumgum.com/usersync?b=sta&i=0-8544da17-d2de-436c-4d9b-fd7d43708f80$ip$37.120.205.149
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=0&gdpr_consent=
Protocol
H2
Server
34.233.157.225 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-233-157-225.compute-1.amazonaws.com
Software
nginx /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:08 GMT
content-type
image/gif;charset=UTF-8
server
nginx
p3p
CP="This is not a P3P policy"
cache-control
private, no-store, must-revalidate, max-age=0
timing-allow-origin
*
content-length
35
expires
0

Redirect headers

Location
https://rtb.gumgum.com/usersync?b=sta&i=0-8544da17-d2de-436c-4d9b-fd7d43708f80$ip$37.120.205.149
Date
Mon, 08 Nov 2021 15:48:08 GMT
Connection
keep-alive
Content-Length
123
Content-Type
text/html; charset=utf-8
usersync
rtb.gumgum.com/ Frame 657A
Redirect Chain
  • https://b1sync.zemanta.com/usersync/gumgum/?puid=u_d4d7bffb-5e3e-4ba9-9b01-d2554f1b5306&gdpr=0&gdpr_consent=&us_privacy=
  • https://stags.bluekai.com/site/23178?id=P5m7GJPyKk1ysTdwS0Ap&redir=https%3A%2F%2Fb1sync.zemanta.com%2Fusersync%2Fbluekai%2Fcallback%2F%3Fd%3DNB2HI4DTHIXS64TUMIXGO5LNM52W2LTDN5WS65LTMVZHG6LOMM7WEPL2...
  • https://b1sync.zemanta.com/usersync/bluekai/callback/?d=NB2HI4DTHIXS64TUMIXGO5LNM52W2LTDN5WS65LTMVZHG6LOMM7WEPL2MVWSMZLYMNUGC3THMU6WO5LNM52W2JTHMRYHEPJQEZUT2UBVNU3UOSSQPFFWWMLZONKGI52TGBAXA
  • https://rtb.gumgum.com/usersync?b=zem&gdpr=0&i=P5m7GJPyKk1ysTdwS0Ap
35 B
237 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb.gumgum.com/usersync?b=zem&gdpr=0&i=P5m7GJPyKk1ysTdwS0Ap
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=0&gdpr_consent=
Protocol
H2
Server
34.233.157.225 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-233-157-225.compute-1.amazonaws.com
Software
nginx /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:09 GMT
content-type
image/gif;charset=UTF-8
server
nginx
p3p
CP="This is not a P3P policy"
cache-control
private, no-store, must-revalidate, max-age=0
timing-allow-origin
*
content-length
35
expires
0

Redirect headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:09 GMT
P3p
CP="We do not support P3P header."
Location
https://rtb.gumgum.com/usersync?b=zem&gdpr=0&i=P5m7GJPyKk1ysTdwS0Ap
Cache-Control
no-cache, no-store, must-revalidate
Content-Type
text/html; charset=utf-8
Content-Length
98
Expires
Thu, 01 Dec 1994 16:00:00 GMT
RX-af56c6db-498f-42fc-9369-e44a2dbc1924-005
sync.targeting.unrulymedia.com/csync/ Frame 657A
Redirect Chain
  • https://sync.1rx.io/usersync2/floor6&gdpr=0&gdpr_consent=
  • https://match.prod.bidr.io/cookie-sync/ro?rndcb=4271847622
  • https://sync.1rx.io/usersync/beeswax/AACqDk7DEo0AABkfKQPxKQ
  • https://sync.targeting.unrulymedia.com/csync/RX-af56c6db-498f-42fc-9369-e44a2dbc1924-005
43 B
452 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.targeting.unrulymedia.com/csync/RX-af56c6db-498f-42fc-9369-e44a2dbc1924-005
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=0&gdpr_consent=
Protocol
HTTP/1.1
Server
199.127.204.142 , United States, ASN26120 (RHYTHMONE, US),
Reverse DNS
Software
Tengine /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date
Mon, 08 Nov 2021 15:48:09 GMT
Server
Tengine
Connection
keep-alive
Content-Length
43
P3P
CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"

Redirect headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:09 GMT
Server
Tengine
Transfer-Encoding
chunked
Content-Type
text/html
Location
https://sync.targeting.unrulymedia.com/csync/RX-af56c6db-498f-42fc-9369-e44a2dbc1924-005
Cache-Control
no-store, no-cache, must-revalidate
Connection
keep-alive
Expires
0
usersync
rtb.gumgum.com/ Frame 657A
Redirect Chain
  • https://bh.contextweb.com/bh/rtset?pid=558355&ev=1&rurl=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dpln%26i%3D%25%25VGUID%25%25
  • https://rtb.gumgum.com/usersync?b=pln&i=H8Pc5X87Q0ue&ev=1&pid=558355
35 B
237 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb.gumgum.com/usersync?b=pln&i=H8Pc5X87Q0ue&ev=1&pid=558355
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=0&gdpr_consent=
Protocol
H2
Server
34.233.157.225 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-233-157-225.compute-1.amazonaws.com
Software
nginx /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:08 GMT
content-type
image/gif;charset=UTF-8
server
nginx
p3p
CP="This is not a P3P policy"
cache-control
private, no-store, must-revalidate, max-age=0
timing-allow-origin
*
content-length
35
expires
0

Redirect headers

strict-transport-security
max-age=15768000
server
Jetty(9.4.14.v20181114)
p3p
policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
content-language
en-CA
location
https://rtb.gumgum.com/usersync?b=pln&i=H8Pc5X87Q0ue&ev=1&pid=558355
cache-control
private, max-age=0, no-cache, no-store
cw-server
bh-deployment-857fc6c844-vxjjb
expires
-1
cookie-sync
sync.outbrain.com/ Frame 657A
Redirect Chain
  • https://sync.outbrain.com/redirectObuid?platformId=GUMGU18H7EL9NI653I7DPEH51&gdpr=0&gdprConsent=&platformRdUrl=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dobn%26i%3D%7BOB_UID%7D%26r%3D%7BobRdUrl%7D
  • https://rtb.gumgum.com/usersync?b=obn&i=ENC%28x6GjSS4Hc3J8eeGrV2Y86pVa6DEoT4nlDxD88HWhT8f95UEHpx0iva5rrLsFSylJ%29&r=https%3A%2F%2Fsync.outbrain.com%2FsyncUser%3FplatformId%3D%7Bplatform_id%7D%26pla...
  • https://sync.outbrain.com/syncUser?platformId=GUMGU18H7EL9NI653I7DPEH51&platformUid=u_d4d7bffb-5e3e-4ba9-9b01-d2554f1b5306&obuid=ENC(x6GjSS4Hc3J8eeGrV2Y86pVa6DEoT4nlDxD88HWhT8f95UEHpx0iva5rrLsFSylJ)
  • https://sync.outbrain.com/syncPartner?platformId=GUMGU18H7EL9NI653I7DPEH51
  • https://dis.criteo.com/dis/usersync.aspx?r=74&p=126&cp=outbrain&cu=1&url=https%3A%2F%2Fsync.outbrain.com%2Fcookie-sync%3Fp%3Dcriteo%26uid%3D%40%40CRITEO_USERID%40%40%26obUid%3Dx6GjSS4Hc3J8eeGrV2Y86...
  • https://sync.outbrain.com/cookie-sync?p=criteo&uid=551ef6f7-5dc1-4e5f-9bfd-d061d6f90f5b&obUid=x6GjSS4Hc3J8eeGrV2Y86pVa6DEoT4nlDxD88HWhT8f95UEHpx0iva5rrLsFSylJ&platformId=GUMGU18H7EL9NI653I7DPEH51
0
309 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.outbrain.com/cookie-sync?p=criteo&uid=551ef6f7-5dc1-4e5f-9bfd-d061d6f90f5b&obUid=x6GjSS4Hc3J8eeGrV2Y86pVa6DEoT4nlDxD88HWhT8f95UEHpx0iva5rrLsFSylJ&platformId=GUMGU18H7EL9NI653I7DPEH51
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=0&gdpr_consent=
Protocol
HTTP/1.1
Server
70.42.32.31 , United States, ASN13789 (INTERNAP-BLK3, US),
Reverse DNS
ny.outbrain.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date
Mon, 08 Nov 2021 15:48:09 GMT
Cache-Control
no-cache
X-TraceId
0e560c687298d30ef97e09e7ef8a5fb2
Content-Length
0

Redirect headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:08 GMT
server
Kestrel
x-errorlevel
0
p3p
CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
location
https://sync.outbrain.com/cookie-sync?p=criteo&uid=551ef6f7-5dc1-4e5f-9bfd-d061d6f90f5b&obUid=x6GjSS4Hc3J8eeGrV2Y86pVa6DEoT4nlDxD88HWhT8f95UEHpx0iva5rrLsFSylJ&platformId=GUMGU18H7EL9NI653I7DPEH51
cache-control
no-cache
cross-origin-resource-policy
cross-origin
server-processing-duration-in-ticks
1158691
content-length
0
expires
Mon, 08 Nov 2021 00:00:00 GMT
usersync
rtb.gumgum.com/ Frame 657A
Redirect Chain
  • https://us-u.openx.net/w/1.0/cm?_={CACHEBUSTER}&id=47f31213-389c-4904-aaa6-9b11aab9c211&gdpr=0&gdpr_consent=&us_privacy=&r=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dopx%26i%3D
  • https://rtb.gumgum.com/usersync?b=opx&i=4516d60b-a573-4a45-b6e8-5ad2619e5b5c
35 B
237 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb.gumgum.com/usersync?b=opx&i=4516d60b-a573-4a45-b6e8-5ad2619e5b5c
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=0&gdpr_consent=
Protocol
H2
Server
34.233.157.225 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-233-157-225.compute-1.amazonaws.com
Software
nginx /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:08 GMT
content-type
image/gif;charset=UTF-8
server
nginx
p3p
CP="This is not a P3P policy"
cache-control
private, no-store, must-revalidate, max-age=0
timing-allow-origin
*
content-length
35
expires
0

Redirect headers

date
Mon, 08 Nov 2021 15:48:08 GMT
content-encoding
gzip
server
OXGW/16.218.0
vary
Accept, Accept-Encoding
p3p
CP="CUR ADM OUR NOR STA NID"
location
https://rtb.gumgum.com/usersync?b=opx&i=4516d60b-a573-4a45-b6e8-5ad2619e5b5c
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
via
1.1 google
gumgum
pr-bh.ybp.yahoo.com/sync/ Frame 657A 		43 B
322 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pr-bh.ybp.yahoo.com/sync/gumgum?gdpr=0&gdpr_consent=
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=0&gdpr_consent=
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f18:4e9:5a01:90f9:19e1:7d5f:7568 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
ATS /
Resource Hash
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:08 GMT
referrer-policy
strict-origin-when-cross-origin
server
ATS
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security
max-age=31536000
content-type
image/gif
x-xss-protection
1; mode=block
content-length
43
x-content-type-options
nosniff
usersync
rtb.gumgum.com/ Frame 657A
Redirect Chain
  • https://sync.ipredictive.com/d/sync/cookie/generic?partner=gumgum&cspid=9&append=1&cb=${ADELPHIC_CACHE_BUSTER}&gdpr=0&gdpr_consent=&us_privacy=&redirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%...
  • https://rtb.gumgum.com/usersync?b=vnt&i=43ca9dab-40ab-11ec-9d66-2b2cac59886f
35 B
237 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb.gumgum.com/usersync?b=vnt&i=43ca9dab-40ab-11ec-9d66-2b2cac59886f
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=0&gdpr_consent=
Protocol
H2
Server
34.233.157.225 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-233-157-225.compute-1.amazonaws.com
Software
nginx /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:08 GMT
content-type
image/gif;charset=UTF-8
server
nginx
p3p
CP="This is not a P3P policy"
cache-control
private, no-store, must-revalidate, max-age=0
timing-allow-origin
*
content-length
35
expires
0

Redirect headers

Location
https://rtb.gumgum.com/usersync?b=vnt&i=43ca9dab-40ab-11ec-9d66-2b2cac59886f
Date
Mon, 08 Nov 2021 15:48:07 GMT
Server
Apache-Coyote/1.1
Connection
keep-alive
Content-Length
0
X-CI-RTID
44fc8dce-40ab-11ec-bfa9-bd6a2b4a19f9
usersync
rtb.gumgum.com/ Frame 657A
Redirect Chain
  • https://sync.technoratimedia.com/services?srv=cs&pid=65&us_privacy=&cb=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dsnc%26i%3D%5BUSER_ID%5D
  • https://rtb.gumgum.com/usersync?b=snc&i=C1885AA0E2F44867B9B646ED34305A2C
35 B
237 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb.gumgum.com/usersync?b=snc&i=C1885AA0E2F44867B9B646ED34305A2C
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=0&gdpr_consent=
Protocol
H2
Server
34.233.157.225 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-233-157-225.compute-1.amazonaws.com
Software
nginx /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:08 GMT
content-type
image/gif;charset=UTF-8
server
nginx
p3p
CP="This is not a P3P policy"
cache-control
private, no-store, must-revalidate, max-age=0
timing-allow-origin
*
content-length
35
expires
0

Redirect headers

date
Mon, 08 Nov 2021 15:48:08 GMT
via
1.1 varnish
server
nginx
age
0
location
https://rtb.gumgum.com/usersync?b=snc&i=C1885AA0E2F44867B9B646ED34305A2C
access-control-allow-methods
POST,GET,HEAD,OPTIONS
content-type
text/plain
access-control-allow-origin
https://rtb.gumgum.com/
access-control-allow-credentials
true
x-varnish
511857304
content-length
0
usersync
rtb.gumgum.com/ Frame 657A
Redirect Chain
  • https://match.deepintent.com/usersync/142
  • https://rtb.gumgum.com/usersync?b=dit&i=di_ea88ca4abc7e417ea04f8
35 B
237 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb.gumgum.com/usersync?b=dit&i=di_ea88ca4abc7e417ea04f8
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=0&gdpr_consent=
Protocol
H2
Server
34.233.157.225 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-233-157-225.compute-1.amazonaws.com
Software
nginx /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:08 GMT
content-type
image/gif;charset=UTF-8
server
nginx
p3p
CP="This is not a P3P policy"
cache-control
private, no-store, must-revalidate, max-age=0
timing-allow-origin
*
content-length
35
expires
0

Redirect headers

location
https://rtb.gumgum.com/usersync?b=dit&i=di_ea88ca4abc7e417ea04f8
date
Mon, 08 Nov 2021 15:48:07 GMT
server
a
content-type
image/gif
content-length
0
p3p
policyref='http://cdn.deepintent.com/p3p.xml', CP='NON CUR DEV TAI'
usersync
rtb.gumgum.com/ Frame 657A
Redirect Chain
  • https://ad.360yield.com/server_match?partner_id=N&r=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Didi%26i%3D%7BPUB_USER_ID%7D
  • https://rtb.gumgum.com/usersync?b=idi&i=e22edfdb-d81a-49ad-8ca2-a8d9eb0f683c
35 B
237 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb.gumgum.com/usersync?b=idi&i=e22edfdb-d81a-49ad-8ca2-a8d9eb0f683c
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=0&gdpr_consent=
Protocol
H2
Server
34.233.157.225 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-233-157-225.compute-1.amazonaws.com
Software
nginx /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:08 GMT
content-type
image/gif;charset=UTF-8
server
nginx
p3p
CP="This is not a P3P policy"
cache-control
private, no-store, must-revalidate, max-age=0
timing-allow-origin
*
content-length
35
expires
0

Redirect headers

location
https://rtb.gumgum.com/usersync?b=idi&i=e22edfdb-d81a-49ad-8ca2-a8d9eb0f683c
date
Mon, 08 Nov 2021 15:48:08 GMT
access-control-allow-origin
*
content-type
text/plain
content-length
0
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
sync
ssbsync.smartadserver.com/api/ Frame 657A 		0
75 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ssbsync.smartadserver.com/api/sync?callerId=15
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=0&gdpr_consent=
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
199.187.193.181 , Canada, ASN47043 (SMARTADSERVER, CA),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:07 GMT
content-length
0
merge
ce.lijit.com/ Frame 657A 		43 B
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ce.lijit.com/merge?pid=36&3pid=u_d4d7bffb-5e3e-4ba9-9b01-d2554f1b5306
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=0&gdpr_consent=
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
63.251.86.49 , United States, ASN10913 (INTERNAP-BLK, US),
Reverse DNS
Software
nginx / raptor
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:08 GMT
Server
nginx
X-Powered-By
raptor
P3P
CP="CUR ADM OUR NOR STA NID"
Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod
ad_ap1dca1
Content-Type
image/gif
Content-Length
43
Expires
Fri, 20 Mar 2009 00:00:00 GMT
usersync
rtb.gumgum.com/ Frame 7D0E
Redirect Chain
  • https://secure.adnxs.com/getuid?https://rtb.gumgum.com/usersync?b=apn&i=$UID
  • https://rtb.gumgum.com/usersync?b=apn&i=6624566760367890375
35 B
237 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb.gumgum.com/usersync?b=apn&i=6624566760367890375
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=0&gdpr_consent=
Protocol
H2
Server
34.233.157.225 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-233-157-225.compute-1.amazonaws.com
Software
nginx /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:08 GMT
content-type
image/gif;charset=UTF-8
server
nginx
p3p
CP="This is not a P3P policy"
cache-control
private, no-store, must-revalidate, max-age=0
timing-allow-origin
*
content-length
35
expires
0

Redirect headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:07 GMT
X-Proxy-Origin
37.120.205.149; 37.120.205.149; 550.bm-nginx-loadbalancer.mgmt.nym2; adnxs.com
AN-X-Request-Uuid
0b3d41f6-c09e-49d6-8304-899e6b0a304d
Server
nginx/1.17.9
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://rtb.gumgum.com/usersync?b=apn&i=6624566760367890375
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
usersync
rtb.gumgum.com/ Frame 7D0E
Redirect Chain
  • https://x.bidswitch.net/sync?ssp=gumgum2&user_id=u_d4d7bffb-5e3e-4ba9-9b01-d2554f1b5306&gdpr=0&gdpr_consent=&us_privacy=
  • https://server.cpmstar.com/usersync.aspx?bsw_custom_parameter=85c87065-7ef7-4b17-88e8-8c602c265f67&gdpr=0&gdpr_consent=&us_privacy=&redirect=https%3A%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D440%26ss...
  • https://x.bidswitch.net/sync?dsp_id=440&ssp=gumgum2&user_id=K6q0d52KgScZ-WnzZ8sS0
  • https://rtb.gumgum.com/usersync?b=bsw&i=85c87065-7ef7-4b17-88e8-8c602c265f67
35 B
237 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb.gumgum.com/usersync?b=bsw&i=85c87065-7ef7-4b17-88e8-8c602c265f67
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=0&gdpr_consent=
Protocol
H2
Server
34.233.157.225 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-233-157-225.compute-1.amazonaws.com
Software
nginx /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:09 GMT
content-type
image/gif;charset=UTF-8
server
nginx
p3p
CP="This is not a P3P policy"
cache-control
private, no-store, must-revalidate, max-age=0
timing-allow-origin
*
content-length
35
expires
0

Redirect headers

Location
//rtb.gumgum.com/usersync?b=bsw&i=85c87065-7ef7-4b17-88e8-8c602c265f67
Date
Mon, 08 Nov 2021 15:48:09 GMT
Cache-Control
no-cache, no-store, must-revalidate
Server
nginx
Connection
keep-alive
Content-Length
0
usersync
rtb.gumgum.com/ Frame 7D0E
Redirect Chain
  • https://sync.srv.stackadapt.com/sync?nid=1&gdpr=0&gdpr_consent=
  • https://rtb.gumgum.com/usersync?b=sta&i=0-8544da17-d2de-436c-4d9b-fd7d43708f80$ip$37.120.205.149
35 B
237 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb.gumgum.com/usersync?b=sta&i=0-8544da17-d2de-436c-4d9b-fd7d43708f80$ip$37.120.205.149
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=0&gdpr_consent=
Protocol
H2
Server
34.233.157.225 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-233-157-225.compute-1.amazonaws.com
Software
nginx /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:08 GMT
content-type
image/gif;charset=UTF-8
server
nginx
p3p
CP="This is not a P3P policy"
cache-control
private, no-store, must-revalidate, max-age=0
timing-allow-origin
*
content-length
35
expires
0

Redirect headers

Location
https://rtb.gumgum.com/usersync?b=sta&i=0-8544da17-d2de-436c-4d9b-fd7d43708f80$ip$37.120.205.149
Date
Mon, 08 Nov 2021 15:48:08 GMT
Connection
keep-alive
Content-Length
123
Content-Type
text/html; charset=utf-8
usersync
rtb.gumgum.com/ Frame 7D0E
Redirect Chain
  • https://b1sync.zemanta.com/usersync/gumgum/?puid=u_d4d7bffb-5e3e-4ba9-9b01-d2554f1b5306&gdpr=0&gdpr_consent=&us_privacy=
  • https://stags.bluekai.com/site/23178?id=P5m7GJPyKk1ysTdwS0Ap&redir=https%3A%2F%2Fb1sync.zemanta.com%2Fusersync%2Fbluekai%2Fcallback%2F%3Fd%3DNB2HI4DTHIXS64TUMIXGO5LNM52W2LTDN5WS65LTMVZHG6LOMM7WEPL2...
  • https://b1sync.zemanta.com/usersync/bluekai/callback/?d=NB2HI4DTHIXS64TUMIXGO5LNM52W2LTDN5WS65LTMVZHG6LOMM7WEPL2MVWSMZLYMNUGC3THMU6WO5LNM52W2JTHMRYHEPJQEZUT2UBVNU3UOSSQPFFWWMLZONKGI52TGBAXA
  • https://rtb.gumgum.com/usersync?b=zem&gdpr=0&i=P5m7GJPyKk1ysTdwS0Ap
35 B
237 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb.gumgum.com/usersync?b=zem&gdpr=0&i=P5m7GJPyKk1ysTdwS0Ap
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=0&gdpr_consent=
Protocol
H2
Server
34.233.157.225 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-233-157-225.compute-1.amazonaws.com
Software
nginx /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:09 GMT
content-type
image/gif;charset=UTF-8
server
nginx
p3p
CP="This is not a P3P policy"
cache-control
private, no-store, must-revalidate, max-age=0
timing-allow-origin
*
content-length
35
expires
0

Redirect headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:09 GMT
P3p
CP="We do not support P3P header."
Location
https://rtb.gumgum.com/usersync?b=zem&gdpr=0&i=P5m7GJPyKk1ysTdwS0Ap
Cache-Control
no-cache, no-store, must-revalidate
Content-Type
text/html; charset=utf-8
Content-Length
98
Expires
Thu, 01 Dec 1994 16:00:00 GMT
RX-af56c6db-498f-42fc-9369-e44a2dbc1924-005
sync.targeting.unrulymedia.com/csync/ Frame 7D0E
Redirect Chain
  • https://sync.1rx.io/usersync2/floor6&gdpr=0&gdpr_consent=
  • https://match.prod.bidr.io/cookie-sync/ro?rndcb=1576270219
  • https://sync.1rx.io/usersync/beeswax/AACqDk7DEo0AABkfKQPxKQ
  • https://sync.targeting.unrulymedia.com/csync/RX-af56c6db-498f-42fc-9369-e44a2dbc1924-005
43 B
452 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.targeting.unrulymedia.com/csync/RX-af56c6db-498f-42fc-9369-e44a2dbc1924-005
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=0&gdpr_consent=
Protocol
HTTP/1.1
Server
199.127.204.142 , United States, ASN26120 (RHYTHMONE, US),
Reverse DNS
Software
Tengine /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date
Mon, 08 Nov 2021 15:48:09 GMT
Server
Tengine
Connection
keep-alive
Content-Length
43
P3P
CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"

Redirect headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:09 GMT
Server
Tengine
Transfer-Encoding
chunked
Content-Type
text/html
Location
https://sync.targeting.unrulymedia.com/csync/RX-af56c6db-498f-42fc-9369-e44a2dbc1924-005
Cache-Control
no-store, no-cache, must-revalidate
Connection
keep-alive
Expires
0
usersync
rtb.gumgum.com/ Frame 7D0E
Redirect Chain
  • https://bh.contextweb.com/bh/rtset?pid=558355&ev=1&rurl=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dpln%26i%3D%25%25VGUID%25%25
  • https://rtb.gumgum.com/usersync?b=pln&i=H8Pc5X87Q0ue&ev=1&pid=558355
35 B
237 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb.gumgum.com/usersync?b=pln&i=H8Pc5X87Q0ue&ev=1&pid=558355
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=0&gdpr_consent=
Protocol
H2
Server
34.233.157.225 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-233-157-225.compute-1.amazonaws.com
Software
nginx /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:08 GMT
content-type
image/gif;charset=UTF-8
server
nginx
p3p
CP="This is not a P3P policy"
cache-control
private, no-store, must-revalidate, max-age=0
timing-allow-origin
*
content-length
35
expires
0

Redirect headers

strict-transport-security
max-age=15768000
server
Jetty(9.4.14.v20181114)
p3p
policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
content-language
en-CA
location
https://rtb.gumgum.com/usersync?b=pln&i=H8Pc5X87Q0ue&ev=1&pid=558355
cache-control
private, max-age=0, no-cache, no-store
cw-server
bh-deployment-857fc6c844-vxjjb
expires
-1
cookie-sync
sync.outbrain.com/ Frame 7D0E
Redirect Chain
  • https://sync.outbrain.com/redirectObuid?platformId=GUMGU18H7EL9NI653I7DPEH51&gdpr=0&gdprConsent=&platformRdUrl=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dobn%26i%3D%7BOB_UID%7D%26r%3D%7BobRdUrl%7D
  • https://rtb.gumgum.com/usersync?b=obn&i=ENC%28UiXTgp2gExnu1evYgEP77I_-3txF-_DMYRl8lXVUFRMxks7_SzK20NzkcwslqJTD%29&r=https%3A%2F%2Fsync.outbrain.com%2FsyncUser%3FplatformId%3D%7Bplatform_id%7D%26pla...
  • https://sync.outbrain.com/syncUser?platformId=GUMGU18H7EL9NI653I7DPEH51&platformUid=u_d4d7bffb-5e3e-4ba9-9b01-d2554f1b5306&obuid=ENC(UiXTgp2gExnu1evYgEP77I_-3txF-_DMYRl8lXVUFRMxks7_SzK20NzkcwslqJTD)
  • https://sync.outbrain.com/syncPartner?platformId=GUMGU18H7EL9NI653I7DPEH51
  • https://sync.search.spotxchange.com/partner?adv_id=8862&redir=https%3A%2F%2Fsync.outbrain.com%2Fcookie-sync%3Fp%3Dspotx%26uid%3D%24SPOTX_USER_ID%26obUid%3Dx6GjSS4Hc3J8eeGrV2Y86pVa6DEoT4nlDxD88HWhT8...
  • https://sync.outbrain.com/cookie-sync?p=spotx&uid=44cea979-40ab-11ec-a825-15e8696a0103&obUid=x6GjSS4Hc3J8eeGrV2Y86pVa6DEoT4nlDxD88HWhT8f95UEHpx0iva5rrLsFSylJ
0
308 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.outbrain.com/cookie-sync?p=spotx&uid=44cea979-40ab-11ec-a825-15e8696a0103&obUid=x6GjSS4Hc3J8eeGrV2Y86pVa6DEoT4nlDxD88HWhT8f95UEHpx0iva5rrLsFSylJ
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=0&gdpr_consent=
Protocol
HTTP/1.1
Server
70.42.32.31 , United States, ASN13789 (INTERNAP-BLK3, US),
Reverse DNS
ny.outbrain.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date
Mon, 08 Nov 2021 15:48:09 GMT
Cache-Control
no-cache
X-TraceId
d76a0c5419fca335fc2b39d31f5d0cea
Content-Length
0

Redirect headers

Date
Mon, 08 Nov 2021 15:48:09 GMT
Server
nginx
Location
https://sync.outbrain.com/cookie-sync?p=spotx&uid=44cea979-40ab-11ec-a825-15e8696a0103&obUid=x6GjSS4Hc3J8eeGrV2Y86pVa6DEoT4nlDxD88HWhT8f95UEHpx0iva5rrLsFSylJ
Access-Control-Allow-Methods
GET, POST, OPTIONS
Content-Type
text/plain
Access-Control-Allow-Origin
*
Cache-Control
no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials
false
X-fe
386
Connection
keep-alive
Content-Length
0
usersync
rtb.gumgum.com/ Frame 7D0E
Redirect Chain
  • https://us-u.openx.net/w/1.0/cm?_={CACHEBUSTER}&id=47f31213-389c-4904-aaa6-9b11aab9c211&gdpr=0&gdpr_consent=&us_privacy=&r=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dopx%26i%3D
  • https://rtb.gumgum.com/usersync?b=opx&i=4516d60b-a573-4a45-b6e8-5ad2619e5b5c
35 B
237 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb.gumgum.com/usersync?b=opx&i=4516d60b-a573-4a45-b6e8-5ad2619e5b5c
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=0&gdpr_consent=
Protocol
H2
Server
34.233.157.225 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-233-157-225.compute-1.amazonaws.com
Software
nginx /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:08 GMT
content-type
image/gif;charset=UTF-8
server
nginx
p3p
CP="This is not a P3P policy"
cache-control
private, no-store, must-revalidate, max-age=0
timing-allow-origin
*
content-length
35
expires
0

Redirect headers

date
Mon, 08 Nov 2021 15:48:08 GMT
content-encoding
gzip
server
OXGW/16.218.0
vary
Accept, Accept-Encoding
p3p
CP="CUR ADM OUR NOR STA NID"
location
https://rtb.gumgum.com/usersync?b=opx&i=4516d60b-a573-4a45-b6e8-5ad2619e5b5c
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
via
1.1 google
gumgum
pr-bh.ybp.yahoo.com/sync/ Frame 7D0E 		43 B
322 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pr-bh.ybp.yahoo.com/sync/gumgum?gdpr=0&gdpr_consent=
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=0&gdpr_consent=
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f18:4e9:5a01:90f9:19e1:7d5f:7568 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
ATS /
Resource Hash
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:08 GMT
referrer-policy
strict-origin-when-cross-origin
server
ATS
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security
max-age=31536000
content-type
image/gif
x-xss-protection
1; mode=block
content-length
43
x-content-type-options
nosniff
usersync
rtb.gumgum.com/ Frame 7D0E
Redirect Chain
  • https://sync.ipredictive.com/d/sync/cookie/generic?partner=gumgum&cspid=9&append=1&cb=${ADELPHIC_CACHE_BUSTER}&gdpr=0&gdpr_consent=&us_privacy=&redirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%...
  • https://rtb.gumgum.com/usersync?b=vnt&i=43ca9dab-40ab-11ec-9d66-2b2cac59886f
35 B
237 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb.gumgum.com/usersync?b=vnt&i=43ca9dab-40ab-11ec-9d66-2b2cac59886f
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=0&gdpr_consent=
Protocol
H2
Server
34.233.157.225 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-233-157-225.compute-1.amazonaws.com
Software
nginx /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:08 GMT
content-type
image/gif;charset=UTF-8
server
nginx
p3p
CP="This is not a P3P policy"
cache-control
private, no-store, must-revalidate, max-age=0
timing-allow-origin
*
content-length
35
expires
0

Redirect headers

Location
https://rtb.gumgum.com/usersync?b=vnt&i=43ca9dab-40ab-11ec-9d66-2b2cac59886f
Date
Mon, 08 Nov 2021 15:48:07 GMT
Server
Apache-Coyote/1.1
Connection
keep-alive
Content-Length
0
X-CI-RTID
45008537-40ab-11ec-a962-b5def777d2db
usersync
rtb.gumgum.com/ Frame 7D0E
Redirect Chain
  • https://sync.technoratimedia.com/services?srv=cs&pid=65&us_privacy=&cb=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dsnc%26i%3D%5BUSER_ID%5D
  • https://rtb.gumgum.com/usersync?b=snc&i=C1885AA0E2F44867B9B646ED34305A2C
35 B
237 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb.gumgum.com/usersync?b=snc&i=C1885AA0E2F44867B9B646ED34305A2C
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=0&gdpr_consent=
Protocol
H2
Server
34.233.157.225 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-233-157-225.compute-1.amazonaws.com
Software
nginx /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:08 GMT
content-type
image/gif;charset=UTF-8
server
nginx
p3p
CP="This is not a P3P policy"
cache-control
private, no-store, must-revalidate, max-age=0
timing-allow-origin
*
content-length
35
expires
0

Redirect headers

date
Mon, 08 Nov 2021 15:48:08 GMT
via
1.1 varnish
server
nginx
age
0
location
https://rtb.gumgum.com/usersync?b=snc&i=C1885AA0E2F44867B9B646ED34305A2C
access-control-allow-methods
POST,GET,HEAD,OPTIONS
content-type
text/plain
access-control-allow-origin
https://rtb.gumgum.com/
access-control-allow-credentials
true
x-varnish
457336650
content-length
0
usersync
rtb.gumgum.com/ Frame 7D0E
Redirect Chain
  • https://match.deepintent.com/usersync/142
  • https://rtb.gumgum.com/usersync?b=dit&i=di_ea88ca4abc7e417ea04f8
35 B
237 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb.gumgum.com/usersync?b=dit&i=di_ea88ca4abc7e417ea04f8
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=0&gdpr_consent=
Protocol
H2
Server
34.233.157.225 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-233-157-225.compute-1.amazonaws.com
Software
nginx /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:08 GMT
content-type
image/gif;charset=UTF-8
server
nginx
p3p
CP="This is not a P3P policy"
cache-control
private, no-store, must-revalidate, max-age=0
timing-allow-origin
*
content-length
35
expires
0

Redirect headers

location
https://rtb.gumgum.com/usersync?b=dit&i=di_ea88ca4abc7e417ea04f8
date
Mon, 08 Nov 2021 15:48:07 GMT
server
a
content-type
image/gif
content-length
0
p3p
policyref='http://cdn.deepintent.com/p3p.xml', CP='NON CUR DEV TAI'
usersync
rtb.gumgum.com/ Frame 7D0E
Redirect Chain
  • https://ad.360yield.com/server_match?partner_id=N&r=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Didi%26i%3D%7BPUB_USER_ID%7D
  • https://rtb.gumgum.com/usersync?b=idi&i=f01c79f3-9500-4d87-8696-09efc50af0a6
35 B
237 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb.gumgum.com/usersync?b=idi&i=f01c79f3-9500-4d87-8696-09efc50af0a6
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=0&gdpr_consent=
Protocol
H2
Server
34.233.157.225 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-233-157-225.compute-1.amazonaws.com
Software
nginx /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:08 GMT
content-type
image/gif;charset=UTF-8
server
nginx
p3p
CP="This is not a P3P policy"
cache-control
private, no-store, must-revalidate, max-age=0
timing-allow-origin
*
content-length
35
expires
0

Redirect headers

location
https://rtb.gumgum.com/usersync?b=idi&i=f01c79f3-9500-4d87-8696-09efc50af0a6
date
Mon, 08 Nov 2021 15:48:08 GMT
access-control-allow-origin
*
content-type
text/plain
content-length
0
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
sync
ssbsync.smartadserver.com/api/ Frame 7D0E 		0
75 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ssbsync.smartadserver.com/api/sync?callerId=15
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=0&gdpr_consent=
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
199.187.193.181 , Canada, ASN47043 (SMARTADSERVER, CA),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:08 GMT
content-length
0
merge
ce.lijit.com/ Frame 7D0E 		43 B
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ce.lijit.com/merge?pid=36&3pid=u_d4d7bffb-5e3e-4ba9-9b01-d2554f1b5306
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=0&gdpr_consent=
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
63.251.86.49 , United States, ASN10913 (INTERNAP-BLK, US),
Reverse DNS
Software
nginx / raptor
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:08 GMT
Server
nginx
X-Powered-By
raptor
P3P
CP="CUR ADM OUR NOR STA NID"
Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod
ad_ap1dca1
Content-Type
image/gif
Content-Length
43
Expires
Fri, 20 Mar 2009 00:00:00 GMT
merge
ce.lijit.com/ Frame D4C6 		43 B
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ce.lijit.com/merge?pid=76&3pid=dec5acbb-67d2-481e-962f-fc99d17f6548&gdpr=0&gdpr_consent=
Requested by
Host: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/cm?id=dc2068a3-fa3d-4b5f-8a61-3d5a1a58fc05&ph=21f03281-5b83-4670-a0e0-dc15f7542014&r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D76%263pid%3D%7BOPENX_ID%7D&gdpr=0&gdpr_consent=
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
63.251.86.49 , United States, ASN10913 (INTERNAP-BLK, US),
Reverse DNS
Software
nginx / raptor
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://us-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:07 GMT
Server
nginx
X-Powered-By
raptor
P3P
CP="CUR ADM OUR NOR STA NID"
Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod
ad_ap1dca1
Content-Type
image/gif
Content-Length
43
Expires
Fri, 20 Mar 2009 00:00:00 GMT
sync
s.cpx.to/ Frame D4C6 		95 B
878 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.cpx.to/sync?dsp_uid=f2165e68-b1ce-4e1c-b305-b293a8594598&dsp=OPENX
Requested by
Host: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/cm?id=dc2068a3-fa3d-4b5f-8a61-3d5a1a58fc05&ph=21f03281-5b83-4670-a0e0-dc15f7542014&r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D76%263pid%3D%7BOPENX_ID%7D&gdpr=0&gdpr_consent=
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.255.141.19 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-255-141-19.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
bf27786b4381176350787d768bf5f7c5310ba640aa48ee98a3d2c310ddd971ab
Security Headers
Name Value
Content-Security-Policy default-src 'self'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://us-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma
no-cache
Content-Security-Policy
default-src 'self'
X-Content-Type-Options
nosniff
X-Permitted-Cross-Domain-Policies
none
Date
Mon, 08 Nov 2021 15:48:08 GMT
X-Frame-Options
sameorigin
Connection
keep-alive
P3P
CP="NOI DEV ADM"
Cache-Control
no-store, must-revalidate, private, max-age=0
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Type
image/png
Content-Length
95
Expires
Mon, 08 Nov 2021 15:48:08 UTC
sd
us-u.openx.net/w/1.0/ Frame D4C6
Redirect Chain
  • https://i.w55c.net/ping_match.gif?ei=OPENX&rurl=https%3A%2F%2Fus-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537072979%26val%3D_wfivefivec_
  • https://us-u.openx.net/w/1.0/sd?id=537072979&val=XuW5Oh981MK6Sp5
43 B
62 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://us-u.openx.net/w/1.0/sd?id=537072979&val=XuW5Oh981MK6Sp5
Requested by
Host: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/cm?id=dc2068a3-fa3d-4b5f-8a61-3d5a1a58fc05&ph=21f03281-5b83-4670-a0e0-dc15f7542014&r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D76%263pid%3D%7BOPENX_ID%7D&gdpr=0&gdpr_consent=
Protocol
H3
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/16.218.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://us-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:08 GMT
via
1.1 google
server
OXGW/16.218.0
vary
Accept
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
clear
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:07 GMT
Server
PingMatch/v2.0.30-691-gbabbd08#rel-ec2-master i-07d4133ce3be25904@us-east-1d@dxedge-app-us-east-1-prod-asg
Strict-Transport-Security
max-age=2592000; includeSubDomains
P3P
policyref="https://cts.w55c.net/ct/p3p_policy_ref.xml", CP="UNI PUR COM INT STA OTC STP OUR CUR TAIo COR DSP NOI"
Location
https://us-u.openx.net/w/1.0/sd?id=537072979&val=XuW5Oh981MK6Sp5
Cache-Control
no-cache, must-revalidate
Connection
keep-alive
Content-Length
0
Expires
Fri, 01 Jan 1990 00:00:00 GMT
sd
eu-u.openx.net/w/1.0/ Frame D4C6
Redirect Chain
  • https://c1.adform.net/serving/cookie/match?party=22
  • https://eu-u.openx.net/w/1.0/sd?id=537113484&val=4632481810353762187
43 B
106 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://eu-u.openx.net/w/1.0/sd?id=537113484&val=4632481810353762187
Requested by
Host: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/cm?id=dc2068a3-fa3d-4b5f-8a61-3d5a1a58fc05&ph=21f03281-5b83-4670-a0e0-dc15f7542014&r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D76%263pid%3D%7BOPENX_ID%7D&gdpr=0&gdpr_consent=
Protocol
H2
Server
35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
8.159.244.35.bc.googleusercontent.com
Software
OXGW/16.218.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://us-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:08 GMT
via
1.1 google
server
OXGW/16.218.0
vary
Accept
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:08 GMT
server
nginx
location
https://eu-u.openx.net/w/1.0/sd?id=537113484&val=4632481810353762187
access-control-max-age
86400
access-control-allow-methods
GET
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length
0
expires
-1
sd
us-u.openx.net/w/1.0/ Frame D4C6
Redirect Chain
  • https://pixel.quantserve.com/pixel/p-25CIknq_eSg16.gif?idmatch=0&gdpr=0
  • https://us-u.openx.net/w/1.0/sd?id=537072956&gdpr=0&val=fT-k8H84_v9mOq7xf22x-Hs3q_tmPKv4fD8U-6K-
43 B
62 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://us-u.openx.net/w/1.0/sd?id=537072956&gdpr=0&val=fT-k8H84_v9mOq7xf22x-Hs3q_tmPKv4fD8U-6K-
Requested by
Host: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/cm?id=dc2068a3-fa3d-4b5f-8a61-3d5a1a58fc05&ph=21f03281-5b83-4670-a0e0-dc15f7542014&r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D76%263pid%3D%7BOPENX_ID%7D&gdpr=0&gdpr_consent=
Protocol
H3
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/16.218.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://us-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:08 GMT
via
1.1 google
server
OXGW/16.218.0
vary
Accept
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
clear
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:08 GMT
strict-transport-security
max-age=86400
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
location
https://us-u.openx.net/w/1.0/sd?id=537072956&gdpr=0&val=fT-k8H84_v9mOq7xf22x-Hs3q_tmPKv4fD8U-6K-
cache-control
private, no-cache, no-store, proxy-revalidate
content-length
0
expires
Fri, 04 Aug 1978 12:00:00 GMT
sd
us-u.openx.net/w/1.0/ Frame D4C6
Redirect Chain
  • https://x.bidswitch.net/sync?ssp=openx
  • https://sync.srv.stackadapt.com/sync?nid=50&gdpr=&gdpr_consent=&gdpr_pd=&ssp=openx
  • https://x.bidswitch.net/sync?dsp_id=188&user_id=hUTaF9LeQ2xNm_19Q3CPgCV4zZU&user_group=1&ssp=openx
  • https://us-u.openx.net/w/1.0/sd?id=537072968&val=85c87065-7ef7-4b17-88e8-8c602c265f67
43 B
106 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://us-u.openx.net/w/1.0/sd?id=537072968&val=85c87065-7ef7-4b17-88e8-8c602c265f67
Requested by
Host: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/cm?id=dc2068a3-fa3d-4b5f-8a61-3d5a1a58fc05&ph=21f03281-5b83-4670-a0e0-dc15f7542014&r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D76%263pid%3D%7BOPENX_ID%7D&gdpr=0&gdpr_consent=
Protocol
H2
Server
35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
8.159.244.35.bc.googleusercontent.com
Software
OXGW/16.218.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://us-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:09 GMT
via
1.1 google
server
OXGW/16.218.0
vary
Accept
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

Location
//us-u.openx.net/w/1.0/sd?id=537072968&val=85c87065-7ef7-4b17-88e8-8c602c265f67
Date
Mon, 08 Nov 2021 15:48:09 GMT
Cache-Control
no-cache, no-store, must-revalidate
Server
nginx
Connection
keep-alive
Content-Length
0
sd
us-u.openx.net/w/1.0/ Frame D4C6
Redirect Chain
  • https://p.rfihub.com/cm?pub=25&in=1
  • https://us-u.openx.net/w/1.0/sd?id=537073062&val=978758875032371846
43 B
62 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://us-u.openx.net/w/1.0/sd?id=537073062&val=978758875032371846
Requested by
Host: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/cm?id=dc2068a3-fa3d-4b5f-8a61-3d5a1a58fc05&ph=21f03281-5b83-4670-a0e0-dc15f7542014&r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D76%263pid%3D%7BOPENX_ID%7D&gdpr=0&gdpr_consent=
Protocol
H3
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/16.218.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://us-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:08 GMT
via
1.1 google
server
OXGW/16.218.0
vary
Accept
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
clear
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

Location
https://us-u.openx.net/w/1.0/sd?id=537073062&val=978758875032371846
Date
Mon, 08 Nov 2021 15:48:08 GMT
Server
Jetty(9.3.29.v20201019)
Content-Length
0
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
merge
ce.lijit.com/ Frame 0C8E 		43 B
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ce.lijit.com/merge?pid=76&3pid=dec5acbb-67d2-481e-962f-fc99d17f6548&gdpr=0&gdpr_consent=
Requested by
Host: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/cm?id=dc2068a3-fa3d-4b5f-8a61-3d5a1a58fc05&ph=21f03281-5b83-4670-a0e0-dc15f7542014&r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D76%263pid%3D%7BOPENX_ID%7D&gdpr=0&gdpr_consent=
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
63.251.86.49 , United States, ASN10913 (INTERNAP-BLK, US),
Reverse DNS
Software
nginx / raptor
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://us-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:07 GMT
Server
nginx
X-Powered-By
raptor
P3P
CP="CUR ADM OUR NOR STA NID"
Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod
ad_ap1dca1
Content-Type
image/gif
Content-Length
43
Expires
Fri, 20 Mar 2009 00:00:00 GMT
sync
s.cpx.to/ Frame 0C8E 		95 B
878 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.cpx.to/sync?dsp_uid=f2165e68-b1ce-4e1c-b305-b293a8594598&dsp=OPENX
Requested by
Host: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/cm?id=dc2068a3-fa3d-4b5f-8a61-3d5a1a58fc05&ph=21f03281-5b83-4670-a0e0-dc15f7542014&r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D76%263pid%3D%7BOPENX_ID%7D&gdpr=0&gdpr_consent=
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.255.141.19 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-255-141-19.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
bf27786b4381176350787d768bf5f7c5310ba640aa48ee98a3d2c310ddd971ab
Security Headers
Name Value
Content-Security-Policy default-src 'self'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://us-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma
no-cache
Content-Security-Policy
default-src 'self'
X-Content-Type-Options
nosniff
X-Permitted-Cross-Domain-Policies
none
Date
Mon, 08 Nov 2021 15:48:08 GMT
X-Frame-Options
sameorigin
Connection
keep-alive
P3P
CP="NOI DEV ADM"
Cache-Control
no-store, must-revalidate, private, max-age=0
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Type
image/png
Content-Length
95
Expires
Mon, 08 Nov 2021 15:48:08 GMT
sd
us-u.openx.net/w/1.0/ Frame 0C8E
Redirect Chain
  • https://i.w55c.net/ping_match.gif?ei=OPENX&rurl=https%3A%2F%2Fus-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537072979%26val%3D_wfivefivec_
  • https://us-u.openx.net/w/1.0/sd?id=537072979&val=XuW5Oh981MK6Sp5
43 B
62 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://us-u.openx.net/w/1.0/sd?id=537072979&val=XuW5Oh981MK6Sp5
Requested by
Host: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/cm?id=dc2068a3-fa3d-4b5f-8a61-3d5a1a58fc05&ph=21f03281-5b83-4670-a0e0-dc15f7542014&r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D76%263pid%3D%7BOPENX_ID%7D&gdpr=0&gdpr_consent=
Protocol
H3
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/16.218.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://us-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:08 GMT
via
1.1 google
server
OXGW/16.218.0
vary
Accept
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
clear
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:07 GMT
Server
PingMatch/v2.0.30-691-gbabbd08#rel-ec2-master i-0705d816a3df65089@us-east-1e@dxedge-app-us-east-1-prod-asg
Strict-Transport-Security
max-age=2592000; includeSubDomains
P3P
policyref="https://cts.w55c.net/ct/p3p_policy_ref.xml", CP="UNI PUR COM INT STA OTC STP OUR CUR TAIo COR DSP NOI"
Location
https://us-u.openx.net/w/1.0/sd?id=537072979&val=XuW5Oh981MK6Sp5
Cache-Control
no-cache, must-revalidate
Connection
keep-alive
Content-Length
0
Expires
Fri, 01 Jan 1990 00:00:00 GMT
sd
eu-u.openx.net/w/1.0/ Frame 0C8E
Redirect Chain
  • https://c1.adform.net/serving/cookie/match?party=22
  • https://eu-u.openx.net/w/1.0/sd?id=537113484&val=4632481810353762187
43 B
106 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://eu-u.openx.net/w/1.0/sd?id=537113484&val=4632481810353762187
Requested by
Host: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/cm?id=dc2068a3-fa3d-4b5f-8a61-3d5a1a58fc05&ph=21f03281-5b83-4670-a0e0-dc15f7542014&r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D76%263pid%3D%7BOPENX_ID%7D&gdpr=0&gdpr_consent=
Protocol
H2
Server
35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
8.159.244.35.bc.googleusercontent.com
Software
OXGW/16.218.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://us-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:08 GMT
via
1.1 google
server
OXGW/16.218.0
vary
Accept
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:08 GMT
server
nginx
location
https://eu-u.openx.net/w/1.0/sd?id=537113484&val=4632481810353762187
access-control-max-age
86400
access-control-allow-methods
GET
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length
0
expires
-1
sd
us-u.openx.net/w/1.0/ Frame 0C8E
Redirect Chain
  • https://pixel.quantserve.com/pixel/p-25CIknq_eSg16.gif?idmatch=0&gdpr=0
  • https://us-u.openx.net/w/1.0/sd?id=537072956&gdpr=0&val=fT-k8H84_v9mOq7xf22x-Hs3q_tmPKv4fD8U-6K-
43 B
62 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://us-u.openx.net/w/1.0/sd?id=537072956&gdpr=0&val=fT-k8H84_v9mOq7xf22x-Hs3q_tmPKv4fD8U-6K-
Requested by
Host: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/cm?id=dc2068a3-fa3d-4b5f-8a61-3d5a1a58fc05&ph=21f03281-5b83-4670-a0e0-dc15f7542014&r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D76%263pid%3D%7BOPENX_ID%7D&gdpr=0&gdpr_consent=
Protocol
H3
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/16.218.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://us-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:08 GMT
via
1.1 google
server
OXGW/16.218.0
vary
Accept
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
clear
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:08 GMT
strict-transport-security
max-age=86400
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
location
https://us-u.openx.net/w/1.0/sd?id=537072956&gdpr=0&val=fT-k8H84_v9mOq7xf22x-Hs3q_tmPKv4fD8U-6K-
cache-control
private, no-cache, no-store, proxy-revalidate
content-length
0
expires
Fri, 04 Aug 1978 12:00:00 GMT
sd
us-u.openx.net/w/1.0/ Frame 0C8E
Redirect Chain
  • https://x.bidswitch.net/sync?ssp=openx
  • https://sync.srv.stackadapt.com/sync?nid=50&gdpr=&gdpr_consent=&gdpr_pd=&ssp=openx
  • https://x.bidswitch.net/sync?dsp_id=188&user_id=hUTaF9LeQ2xNm_19Q3CPgCV4zZU&user_group=1&ssp=openx
  • https://us-u.openx.net/w/1.0/sd?id=537072968&val=85c87065-7ef7-4b17-88e8-8c602c265f67
43 B
106 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://us-u.openx.net/w/1.0/sd?id=537072968&val=85c87065-7ef7-4b17-88e8-8c602c265f67
Requested by
Host: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/cm?id=dc2068a3-fa3d-4b5f-8a61-3d5a1a58fc05&ph=21f03281-5b83-4670-a0e0-dc15f7542014&r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D76%263pid%3D%7BOPENX_ID%7D&gdpr=0&gdpr_consent=
Protocol
H2
Server
35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
8.159.244.35.bc.googleusercontent.com
Software
OXGW/16.218.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://us-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:09 GMT
via
1.1 google
server
OXGW/16.218.0
vary
Accept
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

Location
//us-u.openx.net/w/1.0/sd?id=537072968&val=85c87065-7ef7-4b17-88e8-8c602c265f67
Date
Mon, 08 Nov 2021 15:48:09 GMT
Cache-Control
no-cache, no-store, must-revalidate
Server
nginx
Connection
keep-alive
Content-Length
0
sd
us-u.openx.net/w/1.0/ Frame 0C8E
Redirect Chain
  • https://p.rfihub.com/cm?pub=25&in=1
  • https://us-u.openx.net/w/1.0/sd?id=537073062&val=978758875032371846
43 B
62 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://us-u.openx.net/w/1.0/sd?id=537073062&val=978758875032371846
Requested by
Host: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/cm?id=dc2068a3-fa3d-4b5f-8a61-3d5a1a58fc05&ph=21f03281-5b83-4670-a0e0-dc15f7542014&r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D76%263pid%3D%7BOPENX_ID%7D&gdpr=0&gdpr_consent=
Protocol
H3
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/16.218.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://us-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:08 GMT
via
1.1 google
server
OXGW/16.218.0
vary
Accept
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
clear
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

Location
https://us-u.openx.net/w/1.0/sd?id=537073062&val=978758875032371846
Date
Mon, 08 Nov 2021 15:48:08 GMT
Server
Jetty(9.3.29.v20201019)
Content-Length
0
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
log
c21lg-d.media.net/ Frame CA67 		35 B
194 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://c21lg-d.media.net/log?logid=kfk&evtid=cs&origin=1&pvgid=data-c&ovsid=-NyQsDt-JrYCFWJ4s5kqoSPMy3qViYt0&cs=15&vsid=2793880847394129000V10
Requested by
Host: contextual.media.net
URL: https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUIUMTP7&prvid=2034%2C2033%2C2031%2C2030%2C273%2C2029%2C2028%2C2027%2C236%2C237%2C2025%2C238%2C117%2C97%2C99%2C3012%2C3011%2C3010%2C3007%2C201%2C4%2C246%2C2037%2C203%2C9%2C2011%2C3022%2C3020%2C251%2C175%2C2009%2C255%2C178%2C3018%2C3017%2C3016%2C214%2C3014%2C70%2C77%2C38%2C182%2C261%2C141%2C222%2C301%2C225%2C80%2C10000%2C108&purpose1=1&gdprconsent=1&gdpr=0&usp_status=0&usp_consent=1&itype=PREBID
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.205.72.10 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-205-72-10.deploy.static.akamaitechnologies.com
Software
Jetty(9.4.35.v20201120) /
Resource Hash
796c46ec10bc9105545f6f90d51593921b69956bd9087eb72bee83f40ad86f90

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://contextual.media.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:08 GMT
server
Jetty(9.4.35.v20201120)
content-type
image/gif
access-control-allow-origin
*
cache-control
max-age=0, no-cache, no-store
content-length
35
expires
Mon, 08 Nov 2021 15:48:08 GMT
log
c21lg-d.media.net/ Frame 8EDF 		35 B
194 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://c21lg-d.media.net/log?logid=kfk&evtid=cs&origin=1&pvgid=data-c&ovsid=9RVO1KoZBbLzq9j3zRHCVK2rvx11YiTw&cs=15&vsid=2793880847394129000V10
Requested by
Host: contextual.media.net
URL: https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUIUMTP7&prvid=2034%2C2033%2C2031%2C2030%2C273%2C2029%2C2028%2C2027%2C236%2C237%2C2025%2C238%2C117%2C97%2C99%2C3012%2C3011%2C3010%2C3007%2C201%2C4%2C246%2C2037%2C203%2C9%2C2011%2C3022%2C3020%2C251%2C175%2C2009%2C255%2C178%2C3018%2C3017%2C3016%2C214%2C3014%2C70%2C77%2C38%2C182%2C261%2C141%2C222%2C301%2C225%2C80%2C10000%2C108&purpose1=1&gdprconsent=1&gdpr=0&usp_status=0&usp_consent=1&itype=PREBID
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.205.72.10 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-205-72-10.deploy.static.akamaitechnologies.com
Software
Jetty(9.4.35.v20201120) /
Resource Hash
796c46ec10bc9105545f6f90d51593921b69956bd9087eb72bee83f40ad86f90

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://contextual.media.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:08 GMT
server
Jetty(9.4.35.v20201120)
content-type
image/gif
access-control-allow-origin
*
cache-control
max-age=0, no-cache, no-store
content-length
35
expires
Mon, 08 Nov 2021 15:48:08 GMT
usync.html
eus.rubiconproject.com/ Frame 95DB
Redirect Chain
  • https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=33across&endpoint=us-east&us_privacy=
  • https://eus.rubiconproject.com/usync.html?p=33across&endpoint=us-east&us_privacy=
281 B
554 B 		Document
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.html?p=33across&endpoint=us-east&us_privacy=
Requested by
Host: de.tynt.com
URL: https://de.tynt.com/deb/?m=xch&rt=html&ru=deb&id=azC7qard4r6OkMaKlId8sQ&gdpr_consent=undefined&us_privacy=undefined&b=1
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.73.244.44 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-73-244-44.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
about:blank

Response headers

Server
Apache/2.2.15 (CentOS)
Last-Modified
Tue, 26 Oct 2021 17:01:05 GMT
ETag
"40334-119-5cf446c48f640"
Accept-Ranges
bytes
Content-Encoding
gzip
Content-Length
233
Content-Type
text/html; charset=UTF-8
Date
Mon, 08 Nov 2021 15:48:08 GMT
Connection
keep-alive
Vary
Accept-Encoding

Redirect headers

Server
AkamaiGHost
Content-Length
0
Location
https://eus.rubiconproject.com/usync.html?p=33across&endpoint=us-east&us_privacy=
Date
Mon, 08 Nov 2021 15:48:08 GMT
Connection
keep-alive
Access-Control-Allow-Credentials
true
Access-Control-Allow-Origin
*
match
cms-xch-chicago.33across.com/ Frame F07E
Redirect Chain
  • https://x.bidswitch.net/sync?ssp=the33across&us_privacy=
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=bidswitch&ttd_tpi=1&ttd_puid=the33across&gdpr=&gdpr_consent=
  • https://x.bidswitch.net/sync?dsp_id=93&user_id=bef21cd7-0fed-4f87-bc0f-da97b65f7cb9&expires=30&ssp=the33across&gdpr=${GDPR}&gdpr_consent=${GDPR_CONSENT_21}
  • https://ssc-cms.33across.com/ps/?gdpr_consent=&ri=10&ru=https%3A%2F%2Fcms-xch.33across.com%2Fmatch%3Fgdpr_58%3D%24gdpr_58%26gdpr%3D%24%7Bgdpr%7D%26gdpr_consent%3D%24%7Bgdpr_consent%7D%26bidder_id%3...
  • https://cms-xch.33across.com/match?gdpr_58=&gdpr=0&gdpr_consent=&bidder_id=10&external_user_id=85c87065-7ef7-4b17-88e8-8c602c265f67
  • https://cms-xch-chicago.33across.com/match?gdpr_58=&gdpr=0&gdpr_consent=&bidder_id=10&external_user_id=85c87065-7ef7-4b17-88e8-8c602c265f67
68 B
127 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cms-xch-chicago.33across.com/match?gdpr_58=&gdpr=0&gdpr_consent=&bidder_id=10&external_user_id=85c87065-7ef7-4b17-88e8-8c602c265f67
Requested by
Host: de.tynt.com
URL: https://de.tynt.com/deb/?m=xch&rt=html&ru=deb&id=azC7qard4r6OkMaKlId8sQ&gdpr_consent=undefined&us_privacy=undefined&b=1
Protocol
H2
Server
34.117.239.71 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
71.239.117.34.bc.googleusercontent.com
Software
nginx/1.20.1 /
Resource Hash
2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://de.tynt.com/deb/?m=xch&rt=html&ru=deb&id=azC7qard4r6OkMaKlId8sQ&gdpr_consent=undefined&us_privacy=undefined&b=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:09 GMT
via
1.1 google, 1.1 google
server
nginx/1.20.1
cache-control
no-cache, no-store, max-age=0, must-revalidate
alt-svc
clear
content-length
68
content-type
image/png

Redirect headers

location
https://cms-xch-chicago.33across.com:443/match?gdpr_58=&gdpr=0&gdpr_consent=&bidder_id=10&external_user_id=85c87065-7ef7-4b17-88e8-8c602c265f67
date
Mon, 08 Nov 2021 15:48:09 GMT
server
awselb/2.0
content-length
134
content-type
text/html
match
cms-xch-chicago.33across.com/ Frame F07E
Redirect Chain
  • https://ssc-cms.33across.com/ps/?us_privacy=&ts=1636386487120.3&ri=1&ru=https%3A%2F%2Fsync.mathtag.com%2Fsync%2Fimg%3Fus_privacy%3D%24%7BUS_PRIVACY%7D%26mt_exid%3D73%26redir%3Dhttps%253A%252F%252Fc...
  • https://sync.mathtag.com/sync/img?us_privacy=&mt_exid=73&redir=https%3A%2F%2Fcms-xch-chicago.33across.com%2Fmatch%3Fus_privacy%3D%26bidder_id%3D1%26external_user_id%3D%5BMM_UUID%5D
  • https://cms-xch-chicago.33across.com/match?us_privacy=&bidder_id=1&external_user_id=47ba6189-46b6-4f00-a922-0724bc220c16
68 B
127 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cms-xch-chicago.33across.com/match?us_privacy=&bidder_id=1&external_user_id=47ba6189-46b6-4f00-a922-0724bc220c16
Requested by
Host: de.tynt.com
URL: https://de.tynt.com/deb/?m=xch&rt=html&ru=deb&id=azC7qard4r6OkMaKlId8sQ&gdpr_consent=undefined&us_privacy=undefined&b=1
Protocol
H2
Server
34.117.239.71 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
71.239.117.34.bc.googleusercontent.com
Software
nginx/1.20.1 /
Resource Hash
2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://de.tynt.com/deb/?m=xch&rt=html&ru=deb&id=azC7qard4r6OkMaKlId8sQ&gdpr_consent=undefined&us_privacy=undefined&b=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:09 GMT
via
1.1 google, 1.1 google
server
nginx/1.20.1
cache-control
no-cache, no-store, max-age=0, must-revalidate
alt-svc
clear
content-length
68
content-type
image/png

Redirect headers

Date
Mon, 08 Nov 2021 15:48:08 GMT
Server
MT3 4067 88cc6bf master iad-pixel-x22 config:1.0.0
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location
https://cms-xch-chicago.33across.com/match?us_privacy=&bidder_id=1&external_user_id=47ba6189-46b6-4f00-a922-0724bc220c16
Cache-Control
no-cache
Connection
keep-alive
Content-Type
image/gif
Keep-Alive
timeout=360
Content-Length
0
Expires
Mon, 08 Nov 2021 15:48:07 GMT
match
cms-xch-chicago.33across.com/ Frame F07E
Redirect Chain
  • https://ups.analytics.yahoo.com/ups/58350/sync?redir=true
  • https://ssc-cms.33across.com/ps/?xi=99&us_privacy=&xu=y-fwmeWOBE2uE1ko6kZlrw3r9Fzq76nnie~A
  • https://cms-xch-chicago.33across.com/match?bidder_id=99&external_user_id=y-fwmeWOBE2uE1ko6kZlrw3r9Fzq76nnie%7EA&ts=1636386488&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=
68 B
213 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cms-xch-chicago.33across.com/match?bidder_id=99&external_user_id=y-fwmeWOBE2uE1ko6kZlrw3r9Fzq76nnie%7EA&ts=1636386488&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=
Requested by
Host: de.tynt.com
URL: https://de.tynt.com/deb/?m=xch&rt=html&ru=deb&id=azC7qard4r6OkMaKlId8sQ&gdpr_consent=undefined&us_privacy=undefined&b=1
Protocol
H2
Server
34.117.239.71 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
71.239.117.34.bc.googleusercontent.com
Software
nginx/1.20.1 /
Resource Hash
2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://de.tynt.com/deb/?m=xch&rt=html&ru=deb&id=azC7qard4r6OkMaKlId8sQ&gdpr_consent=undefined&us_privacy=undefined&b=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:08 GMT
via
1.1 google, 1.1 google
server
nginx/1.20.1
cache-control
no-cache, no-store, max-age=0, must-revalidate
alt-svc
clear
content-length
68
content-type
image/png

Redirect headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:08 GMT
referrer-policy
unsafe-url
server
33XP005
x-33x-status
8000000008200000A
p3p
CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
location
https://cms-xch-chicago.33across.com/match?bidder_id=99&external_user_id=y-fwmeWOBE2uE1ko6kZlrw3r9Fzq76nnie%7EA&ts=1636386488&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=
cache-control
no-store, no-cache, must-revalidate
content-length
0
expires
Thu, 01-Jan-70 00:00:01 GMT
match
cms-xch-chicago.33across.com/ Frame F07E
Redirect Chain
  • https://33across-match.dotomi.com/match/bounce/current?networkId=78390&version=1&us_privacy=
  • https://33across-match.dotomi.com/match/bounce/current?DotomiTest=600cf18479f1230&is_secure=true&networkId=78390&version=1&us_privacy=
  • https://ssc-cms.33across.com/ps?xi=64&xu=AAAGdc93lGWA0wM5aFpeAAAAAAA&expiration=1636472888&is_secure=true&us_privacy=
  • https://cms-xch-chicago.33across.com/match?bidder_id=64&external_user_id=AAAGdc93lGWA0wM5aFpeAAAAAAA&ts=1636386488&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=
68 B
127 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cms-xch-chicago.33across.com/match?bidder_id=64&external_user_id=AAAGdc93lGWA0wM5aFpeAAAAAAA&ts=1636386488&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=
Requested by
Host: de.tynt.com
URL: https://de.tynt.com/deb/?m=xch&rt=html&ru=deb&id=azC7qard4r6OkMaKlId8sQ&gdpr_consent=undefined&us_privacy=undefined&b=1
Protocol
H2
Server
34.117.239.71 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
71.239.117.34.bc.googleusercontent.com
Software
nginx/1.20.1 /
Resource Hash
2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://de.tynt.com/deb/?m=xch&rt=html&ru=deb&id=azC7qard4r6OkMaKlId8sQ&gdpr_consent=undefined&us_privacy=undefined&b=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:09 GMT
via
1.1 google, 1.1 google
server
nginx/1.20.1
cache-control
no-cache, no-store, max-age=0, must-revalidate
alt-svc
clear
content-length
68
content-type
image/png

Redirect headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:08 GMT
referrer-policy
unsafe-url
server
33XP001
x-33x-status
8000000008200000A
p3p
CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
location
https://cms-xch-chicago.33across.com/match?bidder_id=64&external_user_id=AAAGdc93lGWA0wM5aFpeAAAAAAA&ts=1636386488&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=
cache-control
no-store, no-cache, must-revalidate
content-length
0
expires
Thu, 01-Jan-70 00:00:01 GMT
match
cms-xch-chicago.33across.com/ Frame F07E
Redirect Chain
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=f0v35ew&ttd_tpi=1&us_privacy=
  • https://ssc-cms.33across.com/ps/?ri=102&ru=https%3A%2F%2Fcms-xch-chicago.33across.com%2Fmatch%3Fbidder_id%3D102%26ttl%3D1638978487%26external_user_id%3Dbef21cd7-0fed-4f87-bc0f-da97b65f7cb9
  • https://cms-xch-chicago.33across.com/match?bidder_id=102&ttl=1638978487&external_user_id=bef21cd7-0fed-4f87-bc0f-da97b65f7cb9
68 B
127 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cms-xch-chicago.33across.com/match?bidder_id=102&ttl=1638978487&external_user_id=bef21cd7-0fed-4f87-bc0f-da97b65f7cb9
Requested by
Host: de.tynt.com
URL: https://de.tynt.com/deb/?m=xch&rt=html&ru=deb&id=azC7qard4r6OkMaKlId8sQ&gdpr_consent=undefined&us_privacy=undefined&b=1
Protocol
H2
Server
34.117.239.71 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
71.239.117.34.bc.googleusercontent.com
Software
nginx/1.20.1 /
Resource Hash
2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://de.tynt.com/deb/?m=xch&rt=html&ru=deb&id=azC7qard4r6OkMaKlId8sQ&gdpr_consent=undefined&us_privacy=undefined&b=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:09 GMT
via
1.1 google, 1.1 google
server
nginx/1.20.1
cache-control
no-cache, no-store, max-age=0, must-revalidate
alt-svc
clear
content-length
68
content-type
image/png

Redirect headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:07 GMT
referrer-policy
unsafe-url
server
33XP001
x-33x-status
40000000008200000A
p3p
CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
location
https://cms-xch-chicago.33across.com/match?bidder_id=102&ttl=1638978487&external_user_id=bef21cd7-0fed-4f87-bc0f-da97b65f7cb9
cache-control
no-store, no-cache, must-revalidate
content-length
0
expires
Thu, 01-Jan-70 00:00:01 GMT
SPug
simage4.pubmatic.com/AdServer/ Frame E629 		0
260 B 		Script
General
Check archive.org
Download Go to
Full URL
https://simage4.pubmatic.com/AdServer/SPug?partnerID=156631&gdpr=0&gdpr_consent=&us_privacy=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-iad04.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3Da925008edff725ea%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.36.115.114 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:08 GMT
cache-control
no-store, no-cache, private
server
nginx
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
PugMaster
image6.pubmatic.com/AdServer/ Frame 719F 		2 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=57580970&p=156212&s=0&a=0&ptask=ALL&np=0&fp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156212&predirect=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D71%263pid%3D&gdpr=1&gdpr_consent=ABCFETYFDJLNBFCV&gdpr=0&gdpr_consent=
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
8.28.7.81 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
70f036a2d13407ec8f9a5d9d74482f0149e05cc6b4dc0922b246e3d0fe665acf

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:06 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length
1917
content-type
text/html; charset=UTF-8
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame 377D 		14 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=0&gdprConsent=
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=0&gdpr_consent=
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
184.29.128.213 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-29-128-213.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
2295c7a89c8ac4a19e2641283109be472d8f58bd78e42a38a0d16e34203e4bba

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://rtb.gumgum.com/

Response headers

last-modified
Tue, 15 Jun 2021 06:08:03 GMT
etag
"1300708-3945-5c4c7cc02bd56"
server
Apache/2.2.15 (CentOS)
accept-ranges
bytes
content-encoding
gzip
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length
5054
content-type
text/html; charset=UTF-8
cache-control
max-age=124971
expires
Wed, 10 Nov 2021 02:30:59 GMT
date
Mon, 08 Nov 2021 15:48:08 GMT
vary
Accept-Encoding
usersync
rtb.gumgum.com/ Frame 71A2
Redirect Chain
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=gumgum&ttd_tpi=1&gdpr=0&gdpr_consent=
  • https://rtb.gumgum.com/usersync?b=ttd&i=bef21cd7-0fed-4f87-bc0f-da97b65f7cb9&t=1638978488
35 B
237 B 		Document
General
Check archive.org
Download Go to
Full URL
https://rtb.gumgum.com/usersync?b=ttd&i=bef21cd7-0fed-4f87-bc0f-da97b65f7cb9&t=1638978488
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=0&gdpr_consent=
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.233.157.225 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-233-157-225.compute-1.amazonaws.com
Software
nginx /
Resource Hash
1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://rtb.gumgum.com/

Response headers

date
Mon, 08 Nov 2021 15:48:08 GMT
content-type
image/gif;charset=UTF-8
content-length
35
server
nginx
p3p
CP="This is not a P3P policy"
cache-control
private, no-store, must-revalidate, max-age=0
expires
0
pragma
no-cache
timing-allow-origin
*

Redirect headers

date
Mon, 08 Nov 2021 15:48:08 GMT
content-type
text/html
content-length
209
location
https://rtb.gumgum.com/usersync?b=ttd&i=bef21cd7-0fed-4f87-bc0f-da97b65f7cb9&t=1638978488
cache-control
private,no-cache, must-revalidate
pragma
no-cache
x-aspnet-version
4.0.30319
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
usync.html
eus.rubiconproject.com/ Frame F096
Redirect Chain
  • https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=gumgum
  • https://eus.rubiconproject.com/usync.html?p=gumgum
281 B
554 B 		Document
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.html?p=gumgum
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=0&gdpr_consent=
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.73.244.44 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-73-244-44.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://rtb.gumgum.com/

Response headers

Server
Apache/2.2.15 (CentOS)
Last-Modified
Tue, 26 Oct 2021 17:01:05 GMT
ETag
"40334-119-5cf446c48f640"
Accept-Ranges
bytes
Content-Encoding
gzip
Content-Length
233
Content-Type
text/html; charset=UTF-8
Date
Mon, 08 Nov 2021 15:48:08 GMT
Connection
keep-alive
Vary
Accept-Encoding

Redirect headers

Server
AkamaiGHost
Content-Length
0
Location
https://eus.rubiconproject.com/usync.html?p=gumgum
Date
Mon, 08 Nov 2021 15:48:08 GMT
Connection
keep-alive
Access-Control-Allow-Credentials
true
Access-Control-Allow-Origin
*
usersync
rtb.gumgum.com/ Frame CB6B
Redirect Chain
  • https://sync.mathtag.com/sync/img?mt_exid=71&gdpr=0&gdpr_consent=&redir=https%3a%2f%2frtb.gumgum.com%2fusersync%3fb%3dmmh%26i%3d%5bMM_UUID%5d
  • https://rtb.gumgum.com/usersync?b=mmh&i=47ba6189-46b6-4f00-a922-0724bc220c16&gdpr=0&gdpr_consent=
35 B
237 B 		Document
General
Check archive.org
Download Go to
Full URL
https://rtb.gumgum.com/usersync?b=mmh&i=47ba6189-46b6-4f00-a922-0724bc220c16&gdpr=0&gdpr_consent=
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=0&gdpr_consent=
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.233.157.225 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-233-157-225.compute-1.amazonaws.com
Software
nginx /
Resource Hash
1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://rtb.gumgum.com/

Response headers

date
Mon, 08 Nov 2021 15:48:08 GMT
content-type
image/gif;charset=UTF-8
content-length
35
server
nginx
p3p
CP="This is not a P3P policy"
cache-control
private, no-store, must-revalidate, max-age=0
expires
0
pragma
no-cache
timing-allow-origin
*

Redirect headers

Date
Mon, 08 Nov 2021 15:48:08 GMT
Content-Type
image/gif
Content-Length
0
Connection
keep-alive
Keep-Alive
timeout=360
Server
MT3 4067 88cc6bf master iad-pixel-x24 config:1.0.0
Cache-Control
no-cache
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location
https://rtb.gumgum.com/usersync?b=mmh&i=47ba6189-46b6-4f00-a922-0724bc220c16&gdpr=0&gdpr_consent=
Expires
Mon, 08 Nov 2021 15:48:07 GMT
usersync
rtb.gumgum.com/ Frame 8059
Redirect Chain
  • https://sync-tm.everesttech.net/upi/pid/URnmbSKM?redir=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Datm%26i%3D%24%7BTM_USER_ID%7D&gdpr=0&gdpr_consent=
  • https://rtb.gumgum.com/usersync?b=atm&i=YYlGtQADCzBZAQAz&gdpr=0&gdpr_consent=
35 B
237 B 		Document
General
Check archive.org
Download Go to
Full URL
https://rtb.gumgum.com/usersync?b=atm&i=YYlGtQADCzBZAQAz&gdpr=0&gdpr_consent=
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=0&gdpr_consent=
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.233.157.225 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-233-157-225.compute-1.amazonaws.com
Software
nginx /
Resource Hash
1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://rtb.gumgum.com/

Response headers

date
Mon, 08 Nov 2021 15:48:08 GMT
content-type
image/gif;charset=UTF-8
content-length
35
server
nginx
p3p
CP="This is not a P3P policy"
cache-control
private, no-store, must-revalidate, max-age=0
expires
0
pragma
no-cache
timing-allow-origin
*

Redirect headers

server
Varnish
retry-after
0
location
https://rtb.gumgum.com/usersync?b=atm&i=YYlGtQADCzBZAQAz&gdpr=0&gdpr_consent=
accept-ranges
bytes
date
Mon, 08 Nov 2021 15:48:08 GMT
via
1.1 varnish
x-served-by
cache-yul12822-YUL
x-cache
HIT
x-cache-hits
0
x-timer
S1636386488.205467,VS0,VE0
cache-control
no-cache
pragma
no-cache
content-length
0
pixel
cm.g.doubleclick.net/ Frame C67E 		170 B
188 B 		Document
General
Check archive.org
Download Go to
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=gumgum_dbm&google_hm=dV9kNGQ3YmZmYi01ZTNlLTRiYTktOWIwMS1kMjU1NGYxYjUzMDY=&gdpr=0&gdpr_consent=
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=0&gdpr_consent=
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.65.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s71-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://rtb.gumgum.com/

Response headers

content-type
image/png
date
Mon, 08 Nov 2021 15:48:08 GMT
pragma
no-cache
expires
Fri, 01 Jan 1990 00:00:00 GMT
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
server
HTTP server (unknown)
content-length
170
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
/
de.tynt.com/deb/ Frame F4A6
Redirect Chain
  • https://ssc-cms.33across.com/ps/?m=xch&rt=html&id=0013300001r0t9mAAA&ru=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dtta%26i%3D33XUSERID33X
  • https://de.tynt.com/deb/?m=xch&rt=html&id=0013300001r0t9mAAA&ru=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dtta%26i%3D33XUSERID33X
1 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://de.tynt.com/deb/?m=xch&rt=html&id=0013300001r0t9mAAA&ru=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dtta%26i%3D33XUSERID33X
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=0&gdpr_consent=
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
67.202.105.31 , United States, ASN32748 (STEADFAST, US),
Reverse DNS
ip31.67-202-105.static.steadfastdns.net
Software
/
Resource Hash
64bc5b8291f72d94f9c8c981862c632f4278c55846d43599d404424cce755222

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://rtb.gumgum.com/

Response headers

cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false
expires
Sat, 26 Jul 1997 05:00:00 GMT
referrer-policy
unsafe-url
content-type
text/html
content-length
1344
date
Mon, 08 Nov 2021 15:48:07 GMT
p3p
CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"

Redirect headers

p3p
CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
referrer-policy
unsafe-url
pragma
no-cache
cache-control
no-store, no-cache, must-revalidate
expires
Thu, 01-Jan-70 00:00:01 GMT
x-33x-status
8340000A
server
33XP005
location
https://de.tynt.com/deb/?m=xch&rt=html&id=0013300001r0t9mAAA&ru=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dtta%26i%3D33XUSERID33X
content-length
0
date
Mon, 08 Nov 2021 15:48:07 GMT
usersync
rtb.gumgum.com/ Frame E368
Redirect Chain
  • https://cs.emxdgt.com/um?redirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Demx%26i%3D%24UID
  • https://ib.adnxs.com/getuid?https://cs.emxdgt.com/umcheck?apnxid=$UID&redirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Demx%26i%3D%24EMXUID&b64_redirect=aHR0cHM6Ly9ydGIuZ3VtZ3VtLmNvbS91c2Vyc3l...
  • https://cs.emxdgt.com/umcheck?apnxid=6624566760367890375&redirect=https://rtb.gumgum.com/usersync?b=emx&i=$EMXUID&b64_redirect=aHR0cHM6Ly9ydGIuZ3VtZ3VtLmNvbS91c2Vyc3luYz9iPWVteCZpPSRFTVhVSUQ=
  • https://rtb.gumgum.com/usersync?b=emx&i=6624566760367890375brt76091636386488213196a6
35 B
237 B 		Document
General
Check archive.org
Download Go to
Full URL
https://rtb.gumgum.com/usersync?b=emx&i=6624566760367890375brt76091636386488213196a6
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=0&gdpr_consent=
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.233.157.225 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-233-157-225.compute-1.amazonaws.com
Software
nginx /
Resource Hash
1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://rtb.gumgum.com/

Response headers

date
Mon, 08 Nov 2021 15:48:08 GMT
content-type
image/gif;charset=UTF-8
content-length
35
server
nginx
p3p
CP="This is not a P3P policy"
cache-control
private, no-store, must-revalidate, max-age=0
expires
0
pragma
no-cache
timing-allow-origin
*

Redirect headers

content-type
text/html
date
Mon, 08 Nov 2021 15:48:08 GMT
location
https://rtb.gumgum.com/usersync?b=emx&i=6624566760367890375brt76091636386488213196a6
content-length
0
usersync
rtb.gumgum.com/ Frame 0EE4
Redirect Chain
  • https://tg.socdm.com/aux/idsync?proto=gumgum
  • https://rtb.gumgum.com/usersync?b=sus&i=YYlGuMCo8XwAAPByevcAAAAA
35 B
237 B 		Document
General
Check archive.org
Download Go to
Full URL
https://rtb.gumgum.com/usersync?b=sus&i=YYlGuMCo8XwAAPByevcAAAAA
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=0&gdpr_consent=
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.233.157.225 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-233-157-225.compute-1.amazonaws.com
Software
nginx /
Resource Hash
1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://rtb.gumgum.com/

Response headers

date
Mon, 08 Nov 2021 15:48:08 GMT
content-type
image/gif;charset=UTF-8
content-length
35
server
nginx
p3p
CP="This is not a P3P policy"
cache-control
private, no-store, must-revalidate, max-age=0
expires
0
pragma
no-cache
timing-allow-origin
*

Redirect headers

Server
nginx
Date
Mon, 08 Nov 2021 15:48:08 GMT
Content-Length
0
Connection
keep-alive
Cache-Control
private
Location
https://rtb.gumgum.com/usersync?b=sus&i=YYlGuMCo8XwAAPByevcAAAAA
P3P
CP="See also http://www.scaleout.jp/privacy/"
X-SO-Ads-Time
2
X-SO-HostName
a-ad40269.dc2p.scaleout.jp
X-SO-LB-Hostname
m-tgng24.dc4p.scaleout.jp
X-SO-LB-Data
{"ban":false,"clean_query":"\/aux\/idsync?proto=gumgum","cluster_id":49,"gdpr":false,"ipv4":"37.120.205.149","key":"YYlGuMCo8XwAAPByevcAAAAA","privacy_sensitive":false,"uid":"","upstream_id":"a-ad40269"}
X-SO-Key
YYlGuMCo8XwAAPByevcAAAAA
X-SO-IP
37.120.205.149
X-SO-Cluster-ID
49
X-SO-Upstream-ID
a-ad40269
usersync
rtb.gumgum.com/ Frame 313D
Redirect Chain
  • https://p.rfihub.com/cm?pub=42796&in=1
  • https://rtb.gumgum.com/usersync?b=zet&i=978758875032371846
35 B
237 B 		Document
General
Check archive.org
Download Go to
Full URL
https://rtb.gumgum.com/usersync?b=zet&i=978758875032371846
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=0&gdpr_consent=
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.233.157.225 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-233-157-225.compute-1.amazonaws.com
Software
nginx /
Resource Hash
1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://rtb.gumgum.com/

Response headers

date
Mon, 08 Nov 2021 15:48:08 GMT
content-type
image/gif;charset=UTF-8
content-length
35
server
nginx
p3p
CP="This is not a P3P policy"
cache-control
private, no-store, must-revalidate, max-age=0
expires
0
pragma
no-cache
timing-allow-origin
*

Redirect headers

Date
Mon, 08 Nov 2021 15:48:08 GMT
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location
https://rtb.gumgum.com/usersync?b=zet&i=978758875032371846
Content-Length
0
Server
Jetty(9.3.29.v20201019)
usersync
rtb.gumgum.com/ Frame 1A7F
Redirect Chain
  • https://creativecdn.com/cm-notify?pi=gumgum
  • https://rtb.gumgum.com/usersync?b=rth&i=tQ69bRhylMgWIwynDRVw&pi=gumgum
35 B
237 B 		Document
General
Check archive.org
Download Go to
Full URL
https://rtb.gumgum.com/usersync?b=rth&i=tQ69bRhylMgWIwynDRVw&pi=gumgum
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=0&gdpr_consent=
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.233.157.225 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-233-157-225.compute-1.amazonaws.com
Software
nginx /
Resource Hash
1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://rtb.gumgum.com/

Response headers

date
Mon, 08 Nov 2021 15:48:08 GMT
content-type
image/gif;charset=UTF-8
content-length
35
server
nginx
p3p
CP="This is not a P3P policy"
cache-control
private, no-store, must-revalidate, max-age=0
expires
0
pragma
no-cache
timing-allow-origin
*

Redirect headers

date
Mon, 08 Nov 2021 15:48:08 GMT Mon, 08 Nov 2021 15:48:08 GMT
location
https://rtb.gumgum.com/usersync?b=rth&i=tQ69bRhylMgWIwynDRVw&pi=gumgum
cache-control
no-cache, no-store, must-revalidate, private, max-age=0
pragma
no-cache
expires
Thu, 01 Jan 1970 00:00:00 GMT
content-length
0
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame F67B 		14 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=0&gdprConsent=
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=0&gdpr_consent=
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
184.29.128.213 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-29-128-213.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
2295c7a89c8ac4a19e2641283109be472d8f58bd78e42a38a0d16e34203e4bba

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://rtb.gumgum.com/

Response headers

last-modified
Tue, 15 Jun 2021 06:08:03 GMT
etag
"1300708-3945-5c4c7cc02bd56"
server
Apache/2.2.15 (CentOS)
accept-ranges
bytes
content-encoding
gzip
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length
5054
content-type
text/html; charset=UTF-8
cache-control
max-age=124971
expires
Wed, 10 Nov 2021 02:30:59 GMT
date
Mon, 08 Nov 2021 15:48:08 GMT
vary
Accept-Encoding
usersync
rtb.gumgum.com/ Frame 743E
Redirect Chain
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=gumgum&ttd_tpi=1&gdpr=0&gdpr_consent=
  • https://rtb.gumgum.com/usersync?b=ttd&i=bef21cd7-0fed-4f87-bc0f-da97b65f7cb9&t=1638978488
35 B
237 B 		Document
General
Check archive.org
Download Go to
Full URL
https://rtb.gumgum.com/usersync?b=ttd&i=bef21cd7-0fed-4f87-bc0f-da97b65f7cb9&t=1638978488
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=0&gdpr_consent=
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.233.157.225 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-233-157-225.compute-1.amazonaws.com
Software
nginx /
Resource Hash
1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://rtb.gumgum.com/

Response headers

date
Mon, 08 Nov 2021 15:48:08 GMT
content-type
image/gif;charset=UTF-8
content-length
35
server
nginx
p3p
CP="This is not a P3P policy"
cache-control
private, no-store, must-revalidate, max-age=0
expires
0
pragma
no-cache
timing-allow-origin
*

Redirect headers

date
Mon, 08 Nov 2021 15:48:08 GMT
content-type
text/html
content-length
209
location
https://rtb.gumgum.com/usersync?b=ttd&i=bef21cd7-0fed-4f87-bc0f-da97b65f7cb9&t=1638978488
cache-control
private,no-cache, must-revalidate
pragma
no-cache
x-aspnet-version
4.0.30319
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
usync.html
eus.rubiconproject.com/ Frame C596
Redirect Chain
  • https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=gumgum
  • https://eus.rubiconproject.com/usync.html?p=gumgum
281 B
554 B 		Document
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.html?p=gumgum
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=0&gdpr_consent=
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.73.244.44 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-73-244-44.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://rtb.gumgum.com/

Response headers

Server
Apache/2.2.15 (CentOS)
Last-Modified
Tue, 26 Oct 2021 17:01:05 GMT
ETag
"40334-119-5cf446c48f640"
Accept-Ranges
bytes
Content-Encoding
gzip
Content-Length
233
Content-Type
text/html; charset=UTF-8
Date
Mon, 08 Nov 2021 15:48:08 GMT
Connection
keep-alive
Vary
Accept-Encoding

Redirect headers

Server
AkamaiGHost
Content-Length
0
Location
https://eus.rubiconproject.com/usync.html?p=gumgum
Date
Mon, 08 Nov 2021 15:48:08 GMT
Connection
keep-alive
Access-Control-Allow-Credentials
true
Access-Control-Allow-Origin
*
usersync
rtb.gumgum.com/ Frame FF56
Redirect Chain
  • https://sync.mathtag.com/sync/img?mt_exid=71&gdpr=0&gdpr_consent=&redir=https%3a%2f%2frtb.gumgum.com%2fusersync%3fb%3dmmh%26i%3d%5bMM_UUID%5d
  • https://rtb.gumgum.com/usersync?b=mmh&i=47ba6189-46b6-4f00-a922-0724bc220c16&gdpr=0&gdpr_consent=
35 B
237 B 		Document
General
Check archive.org
Download Go to
Full URL
https://rtb.gumgum.com/usersync?b=mmh&i=47ba6189-46b6-4f00-a922-0724bc220c16&gdpr=0&gdpr_consent=
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=0&gdpr_consent=
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.233.157.225 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-233-157-225.compute-1.amazonaws.com
Software
nginx /
Resource Hash
1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://rtb.gumgum.com/

Response headers

date
Mon, 08 Nov 2021 15:48:08 GMT
content-type
image/gif;charset=UTF-8
content-length
35
server
nginx
p3p
CP="This is not a P3P policy"
cache-control
private, no-store, must-revalidate, max-age=0
expires
0
pragma
no-cache
timing-allow-origin
*

Redirect headers

Date
Mon, 08 Nov 2021 15:48:08 GMT
Content-Type
image/gif
Content-Length
0
Connection
keep-alive
Keep-Alive
timeout=360
Server
MT3 4067 88cc6bf master iad-pixel-x4 config:1.0.0
Cache-Control
no-cache
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location
https://rtb.gumgum.com/usersync?b=mmh&i=47ba6189-46b6-4f00-a922-0724bc220c16&gdpr=0&gdpr_consent=
Expires
Mon, 08 Nov 2021 15:48:07 GMT
usersync
rtb.gumgum.com/ Frame 0B6D
Redirect Chain
  • https://sync-tm.everesttech.net/upi/pid/URnmbSKM?redir=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Datm%26i%3D%24%7BTM_USER_ID%7D&gdpr=0&gdpr_consent=
  • https://rtb.gumgum.com/usersync?b=atm&i=YYlGtQADCzBZAQAz&gdpr=0&gdpr_consent=
35 B
237 B 		Document
General
Check archive.org
Download Go to
Full URL
https://rtb.gumgum.com/usersync?b=atm&i=YYlGtQADCzBZAQAz&gdpr=0&gdpr_consent=
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=0&gdpr_consent=
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.233.157.225 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-233-157-225.compute-1.amazonaws.com
Software
nginx /
Resource Hash
1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://rtb.gumgum.com/

Response headers

date
Mon, 08 Nov 2021 15:48:08 GMT
content-type
image/gif;charset=UTF-8
content-length
35
server
nginx
p3p
CP="This is not a P3P policy"
cache-control
private, no-store, must-revalidate, max-age=0
expires
0
pragma
no-cache
timing-allow-origin
*

Redirect headers

server
Varnish
retry-after
0
location
https://rtb.gumgum.com/usersync?b=atm&i=YYlGtQADCzBZAQAz&gdpr=0&gdpr_consent=
accept-ranges
bytes
date
Mon, 08 Nov 2021 15:48:08 GMT
via
1.1 varnish
x-served-by
cache-yul12822-YUL
x-cache
HIT
x-cache-hits
0
x-timer
S1636386488.260389,VS0,VE0
cache-control
no-cache
pragma
no-cache
content-length
0
pixel
cm.g.doubleclick.net/ Frame 935A 		170 B
188 B 		Document
General
Check archive.org
Download Go to
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=gumgum_dbm&google_hm=dV9kNGQ3YmZmYi01ZTNlLTRiYTktOWIwMS1kMjU1NGYxYjUzMDY=&gdpr=0&gdpr_consent=
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=0&gdpr_consent=
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.65.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s71-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://rtb.gumgum.com/

Response headers

content-type
image/png
date
Mon, 08 Nov 2021 15:48:08 GMT
pragma
no-cache
expires
Fri, 01 Jan 1990 00:00:00 GMT
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
server
HTTP server (unknown)
content-length
170
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
/
de.tynt.com/deb/ Frame 0471
Redirect Chain
  • https://ssc-cms.33across.com/ps/?m=xch&rt=html&id=0013300001r0t9mAAA&ru=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dtta%26i%3D33XUSERID33X
  • https://de.tynt.com/deb/?m=xch&rt=html&id=0013300001r0t9mAAA&ru=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dtta%26i%3D33XUSERID33X
1 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://de.tynt.com/deb/?m=xch&rt=html&id=0013300001r0t9mAAA&ru=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dtta%26i%3D33XUSERID33X
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=0&gdpr_consent=
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
67.202.105.31 , United States, ASN32748 (STEADFAST, US),
Reverse DNS
ip31.67-202-105.static.steadfastdns.net
Software
/
Resource Hash
eafd1a3d38f044a1b16b51a020cf07e81d290e1f043182f5891d064e0aef9a52

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://rtb.gumgum.com/

Response headers

cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false
expires
Sat, 26 Jul 1997 05:00:00 GMT
referrer-policy
unsafe-url
content-type
text/html
content-length
1344
date
Mon, 08 Nov 2021 15:48:07 GMT
p3p
CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"

Redirect headers

p3p
CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
referrer-policy
unsafe-url
pragma
no-cache
cache-control
no-store, no-cache, must-revalidate
expires
Thu, 01-Jan-70 00:00:01 GMT
x-33x-status
8340000A
server
33XP003
location
https://de.tynt.com/deb/?m=xch&rt=html&id=0013300001r0t9mAAA&ru=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dtta%26i%3D33XUSERID33X
content-length
0
date
Mon, 08 Nov 2021 15:48:07 GMT
usersync
rtb.gumgum.com/ Frame D030
Redirect Chain
  • https://cs.emxdgt.com/um?redirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Demx%26i%3D%24UID
  • https://ib.adnxs.com/getuid?https://rtb.gumgum.com/usersync?b=emx&i=$UIDbrt76091636386488213196a6
  • https://rtb.gumgum.com/usersync?b=emx&i=6624566760367890375brt76091636386488213196a6
35 B
237 B 		Document
General
Check archive.org
Download Go to
Full URL
https://rtb.gumgum.com/usersync?b=emx&i=6624566760367890375brt76091636386488213196a6
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=0&gdpr_consent=
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.233.157.225 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-233-157-225.compute-1.amazonaws.com
Software
nginx /
Resource Hash
1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://rtb.gumgum.com/

Response headers

date
Mon, 08 Nov 2021 15:48:08 GMT
content-type
image/gif;charset=UTF-8
content-length
35
server
nginx
p3p
CP="This is not a P3P policy"
cache-control
private, no-store, must-revalidate, max-age=0
expires
0
pragma
no-cache
timing-allow-origin
*

Redirect headers

Server
nginx/1.17.9
Date
Mon, 08 Nov 2021 15:48:08 GMT
Content-Type
text/html; charset=utf-8
Content-Length
0
Connection
keep-alive
Cache-Control
no-store, no-cache, private
Pragma
no-cache
Expires
Sat, 15 Nov 2008 16:00:00 GMT
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection
0
Access-Control-Allow-Credentials
true
Access-Control-Allow-Origin
*
Location
https://rtb.gumgum.com/usersync?b=emx&i=6624566760367890375brt76091636386488213196a6
AN-X-Request-Uuid
8f87ceb3-96cc-425f-b853-84ce106f398a
X-Proxy-Origin
37.120.205.149; 37.120.205.149; 803.bm-nginx-loadbalancer.mgmt.nym2; adnxs.com
usersync
rtb.gumgum.com/ Frame 3AF0
Redirect Chain
  • https://tg.socdm.com/aux/idsync?proto=gumgum
  • https://rtb.gumgum.com/usersync?b=sus&i=YYlGuMCo8X0AADSBN-UAAAAA
35 B
237 B 		Document
General
Check archive.org
Download Go to
Full URL
https://rtb.gumgum.com/usersync?b=sus&i=YYlGuMCo8X0AADSBN-UAAAAA
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=0&gdpr_consent=
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.233.157.225 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-233-157-225.compute-1.amazonaws.com
Software
nginx /
Resource Hash
1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://rtb.gumgum.com/

Response headers

date
Mon, 08 Nov 2021 15:48:08 GMT
content-type
image/gif;charset=UTF-8
content-length
35
server
nginx
p3p
CP="This is not a P3P policy"
cache-control
private, no-store, must-revalidate, max-age=0
expires
0
pragma
no-cache
timing-allow-origin
*

Redirect headers

Server
nginx
Date
Mon, 08 Nov 2021 15:48:08 GMT
Content-Length
0
Connection
keep-alive
Cache-Control
private
Location
https://rtb.gumgum.com/usersync?b=sus&i=YYlGuMCo8X0AADSBN-UAAAAA
P3P
CP="See also http://www.scaleout.jp/privacy/"
X-SO-Ads-Time
1
X-SO-HostName
m-ad285.dc4p.scaleout.jp
X-SO-LB-Hostname
m-tgng25.dc4p.scaleout.jp
X-SO-LB-Data
{"ban":false,"clean_query":"\/aux\/idsync?proto=gumgum","cluster_id":29,"gdpr":false,"ipv4":"37.120.205.149","key":"YYlGuMCo8X0AADSBN-UAAAAA","privacy_sensitive":false,"uid":"","upstream_id":"m-ad285"}
X-SO-Key
YYlGuMCo8X0AADSBN-UAAAAA
X-SO-IP
37.120.205.149
X-SO-Cluster-ID
29
X-SO-Upstream-ID
m-ad285
usersync
rtb.gumgum.com/ Frame 9975
Redirect Chain
  • https://p.rfihub.com/cm?pub=42796&in=1
  • https://rtb.gumgum.com/usersync?b=zet&i=978758875032371846
35 B
237 B 		Document
General
Check archive.org
Download Go to
Full URL
https://rtb.gumgum.com/usersync?b=zet&i=978758875032371846
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=0&gdpr_consent=
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.233.157.225 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-233-157-225.compute-1.amazonaws.com
Software
nginx /
Resource Hash
1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://rtb.gumgum.com/

Response headers

date
Mon, 08 Nov 2021 15:48:08 GMT
content-type
image/gif;charset=UTF-8
content-length
35
server
nginx
p3p
CP="This is not a P3P policy"
cache-control
private, no-store, must-revalidate, max-age=0
expires
0
pragma
no-cache
timing-allow-origin
*

Redirect headers

Date
Mon, 08 Nov 2021 15:48:08 GMT
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location
https://rtb.gumgum.com/usersync?b=zet&i=978758875032371846
Content-Length
0
Server
Jetty(9.3.29.v20201019)
usersync
rtb.gumgum.com/ Frame 7C1F
Redirect Chain
  • https://creativecdn.com/cm-notify?pi=gumgum
  • https://rtb.gumgum.com/usersync?b=rth&i=tQ69bRhylMgWIwynDRVw&pi=gumgum
35 B
237 B 		Document
General
Check archive.org
Download Go to
Full URL
https://rtb.gumgum.com/usersync?b=rth&i=tQ69bRhylMgWIwynDRVw&pi=gumgum
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=0&gdpr_consent=
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.233.157.225 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-233-157-225.compute-1.amazonaws.com
Software
nginx /
Resource Hash
1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://rtb.gumgum.com/

Response headers

date
Mon, 08 Nov 2021 15:48:08 GMT
content-type
image/gif;charset=UTF-8
content-length
35
server
nginx
p3p
CP="This is not a P3P policy"
cache-control
private, no-store, must-revalidate, max-age=0
expires
0
pragma
no-cache
timing-allow-origin
*

Redirect headers

date
Mon, 08 Nov 2021 15:48:08 GMT Mon, 08 Nov 2021 15:48:08 GMT
location
https://rtb.gumgum.com/usersync?b=rth&i=tQ69bRhylMgWIwynDRVw&pi=gumgum
cache-control
no-cache, no-store, must-revalidate, private, max-age=0
pragma
no-cache
expires
Thu, 01 Jan 1970 00:00:00 GMT
content-length
0
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame 6B06 		14 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=0&gdprConsent=
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=0&gdpr_consent=
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
184.29.128.213 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-29-128-213.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
2295c7a89c8ac4a19e2641283109be472d8f58bd78e42a38a0d16e34203e4bba

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://rtb.gumgum.com/

Response headers

last-modified
Tue, 15 Jun 2021 06:08:03 GMT
etag
"1300708-3945-5c4c7cc02bd56"
server
Apache/2.2.15 (CentOS)
accept-ranges
bytes
content-encoding
gzip
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length
5054
content-type
text/html; charset=UTF-8
cache-control
max-age=124971
expires
Wed, 10 Nov 2021 02:30:59 GMT
date
Mon, 08 Nov 2021 15:48:08 GMT
vary
Accept-Encoding
usersync
rtb.gumgum.com/ Frame 3C47
Redirect Chain
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=gumgum&ttd_tpi=1&gdpr=0&gdpr_consent=
  • https://rtb.gumgum.com/usersync?b=ttd&i=bef21cd7-0fed-4f87-bc0f-da97b65f7cb9&t=1638978488
35 B
237 B 		Document
General
Check archive.org
Download Go to
Full URL
https://rtb.gumgum.com/usersync?b=ttd&i=bef21cd7-0fed-4f87-bc0f-da97b65f7cb9&t=1638978488
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=0&gdpr_consent=
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.233.157.225 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-233-157-225.compute-1.amazonaws.com
Software
nginx /
Resource Hash
1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://rtb.gumgum.com/

Response headers

date
Mon, 08 Nov 2021 15:48:08 GMT
content-type
image/gif;charset=UTF-8
content-length
35
server
nginx
p3p
CP="This is not a P3P policy"
cache-control
private, no-store, must-revalidate, max-age=0
expires
0
pragma
no-cache
timing-allow-origin
*

Redirect headers

date
Mon, 08 Nov 2021 15:48:08 GMT
content-type
text/html
content-length
209
location
https://rtb.gumgum.com/usersync?b=ttd&i=bef21cd7-0fed-4f87-bc0f-da97b65f7cb9&t=1638978488
cache-control
private,no-cache, must-revalidate
pragma
no-cache
x-aspnet-version
4.0.30319
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
usync.html
eus.rubiconproject.com/ Frame 7BE2
Redirect Chain
  • https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=gumgum
  • https://eus.rubiconproject.com/usync.html?p=gumgum
281 B
554 B 		Document
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.html?p=gumgum
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=0&gdpr_consent=
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.73.244.44 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-73-244-44.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://rtb.gumgum.com/

Response headers

Server
Apache/2.2.15 (CentOS)
Last-Modified
Tue, 26 Oct 2021 17:01:05 GMT
ETag
"40334-119-5cf446c48f640"
Accept-Ranges
bytes
Content-Encoding
gzip
Content-Length
233
Content-Type
text/html; charset=UTF-8
Date
Mon, 08 Nov 2021 15:48:08 GMT
Connection
keep-alive
Vary
Accept-Encoding

Redirect headers

Server
AkamaiGHost
Content-Length
0
Location
https://eus.rubiconproject.com/usync.html?p=gumgum
Date
Mon, 08 Nov 2021 15:48:08 GMT
Connection
keep-alive
Access-Control-Allow-Credentials
true
Access-Control-Allow-Origin
*
usersync
rtb.gumgum.com/ Frame 7430
Redirect Chain
  • https://sync.mathtag.com/sync/img?mt_exid=71&gdpr=0&gdpr_consent=&redir=https%3a%2f%2frtb.gumgum.com%2fusersync%3fb%3dmmh%26i%3d%5bMM_UUID%5d
  • https://rtb.gumgum.com/usersync?b=mmh&i=47ba6189-46b6-4f00-a922-0724bc220c16&gdpr=0&gdpr_consent=
35 B
237 B 		Document
General
Check archive.org
Download Go to
Full URL
https://rtb.gumgum.com/usersync?b=mmh&i=47ba6189-46b6-4f00-a922-0724bc220c16&gdpr=0&gdpr_consent=
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=0&gdpr_consent=
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.233.157.225 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-233-157-225.compute-1.amazonaws.com
Software
nginx /
Resource Hash
1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://rtb.gumgum.com/

Response headers

date
Mon, 08 Nov 2021 15:48:08 GMT
content-type
image/gif;charset=UTF-8
content-length
35
server
nginx
p3p
CP="This is not a P3P policy"
cache-control
private, no-store, must-revalidate, max-age=0
expires
0
pragma
no-cache
timing-allow-origin
*

Redirect headers

Date
Mon, 08 Nov 2021 15:48:08 GMT
Content-Type
image/gif
Content-Length
0
Connection
keep-alive
Keep-Alive
timeout=360
Server
MT3 4067 88cc6bf master iad-pixel-x32 config:1.0.0
Cache-Control
no-cache
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location
https://rtb.gumgum.com/usersync?b=mmh&i=47ba6189-46b6-4f00-a922-0724bc220c16&gdpr=0&gdpr_consent=
Expires
Mon, 08 Nov 2021 15:48:07 GMT
usersync
rtb.gumgum.com/ Frame 5474
Redirect Chain
  • https://sync-tm.everesttech.net/upi/pid/URnmbSKM?redir=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Datm%26i%3D%24%7BTM_USER_ID%7D&gdpr=0&gdpr_consent=
  • https://rtb.gumgum.com/usersync?b=atm&i=YYlGtQADCzBZAQAz&gdpr=0&gdpr_consent=
35 B
237 B 		Document
General
Check archive.org
Download Go to
Full URL
https://rtb.gumgum.com/usersync?b=atm&i=YYlGtQADCzBZAQAz&gdpr=0&gdpr_consent=
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=0&gdpr_consent=
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.233.157.225 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-233-157-225.compute-1.amazonaws.com
Software
nginx /
Resource Hash
1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://rtb.gumgum.com/

Response headers

date
Mon, 08 Nov 2021 15:48:08 GMT
content-type
image/gif;charset=UTF-8
content-length
35
server
nginx
p3p
CP="This is not a P3P policy"
cache-control
private, no-store, must-revalidate, max-age=0
expires
0
pragma
no-cache
timing-allow-origin
*

Redirect headers

server
Varnish
retry-after
0
location
https://rtb.gumgum.com/usersync?b=atm&i=YYlGtQADCzBZAQAz&gdpr=0&gdpr_consent=
accept-ranges
bytes
date
Mon, 08 Nov 2021 15:48:08 GMT
via
1.1 varnish
x-served-by
cache-yul12822-YUL
x-cache
HIT
x-cache-hits
0
x-timer
S1636386488.288251,VS0,VE0
cache-control
no-cache
pragma
no-cache
content-length
0
pixel
cm.g.doubleclick.net/ Frame 570A 		170 B
188 B 		Document
General
Check archive.org
Download Go to
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=gumgum_dbm&google_hm=dV9kNGQ3YmZmYi01ZTNlLTRiYTktOWIwMS1kMjU1NGYxYjUzMDY=&gdpr=0&gdpr_consent=
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=0&gdpr_consent=
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.65.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s71-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://rtb.gumgum.com/

Response headers

content-type
image/png
date
Mon, 08 Nov 2021 15:48:08 GMT
pragma
no-cache
expires
Fri, 01 Jan 1990 00:00:00 GMT
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
server
HTTP server (unknown)
content-length
170
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
/
de.tynt.com/deb/ Frame A0C4
Redirect Chain
  • https://ssc-cms.33across.com/ps/?m=xch&rt=html&id=0013300001r0t9mAAA&ru=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dtta%26i%3D33XUSERID33X
  • https://de.tynt.com/deb/?m=xch&rt=html&id=0013300001r0t9mAAA&ru=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dtta%26i%3D33XUSERID33X
1 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://de.tynt.com/deb/?m=xch&rt=html&id=0013300001r0t9mAAA&ru=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dtta%26i%3D33XUSERID33X
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=0&gdpr_consent=
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
67.202.105.31 , United States, ASN32748 (STEADFAST, US),
Reverse DNS
ip31.67-202-105.static.steadfastdns.net
Software
/
Resource Hash
d40731d1df11a93fc5faa6687ee011771fdb10c586cb65df6b8e859adf5934d3

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://rtb.gumgum.com/

Response headers

cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false
expires
Sat, 26 Jul 1997 05:00:00 GMT
referrer-policy
unsafe-url
content-type
text/html
content-length
1344
date
Mon, 08 Nov 2021 15:48:08 GMT
p3p
CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"

Redirect headers

p3p
CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
referrer-policy
unsafe-url
pragma
no-cache
cache-control
no-store, no-cache, must-revalidate
expires
Thu, 01-Jan-70 00:00:01 GMT
x-33x-status
8340000A
server
33XP004
location
https://de.tynt.com/deb/?m=xch&rt=html&id=0013300001r0t9mAAA&ru=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dtta%26i%3D33XUSERID33X
content-length
0
date
Mon, 08 Nov 2021 15:48:07 GMT
usersync
rtb.gumgum.com/ Frame F89B
Redirect Chain
  • https://cs.emxdgt.com/um?redirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Demx%26i%3D%24UID
  • https://ib.adnxs.com/getuid?https://rtb.gumgum.com/usersync?b=emx&i=$UIDbrt76091636386488213196a6
  • https://rtb.gumgum.com/usersync?b=emx&i=6624566760367890375brt76091636386488213196a6
35 B
237 B 		Document
General
Check archive.org
Download Go to
Full URL
https://rtb.gumgum.com/usersync?b=emx&i=6624566760367890375brt76091636386488213196a6
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=0&gdpr_consent=
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.233.157.225 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-233-157-225.compute-1.amazonaws.com
Software
nginx /
Resource Hash
1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://rtb.gumgum.com/

Response headers

date
Mon, 08 Nov 2021 15:48:08 GMT
content-type
image/gif;charset=UTF-8
content-length
35
server
nginx
p3p
CP="This is not a P3P policy"
cache-control
private, no-store, must-revalidate, max-age=0
expires
0
pragma
no-cache
timing-allow-origin
*

Redirect headers

Server
nginx/1.17.9
Date
Mon, 08 Nov 2021 15:48:08 GMT
Content-Type
text/html; charset=utf-8
Content-Length
0
Connection
keep-alive
Cache-Control
no-store, no-cache, private
Pragma
no-cache
Expires
Sat, 15 Nov 2008 16:00:00 GMT
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection
0
Access-Control-Allow-Credentials
true
Access-Control-Allow-Origin
*
Location
https://rtb.gumgum.com/usersync?b=emx&i=6624566760367890375brt76091636386488213196a6
AN-X-Request-Uuid
0f5f3215-ec9e-48bb-b458-be66d799c49e
X-Proxy-Origin
37.120.205.149; 37.120.205.149; 803.bm-nginx-loadbalancer.mgmt.nym2; adnxs.com
usersync
rtb.gumgum.com/ Frame 5554
Redirect Chain
  • https://tg.socdm.com/aux/idsync?proto=gumgum
  • https://rtb.gumgum.com/usersync?b=sus&i=YYlGuMCo8XsAAEen3NwAAAAA
35 B
237 B 		Document
General
Check archive.org
Download Go to
Full URL
https://rtb.gumgum.com/usersync?b=sus&i=YYlGuMCo8XsAAEen3NwAAAAA
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=0&gdpr_consent=
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.233.157.225 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-233-157-225.compute-1.amazonaws.com
Software
nginx /
Resource Hash
1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://rtb.gumgum.com/

Response headers

date
Mon, 08 Nov 2021 15:48:08 GMT
content-type
image/gif;charset=UTF-8
content-length
35
server
nginx
p3p
CP="This is not a P3P policy"
cache-control
private, no-store, must-revalidate, max-age=0
expires
0
pragma
no-cache
timing-allow-origin
*

Redirect headers

Server
nginx
Date
Mon, 08 Nov 2021 15:48:08 GMT
Content-Length
0
Connection
keep-alive
Cache-Control
private
Location
https://rtb.gumgum.com/usersync?b=sus&i=YYlGuMCo8XsAAEen3NwAAAAA
P3P
CP="See also http://www.scaleout.jp/privacy/"
X-SO-Ads-Time
3
X-SO-HostName
a-ad40261.dc2p.scaleout.jp
X-SO-LB-Hostname
m-tgng23.dc4p.scaleout.jp
X-SO-LB-Data
{"ban":false,"clean_query":"\/aux\/idsync?proto=gumgum","cluster_id":53,"gdpr":false,"ipv4":"37.120.205.149","key":"YYlGuMCo8XsAAEen3NwAAAAA","privacy_sensitive":false,"uid":"","upstream_id":"a-ad40261"}
X-SO-Key
YYlGuMCo8XsAAEen3NwAAAAA
X-SO-IP
37.120.205.149
X-SO-Cluster-ID
53
X-SO-Upstream-ID
a-ad40261
usersync
rtb.gumgum.com/ Frame D4ED
Redirect Chain
  • https://p.rfihub.com/cm?pub=42796&in=1
  • https://rtb.gumgum.com/usersync?b=zet&i=978758875032371846
35 B
237 B 		Document
General
Check archive.org
Download Go to
Full URL
https://rtb.gumgum.com/usersync?b=zet&i=978758875032371846
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=0&gdpr_consent=
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.233.157.225 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-233-157-225.compute-1.amazonaws.com
Software
nginx /
Resource Hash
1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://rtb.gumgum.com/

Response headers

date
Mon, 08 Nov 2021 15:48:08 GMT
content-type
image/gif;charset=UTF-8
content-length
35
server
nginx
p3p
CP="This is not a P3P policy"
cache-control
private, no-store, must-revalidate, max-age=0
expires
0
pragma
no-cache
timing-allow-origin
*

Redirect headers

Date
Mon, 08 Nov 2021 15:48:08 GMT
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location
https://rtb.gumgum.com/usersync?b=zet&i=978758875032371846
Content-Length
0
Server
Jetty(9.3.29.v20201019)
usersync
rtb.gumgum.com/ Frame A978
Redirect Chain
  • https://creativecdn.com/cm-notify?pi=gumgum
  • https://rtb.gumgum.com/usersync?b=rth&i=tQ69bRhylMgWIwynDRVw&pi=gumgum
35 B
237 B 		Document
General
Check archive.org
Download Go to
Full URL
https://rtb.gumgum.com/usersync?b=rth&i=tQ69bRhylMgWIwynDRVw&pi=gumgum
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=0&gdpr_consent=
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.233.157.225 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-233-157-225.compute-1.amazonaws.com
Software
nginx /
Resource Hash
1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://rtb.gumgum.com/

Response headers

date
Mon, 08 Nov 2021 15:48:08 GMT
content-type
image/gif;charset=UTF-8
content-length
35
server
nginx
p3p
CP="This is not a P3P policy"
cache-control
private, no-store, must-revalidate, max-age=0
expires
0
pragma
no-cache
timing-allow-origin
*

Redirect headers

date
Mon, 08 Nov 2021 15:48:08 GMT Mon, 08 Nov 2021 15:48:08 GMT
location
https://rtb.gumgum.com/usersync?b=rth&i=tQ69bRhylMgWIwynDRVw&pi=gumgum
cache-control
no-cache, no-store, must-revalidate, private, max-age=0
pragma
no-cache
expires
Thu, 01 Jan 1970 00:00:00 GMT
content-length
0
adview
googleads.g.doubleclick.net/pagead/ Frame 0402 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/adview?ai=CwQaftUaJYdiyO9fEgrAP-_Ka2AXvxMaZZu6BjYTDDvSq68zBKRABIKOHlh5g_eiigfADoAGjxd-OA8gBAqgDAaoEmQJP0C2rFBmJv5eczGO7gh5MUdPVXLFK00N3lmkyVRQM-5oUk1WN9U255GT8jsT5rE_2BoIX25RcnW54J_RzrXVfp43CyRixNGl_AS9ZnFQuKu5lMjq7v75cL1qvSP3mZL5TceNGnlEVc_nyq3nfwt0J2RCjPCSRzxUVGH5nDauiz0hMX3F5oro58J2upKI__sRxvOihwF31M77fmxKQiPdeL0pnZFbOVV48w5GUnlD0N9d1VtBkayrGErluO3gR9UGRIbkHNZbdjAnf8jGRSeA92sIExG8iwL_wB3SwH3YHDL9Yq7HECoP5KPSOW2EPOZ4j_o3bbe2BA-C2tIMGvjnlVAIwQF3KQx3335Zyw9QUV63AkgPQGR1LL8AEv-Lf29wDoAYCgAfFuqBxqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhuoB_PRG6gHltgbqAeqm7ECqAffn7EC2AcB0ggHCIBhEAEYXbEJFfS2DSczd0SACgOKCoYCaHR0cHM6Ly90LjZzYy5jby9pbWcuZ2lmP2V2ZW50PWNsayZodHRwczovL3QuNnNjLmNvL2ltZy5naWY_ZXZlbnQ9Y2xrJnJlZGlyZWN0PWh0dHBzJTNBJTJGJTJGd3czLmFwcGdhdGUuY29tJTJGdnBuLWJ1eW91dC1wcm9tbyUzRnV0bV9zb3VyY2UlM0Rnb29nbGUlMjZ1dG1fbWVkaXVtJTNEZGlzcGxheSUyNnV0bV9jYW1wYWlnbiUzRGNvbnNpZGVyYXRpb24lMjZ1dG1fY29udGVudCUzRHZwbi1idXlvdXQmcHBnaWQ9ZWY5YmUxOWQmY2I9e0NBQ0hFQlVTVEVSfZgLAcgLAeALAbgMAdgTA9AVAYAXAQ&sigh=Z6k2ESHzesQ&vt=1&uach_m=[UACH]&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0%3D
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.65.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s71-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=50&slotname=Internal_320x50_0.10&adk=468307373&adf=1480696131&pi=t.ma~as.Internal_320x50_0.10&w=320&lmt=1636386485&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F112825%2Fmalware%2Fgolang-based-worm-windows-linux.html&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1636386485719&bpp=15&bdt=185&idt=191&shv=r20211103&mjsv=m202111020101&ptt=5&saldr=sa&correlator=6653099393600&frm=21&ife=1&pv=2&ga_vid=826445048.1636386485&ga_sid=1636386486&ga_hid=1089796484&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=320&ady=820&biw=1600&bih=1200&isw=320&ish=50&ifk=1908481605&scr_x=0&scr_y=0&eid=21065724&oid=2&pvsid=3372795393941806&pem=843&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.h7hnysjkfh1q&fsb=1&xpc=fF2ziKw2Ol&p=https%3A//securityaffairs.co&dtd=210
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

timing-allow-origin
*
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
date
Mon, 08 Nov 2021 15:48:08 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
activeview
pagead2.googlesyndication.com/pcs/ Frame 0402 		42 B
174 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvkpp9kG8yDzoxHy7jLzocumxFrjXIfUAUz7oCFZp3g9XubDqT3nrKJY8bOcYd1S6iOApDU7z95nNq7Kdky8Zum_fVhSe9eiAJdyqttWFO1Ssrcj44&sai=AMfl-YQd2MHzltiTw8pElPlqzCsbwu7Vrur6us1WNhJ6lgxG0wKCIZKBaRhhmjR_Ctcgi3TdN-trOcL7HvTH&sig=Cg0ArKJSzH72x4ZmnIFYEAE&id=lidar2&mcvt=1515&p=0,0,41,320&mtos=1515,1515,1515,1515,1515&tos=1515,0,0,0,0&v=20211103&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=4&adk=468307373&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0%3D&vs=4&r=v&pay=1&rst=1636386485931&rpt=940&met=mue&wmsd=0
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81c::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:08 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
activeview
pagead2.googlesyndication.com/pcs/ Frame B1D3 		42 B
108 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssY5riCc8LQ2zhj1t-OJIdPoB-QIWtnFT5xXS4953ig8euRpC-yjZkCu0LEkH8AeLWMDN8pZd8UHDthi7MlRn4q3dCvjG_snTUUX9eWJTDGCJFj0Ao&sai=AMfl-YRXD50_3pYsjP09PGpMQ92c09iG6jrukh8iNffP3mvE8KoSTG4IL7QY7ZKsWLiXadWiipCyxt_TJhv4d6vgSebnHReqvnmQ9Bo&sig=Cg0ArKJSzGGmHgafsmuKEAE&cid=CAASEuRofDh7RneN00UcPGc_tsS3EQ&id=lidar2&mcvt=1427&p=0,0,94,728&mtos=0,1427,1427,1427,1427&tos=0,1427,0,0,0&v=20211103&bin=7&avms=nio&bs=0,0&mc=0.96&if=1&app=0&itpl=20&adk=1194620937&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0%3D&vs=4&r=v&rst=1636386485965&rpt=1097&met=mue&wmsd=0
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81c::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:08 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
runner.html
tpc.googlesyndication.com/sodar/sodar2/224/ Frame 0BCE 		12 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:816::2001 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://securityaffairs.co/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
cross-origin-resource-policy
cross-origin
cross-origin-opener-policy-report-only
same-origin; report-to="adspam-signals-scs"
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length
5029
date
Sun, 07 Nov 2021 03:44:00 GMT
expires
Mon, 07 Nov 2022 03:44:00 GMT
last-modified
Wed, 02 Jun 2021 17:09:45 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
cache-control
public, max-age=31536000
age
129848
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
aframe
www.google.com/recaptcha/api2/ Frame 26A2 		783 B
1003 B 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/aframe
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:817::2004 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
3128950c186c2a4e7c33079002d78177b46fa179d3000e696e3eb431c73084ac
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-P9pkqGV59xd3x8Q7hObQZg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://securityaffairs.co/

Response headers

cross-origin-resource-policy
cross-origin
cross-origin-embedder-policy
require-corp
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires
Mon, 08 Nov 2021 15:48:08 GMT
date
Mon, 08 Nov 2021 15:48:08 GMT
cache-control
private, max-age=300
content-type
text/html; charset=utf-8
content-security-policy
script-src 'report-sample' 'nonce-P9pkqGV59xd3x8Q7hObQZg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding
gzip
x-content-type-options
nosniff
x-xss-protection
1; mode=block
content-length
515
server
GSE
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
async_usersync
ib.adnxs.com/ Frame 93D0 		0
733 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/async_usersync?cbfn=queuePixels
Requested by
Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
68.67.161.183 New York, United States, ASN29990 (ASN-APPNEX, US),
Reverse DNS
803.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net
Software
nginx/1.17.9 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://acdn.adnxs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:08 GMT
X-Proxy-Origin
37.120.205.149; 37.120.205.149; 803.bm-nginx-loadbalancer.mgmt.nym2; adnxs.com
AN-X-Request-Uuid
320b3a3f-c750-4836-a266-017bc4b75984
Server
nginx/1.17.9
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
pixel.gif
px.moatads.com/ Frame B1D3 		43 B
260 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.moatads.com/pixel.gif?e=37&q=1&hp=1&ra=1&pxm=7&sgs=3&vb=-1&kq=1&lo=0&uk=null&pk=0&wk=0&rk=0&tk=0&ak=-&i=SENDGRID_DCM1&ol=453615052&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~tM!90vv9L%24%2FoDb%2FG)lKr%23l9jmUdTfN%5Bqir1fcSC%3AU%3FWOvTh%7CzFK%3F%5B%22l!j%3F%5DV%22%3BU!%2FBwj%5DUG0U20!9%3Am%5EG..%2C*%5D%407%25rxaxcpaO%2BZ%5EhG%22%3ExZq%224%7CQjw%60.%7Bi%3F%5DQZ%2CA2%2BNhloI%40s1%7CZ5*%3FVl%3Fe3%7CqL5%40J%3D%5B*EjrG%3DH%3CA.a%24%7D9H%3BatASYUby%3D(tN%23V.x%3Bm_Qrw5.W%2F84VKp%40i6AKx!f%3EUYoo813_xB%2CN22Ib%40aFB&tf=1_nMzjG---CSa7H-nHVQZC-bW7qhB-LRwqH-nMzjG-&vi=111111&rc=2%2C1%2C0%2C3%2C3326192205%2C1%2C4%2C0%2Cprobably%2Cprobably&rb=1-KyBnW%2BgiY9PHPf0uHVjPGlx1P1tMeAYh8VIp1Vf7AbESGfrl5%2FmliBNlAlwWxmRnpyWz&rs=1-3F41M1%2F1Kg7M0g%3D%3D&sc=1&os=1-aw%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MxOtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJfR0BqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=&qc=0&qd=0&qf=728&qe=90&qh=1600&qg=1200&qm=0&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&ql=%3B%5BpwxnRd%7Dt%3Aal9EU%22y%2F.D%5B5%2F%5BGI%3Fi6%5EB61%2F%3DSqcMr1%7B%2CTu9LJJ(a.P%2B)s1(uA&qo=0&qr=0&bq=0&g=2&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&h=90&w=728&zGSRC=1&gu=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F112825%2Fmalware%2Fgolang-based-worm-windows-linux.html&id=0&ii=6&f=1&j=https%3A%2F%2Fsecurityaffairs.co&lp=https%3A%2F%2Fsecurityaffairs.co&t=1636386486929&de=974024140004&cu=1636386486929&m=1624&ar=553ffc12ef5-clean&iw=9a4f3d2&cb=0&ym=0&ll=2&lm=2&ln=1&r=0&dl=0&nh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=94&le=1&gm=1&io=1&ch=1&vv=3&vw=0%3A3%3A0&vp=100&vx=-%3A100%3A-&pe=0%3A523%3A523%3A0%3A1100&aa=1&ad=1323&cn=212&gn=1&gk=1323&gl=212&ik=1323&ic=1323&ez=1&co=1323&cp=848&cq=1&im=1&in=1&pd=1&nb=1&em=0&en=0&st=1&su=1&of=1&oz=1&oe=0%3A0%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=848&cd=68&ah=848&am=68&xd=00&rf=0&re=1&wb=1&cl=0&at=0&d=22143192%3A3112338%3A318428647%3A160158782&bo=securityaffairs.co&bd=securityaffairs.co&gw=sendgriddcm593119715704&zMoatOrigSlicer1=N%2FA&zMoatOrigSlicer2=N%2FA&hv=Standard%20Image%20Ad%20finding%20&ab=1&ac=1&fd=1&kt=sframe&it=500&fz=1&oq=1&ot=ff&zMoatJS=3%3A-&ti=0&ih=1&jm=-1&tc=0&fs=195402&na=1964460516&cs=0
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=90&slotname=Internal_728x90_0.10&adk=1194620937&adf=1480696129&pi=t.ma~as.Internal_728x90_0.10&w=728&lmt=1636386485&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F112825%2Fmalware%2Fgolang-based-worm-windows-linux.html&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1636386485752&bpp=6&bdt=145&idt=196&shv=r20211103&mjsv=m202111020101&ptt=5&saldr=sa&correlator=6653099393600&frm=21&ife=1&pv=1&ga_vid=826445048.1636386485&ga_sid=1636386486&ga_hid=1670877418&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=320&ady=518&biw=1600&bih=1200&isw=728&ish=90&ifk=1904614804&scr_x=0&scr_y=0&eid=31062938&oid=2&pvsid=1757560233294358&pem=843&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.xa1tfz6tg05z&fsb=1&xpc=jgpFHxDAe2&p=https%3A//securityaffairs.co&dtd=211
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
184.29.129.187 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-29-129-187.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:08 GMT
last-modified
Fri, 20 May 2016 15:16:00 GMT
server
AkamaiNetStorage
etag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type
image/gif
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-length
43
expires
Mon, 08 Nov 2021 15:48:08 GMT
async_usersync
ib.adnxs.com/ Frame 8370 		0
733 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/async_usersync?cbfn=queuePixels
Requested by
Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
68.67.161.183 New York, United States, ASN29990 (ASN-APPNEX, US),
Reverse DNS
803.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net
Software
nginx/1.17.9 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://acdn.adnxs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:08 GMT
X-Proxy-Origin
37.120.205.149; 37.120.205.149; 803.bm-nginx-loadbalancer.mgmt.nym2; adnxs.com
AN-X-Request-Uuid
abc55084-4268-4d6a-9d7f-097ac103078d
Server
nginx/1.17.9
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
async_usersync
ib.adnxs.com/ Frame 9922 		0
733 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/async_usersync?cbfn=queuePixels
Requested by
Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
68.67.161.183 New York, United States, ASN29990 (ASN-APPNEX, US),
Reverse DNS
803.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net
Software
nginx/1.17.9 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://acdn.adnxs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:08 GMT
X-Proxy-Origin
37.120.205.149; 37.120.205.149; 803.bm-nginx-loadbalancer.mgmt.nym2; adnxs.com
AN-X-Request-Uuid
deeeb2fa-43e0-4385-8401-c81e6d261f71
Server
nginx/1.17.9
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
async_usersync
ib.adnxs.com/ Frame B6C4 		0
733 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/async_usersync?cbfn=queuePixels
Requested by
Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
68.67.161.183 New York, United States, ASN29990 (ASN-APPNEX, US),
Reverse DNS
803.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net
Software
nginx/1.17.9 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://acdn.adnxs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:08 GMT
X-Proxy-Origin
37.120.205.149; 37.120.205.149; 803.bm-nginx-loadbalancer.mgmt.nym2; adnxs.com
AN-X-Request-Uuid
aaa83207-304b-42f7-ad3c-6ca1b29f22ee
Server
nginx/1.17.9
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
/
r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/ Frame 717F
Redirect Chain
  • https://ad.turn.com/r/cs?pid=3&google_gid=CAESENpaun1e469EtCuQFS1pUAI&google_cver=1&google_push=AYg5qPIRiP--IusgpCVxE153MC3GFunRMAHz_yh8AN7Jgi8XA9AoSbOMrBeCd5Rl9AzYgueVUmva1ISeCySsnoyd967CZ1oD2IuIU...
  • https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=MzEwMTM1NTk5NDIzNjM1MjAzMQ==&gdpr=0&gdpr_consent=
  • https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=0&gdpr_consent=&google_gid=CAESENpaun1e469EtCuQFS1pUAI&google_cver=1
43 B
407 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=0&gdpr_consent=&google_gid=CAESENpaun1e469EtCuQFS1pUAI&google_cver=1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html
Protocol
H2
Server
2620:112:f002:bbbb::21 , United States, ASN6336 (TURN-US-ASN, US),
Reverse DNS
Software
/
Resource Hash
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:08 GMT
cache-control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-type
image/gif
content-length
43
p3p
policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

Redirect headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:09 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=0&gdpr_consent=&google_gid=CAESENpaun1e469EtCuQFS1pUAI&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
330
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame 717F
Redirect Chain
  • https://aep.mxptint.net/sn.ashx?google_gid=CAESEAc66tTT3v5i9gkhFU0vOCo&google_cver=1&google_push=AYg5qPLrJM-77vFEAP0ZGVKlxB5ze2PrYNaK5Zhuw5CFyjhwWWVsodCQ7g5ELEw2cPCtThGwfK8JBC93ETa0Gtm_gqIkEr1QpU51...
  • https://cm.g.doubleclick.net/pixel?google_nid=pf8b3zh4kyw&google_push=AYg5qPLrJM-77vFEAP0ZGVKlxB5ze2PrYNaK5Zhuw5CFyjhwWWVsodCQ7g5ELEw2cPCtThGwfK8JBC93ETa0Gtm_gqIkEr1QpU51fornnz_oDNIC2g8tP1yGRzI1Pvy...
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=pf8b3zh4kyw&google_push=AYg5qPLrJM-77vFEAP0ZGVKlxB5ze2PrYNaK5Zhuw5CFyjhwWWVsodCQ7g5ELEw2cPCtThGwfK8JBC93ETa0Gtm_gqIkEr1QpU51fornnz_oDNIC2g8tP1yGRzI1PvyUnFMmiJhcs2CTfrAZLdmJNv2WUHY&google_hm=UjFCMzMxX0U2M0QwODdBXzUzQjAwNDlC
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html
Protocol
H3
Server
142.250.65.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s71-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:09 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location
https://cm.g.doubleclick.net/pixel?google_nid=pf8b3zh4kyw&google_push=AYg5qPLrJM-77vFEAP0ZGVKlxB5ze2PrYNaK5Zhuw5CFyjhwWWVsodCQ7g5ELEw2cPCtThGwfK8JBC93ETa0Gtm_gqIkEr1QpU51fornnz_oDNIC2g8tP1yGRzI1PvyUnFMmiJhcs2CTfrAZLdmJNv2WUHY&google_hm=UjFCMzMxX0U2M0QwODdBXzUzQjAwNDlC
Date
Mon, 08 Nov 2021 15:48:08 GMT
Cache-Control
private
P3P
CP="NON CUR ADM DEVo PSAo PSDo OUR IND UNI COM NAV DEM STA PRE"
Content-Length
393
Strict-Transport-Security
max-age=-319373289; includeSubDomains
Content-Type
text/html; charset=utf-8
pixel
cm.g.doubleclick.net/ Frame 717F
Redirect Chain
  • https://match.adsrvr.org/track/cmf/google?google_gid=CAESEE8Tvg9wJacfLy5HJDFO-pA&google_cver=1&google_push=AYg5qPIw1Wa_gNySVaSLg5JZinx9D7uRHWCB4ENCQtIkpbA26bFBcT28n-OHAJ3rvp_aMOh7To6ZkkB7OYZCcpYM9R...
  • https://cm.g.doubleclick.net/pixel?google_nid=TheTradeDesk&google_hm=YmVmMjFjZDctMGZlZC00Zjg3LWJjMGYtZGE5N2I2NWY3Y2I5&google_push&gdpr=0&gdpr_consent=&ttd_tdid=bef21cd7-0fed-4f87-bc0f-da97b65f7cb9
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=TheTradeDesk&google_hm=YmVmMjFjZDctMGZlZC00Zjg3LWJjMGYtZGE5N2I2NWY3Y2I5&google_push&gdpr=0&gdpr_consent=&ttd_tdid=bef21cd7-0fed-4f87-bc0f-da97b65f7cb9
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html
Protocol
H3
Server
142.250.65.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s71-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:09 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:08 GMT
x-aspnet-version
4.0.30319
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location
https://cm.g.doubleclick.net/pixel?google_nid=TheTradeDesk&google_hm=YmVmMjFjZDctMGZlZC00Zjg3LWJjMGYtZGE5N2I2NWY3Y2I5&google_push&gdpr=0&gdpr_consent=&ttd_tdid=bef21cd7-0fed-4f87-bc0f-da97b65f7cb9
cache-control
private,no-cache, must-revalidate
content-type
text/html
content-length
423
us.php
c.eu1.dyntrk.com/adx/ga/ Frame 717F 		0
215 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://c.eu1.dyntrk.com/adx/ga/us.php?dynk=ga2ex&google_gid=CAESEK0NLn1D6s5eXqWnz5nNm6c&google_cver=1&google_push=AYg5qPIKCteMQQPU96X-3uIsbnkj-sd3kF0HApzXYERzmSzWlnUkESEF4UHAfjVUVN4-Rl-e5Vh--q9ZyqZ1YyWAY3OJKXShtHvCGgiv0kS7ZMEIyNPn2_98PRw5Qbsl7ZDj0XgfTau_oX7PMl2-fcQbe1A
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=250&slotname=Internal_300x250_0.10&adk=1639670682&adf=1480696128&pi=t.ma~as.Internal_300x250_0._&w=300&lmt=1636386485&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F112825%2Fmalware%2Fgolang-based-worm-windows-linux.html&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1636386485746&bpp=5&bdt=180&idt=229&shv=r20211103&mjsv=m202111020101&ptt=5&saldr=sa&correlator=6653099393600&frm=21&ife=1&pv=1&ga_vid=826445048.1636386485&ga_sid=1636386486&ga_hid=1444845079&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=320&ady=2972&biw=1600&bih=1200&isw=300&ish=250&ifk=612157785&scr_x=0&scr_y=0&eid=31063374%2C31062930&oid=2&pvsid=530218145386761&pem=843&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C250&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.huopeqk60154&btvi=1&fsb=1&xpc=yFCYGbik1C&p=https%3A//securityaffairs.co&dtd=244
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
51.178.20.140 , France, ASN16276 (OVH, FR),
Reverse DNS
ns31193670.ip-51-178-20.eu
Software
proxy /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

access-control-allow-origin
*
pragma
no-cache
cache-control
private, no-cache, no-store, proxy-revalidate, no-transform
x-rc
10
server
proxy
content-length
0
content-type
text/plain
pixel
cm.g.doubleclick.net/ Frame 717F
Redirect Chain
  • https://sync.1rx.io/usersync2/rmpssp?sub=google&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3D%5BRX_SPD%5D%26google_hm%3D%5BRX_UUID_B64_BIN%5D&google_gid=CAESEC...
  • https://sync.targeting.unrulymedia.com/csync/RX-af56c6db-498f-42fc-9369-e44a2dbc1924-005?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3DAYg5qPIEbpYPiVXqpMsu7NqDA...
  • https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AYg5qPIEbpYPiVXqpMsu7NqDAVikhHztXDossCc3MmIk6NHDwyRyiBH7EhDbT0pWDW6aFlZWj4yoiMoMbhAjUGQSghXl3Sd_hHXNps6eKU9hbk3tCCPaTSauRuwDbuVUGRUfqo25...
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AYg5qPIEbpYPiVXqpMsu7NqDAVikhHztXDossCc3MmIk6NHDwyRyiBH7EhDbT0pWDW6aFlZWj4yoiMoMbhAjUGQSghXl3Sd_hHXNps6eKU9hbk3tCCPaTSauRuwDbuVUGRUfqo257nq-an5LOBB_gf3RI5w&google_hm=Ba9WxttJj0L8k2nkSi28GSQ
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html
Protocol
H3
Server
142.250.65.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s71-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:09 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date
Mon, 08 Nov 2021 15:48:09 GMT
Server
Tengine
ETag
RXaf56c6db498f42fc9369e44a2dbc1924005
Transfer-Encoding
chunked
P3P
CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
Location
https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AYg5qPIEbpYPiVXqpMsu7NqDAVikhHztXDossCc3MmIk6NHDwyRyiBH7EhDbT0pWDW6aFlZWj4yoiMoMbhAjUGQSghXl3Sd_hHXNps6eKU9hbk3tCCPaTSauRuwDbuVUGRUfqo257nq-an5LOBB_gf3RI5w&google_hm=Ba9WxttJj0L8k2nkSi28GSQ
Connection
keep-alive
Content-Type
text/html
pixel
cm.g.doubleclick.net/ Frame 717F
Redirect Chain
  • https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEM02ax1GW7MtKi0ZD8HZ7yY&google_cver=1&google_push=AYg5qPIfWVn3bRwgcT26fUNpK0SI2HLpJRtgpKdEJDTRjjNx3IdZgSLILJcUc_xRFWnAdY8SZy...
  • https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS1Pbi5xdDBKRTJ1SDNYR29KLldFXzkzT211VHhIS1p6NH5B&google_push=AYg5qPIfWVn3bRwgcT26fUNpK0SI2HLpJRtgpKdEJDTRjjNx3IdZgSLIL...
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS1Pbi5xdDBKRTJ1SDNYR29KLldFXzkzT211VHhIS1p6NH5B&google_push=AYg5qPIfWVn3bRwgcT26fUNpK0SI2HLpJRtgpKdEJDTRjjNx3IdZgSLILJcUc_xRFWnAdY8SZyTOotxHMge6VOzc7p7NJSaK9Nn_jrfp0kdyAASaTRGJeg8hBjZ_zKdo6J4QyyfHP-pHkhit6Sqy-WD8Ql25
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html
Protocol
H3
Server
142.250.65.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s71-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:09 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location
https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS1Pbi5xdDBKRTJ1SDNYR29KLldFXzkzT211VHhIS1p6NH5B&google_push=AYg5qPIfWVn3bRwgcT26fUNpK0SI2HLpJRtgpKdEJDTRjjNx3IdZgSLILJcUc_xRFWnAdY8SZyTOotxHMge6VOzc7p7NJSaK9Nn_jrfp0kdyAASaTRGJeg8hBjZ_zKdo6J4QyyfHP-pHkhit6Sqy-WD8Ql25
date
Mon, 08 Nov 2021 15:48:08 GMT
server
ATS/9.1.0.33
age
0
content-length
0
strict-transport-security
max-age=31536000
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
attr
cm.g.doubleclick.net/pixel/ Frame 717F 		0
12 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel/attr?d=AHNF13KClTJ2i0-MGvkGHbwTuwgRzCPu2vjR07E3gTLfWLH9mWgQWbQJiYJdDdDNwy-GTwQ
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=250&slotname=Internal_300x250_0.10&adk=1639670682&adf=1480696128&pi=t.ma~as.Internal_300x250_0._&w=300&lmt=1636386485&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F112825%2Fmalware%2Fgolang-based-worm-windows-linux.html&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1636386485746&bpp=5&bdt=180&idt=229&shv=r20211103&mjsv=m202111020101&ptt=5&saldr=sa&correlator=6653099393600&frm=21&ife=1&pv=1&ga_vid=826445048.1636386485&ga_sid=1636386486&ga_hid=1444845079&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=320&ady=2972&biw=1600&bih=1200&isw=300&ish=250&ifk=612157785&scr_x=0&scr_y=0&eid=31063374%2C31062930&oid=2&pvsid=530218145386761&pem=843&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C250&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.huopeqk60154&btvi=1&fsb=1&xpc=yFCYGbik1C&p=https%3A//securityaffairs.co&dtd=244
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.65.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s71-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:08 GMT
server
HTTP server (unknown)
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
content-type
text/html
sodar
pagead2.googlesyndication.com/getconfig/ Frame 142B 		12 KB
9 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20211103&st=env
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202111020101/show_ads_impl_fy2019.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81c::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
383a9d17be74bcc56101f4f9573c051e4890262eb6d696f4a344cace61178582
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

timing-allow-origin
*
date
Mon, 08 Nov 2021 15:48:09 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
9454
x-xss-protection
0
Pug
image2.pubmatic.com/AdServer/ Frame 4DFA
Redirect Chain
  • https://gocm.c.appier.net/pubmatic
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDImdGw9MTI5NjAw&piggybackCookie=jrWsujeLCPKVSmSouUaJYQ
42 B
400 B 		Document
General
Check archive.org
Download Go to
Full URL
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDImdGw9MTI5NjAw&piggybackCookie=jrWsujeLCPKVSmSouUaJYQ
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156212&predirect=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D71%263pid%3D&gdpr=1&gdpr_consent=ABCFETYFDJLNBFCV&gdpr=0&gdpr_consent=
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.36.115.109 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://ads.pubmatic.com/

Response headers

server
nginx
date
Mon, 08 Nov 2021 15:48:09 GMT
content-type
image/gif; charset=utf-8
content-length
42
x-lat
njrpug004:0:566
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control
no-store, no-cache, private

Redirect headers

server
nginx
date
Mon, 08 Nov 2021 15:48:09 GMT
content-type
text/html; charset=utf-8
content-length
153
cache-control
no-store
location
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDImdGw9MTI5NjAw&piggybackCookie=jrWsujeLCPKVSmSouUaJYQ
p3p
CP="CUR ADM DEV TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pug
simage2.pubmatic.com/AdServer/ Frame C4C1
Redirect Chain
  • https://core.iprom.net/cookiesync
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzcmdGw9ODY0MDA=&piggybackCookie=uid:123372137146826
42 B
292 B 		Document
General
Check archive.org
Download Go to
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzcmdGw9ODY0MDA=&piggybackCookie=uid:123372137146826
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156212&predirect=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D71%263pid%3D&gdpr=1&gdpr_consent=ABCFETYFDJLNBFCV&gdpr=0&gdpr_consent=
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
8.28.7.83 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://ads.pubmatic.com/

Response headers

server
nginx
date
Mon, 08 Nov 2021 15:48:09 GMT
content-type
image/gif; charset=utf-8
content-length
42
x-lat
va1pug014:0:1886
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control
no-store, no-cache, private

Redirect headers

Vary
Accept-Encoding
X-adserver-worker
komodo-89d203863dbf@version_1.343rc2
Connection
close
X-server-arch
v2
Location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzcmdGw9ODY0MDA=&piggybackCookie=uid:123372137146826
Content-Type
text/html; charset=utf-8
Content-Length
287
X-core-time
0ms
Date
Mon, 08 Nov 2021 15:48:09 GMT
/
csync.loopme.me/ Frame DDA6 		24 B
51 B 		Document
General
Check archive.org
Download Go to
Full URL
https://csync.loopme.me/?redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzImdGw9MTI5NjAw&piggybackCookie={device_id}&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156212&predirect=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D71%263pid%3D&gdpr=1&gdpr_consent=ABCFETYFDJLNBFCV&gdpr=0&gdpr_consent=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
162.55.6.212 -, , ASN (),
Reverse DNS
Software
_ /
Resource Hash
89f2d4e6c7a6c41c13c2e7a75e526aa60b9d5274fe28b2d82801c6beb6beb879

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://ads.pubmatic.com/

Response headers

content-length
24
content-type
text/plain
date
Mon, 08 Nov 2021 15:48:16 GMT
server
_
usersync
match.bnmla.com/ Frame 74D5 		0
112 B 		Document
General
Check archive.org
Download Go to
Full URL
https://match.bnmla.com/usersync?sspid=10738&redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTI3NzUmdGw9MTI5NjAw%26piggybackCookie%3D%5BUUID%5D
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156212&predirect=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D71%263pid%3D&gdpr=1&gdpr_consent=ABCFETYFDJLNBFCV&gdpr=0&gdpr_consent=
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
38.27.122.126 Chestertown, United States, ASN174 (COGENT-174, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://ads.pubmatic.com/

Response headers

Server
nginx
Date
Mon, 08 Nov 2021 15:48:09 GMT
Content-Length
0
Connection
keep-alive
Pug
simage2.pubmatic.com/AdServer/ Frame 95A6
Redirect Chain
  • https://um.simpli.fi/pm_match?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:$UID
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:961AF1076BCA42258C4489EC777AF824
1 B
288 B 		Document
General
Check archive.org
Download Go to
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:961AF1076BCA42258C4489EC777AF824
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156212&predirect=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D71%263pid%3D&gdpr=1&gdpr_consent=ABCFETYFDJLNBFCV&gdpr=0&gdpr_consent=
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
8.28.7.83 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://ads.pubmatic.com/

Response headers

server
nginx
date
Mon, 08 Nov 2021 15:48:09 GMT
content-type
text/html; charset=utf-8
content-length
1
x-lat
10:0:491
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control
no-store, no-cache, private

Redirect headers

server
nginx
date
Mon, 08 Nov 2021 15:48:09 GMT
content-type
text/html
content-length
138
location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:961AF1076BCA42258C4489EC777AF824
expires
Sun, 07 Nov 2021 15:48:09 GMT
cache-control
no-cache
strict-transport-security
max-age=63072000; includeSubdomains; preload
x-content-type-options
nosniff
access-control-allow-origin
*
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
merge
ce.lijit.com/ Frame A6CE 		43 B
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ce.lijit.com/merge?pid=71&3pid=909D4247-195C-4A1C-B725-510C1A2C19E4
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156212&predirect=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D71%263pid%3D&gdpr=1&gdpr_consent=ABCFETYFDJLNBFCV&gdpr=0&gdpr_consent=
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
63.251.86.49 , United States, ASN10913 (INTERNAP-BLK, US),
Reverse DNS
Software
nginx / raptor
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://ads.pubmatic.com/

Response headers

Server
nginx
Date
Mon, 08 Nov 2021 15:48:09 GMT
Content-Type
image/gif
Content-Length
43
Expires
Fri, 20 Mar 2009 00:00:00 GMT
Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
Pragma
no-cache
P3P
CP="CUR ADM OUR NOR STA NID"
X-Powered-By
raptor
X-Sovrn-Pod
ad_ap1dca1
/
spl.zeotap.com/ Frame 719F
Redirect Chain
  • https://pixel.onaudience.com/?partner=214&mapped=909D4247-195C-4A1C-B725-510C1A2C19E4
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=xksw9la&ttd_tpi=1
  • https://pixel.onaudience.com/?partner=147&mapped=bef21cd7-0fed-4f87-bc0f-da97b65f7cb9&icm
  • https://sync.crwdcntrl.net/map/c=8587/tp=CLOD?https%3A%2F%2Fpixel.onaudience.com%2F%3Fpartner%3D104%26icm%26cver%26mapped%3D%24%7Bprofile_id%7D
  • https://pixel.onaudience.com/?partner=104&icm&cver&mapped=5570d12073d005d655e3b9671c26cbf9
  • https://spl.zeotap.com/?zdid=1332&zcluid=dd810367ff00673b
95 B
546 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://spl.zeotap.com/?zdid=1332&zcluid=dd810367ff00673b
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156212&predirect=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D71%263pid%3D&gdpr=1&gdpr_consent=ABCFETYFDJLNBFCV&gdpr=0&gdpr_consent=
Protocol
H2
Server
2606:4700:10::6816:1957 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:10 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin
content-type
image/png
access-control-allow-origin
https://ads.pubmatic.com
access-control-allow-credentials
true
cf-ray
6aaff1aa4d687138-YUL
access-control-allow-headers
*
content-length
95

Redirect headers

location
https://spl.zeotap.com?zdid=1332&zcluid=dd810367ff00673b
content-length
0
p.gif
visitor.fiftyt.com/ Frame 719F
Redirect Chain
  • https://visitor.fiftyt.com/p.gif?ev=sync&p=pm&pm_uid=909D4247-195C-4A1C-B725-510C1A2C19E4&gdpr=
  • https://visitor.fiftyt.com/p.gif?ev=sync&p=pm&pm_uid=909D4247-195C-4A1C-B725-510C1A2C19E4&gdpr=&fbounce=1
0
440 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://visitor.fiftyt.com/p.gif?ev=sync&p=pm&pm_uid=909D4247-195C-4A1C-B725-510C1A2C19E4&gdpr=&fbounce=1
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156212&predirect=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D71%263pid%3D&gdpr=1&gdpr_consent=ABCFETYFDJLNBFCV&gdpr=0&gdpr_consent=
Protocol
H2
Server
35.201.96.126 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
126.96.201.35.bc.googleusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:09 GMT
via
1.1 google
cache-control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
alt-svc
clear
content-length
0
p3p
CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"

Redirect headers

date
Mon, 08 Nov 2021 15:48:09 GMT
via
1.1 google
p3p
CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
location
https://visitor.fiftyt.com/p.gif?ev=sync&p=pm&pm_uid=909D4247-195C-4A1C-B725-510C1A2C19E4&gdpr=&fbounce=1
cache-control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
content-type
text/html; charset=utf-8
alt-svc
clear
content-length
144
g.pixel
aa.agkn.com/adscores/ Frame 719F 		43 B
680 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://aa.agkn.com/adscores/g.pixel?sid=9212308278&puid=909D4247-195C-4A1C-B725-510C1A2C19E4
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156212&predirect=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D71%263pid%3D&gdpr=1&gdpr_consent=ABCFETYFDJLNBFCV&gdpr=0&gdpr_consent=
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
156.154.200.36 , United States, ASN19907 (NEUSTAR-AS6, US),
Reverse DNS
Software
AAWebServer /
Resource Hash
98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:09 GMT
Server
AAWebServer
Access-Control-Allow-Methods
GET, POST, OPTIONS
P3P
policyref="https://www.agkn.com/p3p/p3p.xml",CP="NOI NID"
Access-Control-Allow-Origin
*
Cache-Control
no-cache, no-store, must-revalidate
Connection
close
Content-Type
image/gif
Access-Control-Allow-Headers
accept, cache-control, origin, x-requested-with, x-file-name, content-type
Content-Length
43
Expires
0
/
io.narrative.io/ Frame 719F
Redirect Chain
  • https://io.narrative.io/?companyId=673&id=pubmatic_id:909D4247-195C-4A1C-B725-510C1A2C19E4
  • https://io.narrative.io/?io.narrative.guid.v2=458b38e0-40ab-11ec-b070-0a4515f2e365&companyId=673&id=pubmatic_id:909D4247-195C-4A1C-B725-510C1A2C19E4
0
247 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://io.narrative.io/?io.narrative.guid.v2=458b38e0-40ab-11ec-b070-0a4515f2e365&companyId=673&id=pubmatic_id:909D4247-195C-4A1C-B725-510C1A2C19E4
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156212&predirect=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D71%263pid%3D&gdpr=1&gdpr_consent=ABCFETYFDJLNBFCV&gdpr=0&gdpr_consent=
Protocol
HTTP/1.1
Server
52.200.167.170 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-200-167-170.compute-1.amazonaws.com
Software
nginx/1.18.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date
Mon, 08 Nov 2021 15:48:09 GMT
Cache-Control
no-cache
Server
nginx/1.18.0
Connection
keep-alive

Redirect headers

Location
https://io.narrative.io/?io.narrative.guid.v2=458b38e0-40ab-11ec-b070-0a4515f2e365&companyId=673&id=pubmatic_id:909D4247-195C-4A1C-B725-510C1A2C19E4
Date
Mon, 08 Nov 2021 15:48:09 GMT
Server
nginx/1.18.0
Connection
keep-alive
Content-Length
0
tap.php
pixel.rubiconproject.com/ Frame 719F
Redirect Chain
  • https://ads.playground.xyz/usersync/apn?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=$UID
  • https://secure.adnxs.com/getuid?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=$UID
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=6624566760367890375
  • https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=
  • https://api.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&dpi=1402230080&mi=10&csh=570392714;1709765917;1486637409;1072441116&rnd=1518932529&pcid=909D4247-195C-4A1C-B725-510C1A2C19E4
  • https://sync.mathtag.com/sync/img?mt_exid=10019&redir=https%3A%2F%2Fapi.intentiq.com%2Fprofiles_engine%2FProfilesEngineServlet%3Fat%3D20%26dpi%3D1678944572%26mi%3D10%26csh%3D570392714%3B1709765917%...
  • https://api.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&dpi=1678944572&mi=10&csh=570392714;1709765917;1486637409;1072441116;1402230080&rnd=-1077633958&pcid=47ba6189-46b6-4f00-a922-0724...
  • https://pixel.rubiconproject.com/tap.php?v=12218&nid=2528&put=XnxJeeNw8N&expires=1825&rnd=2077848381
42 B
701 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.rubiconproject.com/tap.php?v=12218&nid=2528&put=XnxJeeNw8N&expires=1825&rnd=2077848381
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156212&predirect=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D71%263pid%3D&gdpr=1&gdpr_consent=ABCFETYFDJLNBFCV&gdpr=0&gdpr_consent=
Protocol
HTTP/1.1
Server
69.173.151.100 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-length
42
X-RPHost
d3682eda7e5cb79782b1d5475f50e8fc
Content-Type
image/gif

Redirect headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:09 GMT
via
1.1 1280ed2b25df326a730453b28b0f9aaa.cloudfront.net (CloudFront)
server
Apache-Coyote/1.1
x-amz-cf-pop
ATL51-C1
x-cache
Miss from cloudfront
p3p
CP="NOI DSP COR NID CURa ADMo TAIa PSAo PSDo OUR SAMo BUS UNI PUR COM NAV INT DEM CNT STA PRE LOC"
location
https://pixel.rubiconproject.com/tap.php?v=12218&nid=2528&put=XnxJeeNw8N&expires=1825&rnd=2077848381
cache-control
no-cache, no-store, must-revalidate
patent
https://www.almondnet.com/ip
content-type
image/gif
content-length
43
x-amz-cf-id
nLiL9vcet-O5kOhNQ_STCYdXvz_ywvpjFYcYauYIRMBovMpH7yq3qA==
expires
Thu, 01 Jan 1970 00:00:00 GMT
Pug
simage2.pubmatic.com/AdServer/ Frame 719F
Redirect Chain
  • https://match.adsby.bidtheatre.com/pubmaticmatch?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent=
  • https://simage2.pubmatic.com/AdServer/Pug?piggybackCookie=uid:6137bad5-e581-42e8-a17f-612ea8692574&vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw
42 B
128 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://simage2.pubmatic.com/AdServer/Pug?piggybackCookie=uid:6137bad5-e581-42e8-a17f-612ea8692574&vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156212&predirect=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D71%263pid%3D&gdpr=1&gdpr_consent=ABCFETYFDJLNBFCV&gdpr=0&gdpr_consent=
Protocol
H2
Server
8.28.7.83 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:09 GMT
cache-control
no-store, no-cache, private
x-lat
va1pug002:0:529
server
nginx
content-type
image/gif; charset=utf-8
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Location
https://simage2.pubmatic.com/AdServer/Pug?piggybackCookie=uid:6137bad5-e581-42e8-a17f-612ea8692574&vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw
Date
Mon, 08 Nov 2021 15:48:09 GMT
Server
Apache/2.4.41 (Ubuntu)
Connection
Keep-Alive
Keep-Alive
timeout=5, max=3000
Content-Length
0
P3P
policyref="/w3c/p3p.xml", CP="DSP NON LAW OUR CUR DEVo PSAo PSDo IND STA NAV COM INT"
d1ba4609
rtb.gumgum.com/getuid/ Frame 719F 		35 B
237 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb.gumgum.com/getuid/d1ba4609?gdpr=0&gdpr_consent=&r=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzNDImdGw9MTI5NjAw%26piggybackCookie%3D
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156212&predirect=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D71%263pid%3D&gdpr=1&gdpr_consent=ABCFETYFDJLNBFCV&gdpr=0&gdpr_consent=
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.233.157.225 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-233-157-225.compute-1.amazonaws.com
Software
nginx /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:09 GMT
content-type
image/gif;charset=UTF-8
server
nginx
p3p
CP="This is not a P3P policy"
cache-control
private, no-store, must-revalidate, max-age=0
timing-allow-origin
*
content-length
35
expires
0
usync.js
eus.rubiconproject.com/ Frame 95DB 		32 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.js
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=33across&endpoint=us-east&us_privacy=
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.73.244.44 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-73-244-44.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash
4ac95c59a70b7c78d9dcfce05d1dcfd512e8f083d1525cf5d34ee3f57bf8e325

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://eus.rubiconproject.com/usync.html?p=33across&endpoint=us-east&us_privacy=
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date
Mon, 08 Nov 2021 15:48:09 GMT
Content-Encoding
gzip
Last-Modified
Wed, 03 Nov 2021 21:03:19 GMT
Server
Apache/2.2.15 (CentOS)
X-Powered-By
PHP/5.3.3
Vary
Accept-Encoding
p3p
CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control
max-age=62567
Connection
keep-alive
Content-Type
text/html; charset=UTF-8
Content-Length
9506
Expires
Tue, 09 Nov 2021 09:10:56 GMT
usync.js
eus.rubiconproject.com/ Frame F096 		32 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.js
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=gumgum
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.73.244.44 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-73-244-44.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash
4ac95c59a70b7c78d9dcfce05d1dcfd512e8f083d1525cf5d34ee3f57bf8e325

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://eus.rubiconproject.com/usync.html?p=gumgum
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date
Mon, 08 Nov 2021 15:48:09 GMT
Content-Encoding
gzip
Last-Modified
Wed, 03 Nov 2021 21:03:19 GMT
Server
Apache/2.2.15 (CentOS)
X-Powered-By
PHP/5.3.3
Vary
Accept-Encoding
p3p
CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control
max-age=62567
Connection
keep-alive
Content-Type
text/html; charset=UTF-8
Content-Length
9506
Expires
Tue, 09 Nov 2021 09:10:56 GMT
usync.js
eus.rubiconproject.com/ Frame C596 		32 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.js
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=gumgum
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.73.244.44 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-73-244-44.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash
4ac95c59a70b7c78d9dcfce05d1dcfd512e8f083d1525cf5d34ee3f57bf8e325

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://eus.rubiconproject.com/usync.html?p=gumgum
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date
Mon, 08 Nov 2021 15:48:09 GMT
Content-Encoding
gzip
Last-Modified
Wed, 03 Nov 2021 21:03:19 GMT
Server
Apache/2.2.15 (CentOS)
X-Powered-By
PHP/5.3.3
Vary
Accept-Encoding
p3p
CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control
max-age=62567
Connection
keep-alive
Content-Type
text/html; charset=UTF-8
Content-Length
9506
Expires
Tue, 09 Nov 2021 09:10:56 GMT
ptmd
dt.clnmde.com/ 		70 B
330 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dt.clnmde.com/ptmd?t=16363864849763280910398_N4IgHgZiBcIAwDYIEYDGAmAnAEwEbowHYBWADnQFNcBmXUuAFhXWIWvULhABpwIAXGCFLUKCCpky4IDOLkIME6ahFTViyFdjipimOOmw8QASwBuMBrwDO-AIb8ArtZgBtanG7JMAXV4AvOxhkXgAHAHMhC14KADsLWFDjcIALIWQ2NlIEBlIGTEI2dHpMZDhqTFJjfhdYZAYsegUlYjJjM1qQBAA6OG6GBmRjOwAbGGpeVRgAWhCQCn4TdMzqbNyGY1tI6E8QawBrZeosnLyAfVJvFkQDciqYkyTYakJu5HQ+j+I3-PaKACchKF-gB7IwxRxBaBzRxLHYxMxjaCuUCxOwAWwoQlwJmw2ABZ1xxmwDihoBxeIJROgsUcIxGvDMJkJRjqKzWeWoq2IL0YxBAAF8BdxURisbAKfj-iziaSYOTcVKZTS6QyQEzlSAMsdVqcGgxWOh8qtBcLRZjsYqqeCQCT7PKQJLrTBafTGczqVr2XrCL6eTliqaRSA0RaJVbpUTeHayY6I8rXWqNZ7tSd1jrCsRfehTX4QKEOm54AACdAfODFoZ56wjWxHNN5TAITDGEZQaHuzWp3XptiZ7PGVDOfia0gAYQAqsQAEIAEQQAFEAOrJVDBb25UrIOYAR3FcwgcLgAqAA
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.211.217.109 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-18-211-217-109.compute-1.amazonaws.com
Software
/ Express
Resource Hash
c414cd0e204de974f73753c7e28d7638e7b3691bb8b1a2bab6b25bb7fed7ce77

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

access-control-allow-origin
*
date
Mon, 08 Nov 2021 15:48:09 GMT
x-powered-by
Express
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Bafp-Eg, Bafp-Ec, Bafp-Eg-T, Bafp-Ec-T
access-control-max-age
1800
access-control-allow-methods
GET,PUT,POST,DELETE,OPTIONS
content-type
image/gif
usync.js
eus.rubiconproject.com/ Frame 7BE2 		32 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.js
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=gumgum
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.73.244.44 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-73-244-44.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash
4ac95c59a70b7c78d9dcfce05d1dcfd512e8f083d1525cf5d34ee3f57bf8e325

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://eus.rubiconproject.com/usync.html?p=gumgum
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date
Mon, 08 Nov 2021 15:48:09 GMT
Content-Encoding
gzip
Last-Modified
Wed, 03 Nov 2021 21:03:19 GMT
Server
Apache/2.2.15 (CentOS)
X-Powered-By
PHP/5.3.3
Vary
Accept-Encoding
p3p
CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control
max-age=62567
Connection
keep-alive
Content-Type
text/html; charset=UTF-8
Content-Length
9506
Expires
Tue, 09 Nov 2021 09:10:56 GMT
PugMaster
image6.pubmatic.com/AdServer/ Frame 6F53 		0
39 B 		Script
General
Check archive.org
Download Go to
Full URL
https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=79276624&p=0&s=0&a=0&ptask=ALL&np=0&fp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=0&gdprConsent=
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
8.28.7.81 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:07 GMT
content-length
0
pixel.gif
px.moatads.com/ Frame B1D3 		43 B
260 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.moatads.com/pixel.gif?e=5&q=0&hp=1&ra=1&pxm=7&sgs=3&vb=-1&kq=1&lo=0&uk=null&pk=0&wk=0&rk=0&tk=0&ak=-&i=SENDGRID_DCM1&ol=453615052&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~tM!90vv9L%24%2FoDb%2FG)lKr%23l9jmUdTfN%5Bqir1fcSC%3AU%3FWOvTh%7CzFK%3F%5B%22l!j%3F%5DV%22%3BU!%2FBwj%5DUG0U20!9%3Am%5EG..%2C*%5D%407%25rxaxcpaO%2BZ%5EhG%22%3ExZq%224%7CQjw%60.%7Bi%3F%5DQZ%2CA2%2BNhloI%40s1%7CZ5*%3FVl%3Fe3%7CqL5%40J%3D%5B*EjrG%3DH%3CA.a%24%7D9H%3BatASYUby%3D(tN%23V.x%3Bm_Qrw5.W%2F84VKp%40i6AKx!f%3EUYoo813_xB%2CN22Ib%40aFB&tf=1_nMzjG---CSa7H-nHVQZC-bW7qhB-LRwqH-nMzjG-&vi=111111&rc=2%2C1%2C0%2C3%2C3326192205%2C1%2C4%2C0%2Cprobably%2Cprobably&rb=1-KyBnW%2BgiY9PHPf0uHVjPGlx1P1tMeAYh8VIp1Vf7AbESGfrl5%2FmliBNlAlwWxmRnpyWz&rs=1-3F41M1%2F1Kg7M0g%3D%3D&sc=1&os=1-aw%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MxOtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJfR0BqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=&qc=0&qd=0&qf=728&qe=90&qh=1600&qg=1200&qm=0&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&ql=%3B%5BpwxnRd%7Dt%3Aal9EU%22y%2F.D%5B5%2F%5BGI%3Fi6%5EB61%2F%3DSqcMr1%7B%2CTu9LJJ(a.P%2B)s1(uA&qo=0&qr=0&bq=0&g=3&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&h=90&w=728&zGSRC=1&gu=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F112825%2Fmalware%2Fgolang-based-worm-windows-linux.html&id=0&ii=6&f=1&j=https%3A%2F%2Fsecurityaffairs.co&lp=https%3A%2F%2Fsecurityaffairs.co&t=1636386486929&de=974024140004&cu=1636386486929&m=1626&ar=553ffc12ef5-clean&iw=9a4f3d2&cb=0&ym=0&ll=2&lm=2&ln=1&r=0&dl=0&nh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=94&le=1&gm=1&io=1&ch=1&vv=3&vw=0%3A3%3A0&vp=100&vx=-%3A100%3A-&pe=0%3A523%3A523%3A0%3A1100&aa=1&ad=1323&cn=1323&gn=1&gk=1323&gl=1323&ik=1323&ic=1323&ez=1&co=1323&cp=848&cq=1&im=1&in=1&pd=1&nb=1&em=0&en=0&st=1&su=1&of=1&oz=1&oe=0%3A0%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=848&cd=848&ah=848&am=848&xd=00&rf=0&re=1&wb=1&cl=0&at=0&d=22143192%3A3112338%3A318428647%3A160158782&bo=securityaffairs.co&bd=securityaffairs.co&gw=sendgriddcm593119715704&zMoatOrigSlicer1=N%2FA&zMoatOrigSlicer2=N%2FA&hv=Standard%20Image%20Ad%20finding%20&ab=1&ac=1&fd=1&kt=sframe&it=500&fz=1&oq=1&ot=ff&zMoatJS=3%3A-&ti=0&ih=1&jm=-1&tc=0&fs=195402&na=1973766671&cs=0
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=90&slotname=Internal_728x90_0.10&adk=1194620937&adf=1480696129&pi=t.ma~as.Internal_728x90_0.10&w=728&lmt=1636386485&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F112825%2Fmalware%2Fgolang-based-worm-windows-linux.html&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1636386485752&bpp=6&bdt=145&idt=196&shv=r20211103&mjsv=m202111020101&ptt=5&saldr=sa&correlator=6653099393600&frm=21&ife=1&pv=1&ga_vid=826445048.1636386485&ga_sid=1636386486&ga_hid=1670877418&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=320&ady=518&biw=1600&bih=1200&isw=728&ish=90&ifk=1904614804&scr_x=0&scr_y=0&eid=31062938&oid=2&pvsid=1757560233294358&pem=843&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.xa1tfz6tg05z&fsb=1&xpc=jgpFHxDAe2&p=https%3A//securityaffairs.co&dtd=211
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
184.29.129.187 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-29-129-187.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:09 GMT
last-modified
Fri, 20 May 2016 15:16:00 GMT
server
AkamaiNetStorage
etag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type
image/gif
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-length
43
expires
Mon, 08 Nov 2021 15:48:09 GMT
lFqatAGMGI5ruFOuc2G8YqsaAHQUb5EGFuJALWeAUJk.js
pagead2.googlesyndication.com/bg/ Frame 8B93 		35 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/lFqatAGMGI5ruFOuc2G8YqsaAHQUb5EGFuJALWeAUJk.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81c::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
945a9ab4018c188e6bb853ae7361bc62ab1a0074146f910616e2402d67805099
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 09:01:31 GMT
content-encoding
br
x-content-type-options
nosniff
age
24398
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13523
x-xss-protection
0
last-modified
Fri, 29 Oct 2021 13:38:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Tue, 08 Nov 2022 09:01:31 GMT
lFqatAGMGI5ruFOuc2G8YqsaAHQUb5EGFuJALWeAUJk.js
pagead2.googlesyndication.com/bg/ Frame 1D09 		35 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/lFqatAGMGI5ruFOuc2G8YqsaAHQUb5EGFuJALWeAUJk.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81c::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
945a9ab4018c188e6bb853ae7361bc62ab1a0074146f910616e2402d67805099
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 09:01:31 GMT
content-encoding
br
x-content-type-options
nosniff
age
24398
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13523
x-xss-protection
0
last-modified
Fri, 29 Oct 2021 13:38:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Tue, 08 Nov 2022 09:01:31 GMT
cm
us-u.openx.net/w/1.0/ Frame 40A1
Redirect Chain
  • https://ssc-cms.33across.com/ps/?us_privacy=&ts=1636386488191.4&ri=70&ru=https%3A%2F%2Fus-u.openx.net%2Fw%2F1.0%2Fcm%3Fid%3Dc6a5ba0d-ce02-41bd-a1ea-842c68bd5108%26ph%3D8f5ed5d4-642c-4222-968a-d709c...
  • https://us-u.openx.net/w/1.0/cm?id=c6a5ba0d-ce02-41bd-a1ea-842c68bd5108&ph=8f5ed5d4-642c-4222-968a-d709c87ac3c8&us_privacy=&r=https%3A%2F%2Fcms-xch-chicago.33across.com%2Fmatch%3Fus_privacy%3D%26bi...
1 KB
666 B 		Document
General
Check archive.org
Download Go to
Full URL
https://us-u.openx.net/w/1.0/cm?id=c6a5ba0d-ce02-41bd-a1ea-842c68bd5108&ph=8f5ed5d4-642c-4222-968a-d709c87ac3c8&us_privacy=&r=https%3A%2F%2Fcms-xch-chicago.33across.com%2Fmatch%3Fus_privacy%3D%26bidder_id%3D70%26external_user_id%3D
Requested by
Host: de.tynt.com
URL: https://de.tynt.com/deb/?m=xch&rt=html&id=0013300001r0t9mAAA&ru=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dtta%26i%3D33XUSERID33X
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/16.218.0 /
Resource Hash
e97db8601c066ede460dbfceacf13b0adc33d3fa3fe853bd15c3395fb39f10cf

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
about:blank

Response headers

vary
Accept, Accept-Encoding
server
OXGW/16.218.0
p3p
CP="CUR ADM OUR NOR STA NID"
date
Mon, 08 Nov 2021 15:48:09 GMT
content-type
text/html
content-length
646
content-encoding
gzip
via
1.1 google
alt-svc
clear

Redirect headers

p3p
CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
referrer-policy
unsafe-url
pragma
no-cache
cache-control
no-store, no-cache, must-revalidate
expires
Thu, 01-Jan-70 00:00:01 GMT
x-33x-status
40000000008200000A
server
33XP004
location
https://us-u.openx.net/w/1.0/cm?id=c6a5ba0d-ce02-41bd-a1ea-842c68bd5108&ph=8f5ed5d4-642c-4222-968a-d709c87ac3c8&us_privacy=&r=https%3A%2F%2Fcms-xch-chicago.33across.com%2Fmatch%3Fus_privacy%3D%26bidder_id%3D70%26external_user_id%3D
content-length
0
date
Mon, 08 Nov 2021 15:48:08 GMT
usersync
rtb.gumgum.com/ Frame 5540
Redirect Chain
  • https://ssc-cms.33across.com/ps/?_=1636386488191.&ri=0013300001r0t9mAAA&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=&ru=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dtta%26i%3D33XUSERID33X
  • https://rtb.gumgum.com/usersync?b=tta&i=118767487923505
35 B
237 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb.gumgum.com/usersync?b=tta&i=118767487923505
Requested by
Host: de.tynt.com
URL: https://de.tynt.com/deb/?m=xch&rt=html&id=0013300001r0t9mAAA&ru=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dtta%26i%3D33XUSERID33X
Protocol
H2
Server
34.233.157.225 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-233-157-225.compute-1.amazonaws.com
Software
nginx /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://de.tynt.com/deb/?m=xch&rt=html&id=0013300001r0t9mAAA&ru=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dtta%26i%3D33XUSERID33X
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:09 GMT
content-type
image/gif;charset=UTF-8
server
nginx
p3p
CP="This is not a P3P policy"
cache-control
private, no-store, must-revalidate, max-age=0
timing-allow-origin
*
content-length
35
expires
0

Redirect headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:08 GMT
referrer-policy
unsafe-url
server
33XP001
x-33x-status
100000000008200000A
p3p
CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
location
https://rtb.gumgum.com/usersync?b=tta&i=118767487923505
cache-control
no-store, no-cache, must-revalidate
content-length
0
expires
Thu, 01-Jan-70 00:00:01 GMT
match
cms-xch-chicago.33across.com/ Frame 5540
Redirect Chain
  • https://ssc-cms.33across.com/ps/?us_privacy=&ts=1636386488191.2&ri=2&ru=https%3A%2F%2Fssum-sec.casalemedia.com%2Fusermatchredir%3Fs%3D191740%26us_privacy%3D%24%7BUS_PRIVACY%7D%26cb%3Dhttps%253A%252...
  • https://ssum-sec.casalemedia.com/usermatchredir?s=191740&us_privacy=&cb=https%3A%2F%2Fcms-xch-chicago.33across.com%2Fmatch%3Fus_privacy%3D%26bidder_id%3D2%26external_user_id%3D
  • https://cms-xch-chicago.33across.com/match?us_privacy=&bidder_id=2&external_user_id=YYlGtSCPhl8A5ZZDXjjRgQAA%26479
68 B
127 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cms-xch-chicago.33across.com/match?us_privacy=&bidder_id=2&external_user_id=YYlGtSCPhl8A5ZZDXjjRgQAA%26479
Requested by
Host: de.tynt.com
URL: https://de.tynt.com/deb/?m=xch&rt=html&id=0013300001r0t9mAAA&ru=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dtta%26i%3D33XUSERID33X
Protocol
H2
Server
34.117.239.71 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
71.239.117.34.bc.googleusercontent.com
Software
nginx/1.20.1 /
Resource Hash
2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://de.tynt.com/deb/?m=xch&rt=html&id=0013300001r0t9mAAA&ru=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dtta%26i%3D33XUSERID33X
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:09 GMT
via
1.1 google, 1.1 google
server
nginx/1.20.1
cache-control
no-cache, no-store, max-age=0, must-revalidate
alt-svc
clear
content-length
68
content-type
image/png

Redirect headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:09 GMT
Server
Apache
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location
https://cms-xch-chicago.33across.com/match?us_privacy=&bidder_id=2&external_user_id=YYlGtSCPhl8A5ZZDXjjRgQAA%26479
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
text/html; charset=iso-8859-1
Content-Length
306
Expires
Mon, 08 Nov 2021 15:48:09 GMT
match
cms-xch-chicago.33across.com/ Frame 5540
Redirect Chain
  • https://ssc-cms.33across.com/ps/?us_privacy=&ts=1636386488191.3&ri=45&ru=https%3A%2F%2Fpixel-sync.sitescout.com%2Fdmp%2FpixelSync%3Fnid%3D104%26us_privacy%3D%24%7BUS_PRIVACY%7D%26redir%3Dhttps%253A...
  • https://pixel-sync.sitescout.com/dmp/pixelSync?nid=104&us_privacy=&redir=https%3A%2F%2Fcms-xch-chicago.33across.com%2Fmatch%3Fus_privacy%3D%26bidder_id%3D45%26external_user_id%3D%7BuserId%7D
  • https://cms-xch-chicago.33across.com/match?us_privacy=&bidder_id=45&external_user_id=c5a8c34f-a2af-431f-bc5a-09806d7b694f-618946b5-4341
68 B
127 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cms-xch-chicago.33across.com/match?us_privacy=&bidder_id=45&external_user_id=c5a8c34f-a2af-431f-bc5a-09806d7b694f-618946b5-4341
Requested by
Host: de.tynt.com
URL: https://de.tynt.com/deb/?m=xch&rt=html&id=0013300001r0t9mAAA&ru=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dtta%26i%3D33XUSERID33X
Protocol
H2
Server
34.117.239.71 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
71.239.117.34.bc.googleusercontent.com
Software
nginx/1.20.1 /
Resource Hash
2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://de.tynt.com/deb/?m=xch&rt=html&id=0013300001r0t9mAAA&ru=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dtta%26i%3D33XUSERID33X
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:09 GMT
via
1.1 google, 1.1 google
server
nginx/1.20.1
cache-control
no-cache, no-store, max-age=0, must-revalidate
alt-svc
clear
content-length
68
content-type
image/png

Redirect headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:08 GMT
server
AC1.1
p3p
CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
location
https://cms-xch-chicago.33across.com/match?us_privacy=&bidder_id=45&external_user_id=c5a8c34f-a2af-431f-bc5a-09806d7b694f-618946b5-4341
cache-control
max-age=0,no-cache,no-store
content-length
0
expires
Tue, 11 Oct 1977 12:34:56 GMT
match
cms-xch-chicago.33across.com/ Frame 5540
Redirect Chain
  • https://ssc-cms.33across.com/ps/?us_privacy=&ts=1636386488191.5&ri=90&ru=https%3A%2F%2Fib.adnxs.com%2Fgetuid%3Fhttps%253A%252F%252Fcms-xch-chicago.33across.com%252Fmatch%253Fus_privacy%253D%24%7BUS...
  • https://ib.adnxs.com/getuid?https%3A%2F%2Fcms-xch-chicago.33across.com%2Fmatch%3Fus_privacy%3D%26bidder_id%3D90%26external_user_id%3D%24UID
  • https://cms-xch-chicago.33across.com/match?us_privacy=&bidder_id=90&external_user_id=6624566760367890375
68 B
127 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cms-xch-chicago.33across.com/match?us_privacy=&bidder_id=90&external_user_id=6624566760367890375
Requested by
Host: de.tynt.com
URL: https://de.tynt.com/deb/?m=xch&rt=html&id=0013300001r0t9mAAA&ru=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dtta%26i%3D33XUSERID33X
Protocol
H2
Server
34.117.239.71 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
71.239.117.34.bc.googleusercontent.com
Software
nginx/1.20.1 /
Resource Hash
2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://de.tynt.com/deb/?m=xch&rt=html&id=0013300001r0t9mAAA&ru=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dtta%26i%3D33XUSERID33X
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:09 GMT
via
1.1 google, 1.1 google
server
nginx/1.20.1
cache-control
no-cache, no-store, max-age=0, must-revalidate
alt-svc
clear
content-length
68
content-type
image/png

Redirect headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:09 GMT
X-Proxy-Origin
37.120.205.149; 37.120.205.149; 803.bm-nginx-loadbalancer.mgmt.nym2; adnxs.com
AN-X-Request-Uuid
88107a62-e3a6-4402-a126-155d3579d1d3
Server
nginx/1.17.9
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://cms-xch-chicago.33across.com/match?us_privacy=&bidder_id=90&external_user_id=6624566760367890375
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
match
cms-xch-chicago.33across.com/ Frame 5540
Redirect Chain
  • https://bttrack.com/pixel/cookiesync?source=2c3b95b9-6513-42b2-beb7-260851c73b75&secure=1&us_privacy=&cb=1636386488191.6
  • https://ssc-cms.33across.com/ps/?xi=66&us_privacy=&xu=b5a15e19-2aa1-4108-b786-bdbca5b08fdd
  • https://cms-xch-chicago.33across.com/match?bidder_id=66&external_user_id=b5a15e19-2aa1-4108-b786-bdbca5b08fdd&ts=1636386489&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=
68 B
127 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cms-xch-chicago.33across.com/match?bidder_id=66&external_user_id=b5a15e19-2aa1-4108-b786-bdbca5b08fdd&ts=1636386489&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=
Requested by
Host: de.tynt.com
URL: https://de.tynt.com/deb/?m=xch&rt=html&id=0013300001r0t9mAAA&ru=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dtta%26i%3D33XUSERID33X
Protocol
H2
Server
34.117.239.71 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
71.239.117.34.bc.googleusercontent.com
Software
nginx/1.20.1 /
Resource Hash
2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://de.tynt.com/deb/?m=xch&rt=html&id=0013300001r0t9mAAA&ru=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dtta%26i%3D33XUSERID33X
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:09 GMT
via
1.1 google, 1.1 google
server
nginx/1.20.1
cache-control
no-cache, no-store, max-age=0, must-revalidate
alt-svc
clear
content-length
68
content-type
image/png

Redirect headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:09 GMT
referrer-policy
unsafe-url
server
33XP002
x-33x-status
8000000008200000A
p3p
CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
location
https://cms-xch-chicago.33across.com/match?bidder_id=66&external_user_id=b5a15e19-2aa1-4108-b786-bdbca5b08fdd&ts=1636386489&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=
cache-control
no-store, no-cache, must-revalidate
content-length
0
expires
Thu, 01-Jan-70 00:00:01 GMT
match
cms-xch-chicago.33across.com/ Frame 5540
Redirect Chain
  • https://p.rfihub.com/cm?pub=35686&in=1&us_privacy=&lexicon_id=gg837c91b6dda57
  • https://ssc-cms.33across.com/ps/?xi=93&xu=978758875032371846&us_privacy=
  • https://cms-xch-chicago.33across.com/match?bidder_id=93&external_user_id=978758875032371846&ts=1636386489&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=
68 B
127 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cms-xch-chicago.33across.com/match?bidder_id=93&external_user_id=978758875032371846&ts=1636386489&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=
Requested by
Host: de.tynt.com
URL: https://de.tynt.com/deb/?m=xch&rt=html&id=0013300001r0t9mAAA&ru=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dtta%26i%3D33XUSERID33X
Protocol
H2
Server
34.117.239.71 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
71.239.117.34.bc.googleusercontent.com
Software
nginx/1.20.1 /
Resource Hash
2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://de.tynt.com/deb/?m=xch&rt=html&id=0013300001r0t9mAAA&ru=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dtta%26i%3D33XUSERID33X
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:09 GMT
via
1.1 google, 1.1 google
server
nginx/1.20.1
cache-control
no-cache, no-store, max-age=0, must-revalidate
alt-svc
clear
content-length
68
content-type
image/png

Redirect headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:08 GMT
referrer-policy
unsafe-url
server
33XP004
x-33x-status
8000000008200000A
p3p
CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
location
https://cms-xch-chicago.33across.com/match?bidder_id=93&external_user_id=978758875032371846&ts=1636386489&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=
cache-control
no-store, no-cache, must-revalidate
content-length
0
expires
Thu, 01-Jan-70 00:00:01 GMT
usersync
rtb.gumgum.com/ Frame F4A6
Redirect Chain
  • https://ssc-cms.33across.com/ps/?_=1636386488322.&ri=0013300001r0t9mAAA&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=&ru=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dtta%26i%3D33XUSERID33X
  • https://rtb.gumgum.com/usersync?b=tta&i=118767487923505
35 B
237 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb.gumgum.com/usersync?b=tta&i=118767487923505
Requested by
Host: de.tynt.com
URL: https://de.tynt.com/deb/?m=xch&rt=html&id=0013300001r0t9mAAA&ru=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dtta%26i%3D33XUSERID33X
Protocol
H2
Server
34.233.157.225 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-233-157-225.compute-1.amazonaws.com
Software
nginx /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://de.tynt.com/deb/?m=xch&rt=html&id=0013300001r0t9mAAA&ru=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dtta%26i%3D33XUSERID33X
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:09 GMT
content-type
image/gif;charset=UTF-8
server
nginx
p3p
CP="This is not a P3P policy"
cache-control
private, no-store, must-revalidate, max-age=0
timing-allow-origin
*
content-length
35
expires
0

Redirect headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:09 GMT
referrer-policy
unsafe-url
server
33XP002
x-33x-status
100000000008200000A
p3p
CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
location
https://rtb.gumgum.com/usersync?b=tta&i=118767487923505
cache-control
no-store, no-cache, must-revalidate
content-length
0
expires
Thu, 01-Jan-70 00:00:01 GMT
match
cms-xch-chicago.33across.com/ Frame F4A6
Redirect Chain
  • https://e.serverbid.com/udb/9969/match?redir=https%3A%2F%2Fssc-cms.33across.com%2Fps%2F%3Fxi%3D107%26xu%3D
  • https://ssc-cms.33across.com/ps/?xi=107&xu=ue1-sb1-95be7682-44f5-4f7d-92c1-e6300ddea10d
  • https://cms-xch-chicago.33across.com/match?bidder_id=107&external_user_id=ue1-sb1-95be7682-44f5-4f7d-92c1-e6300ddea10d&ts=1636386489&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=
68 B
127 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cms-xch-chicago.33across.com/match?bidder_id=107&external_user_id=ue1-sb1-95be7682-44f5-4f7d-92c1-e6300ddea10d&ts=1636386489&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=
Requested by
Host: de.tynt.com
URL: https://de.tynt.com/deb/?m=xch&rt=html&id=0013300001r0t9mAAA&ru=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dtta%26i%3D33XUSERID33X
Protocol
H2
Server
34.117.239.71 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
71.239.117.34.bc.googleusercontent.com
Software
nginx/1.20.1 /
Resource Hash
2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://de.tynt.com/deb/?m=xch&rt=html&id=0013300001r0t9mAAA&ru=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dtta%26i%3D33XUSERID33X
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:09 GMT
via
1.1 google, 1.1 google
server
nginx/1.20.1
cache-control
no-cache, no-store, max-age=0, must-revalidate
alt-svc
clear
content-length
68
content-type
image/png

Redirect headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:08 GMT
referrer-policy
unsafe-url
server
33XP005
x-33x-status
8000000008200000A
p3p
CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
location
https://cms-xch-chicago.33across.com/match?bidder_id=107&external_user_id=ue1-sb1-95be7682-44f5-4f7d-92c1-e6300ddea10d&ts=1636386489&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=
cache-control
no-store, no-cache, must-revalidate
content-length
0
expires
Thu, 01-Jan-70 00:00:01 GMT
match
cms-xch-chicago.33across.com/ Frame F4A6
Redirect Chain
  • https://pixel.advertising.com/ups/58410/sync?gdpr=&gdpr_consent=&redir=true&us_privacy=
  • https://ups.analytics.yahoo.com/ups/58410/sync?gdpr=&gdpr_consent=&redir=true&us_privacy=&apid=UP44b8ce41-40ab-11ec-bb7b-02c4b955a223
  • https://ssc-cms.33across.com/ps/?xi=108&xu=UP44b8ce41-40ab-11ec-bb7b-02c4b955a223
  • https://cms-xch-chicago.33across.com/match?bidder_id=108&external_user_id=UP44b8ce41-40ab-11ec-bb7b-02c4b955a223&ts=1636386489&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=
68 B
127 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cms-xch-chicago.33across.com/match?bidder_id=108&external_user_id=UP44b8ce41-40ab-11ec-bb7b-02c4b955a223&ts=1636386489&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=
Requested by
Host: de.tynt.com
URL: https://de.tynt.com/deb/?m=xch&rt=html&id=0013300001r0t9mAAA&ru=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dtta%26i%3D33XUSERID33X
Protocol
H2
Server
34.117.239.71 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
71.239.117.34.bc.googleusercontent.com
Software
nginx/1.20.1 /
Resource Hash
2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://de.tynt.com/deb/?m=xch&rt=html&id=0013300001r0t9mAAA&ru=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dtta%26i%3D33XUSERID33X
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:09 GMT
via
1.1 google, 1.1 google
server
nginx/1.20.1
cache-control
no-cache, no-store, max-age=0, must-revalidate
alt-svc
clear
content-length
68
content-type
image/png

Redirect headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:08 GMT
referrer-policy
unsafe-url
server
33XP005
x-33x-status
8000000008200000A
p3p
CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
location
https://cms-xch-chicago.33across.com/match?bidder_id=108&external_user_id=UP44b8ce41-40ab-11ec-bb7b-02c4b955a223&ts=1636386489&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=
cache-control
no-store, no-cache, must-revalidate
content-length
0
expires
Thu, 01-Jan-70 00:00:01 GMT
pixel
ps.eyeota.net/ Frame F4A6 		0
344 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ps.eyeota.net/pixel?pid=c9gd671&t=gif&uid=hPS7qGGJRrcR45bsJK7TYw%3D%3D&us_privacy=&33random=1636386488322.4&cat=33across
Requested by
Host: de.tynt.com
URL: https://de.tynt.com/deb/?m=xch&rt=html&id=0013300001r0t9mAAA&ru=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dtta%26i%3D33XUSERID33X
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
34.197.192.192 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-197-192-192.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://de.tynt.com/deb/?m=xch&rt=html&id=0013300001r0t9mAAA&ru=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dtta%26i%3D33XUSERID33X
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date
Mon, 08 Nov 2021 15:48:09 GMT
Content-Length
0
P3P
CP="CURa ADMa DEVa TAIo PSAo PSDo OUR SAMo BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR", policyref="http://ps.eyeota.net/w3c/p3p.xml"
usermatch.gif
beacon.krxd.net/ Frame F4A6
Redirect Chain
  • https://pixel.tapad.com/idsync/ex/receive?partner_id=1388&partner_device_id=hPS7qGGJRrcR45bsJK7TYw%3D%3D&us_privacy=&random=1636386488322.5&redirect=https%3A%2F%2Fthinkcxad.azurewebsites.net%2Fapi%...
  • https://secure.adnxs.com/getuid?https%3A%2F%2Fpixel.tapad.com%2Fidsync%2Fex%2Freceive%3Fpartner_id%3DAPPNEXUS%26partner_device_id%3D%24UID%26pt%3Daec29ca0-3c0f-4554-9025-2ee595f559f2%252Chttps%253A...
  • https://pixel.tapad.com/idsync/ex/receive?partner_id=APPNEXUS&partner_device_id=6624566760367890375&pt=aec29ca0-3c0f-4554-9025-2ee595f559f2%2Chttps%3A%2F%2Fusermatch.krxd.net%2Fum%2Fv2%3Fpartner%3D...
  • https://usermatch.krxd.net/um/v2?partner=tapad
  • https://pixel.tapad.com/idsync/ex/receive?partner_id=1969&partner_device_id=OeEHC_iZ&partner_url=https://beacon.krxd.net/usermatch.gif?partner%3Dtapad%26partner_uid%3D$%7BTA_DEVICE_ID%7D
  • https://beacon.krxd.net/usermatch.gif?partner=tapad&partner_uid=aec29ca0-3c0f-4554-9025-2ee595f559f2
0
337 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://beacon.krxd.net/usermatch.gif?partner=tapad&partner_uid=aec29ca0-3c0f-4554-9025-2ee595f559f2
Requested by
Host: de.tynt.com
URL: https://de.tynt.com/deb/?m=xch&rt=html&id=0013300001r0t9mAAA&ru=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dtta%26i%3D33XUSERID33X
Protocol
H2
Server
54.156.89.184 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-156-89-184.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://de.tynt.com/deb/?m=xch&rt=html&id=0013300001r0t9mAAA&ru=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dtta%26i%3D33XUSERID33X
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:09 GMT
cache-control
private, no-cache, no-store
x-request-time
D=44 t=1636386489
x-served-by
beacon-n036-ash-prod.krxd.net
p3p
policyref="https://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

location
https://beacon.krxd.net/usermatch.gif?partner=tapad&partner_uid=aec29ca0-3c0f-4554-9025-2ee595f559f2
date
Mon, 08 Nov 2021 15:48:09 GMT
via
1.1 google
alt-svc
clear
content-length
0
strict-transport-security
max-age=31536000
p3p
policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
match
cms-xch-chicago.33across.com/ Frame 0471
Redirect Chain
  • https://e.serverbid.com/udb/9969/match?redir=https%3A%2F%2Fssc-cms.33across.com%2Fps%2F%3Fxi%3D107%26xu%3D
  • https://ssc-cms.33across.com/ps/?xi=107&xu=ue1-sb1-6f3fcf90-08fa-4fe3-b170-bd10b0eda633
  • https://cms-xch-chicago.33across.com/match?bidder_id=107&external_user_id=ue1-sb1-6f3fcf90-08fa-4fe3-b170-bd10b0eda633&ts=1636386489&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=
68 B
127 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cms-xch-chicago.33across.com/match?bidder_id=107&external_user_id=ue1-sb1-6f3fcf90-08fa-4fe3-b170-bd10b0eda633&ts=1636386489&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=
Requested by
Host: de.tynt.com
URL: https://de.tynt.com/deb/?m=xch&rt=html&id=0013300001r0t9mAAA&ru=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dtta%26i%3D33XUSERID33X
Protocol
H2
Server
34.117.239.71 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
71.239.117.34.bc.googleusercontent.com
Software
nginx/1.20.1 /
Resource Hash
2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://de.tynt.com/deb/?m=xch&rt=html&id=0013300001r0t9mAAA&ru=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dtta%26i%3D33XUSERID33X
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:09 GMT
via
1.1 google, 1.1 google
server
nginx/1.20.1
cache-control
no-cache, no-store, max-age=0, must-revalidate
alt-svc
clear
content-length
68
content-type
image/png

Redirect headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:08 GMT
referrer-policy
unsafe-url
server
33XP003
x-33x-status
8000000008200000A
p3p
CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
location
https://cms-xch-chicago.33across.com/match?bidder_id=107&external_user_id=ue1-sb1-6f3fcf90-08fa-4fe3-b170-bd10b0eda633&ts=1636386489&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=
cache-control
no-store, no-cache, must-revalidate
content-length
0
expires
Thu, 01-Jan-70 00:00:01 GMT
match
cms-xch-chicago.33across.com/ Frame 0471
Redirect Chain
  • https://pixel.advertising.com/ups/58410/sync?gdpr=&gdpr_consent=&redir=true&us_privacy=
  • https://ups.analytics.yahoo.com/ups/58410/sync?gdpr=&gdpr_consent=&redir=true&us_privacy=&apid=UP44b8ce41-40ab-11ec-bb7b-02c4b955a223
  • https://ssc-cms.33across.com/ps/?xi=108&xu=UP44b8ce41-40ab-11ec-bb7b-02c4b955a223
  • https://cms-xch-chicago.33across.com/match?bidder_id=108&external_user_id=UP44b8ce41-40ab-11ec-bb7b-02c4b955a223&ts=1636386489&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=
68 B
127 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cms-xch-chicago.33across.com/match?bidder_id=108&external_user_id=UP44b8ce41-40ab-11ec-bb7b-02c4b955a223&ts=1636386489&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=
Requested by
Host: de.tynt.com
URL: https://de.tynt.com/deb/?m=xch&rt=html&id=0013300001r0t9mAAA&ru=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dtta%26i%3D33XUSERID33X
Protocol
H2
Server
34.117.239.71 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
71.239.117.34.bc.googleusercontent.com
Software
nginx/1.20.1 /
Resource Hash
2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://de.tynt.com/deb/?m=xch&rt=html&id=0013300001r0t9mAAA&ru=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dtta%26i%3D33XUSERID33X
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:09 GMT
via
1.1 google, 1.1 google
server
nginx/1.20.1
cache-control
no-cache, no-store, max-age=0, must-revalidate
alt-svc
clear
content-length
68
content-type
image/png

Redirect headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:09 GMT
referrer-policy
unsafe-url
server
33XP002
x-33x-status
8000000008200000A
p3p
CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
location
https://cms-xch-chicago.33across.com/match?bidder_id=108&external_user_id=UP44b8ce41-40ab-11ec-bb7b-02c4b955a223&ts=1636386489&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=
cache-control
no-store, no-cache, must-revalidate
content-length
0
expires
Thu, 01-Jan-70 00:00:01 GMT
usersync
rtb.gumgum.com/ Frame 0471
Redirect Chain
  • https://ssc-cms.33across.com/ps/?_=1636386488370.&ri=0013300001r0t9mAAA&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=&ru=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dtta%26i%3D33XUSERID33X
  • https://rtb.gumgum.com/usersync?b=tta&i=118767487923505
35 B
237 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb.gumgum.com/usersync?b=tta&i=118767487923505
Requested by
Host: de.tynt.com
URL: https://de.tynt.com/deb/?m=xch&rt=html&id=0013300001r0t9mAAA&ru=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dtta%26i%3D33XUSERID33X
Protocol
H2
Server
34.233.157.225 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-233-157-225.compute-1.amazonaws.com
Software
nginx /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://de.tynt.com/deb/?m=xch&rt=html&id=0013300001r0t9mAAA&ru=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dtta%26i%3D33XUSERID33X
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:09 GMT
content-type
image/gif;charset=UTF-8
server
nginx
p3p
CP="This is not a P3P policy"
cache-control
private, no-store, must-revalidate, max-age=0
timing-allow-origin
*
content-length
35
expires
0

Redirect headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:09 GMT
referrer-policy
unsafe-url
server
33XP002
x-33x-status
100000000008200000A
p3p
CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
location
https://rtb.gumgum.com/usersync?b=tta&i=118767487923505
cache-control
no-store, no-cache, must-revalidate
content-length
0
expires
Thu, 01-Jan-70 00:00:01 GMT
pixel
ps.eyeota.net/ Frame 0471 		0
344 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ps.eyeota.net/pixel?pid=c9gd671&t=gif&uid=hPS7qGGJRrcR45bsJK7TYw%3D%3D&us_privacy=&33random=1636386488370.4&cat=33across
Requested by
Host: de.tynt.com
URL: https://de.tynt.com/deb/?m=xch&rt=html&id=0013300001r0t9mAAA&ru=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dtta%26i%3D33XUSERID33X
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
34.197.192.192 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-197-192-192.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://de.tynt.com/deb/?m=xch&rt=html&id=0013300001r0t9mAAA&ru=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dtta%26i%3D33XUSERID33X
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date
Mon, 08 Nov 2021 15:48:09 GMT
Content-Length
0
P3P
CP="CURa ADMa DEVa TAIo PSAo PSDo OUR SAMo BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR", policyref="http://ps.eyeota.net/w3c/p3p.xml"
usermatch.gif
beacon.krxd.net/ Frame 0471
Redirect Chain
  • https://pixel.tapad.com/idsync/ex/receive?partner_id=1388&partner_device_id=hPS7qGGJRrcR45bsJK7TYw%3D%3D&us_privacy=&random=1636386488370.5&redirect=https%3A%2F%2Fthinkcxad.azurewebsites.net%2Fapi%...
  • https://secure.adnxs.com/getuid?https%3A%2F%2Fpixel.tapad.com%2Fidsync%2Fex%2Freceive%3Fpartner_id%3DAPPNEXUS%26partner_device_id%3D%24UID%26pt%3Daec29ca0-3c0f-4554-9025-2ee595f559f2%252Chttps%253A...
  • https://pixel.tapad.com/idsync/ex/receive?partner_id=APPNEXUS&partner_device_id=6624566760367890375&pt=aec29ca0-3c0f-4554-9025-2ee595f559f2%2Chttps%3A%2F%2Fusermatch.krxd.net%2Fum%2Fv2%3Fpartner%3D...
  • https://usermatch.krxd.net/um/v2?partner=tapad
  • https://pixel.tapad.com/idsync/ex/receive?partner_id=1969&partner_device_id=OeEHC_iZ&partner_url=https://beacon.krxd.net/usermatch.gif?partner%3Dtapad%26partner_uid%3D$%7BTA_DEVICE_ID%7D
  • https://beacon.krxd.net/usermatch.gif?partner=tapad&partner_uid=aec29ca0-3c0f-4554-9025-2ee595f559f2
0
337 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://beacon.krxd.net/usermatch.gif?partner=tapad&partner_uid=aec29ca0-3c0f-4554-9025-2ee595f559f2
Requested by
Host: de.tynt.com
URL: https://de.tynt.com/deb/?m=xch&rt=html&id=0013300001r0t9mAAA&ru=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dtta%26i%3D33XUSERID33X
Protocol
H2
Server
54.156.89.184 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-156-89-184.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://de.tynt.com/deb/?m=xch&rt=html&id=0013300001r0t9mAAA&ru=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dtta%26i%3D33XUSERID33X
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:09 GMT
cache-control
private, no-cache, no-store
x-request-time
D=18 t=1636386489
x-served-by
beacon-n003-ash-prod.krxd.net
p3p
policyref="https://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

location
https://beacon.krxd.net/usermatch.gif?partner=tapad&partner_uid=aec29ca0-3c0f-4554-9025-2ee595f559f2
date
Mon, 08 Nov 2021 15:48:09 GMT
via
1.1 google
alt-svc
clear
content-length
0
strict-transport-security
max-age=31536000
p3p
policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
match
cms-xch-chicago.33across.com/ Frame A0C4
Redirect Chain
  • https://e.serverbid.com/udb/9969/match?redir=https%3A%2F%2Fssc-cms.33across.com%2Fps%2F%3Fxi%3D107%26xu%3D
  • https://ssc-cms.33across.com/ps/?xi=107&xu=ue1-sb1-aac4b4ad-72e2-4304-9ea7-b6e578416ced
  • https://cms-xch-chicago.33across.com/match?bidder_id=107&external_user_id=ue1-sb1-aac4b4ad-72e2-4304-9ea7-b6e578416ced&ts=1636386489&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=
68 B
127 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cms-xch-chicago.33across.com/match?bidder_id=107&external_user_id=ue1-sb1-aac4b4ad-72e2-4304-9ea7-b6e578416ced&ts=1636386489&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=
Requested by
Host: de.tynt.com
URL: https://de.tynt.com/deb/?m=xch&rt=html&id=0013300001r0t9mAAA&ru=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dtta%26i%3D33XUSERID33X
Protocol
H2
Server
34.117.239.71 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
71.239.117.34.bc.googleusercontent.com
Software
nginx/1.20.1 /
Resource Hash
2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://de.tynt.com/deb/?m=xch&rt=html&id=0013300001r0t9mAAA&ru=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dtta%26i%3D33XUSERID33X
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:09 GMT
via
1.1 google, 1.1 google
server
nginx/1.20.1
cache-control
no-cache, no-store, max-age=0, must-revalidate
alt-svc
clear
content-length
68
content-type
image/png

Redirect headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:09 GMT
referrer-policy
unsafe-url
server
33XP004
x-33x-status
8000000008200000A
p3p
CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
location
https://cms-xch-chicago.33across.com/match?bidder_id=107&external_user_id=ue1-sb1-aac4b4ad-72e2-4304-9ea7-b6e578416ced&ts=1636386489&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=
cache-control
no-store, no-cache, must-revalidate
content-length
0
expires
Thu, 01-Jan-70 00:00:01 GMT
match
cms-xch-chicago.33across.com/ Frame A0C4
Redirect Chain
  • https://pixel.advertising.com/ups/58410/sync?gdpr=&gdpr_consent=&redir=true&us_privacy=
  • https://ups.analytics.yahoo.com/ups/58410/sync?gdpr=&gdpr_consent=&redir=true&us_privacy=&apid=UP44b8ce41-40ab-11ec-bb7b-02c4b955a223
  • https://ssc-cms.33across.com/ps/?xi=108&xu=UP44b8ce41-40ab-11ec-bb7b-02c4b955a223
  • https://cms-xch-chicago.33across.com/match?bidder_id=108&external_user_id=UP44b8ce41-40ab-11ec-bb7b-02c4b955a223&ts=1636386489&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=
68 B
127 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cms-xch-chicago.33across.com/match?bidder_id=108&external_user_id=UP44b8ce41-40ab-11ec-bb7b-02c4b955a223&ts=1636386489&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=
Requested by
Host: de.tynt.com
URL: https://de.tynt.com/deb/?m=xch&rt=html&id=0013300001r0t9mAAA&ru=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dtta%26i%3D33XUSERID33X
Protocol
H2
Server
34.117.239.71 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
71.239.117.34.bc.googleusercontent.com
Software
nginx/1.20.1 /
Resource Hash
2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://de.tynt.com/deb/?m=xch&rt=html&id=0013300001r0t9mAAA&ru=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dtta%26i%3D33XUSERID33X
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:09 GMT
via
1.1 google, 1.1 google
server
nginx/1.20.1
cache-control
no-cache, no-store, max-age=0, must-revalidate
alt-svc
clear
content-length
68
content-type
image/png

Redirect headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:09 GMT
referrer-policy
unsafe-url
server
33XP002
x-33x-status
8000000008200000A
p3p
CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
location
https://cms-xch-chicago.33across.com/match?bidder_id=108&external_user_id=UP44b8ce41-40ab-11ec-bb7b-02c4b955a223&ts=1636386489&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=
cache-control
no-store, no-cache, must-revalidate
content-length
0
expires
Thu, 01-Jan-70 00:00:01 GMT
usersync
rtb.gumgum.com/ Frame A0C4
Redirect Chain
  • https://ssc-cms.33across.com/ps/?_=1636386488375.&ri=0013300001r0t9mAAA&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=&ru=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dtta%26i%3D33XUSERID33X
  • https://rtb.gumgum.com/usersync?b=tta&i=118767487923505
35 B
237 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb.gumgum.com/usersync?b=tta&i=118767487923505
Requested by
Host: de.tynt.com
URL: https://de.tynt.com/deb/?m=xch&rt=html&id=0013300001r0t9mAAA&ru=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dtta%26i%3D33XUSERID33X
Protocol
H2
Server
34.233.157.225 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-233-157-225.compute-1.amazonaws.com
Software
nginx /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://de.tynt.com/deb/?m=xch&rt=html&id=0013300001r0t9mAAA&ru=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dtta%26i%3D33XUSERID33X
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:09 GMT
content-type
image/gif;charset=UTF-8
server
nginx
p3p
CP="This is not a P3P policy"
cache-control
private, no-store, must-revalidate, max-age=0
timing-allow-origin
*
content-length
35
expires
0

Redirect headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:08 GMT
referrer-policy
unsafe-url
server
33XP003
x-33x-status
100000000008200000A
p3p
CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
location
https://rtb.gumgum.com/usersync?b=tta&i=118767487923505
cache-control
no-store, no-cache, must-revalidate
content-length
0
expires
Thu, 01-Jan-70 00:00:01 GMT
pixel
ps.eyeota.net/ Frame A0C4 		0
344 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ps.eyeota.net/pixel?pid=c9gd671&t=gif&uid=hPS7qGGJRrcR45bsJK7TYw%3D%3D&us_privacy=&33random=1636386488375.4&cat=33across
Requested by
Host: de.tynt.com
URL: https://de.tynt.com/deb/?m=xch&rt=html&id=0013300001r0t9mAAA&ru=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dtta%26i%3D33XUSERID33X
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
34.197.192.192 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-197-192-192.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://de.tynt.com/deb/?m=xch&rt=html&id=0013300001r0t9mAAA&ru=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dtta%26i%3D33XUSERID33X
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date
Mon, 08 Nov 2021 15:48:09 GMT
Content-Length
0
P3P
CP="CURa ADMa DEVa TAIo PSAo PSDo OUR SAMo BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR", policyref="http://ps.eyeota.net/w3c/p3p.xml"
usermatch.gif
beacon.krxd.net/ Frame A0C4
Redirect Chain
  • https://pixel.tapad.com/idsync/ex/receive?partner_id=1388&partner_device_id=hPS7qGGJRrcR45bsJK7TYw%3D%3D&us_privacy=&random=1636386488375.5&redirect=https%3A%2F%2Fthinkcxad.azurewebsites.net%2Fapi%...
  • https://secure.adnxs.com/getuid?https%3A%2F%2Fpixel.tapad.com%2Fidsync%2Fex%2Freceive%3Fpartner_id%3DAPPNEXUS%26partner_device_id%3D%24UID%26pt%3Daec29ca0-3c0f-4554-9025-2ee595f559f2%252Chttps%253A...
  • https://pixel.tapad.com/idsync/ex/receive?partner_id=APPNEXUS&partner_device_id=6624566760367890375&pt=aec29ca0-3c0f-4554-9025-2ee595f559f2%2Chttps%3A%2F%2Fusermatch.krxd.net%2Fum%2Fv2%3Fpartner%3D...
  • https://usermatch.krxd.net/um/v2?partner=tapad
  • https://pixel.tapad.com/idsync/ex/receive?partner_id=1969&partner_device_id=OeEHC_iZ&partner_url=https://beacon.krxd.net/usermatch.gif?partner%3Dtapad%26partner_uid%3D$%7BTA_DEVICE_ID%7D
  • https://beacon.krxd.net/usermatch.gif?partner=tapad&partner_uid=aec29ca0-3c0f-4554-9025-2ee595f559f2
0
337 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://beacon.krxd.net/usermatch.gif?partner=tapad&partner_uid=aec29ca0-3c0f-4554-9025-2ee595f559f2
Requested by
Host: de.tynt.com
URL: https://de.tynt.com/deb/?m=xch&rt=html&id=0013300001r0t9mAAA&ru=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dtta%26i%3D33XUSERID33X
Protocol
H2
Server
54.156.89.184 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-156-89-184.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://de.tynt.com/deb/?m=xch&rt=html&id=0013300001r0t9mAAA&ru=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dtta%26i%3D33XUSERID33X
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:09 GMT
cache-control
private, no-cache, no-store
x-request-time
D=84 t=1636386489
x-served-by
beacon-n030-ash-prod.krxd.net
p3p
policyref="https://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

location
https://beacon.krxd.net/usermatch.gif?partner=tapad&partner_uid=aec29ca0-3c0f-4554-9025-2ee595f559f2
date
Mon, 08 Nov 2021 15:48:09 GMT
via
1.1 google
alt-svc
clear
content-length
0
strict-transport-security
max-age=31536000
p3p
policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
sodar2.js
tpc.googlesyndication.com/sodar/ Frame 142B 		17 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202111020101/show_ads_impl_fy2019.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:816::2001 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:09 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1624308425655142"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6467
x-xss-protection
0
cross-origin-opener-policy-report-only
same-origin; report-to="adspam-signals-scs"
expires
Mon, 08 Nov 2021 15:48:09 GMT
match
cms-xch-chicago.33across.com/ Frame 95DB
Redirect Chain
  • https://pixel-us-east.rubiconproject.com/exchange/sync.php?p=33across&us_privacy=
  • https://ssc-cms.33across.com/ps/?xi=1&xu=KVQU9H03-1P-5D30
  • https://cms-xch-chicago.33across.com/match?bidder_id=30&external_user_id=KVQU9H03-1P-5D30&ts=1636386489&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=
68 B
127 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cms-xch-chicago.33across.com/match?bidder_id=30&external_user_id=KVQU9H03-1P-5D30&ts=1636386489&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=33across&endpoint=us-east&us_privacy=
Protocol
H2
Server
34.117.239.71 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
71.239.117.34.bc.googleusercontent.com
Software
nginx/1.20.1 /
Resource Hash
2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:09 GMT
via
1.1 google, 1.1 google
server
nginx/1.20.1
cache-control
no-cache, no-store, max-age=0, must-revalidate
alt-svc
clear
content-length
68
content-type
image/png

Redirect headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:08 GMT
referrer-policy
unsafe-url
server
33XP001
x-33x-status
8000000008200000A
p3p
CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
location
https://cms-xch-chicago.33across.com/match?bidder_id=30&external_user_id=KVQU9H03-1P-5D30&ts=1636386489&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=
cache-control
no-store, no-cache, must-revalidate
content-length
0
expires
Thu, 01-Jan-70 00:00:01 GMT
usersync
rtb.gumgum.com/ Frame F096
Redirect Chain
  • https://pixel.rubiconproject.com/exchange/sync.php?p=gumgum
  • https://rtb.gumgum.com/usersync?b=mag&i=KVQU9H03-1P-5D30
35 B
237 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb.gumgum.com/usersync?b=mag&i=KVQU9H03-1P-5D30
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=gumgum
Protocol
H2
Server
34.233.157.225 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-233-157-225.compute-1.amazonaws.com
Software
nginx /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:09 GMT
content-type
image/gif;charset=UTF-8
server
nginx
p3p
CP="This is not a P3P policy"
cache-control
private, no-store, must-revalidate, max-age=0
timing-allow-origin
*
content-length
35
expires
0

Redirect headers

Pragma
no-cache
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location
https://rtb.gumgum.com/usersync?b=mag&i=KVQU9H03-1P-5D30
Cache-Control
no-cache,no-store,must-revalidate
Content-Type
text/html
content-length
0
X-RPHost
c3b5432477546c086cd062707f625a76
Expires
0
pixel.gif
px.moatads.com/ Frame B1D3 		43 B
260 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.moatads.com/pixel.gif?e=37&q=2&hp=1&ra=1&pxm=7&sgs=3&vb=-1&kq=1&lo=0&uk=null&pk=0&wk=0&rk=0&tk=0&ak=-&i=SENDGRID_DCM1&ol=453615052&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~tM!90vv9L%24%2FoDb%2FG)lKr%23l9jmUdTfN%5Bqir1fcSC%3AU%3FWOvTh%7CzFK%3F%5B%22l!j%3F%5DV%22%3BU!%2FBwj%5DUG0U20!9%3Am%5EG..%2C*%5D%407%25rxaxcpaO%2BZ%5EhG%22%3ExZq%224%7CQjw%60.%7Bi%3F%5DQZ%2CA2%2BNhloI%40s1%7CZ5*%3FVl%3Fe3%7CqL5%40J%3D%5B*EjrG%3DH%3CA.a%24%7D9H%3BatASYUby%3D(tN%23V.x%3Bm_Qrw5.W%2F84VKp%40i6AKx!f%3EUYoo813_xB%2CN22Ib%40aFB&tf=1_nMzjG---CSa7H-nHVQZC-bW7qhB-LRwqH-nMzjG-&vi=111111&rc=2%2C1%2C0%2C3%2C3326192205%2C1%2C4%2C0%2Cprobably%2Cprobably&rb=1-KyBnW%2BgiY9PHPf0uHVjPGlx1P1tMeAYh8VIp1Vf7AbESGfrl5%2FmliBNlAlwWxmRnpyWz&rs=1-3F41M1%2F1Kg7M0g%3D%3D&sc=1&os=1-aw%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MxOtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJfR0BqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=&qc=0&qd=0&qf=728&qe=90&qh=1600&qg=1200&qm=0&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&ql=%3B%5BpwxnRd%7Dt%3Aal9EU%22y%2F.D%5B5%2F%5BGI%3Fi6%5EB61%2F%3DSqcMr1%7B%2CTu9LJJ(a.P%2B)s1(uA&qo=0&qr=0&bq=0&g=4&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&h=90&w=728&zGSRC=1&gu=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F112825%2Fmalware%2Fgolang-based-worm-windows-linux.html&id=0&ii=6&f=1&j=https%3A%2F%2Fsecurityaffairs.co&lp=https%3A%2F%2Fsecurityaffairs.co&t=1636386486929&de=974024140004&cu=1636386486929&m=1627&ar=553ffc12ef5-clean&iw=9a4f3d2&cb=0&ym=0&ll=2&lm=2&ln=1&r=0&dl=0&nh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=94&le=1&gm=1&io=1&ch=1&vv=3&vw=0%3A3%3A0&vp=100&vx=-%3A100%3A-&pe=0%3A523%3A523%3A0%3A1100&aa=1&ad=1323&cn=1323&gn=1&gk=1323&gl=1323&ik=1323&ic=1323&ez=1&co=1323&cp=848&cq=1&im=1&in=1&pd=1&nb=1&em=0&en=0&st=1&su=1&of=1&oz=1&oe=0%3A0%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=848&cd=848&ah=848&am=848&xd=00&rf=0&re=1&wb=1&cl=0&at=0&d=22143192%3A3112338%3A318428647%3A160158782&bo=securityaffairs.co&bd=securityaffairs.co&gw=sendgriddcm593119715704&zMoatOrigSlicer1=N%2FA&zMoatOrigSlicer2=N%2FA&hv=Standard%20Image%20Ad%20finding%20&ab=1&ac=1&fd=1&kt=sframe&it=500&fz=1&oq=1&ot=ff&zMoatJS=3%3A-&ti=0&ih=1&jm=-1&tc=0&fs=195402&na=2140495216&cs=0
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=90&slotname=Internal_728x90_0.10&adk=1194620937&adf=1480696129&pi=t.ma~as.Internal_728x90_0.10&w=728&lmt=1636386485&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F112825%2Fmalware%2Fgolang-based-worm-windows-linux.html&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1636386485752&bpp=6&bdt=145&idt=196&shv=r20211103&mjsv=m202111020101&ptt=5&saldr=sa&correlator=6653099393600&frm=21&ife=1&pv=1&ga_vid=826445048.1636386485&ga_sid=1636386486&ga_hid=1670877418&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=320&ady=518&biw=1600&bih=1200&isw=728&ish=90&ifk=1904614804&scr_x=0&scr_y=0&eid=31062938&oid=2&pvsid=1757560233294358&pem=843&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.xa1tfz6tg05z&fsb=1&xpc=jgpFHxDAe2&p=https%3A//securityaffairs.co&dtd=211
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
184.29.129.187 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-29-129-187.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:09 GMT
last-modified
Fri, 20 May 2016 15:16:00 GMT
server
AkamaiNetStorage
etag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type
image/gif
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-length
43
expires
Mon, 08 Nov 2021 15:48:09 GMT
sodar
pagead2.googlesyndication.com/pagead/ Frame 26A2 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=224&li=gda_r20211103&jk=3372795393941806&rc=
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81c::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers
match
cms-xch-chicago.33across.com/ Frame 40A1 		68 B
127 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cms-xch-chicago.33across.com/match?us_privacy=&bidder_id=70&external_user_id=c4407e15-53ed-42fc-bda4-45efa39ac845
Requested by
Host: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/cm?id=c6a5ba0d-ce02-41bd-a1ea-842c68bd5108&ph=8f5ed5d4-642c-4222-968a-d709c87ac3c8&us_privacy=&r=https%3A%2F%2Fcms-xch-chicago.33across.com%2Fmatch%3Fus_privacy%3D%26bidder_id%3D70%26external_user_id%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.117.239.71 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
71.239.117.34.bc.googleusercontent.com
Software
nginx/1.20.1 /
Resource Hash
2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://us-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:09 GMT
via
1.1 google, 1.1 google
server
nginx/1.20.1
cache-control
no-cache, no-store, max-age=0, must-revalidate
alt-svc
clear
content-length
68
content-type
image/png
openx
tr.blismedia.com/v1/api/sync/ Frame 40A1 		0
141 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tr.blismedia.com/v1/api/sync/openx
Requested by
Host: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/cm?id=c6a5ba0d-ce02-41bd-a1ea-842c68bd5108&ph=8f5ed5d4-642c-4222-968a-d709c87ac3c8&us_privacy=&r=https%3A%2F%2Fcms-xch-chicago.33across.com%2Fmatch%3Fus_privacy%3D%26bidder_id%3D70%26external_user_id%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.96.105.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
8.105.96.34.bc.googleusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://us-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:09 GMT
via
1.1 google
alt-svc
clear
sd
us-u.openx.net/w/1.0/ Frame 40A1
Redirect Chain
  • https://openx2-match.dotomi.com/match/bounce/current?networkId=15900&version=1&nuid={OX_USER_ID}
  • https://openx2-match.dotomi.com/match/bounce/current?DotomiTest=105dec247a91122e&is_secure=true&networkId=15900&version=1&nuid=%7BOX_USER_ID%7D
  • https://us-u.openx.net/w/1.0/sd?id=537072954&val=AAAGdRmRckETjwNOjBjIAAAAAAA&expiration=1636472889&nuid={OX_USER_ID}&is_secure=true
43 B
106 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://us-u.openx.net/w/1.0/sd?id=537072954&val=AAAGdRmRckETjwNOjBjIAAAAAAA&expiration=1636472889&nuid={OX_USER_ID}&is_secure=true
Requested by
Host: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/cm?id=c6a5ba0d-ce02-41bd-a1ea-842c68bd5108&ph=8f5ed5d4-642c-4222-968a-d709c87ac3c8&us_privacy=&r=https%3A%2F%2Fcms-xch-chicago.33across.com%2Fmatch%3Fus_privacy%3D%26bidder_id%3D70%26external_user_id%3D
Protocol
H2
Server
35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
8.159.244.35.bc.googleusercontent.com
Software
OXGW/16.218.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://us-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:09 GMT
via
1.1 google
server
OXGW/16.218.0
vary
Accept
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:09 GMT
server
nginx
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP NID OUR STP"
location
https://us-u.openx.net/w/1.0/sd?id=537072954&val=AAAGdRmRckETjwNOjBjIAAAAAAA&expiration=1636472889&nuid={OX_USER_ID}&is_secure=true
cache-control
no-cache, private, max-age=0, no-store
content-length
0
expires
0
sd
us-u.openx.net/w/1.0/ Frame 40A1
Redirect Chain
  • https://px.owneriq.net/eox
  • https://us-u.openx.net/w/1.0/sd?id=537073059&val=Q6896728851048605046P
43 B
62 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://us-u.openx.net/w/1.0/sd?id=537073059&val=Q6896728851048605046P
Requested by
Host: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/cm?id=c6a5ba0d-ce02-41bd-a1ea-842c68bd5108&ph=8f5ed5d4-642c-4222-968a-d709c87ac3c8&us_privacy=&r=https%3A%2F%2Fcms-xch-chicago.33across.com%2Fmatch%3Fus_privacy%3D%26bidder_id%3D70%26external_user_id%3D
Protocol
H3
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/16.218.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://us-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:09 GMT
via
1.1 google
server
OXGW/16.218.0
vary
Accept
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
clear
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

Date
Mon, 08 Nov 2021 15:48:09 GMT
Server
Apache/2.2.15 (CentOS)
X-Powered-By
PHP/5.3.3
Vary
Accept-Encoding
P3P
policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Location
https://us-u.openx.net/w/1.0/sd?id=537073059&val=Q6896728851048605046P
Cache-Control
max-age=68437
Connection
keep-alive
Content-Type
text/html
Content-Length
154
CookieSyncOpenX
rtb.adentifi.com/ Frame 40A1 		0
88 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb.adentifi.com/CookieSyncOpenX
Requested by
Host: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/cm?id=c6a5ba0d-ce02-41bd-a1ea-842c68bd5108&ph=8f5ed5d4-642c-4222-968a-d709c87ac3c8&us_privacy=&r=https%3A%2F%2Fcms-xch-chicago.33across.com%2Fmatch%3Fus_privacy%3D%26bidder_id%3D70%26external_user_id%3D
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.3.173.52 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-3-173-52.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://us-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Connection
keep-alive
Content-Length
0
Content-Type
text/plain
/
csync.loopme.me/ Frame 40A1 		24 B
24 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://csync.loopme.me/?partner_id=1285&vt=578a5e2b-2bb6-4696-8c98-414f1969c228&gdpr=0
Requested by
Host: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/cm?id=c6a5ba0d-ce02-41bd-a1ea-842c68bd5108&ph=8f5ed5d4-642c-4222-968a-d709c87ac3c8&us_privacy=&r=https%3A%2F%2Fcms-xch-chicago.33across.com%2Fmatch%3Fus_privacy%3D%26bidder_id%3D70%26external_user_id%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
162.55.6.212 -, , ASN (),
Reverse DNS
Software
_ /
Resource Hash
89f2d4e6c7a6c41c13c2e7a75e526aa60b9d5274fe28b2d82801c6beb6beb879

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://us-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:16 GMT
server
_
content-length
24
content-type
text/plain
sd
us-u.openx.net/w/1.0/ Frame 40A1
Redirect Chain
  • https://us-u.openx.net/w/1.0/cm?id=b9f5c7de-85f6-48cc-ba86-351b90373b6b&r=https%3A%2F%2Fa.tribalfusion.com%2Fi.match%3Fp%3Db12%26redirect%3Dhttps%253A%252F%252Fus-u.openx.net%252Fw%252F1.0%252Fsd%2...
  • https://a.tribalfusion.com/i.match?p=b12&redirect=https%3A%2F%2Fus-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537141727%26val%3D%24TF_USER_ID_ENC%24&u=bb1003c6-1819-4b8d-a6c8-f4d85b10a226
  • https://us-u.openx.net/w/1.0/sd?id=537141727&val=18072662304193162968
43 B
106 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://us-u.openx.net/w/1.0/sd?id=537141727&val=18072662304193162968
Requested by
Host: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/cm?id=c6a5ba0d-ce02-41bd-a1ea-842c68bd5108&ph=8f5ed5d4-642c-4222-968a-d709c87ac3c8&us_privacy=&r=https%3A%2F%2Fcms-xch-chicago.33across.com%2Fmatch%3Fus_privacy%3D%26bidder_id%3D70%26external_user_id%3D
Protocol
H2
Server
35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
8.159.244.35.bc.googleusercontent.com
Software
OXGW/16.218.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://us-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:10 GMT
via
1.1 google
server
OXGW/16.218.0
vary
Accept
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:10 GMT
cf-cache-status
DYNAMIC
x-function
209
server
cloudflare
x-reuse-index
8228
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
cf-ray
6aaff1aabdd74bbf-YUL
p3p
CP="NOI DEVo TAIa OUR BUS"
location
https://us-u.openx.net/w/1.0/sd?id=537141727&val=18072662304193162968
cache-control
no-cache, private
content-type
text/html
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
expires
Thu, 01 Jan 1970 00:00:00 GMT
RX-af56c6db-498f-42fc-9369-e44a2dbc1924-005
sync.targeting.unrulymedia.com/csync/ Frame 40A1
Redirect Chain
  • https://sync.1rx.io/usersync/openx/211d6219-f6d3-4078-817e-13d70f761666
  • https://sync.targeting.unrulymedia.com/csync/RX-af56c6db-498f-42fc-9369-e44a2dbc1924-005
43 B
452 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.targeting.unrulymedia.com/csync/RX-af56c6db-498f-42fc-9369-e44a2dbc1924-005
Requested by
Host: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/cm?id=c6a5ba0d-ce02-41bd-a1ea-842c68bd5108&ph=8f5ed5d4-642c-4222-968a-d709c87ac3c8&us_privacy=&r=https%3A%2F%2Fcms-xch-chicago.33across.com%2Fmatch%3Fus_privacy%3D%26bidder_id%3D70%26external_user_id%3D
Protocol
HTTP/1.1
Server
199.127.204.142 , United States, ASN26120 (RHYTHMONE, US),
Reverse DNS
Software
Tengine /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://us-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date
Mon, 08 Nov 2021 15:48:09 GMT
Server
Tengine
Connection
keep-alive
Content-Length
43
P3P
CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"

Redirect headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:09 GMT
Server
Tengine
Transfer-Encoding
chunked
Content-Type
text/html
Location
https://sync.targeting.unrulymedia.com/csync/RX-af56c6db-498f-42fc-9369-e44a2dbc1924-005
Cache-Control
no-store, no-cache, must-revalidate
Connection
keep-alive
Expires
0
cookie-sync
match.prod.bidr.io/ Frame 40A1
Redirect Chain
  • https://match.prod.bidr.io/cookie-sync/ox
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyOTcmdGw9MTI5NjAw&piggybackCookie=AACqDk7DEo0AABkfKQPxKQ&r=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3...
  • https://match.prod.bidr.io/cookie-sync?bee_sync_partners=sas%2Csyn%2Cpp%2Cox&bee_sync_current_partner=pm&bee_sync_initiator=ox&bee_sync_hop_count=1
43 B
430 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.prod.bidr.io/cookie-sync?bee_sync_partners=sas%2Csyn%2Cpp%2Cox&bee_sync_current_partner=pm&bee_sync_initiator=ox&bee_sync_hop_count=1
Requested by
Host: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/cm?id=c6a5ba0d-ce02-41bd-a1ea-842c68bd5108&ph=8f5ed5d4-642c-4222-968a-d709c87ac3c8&us_privacy=&r=https%3A%2F%2Fcms-xch-chicago.33across.com%2Fmatch%3Fus_privacy%3D%26bidder_id%3D70%26external_user_id%3D
Protocol
HTTP/1.1
Server
52.20.77.98 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-20-77-98.compute-1.amazonaws.com
Software
nginx /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://us-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:09 GMT
Server
nginx
strict-transport-security
max-age=2592000; includeSubDomains
p3p
CP="This is not a P3P policy! See https://beeswax.com/privacy for more info."
cache-control
no-cache, must-revalidate
Connection
keep-alive
content-type
image/gif
Content-Length
43
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location
https://match.prod.bidr.io/cookie-sync?bee_sync_partners=sas%2Csyn%2Cpp%2Cox&bee_sync_current_partner=pm&bee_sync_initiator=ox&bee_sync_hop_count=1
date
Mon, 08 Nov 2021 15:48:09 GMT
cache-control
no-store, no-cache, private
x-lat
njrpug019:0:619
server
nginx
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cksync.php
contextual.media.net/ Frame 40A1 		45 B
462 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://contextual.media.net/cksync.php?type=opx&ovsid=7a071be4-2666-48f3-b2dc-34511b21c8c6
Requested by
Host: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/cm?id=c6a5ba0d-ce02-41bd-a1ea-842c68bd5108&ph=8f5ed5d4-642c-4222-968a-d709c87ac3c8&us_privacy=&r=https%3A%2F%2Fcms-xch-chicago.33across.com%2Fmatch%3Fus_privacy%3D%26bidder_id%3D70%26external_user_id%3D
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.205.72.10 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-205-72-10.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
832f63f4187160c195b04f1911c2e623a75e805f4b23abb9b0bea214b4283a43
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://us-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=604800
server
Apache
date
Mon, 08 Nov 2021 15:48:09 GMT
p3p
CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
cache-control
max-age=0, no-cache, no-store
content-type
image/gif
content-length
45
x-mnet-hl2
E
expires
Mon, 08 Nov 2021 15:48:09 GMT
sd
us-u.openx.net/w/1.0/ Frame 40A1
Redirect Chain
  • https://oxp.mxptint.net/OpenX.ashx
  • https://us-u.openx.net/w/1.0/sd?id=537116306&val=R1B331_E63D087A_53B0049B
43 B
62 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://us-u.openx.net/w/1.0/sd?id=537116306&val=R1B331_E63D087A_53B0049B
Requested by
Host: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/cm?id=c6a5ba0d-ce02-41bd-a1ea-842c68bd5108&ph=8f5ed5d4-642c-4222-968a-d709c87ac3c8&us_privacy=&r=https%3A%2F%2Fcms-xch-chicago.33across.com%2Fmatch%3Fus_privacy%3D%26bidder_id%3D70%26external_user_id%3D
Protocol
H3
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/16.218.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://us-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:10 GMT
via
1.1 google
server
OXGW/16.218.0
vary
Accept
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
clear
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

Location
https://us-u.openx.net/w/1.0/sd?id=537116306&val=R1B331_E63D087A_53B0049B
Date
Mon, 08 Nov 2021 15:48:09 GMT
Cache-Control
private
P3P
CP="NON CUR ADM DEVo PSAo PSDo OUR IND UNI COM NAV DEM STA PRE"
Content-Length
194
Strict-Transport-Security
max-age=-319373289; includeSubDomains
Content-Type
text/html; charset=utf-8
sodar
pagead2.googlesyndication.com/getconfig/ Frame 8146 		12 KB
9 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20211103&st=env
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202111020101/show_ads_impl_fy2019.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81c::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
2f8a1ddb6e89fc8f333f486b0c2e13261e4ac34ac4a264067142feb1abef73ff
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

timing-allow-origin
*
date
Mon, 08 Nov 2021 15:48:09 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
9333
x-xss-protection
0
runner.html
tpc.googlesyndication.com/sodar/sodar2/224/ Frame 62B4 		12 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:816::2001 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://securityaffairs.co/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
cross-origin-resource-policy
cross-origin
cross-origin-opener-policy-report-only
same-origin; report-to="adspam-signals-scs"
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length
5029
date
Sun, 07 Nov 2021 03:44:00 GMT
expires
Mon, 07 Nov 2022 03:44:00 GMT
last-modified
Wed, 02 Jun 2021 17:09:45 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
cache-control
public, max-age=31536000
age
129849
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
aframe
www.google.com/recaptcha/api2/ Frame 9288 		783 B
767 B 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/aframe
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:817::2004 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
e6c6a0ac3dcb0ab32c2338c9025a27fbb5b7a6eec94d16b099ff6194f2aacf3c
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-Kl/+AC7KVtYjbWnq3QP5pw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://securityaffairs.co/

Response headers

cross-origin-resource-policy
cross-origin
cross-origin-embedder-policy
require-corp
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires
Mon, 08 Nov 2021 15:48:09 GMT
date
Mon, 08 Nov 2021 15:48:09 GMT
cache-control
private, max-age=300
content-type
text/html; charset=utf-8
content-security-policy
script-src 'report-sample' 'nonce-Kl/+AC7KVtYjbWnq3QP5pw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding
gzip
x-content-type-options
nosniff
x-xss-protection
1; mode=block
content-length
514
server
GSE
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cr6w3YeOZbdvzGsTB8jc1jWyQH2Tx0ZUK6FFw6rgKog.js
pagead2.googlesyndication.com/bg/ Frame 0BCE 		35 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/cr6w3YeOZbdvzGsTB8jc1jWyQH2Tx0ZUK6FFw6rgKog.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81c::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
72beb0dd878e65b76fcc6b1307c8dcd635b2407d93c746542ba145c3aae02a88
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Thu, 04 Nov 2021 17:14:04 GMT
content-encoding
br
x-content-type-options
nosniff
age
340445
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13296
x-xss-protection
0
last-modified
Fri, 29 Oct 2021 13:38:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Fri, 04 Nov 2022 17:14:04 GMT
sodar2.js
tpc.googlesyndication.com/sodar/ Frame 8146 		17 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202111020101/show_ads_impl_fy2019.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:816::2001 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:09 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1624308425655142"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6467
x-xss-protection
0
cross-origin-opener-policy-report-only
same-origin; report-to="adspam-signals-scs"
expires
Mon, 08 Nov 2021 15:48:09 GMT
runner.html
tpc.googlesyndication.com/sodar/sodar2/224/ Frame 6CE4 		12 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:816::2001 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://securityaffairs.co/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
cross-origin-resource-policy
cross-origin
cross-origin-opener-policy-report-only
same-origin; report-to="adspam-signals-scs"
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length
5029
date
Sun, 07 Nov 2021 03:44:00 GMT
expires
Mon, 07 Nov 2022 03:44:00 GMT
last-modified
Wed, 02 Jun 2021 17:09:45 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
cache-control
public, max-age=31536000
age
129849
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
aframe
www.google.com/recaptcha/api2/ Frame 1F1F 		783 B
739 B 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/aframe
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:817::2004 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
9f86b3fc3aa55e7dcbea697bda46dbc2b47ba0faebb70069e85c7db357ad767f
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-sue1cpwk7Q5Innye0OQI9A' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://securityaffairs.co/

Response headers

cross-origin-resource-policy
cross-origin
cross-origin-embedder-policy
require-corp
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires
Mon, 08 Nov 2021 15:48:09 GMT
date
Mon, 08 Nov 2021 15:48:09 GMT
cache-control
private, max-age=300
content-type
text/html; charset=utf-8
content-security-policy
script-src 'report-sample' 'nonce-sue1cpwk7Q5Innye0OQI9A' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding
gzip
x-content-type-options
nosniff
x-xss-protection
1; mode=block
content-length
512
server
GSE
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
sodar
pagead2.googlesyndication.com/pagead/ Frame 9288 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=224&li=gda_r20211103&jk=530218145386761&rc=
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81c::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers
cr6w3YeOZbdvzGsTB8jc1jWyQH2Tx0ZUK6FFw6rgKog.js
pagead2.googlesyndication.com/bg/ Frame 62B4 		35 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/cr6w3YeOZbdvzGsTB8jc1jWyQH2Tx0ZUK6FFw6rgKog.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81c::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
72beb0dd878e65b76fcc6b1307c8dcd635b2407d93c746542ba145c3aae02a88
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Thu, 04 Nov 2021 17:14:04 GMT
content-encoding
br
x-content-type-options
nosniff
age
340446
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13296
x-xss-protection
0
last-modified
Fri, 29 Oct 2021 13:38:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Fri, 04 Nov 2022 17:14:04 GMT
sodar
pagead2.googlesyndication.com/pagead/ Frame 1F1F 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=224&li=gda_r20211103&jk=1757560233294358&rc=
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81c::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers
cr6w3YeOZbdvzGsTB8jc1jWyQH2Tx0ZUK6FFw6rgKog.js
pagead2.googlesyndication.com/bg/ Frame 6CE4 		35 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/cr6w3YeOZbdvzGsTB8jc1jWyQH2Tx0ZUK6FFw6rgKog.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81c::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
72beb0dd878e65b76fcc6b1307c8dcd635b2407d93c746542ba145c3aae02a88
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Thu, 04 Nov 2021 17:14:04 GMT
content-encoding
br
x-content-type-options
nosniff
age
340446
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13296
x-xss-protection
0
last-modified
Fri, 29 Oct 2021 13:38:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Fri, 04 Nov 2022 17:14:04 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 1D09 		0
56 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BIfiatkaJYb-rHdCpyQP6_JegAgAAAAA4AeAEAg&bg=!Tk2lTQnNAAYH3anuB907ACkAdvg8WqIz46RcoXIMeoP7SMNshwKrPpnD8YoVkmix9Qg63GdbebtXHQIAAALuUgAAAH1oAQeZAwkOJxE7J8Iyv0zqc4cVvr5VScGtl3MRmEonyZUaoOIG-SQdTe-tJDSew7XxAaDmdHfyyukFkEdh-WXZ9g-znT6MTzOqHb5lWaCFQX4Lx4tCAMpTi_BsFpV1H1OkUhActX_7Ako0hDfKLbJIkVSHsCggsP2T9Bs3s0Z4vmAtl6XUXNzCaYVkS-PKpZJTMRmNQ6kWFlhOrmpXy4LC9PXIqYD2Q-ZN7FEwmtUUzVmalNGtoAtlifuVYtdmLCEA6EZFI6qUsFhxkPizxfTM6sxl2upQFpvY8m-Db3W9O1KXsYI0LnQoL0f0xhMeaQlbmF9QHaOhRIVT7GYaKW3CTvmUmsWHZyq94Zswi-N8KkIQMnEZGgmP4K3srpOll6jng3RJoPNYa2myYCeFnM1ItAyq7LZeTTfTm31tBT2HOfnygt7bhEm1wtf1kWnVyVf7BGIKMhCnwFUIo5jTSAPi30tnY819Yp-tyBmdkYAhjcp7T3P7lM82rdtkHLGGffFAc1K2andnw1zzbMnSayCs-ChtPByCa5SdI12P8kqhP0L8yNz7_s6KxaPY2BGep9OBcPsREWCL8GlsakWYjoSpQ5m4cYIUxAwg4KeH0Bgw5MuSFEgVTK3_3xPjcw6hx2mlp2posxUjyknI9vlX1GFrYwr-O8SiBwgo0jMe3AiVtR0SQu0U0qMBUD_hE8ua4S3doEDCOOkcE9xjTaHHu3fZ25WlAcXmvYW59c3gzXcICWPOGpmz62tMiC7SIB4NcKkzVwuYyp_3stjrxtkos5JmJyPfkLokAsQLfg5OdqmWAdTk5uIZugAvHQTu1xhffKWilnnnhEeH-XMJZS4LgTf5Rqb2z1hbz1yItAGu5oiurgUnCfntgV1K1OK08lh9z8rgoA9nmI53w-_3NovQBXz2rpGCMOaVar6s-UiQUg_OmYGp4m6vG9oBNNGF40g6am4qHRFBvHgSW7exN2MewEvqbdnkadih-B6pyLSWzW86Wp-svfDOnz1IMATxBTTrjx1V1PBRcgXCKOGUibcvAow
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81c::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:10 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 8B93 		0
56 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BY98PtkaJYbrHFcTczwWX_5HQBgAAAAA4AeAEAg&bg=!e3ileDzNAAYH3anuB907ACkAdvg8Wo0FnSCD7cIH88y86Bbg8_8QzRTai2GU82573JQISVOl9MNzBgIAAAMhUgAAAGhoAQeZAveka6tWDVGb3rC0ZhwPgtGPbkrJ-C4vFV_e3-Qatm91r6MeaJ6ESk0wbyAJpIa7CZJlbo-dN38uaeq_fA4W3AVPTG40q4TWHeESQOPvmedWL0uVnNMOjQsnOA6y9OvUIlaaspJcrg4XKbeUzlQLCqKkKdTQXoa4RGRY2_8FTS7D1Tc6q2xxY4_ZPujF7rNRCtbm83PVqFI-EJFojVtCULggl-v90Z8WzOn5zchJG9yVEgAGor9XOUp2abIIZNYzP8ace49Dd1gDMboYYFm9h9XMkiQAm0T38gFK7QhcNLPSCpAzVxLAQ4iekt51Tn5rQYcIqND3usDVePG3MjX9lOLhSdQJRKkH257FK9zRS2guTuwkY1mD6HAM44iH1wScWk8AUbi2qHzyjLXci99mypIdav9IKE0p9DWpU5X2QAUKCEHOnsZOb1X7sLbJwM92GNuG4zToZc2t3Z4RTXd4799YlHyo9EMcbrqD5yh1Ag7UugvGUPZQQxXoVkJBy_ESbg4W9AJEfo2tZpLGa6HPvpuV0DdtBeoXaU9U1rpVU4Ha1BIL9Wxsps4-lzktTfzBP6VxNk5jQdahnDta5vZGLHDKZFreUiYCOlhSsgH_Bso5wwTwWZcTnoX2jpFw4p853jnPvhEdFR0kUfOf9kBU2DuvP9PfVsUXAe5bKEKHDY3r0mFePZmDr_cxMHn8fV8fQijG8PPkYLbapT9slebsL7SeO8A0Gz7vsy4rGmd0LPAb5wiQK-jJ6VoHgl_HW21kbV9DmYYLG0as4xbhayhkXJTQr0Y70wh85OImwBBo5MHGAeOn8bNtkpKXBU1_uMUhAlZdJytlEs9YWqvixxSqMSArWDnFKcsHDtlZ_BOsvAOCwDv68lmTrCrgHguOJzIHd5bMa9sZZ0X4rr0qihzgn3ZvtogzuNKrykmzha8ti8uh3KsZZz7hRml4FFJwbvjDCTfrjLGVLe4RZWjfNKWtr-s4IU_3fvpModF9s9o2OjpW_mLFQiMMrcI
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81c::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:10 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 991D 		0
56 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=224&t=2&li=gda_r20211103&jk=3372795393941806&bg=!b2ylbCjNAAYH3anuB907ACkAdvg8Wq8iKawhheKwwumld9G1TRZN6mFkjwWnGPpov4SMOXg-bjZt5AIAAAJVUgAAADloAQeZAvpqayeuTYNf2qnEhkGs0n4aAC88NEfNhMja5U999E88ODnwi9wamXr2-qAk0lWdjhnEDLOeJLoIEhmHJ38ovkVgvmULdsGzv-WE_lEhz-9SWGhK0vFMP5RgRktbYGvGHDSYoCu32_mtpjRq8SXIJkWPhE7F_EB0yW4vx-hg-SLrgQlRH5KJh40DrKBtVIsZj9L5FheCVyG9Q0hIk4o6rfMGhg5rb_beNS9Y3uXqDMfZr2kGcLvot1mmW6qGoFxB-0civ2cRm7_jng-Q5ARH97Rhs6QGsa-vMh3pGsqSrXqSBmwNIE5mFKeJ-L1xxga_GDTSOBCgdtJPBiSkRDYSKpnDK5Uyog87EuetcyFhEXDUcyxklEm5jQJ2ljygXW8ywXLANwMbXM8pBnomAUWnTNks8i6QLerhdxMJd6xPU8nycAp3-mk-oxOE_Qxc2ze_4M00EmQbsYgYmBhnDAhO7FPIIgSXzKLKMSFQNl-CnyO2ZalaNafN2GfoAOupE72WPJYIwzlxyb_iu4n1e-xWF5nCiyxW1h9tDLpQ_nUSisTctmwMlc3NEotu3-h_5C_vasXtMoBczK3EhXgj9FInFtoWRgIcII3idklpfCCy_9CEtBPFe9TNRMN6JThDdlHs3XfFwmCqMqFa9D9gRug77tq1okkgozt3jEBaJ8nzHmKyn1Gi8QQZFBQ03YawtCDu5sNXUS6fIvCngwwsEg88MF7Q_9y8oUmvOSg5hZI-Zj6Idg1_392qkPKA38huToxZlH24ZnLoHOWn9fq2L0woMcyUYhoXjnmj6BUg3-sXWZzoXnuT1IHbNmA4ToWRytKAECxCcQlQb6PzT20_fS8CR5664rwruxrR-dNTBNAi4-xz0ptF0-nsoYpZpJh3fhBrNVB-OSh91UP3HerHs9MEnOPpkj3x2mlCciXxsR3hetxibcnso9e4oIp4-rahfo6Rg2HaeZGDkYul7KO9dAcokAF5HD_w0T-F9R-xTkAN1hT0hMLmHs6WT1209tw
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81c::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:10 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ptrack
a.audrte.com/ Frame A012 		368 B
882 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://a.audrte.com/ptrack?arlocation=37.120.205.149&p=M1353665098&artime=2021-11-08T15:48:10.668Z&arlocation=YWRzLnVzLmUtcGxhbm5pbmcubmV0L3VzcGQvMT9jdD0xJmR1PWh0dHBzJTNBJTJGJTJGcHJlYmlkc2VydmVyLnBpeGZ1dHVyZS5jb20lM0E4MDAwJTJGc2V0dWlkJTNGYmlkZGVyJTNEZXBsYW5uaW5nJTI2Z2RwciUzRCUyNmdkcHJfY29uc2VudCUzRCUyNmYlM0RiJTI2dWlkJTNEJTI0VUlE&gdpr=0&gdpr_consent=null&gdpr_version=1&arreferer=c2VjdXJpdHlhZmZhaXJzLmNvLw==
Requested by
Host: a.audrte.com
URL: https://a.audrte.com/ptag?p=M1353665098
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.206.192.53 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-206-192-53.compute-1.amazonaws.com
Software
nginx/1.18.0 /
Resource Hash
a8f48eba8e124b4f672bf8155a67f756b035283e20459d33307a3325b93d6483

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ads.us.e-planning.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date
Mon, 08 Nov 2021 15:48:10 GMT
Content-Encoding
gzip
Server
nginx/1.18.0
Vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Methods
POST, GET, OPTIONS
Content-Type
text/plain;charset=UTF-8
Access-Control-Allow-Origin
https://ads.us.e-planning.net
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
265
rt=ifr
bcp.crwdcntrl.net/5/c=15238/rand=778027257/pv=y/amskip=Y/pltfrm=%23OpR%2399944%23ads.us.e-planning.net%20%3A%20Referral%20Site%20%3A%20securityaffairs.co/ Frame 6145 		1 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://bcp.crwdcntrl.net/5/c=15238/rand=778027257/pv=y/amskip=Y/pltfrm=%23OpR%2399944%23ads.us.e-planning.net%20%3A%20Referral%20Site%20%3A%20securityaffairs.co/rt=ifr
Requested by
Host: tags.crwdcntrl.net
URL: https://tags.crwdcntrl.net/c/15238/cc.js?ns=_cc15238
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.233.246.214 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-18-233-246-214.compute-1.amazonaws.com
Software
Jetty(9.4.38.v20210224) /
Resource Hash
1190936dcb257a5d3b9b77de7588759a3455fd3d8dd4df4b6a2cb7fde213e1e0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://ads.us.e-planning.net/

Response headers

date
Mon, 08 Nov 2021 15:48:10 GMT
content-type
text/html;charset=utf-8
content-length
1275
p3p
CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
cache-control
no-cache
pragma
no-cache
expires
0
x-server
10.40.8.8
access-control-allow-origin
*
server
Jetty(9.4.38.v20210224)
setuid
prebidserver.pixfuture.com/
Redirect Chain
  • https://pixfuture-inv-nyc.admixer.net/adxcm.aspx?gdpr=&gdpr_consent=&us_privacy=&redir=1&rurl=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Dadmixeropenrtb%26gdpr%3D%26gdpr_con...
  • https://prebidserver.pixfuture.com:8000/setuid?bidder=admixeropenrtb&gdpr=&gdpr_consent=&f=i&uid=4531b6f0825142aea016f01dfd7f8c3e
86 B
743 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://prebidserver.pixfuture.com:8000/setuid?bidder=admixeropenrtb&gdpr=&gdpr_consent=&f=i&uid=4531b6f0825142aea016f01dfd7f8c3e
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html
Protocol
HTTP/1.1
Server
157.245.94.128 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
c2ecff291918a3caf0b7e470323e89f2a1f05b92e12a10649e598cacebe62acf

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:10 GMT
Server
nginx/1.14.0 (Ubuntu)
Vary
Origin
Content-Type
image/png
Cache-Control
no-cache, no-store, must-revalidate
Connection
keep-alive
Content-Length
86
Expires
0

Redirect headers

Date
Mon, 08 Nov 2021 15:48:10 GMT
Server
nginx
Access-Control-Allow-Origin
*
P3p
CP="NID DSP ALL COR"
Location
https://prebidserver.pixfuture.com:8000/setuid?bidder=admixeropenrtb&gdpr=&gdpr_consent=&f=i&uid=4531b6f0825142aea016f01dfd7f8c3e
Access-Control-Allow-Credentials
true
Connection
keep-alive
Keep-Alive
timeout=25
Content-Length
0
X-Xss-Protection
0
gen_204
pagead2.googlesyndication.com/pagead/ Frame 142B 		0
56 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=224&t=2&li=gda_r20211103&jk=530218145386761&bg=!e3ileDzNAAYH3anuB907ACkAdvg8WjHqZkL3MLpmlPMniig8GFMmtaFasr8Nh4mMJ2DySetPSCkYZQIAAAE8UgAAABRoAQeZAsxANi08-tlaadLx-jTxthADksJyyt9gupHdgPn0d5lRPoNGv7V5NdYFrvn5LW3u5ri-5R2X4xA-JdMk4C5LVDJXoUsYzGtX3R4GxOBQOz56FfsOZ-jElcB538RqSlvZ1-UtKUdO-13LYbZdemGSAP9rJ0SZDwVgeBRn13QAkZ3ut6tXIk0HpY270J2E3PsCP6EQ4fALD89ulShUpQOoj912xnipL8ZPqpjhndkVNaBF_YwqFmA_U_x5eFNcgCG370Ri78R23MIcVsI79KJhbMR4eGQMqNoY8sO9y-DPPOaql_jEbFzhUMhFvFpC7g-65jnxH_EpXfgZfZ8SNJtxzaRGkHTheNGmATgjXtC8TlUjQI5taQrTczms8baJlxWcAZmuh6g-dC2H_F8g0gBup5XTrMBRIrkR31oJhzqQrd2eIUmyQBqu69LaPcczzbKqTRWv5rHtWZ71rO8DMNOpXsu2V4Jocsaub8pFjo4uJQd_kMGT2FQs48EjCiRwxsB17crKa7sm-evMTWSQpQUxH1_ieVFovmWccraD6LsyC3pggdUN3qJ4ve5d2sIhiP5VSnez9_0hRQJPN2vNRCypA3S-kNOpEsBjoopIbI23_MOXTM5sNl32uFDMEDagl9J8cw_4J4E-3JnVJ_WSrHBu3nfZ6Mln4y8JHaW48B75KWJTDbbE2oFBEt5UK8ENsMwKXkzEixEJSU92SBFwCf6o52YhwVeLlSPHGK-dJnEOFbM8naFnp2T6rCYanCcDZaW0Sz4cgXkmU6oLi5qbnhNo_o2_Ua2JefZllyXHgOk7Z8hOfekycxsgB_phw2tRdI6Dvu5CP_dUCASdTHi-RCdZzNdxJMv2YYdsaywBAaZnO-C5GnerT0SOKgu6rXnF5G3GtmZY1yePIVdRvQFE1dwVsHvgeCgdxyVK1ZdTx4YE-A97HWBEynbC1vgzKuPp-Q
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81c::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:10 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 8146 		0
56 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=224&t=2&li=gda_r20211103&jk=1757560233294358&bg=!9Pel97PNAAYH3anuB907ACkAdvg8Wov6e5L96EcajhJ1aiWCDh-ElWU4sYrZBoz485CI9NKW8e_4GgIAAACzUgAAAAhoAQeZAtOCwUorm4JUNxJt2LD6qUHGk8xdZvwetl9I0HwuVNh46FL6s8LfmntV0pUn96xmHevKmhYhH88iMfm2vRPbxXkJq75al_qd3Z7t1EQw92O1sCHqvtB9cJ2f-PDy1KTlufNnMzQPLHdwkg3ovsjBswVVkMBoNAfRAIwOstGcaHeB-vk1FbDvneqC6vaLlzTfVLt_369tLG8Wr-ut_iIin_BH-zz0U8qwu6j0ZCc5_BU6l-cEXHQ46PX_gMJUgfv4DER5Rt6o2zJHqjLN6TJycbuYtXau8g9tFNFNudAssw0x8gMfJMgPkPYLdizcSbA0mODZ1qfVbY5Fy6W24nnTEZCZzGY7DvP3qdmfWfvzzmraeFnXSIUNgrP1ufZlGLxutqCPfXi76Fkr1KrUxKLxH3mI0L8KOxtHKi9k4fqogOEThEHNrnNccIXbbAm3XOG-OZkRAFD3dJtWrrU1P-nPwh3Ree-MNc9Quid1GXm031VKPNwxcAYFXYDObWlSjZCoTG8Vny_2vtUOeLO_ZTysa0_-Cz95GI_NnIN8rMTRG1-3yJuqbLC6OYlzweuPVop26OWx5ptFdGakWxq-WAdEc4eio9t2lyNw12zDnT7Uk1LtHe4JOPpzDwCSLkJFXdjFxQI6OF02LSxNwcPb4_s32XuK9zFNoAspnR0veVDsZz-SSUD5cqlw4bFyz4WbyJTk-uD61ntoMeSOV3Tpjkajk_4No-Ig-4aEMVvtIfQWs2ZUVffHbuggatLP1LfUGh4ImQhucANwiy4T_v_WW-F60krc0eC06P3Qgq00tPZEdb-OJkHirCFV8bpyeruYUyj-AoKvC8Auuk7DXxNPSPPojRjpwB47WqzYHJmhAyT_BiKS1pZxexcMRR3EDmA3mHiEJ-gH1UWOWKYy3gJKeZbz3vEajz1YcEmyFlk51hRht0iFK078p5RtKOuXUOMybWsk88KfsW8
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81c::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:10 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
tpid=YYlGtQADCzBZAQAz
sync.crwdcntrl.net/map/c=1811/tp=TBMG/ Frame 6145
Redirect Chain
  • https://sync-tm.everesttech.net/upi/pid/bsTd8NdE?redir=https%3A%2F%2Fsync.crwdcntrl.net%2Fmap%2Fc%3D1811%2Ftp%3DTBMG%2Ftpid%3D%24%7BTM_USER_ID%7D
  • https://sync.crwdcntrl.net/map/c=1811/tp=TBMG/tpid=YYlGtQADCzBZAQAz
49 B
265 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.crwdcntrl.net/map/c=1811/tp=TBMG/tpid=YYlGtQADCzBZAQAz
Requested by
Host: bcp.crwdcntrl.net
URL: https://bcp.crwdcntrl.net/5/c=15238/rand=778027257/pv=y/amskip=Y/pltfrm=%23OpR%2399944%23ads.us.e-planning.net%20%3A%20Referral%20Site%20%3A%20securityaffairs.co/rt=ifr
Protocol
H2
Server
18.233.246.214 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-18-233-246-214.compute-1.amazonaws.com
Software
Jetty(9.4.38.v20210224) /
Resource Hash
2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://bcp.crwdcntrl.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:10 GMT
server
Jetty(9.4.38.v20210224)
p3p
CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin
*
cache-control
no-cache
x-server
10.40.37.213
content-type
image/gif
content-length
49
expires
0

Redirect headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:10 GMT
via
1.1 varnish
server
Varnish
x-timer
S1636386491.769354,VS0,VE0
x-served-by
cache-yul12822-YUL
x-cache
HIT
location
https://sync.crwdcntrl.net/map/c=1811/tp=TBMG/tpid=YYlGtQADCzBZAQAz
cache-control
no-cache
accept-ranges
bytes
content-length
0
retry-after
0
x-cache-hits
0
tpid=3101355994236352031
sync.crwdcntrl.net/map/c=10915/tp=TRNN/ Frame 6145
Redirect Chain
  • https://d.turn.com/r/dd/id/L2NzaWQvMS9jaWQvMzQ4ODM4MC90LzI/dpuid/5570d12073d005d655e3b9671c26cbf9/url/https://sync.crwdcntrl.net/map/c=10915/tp=TRNN/tpid=$!%7BTURN_UUID%7D
  • https://sync.crwdcntrl.net/map/c=10915/tp=TRNN/tpid=3101355994236352031
49 B
265 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.crwdcntrl.net/map/c=10915/tp=TRNN/tpid=3101355994236352031
Requested by
Host: bcp.crwdcntrl.net
URL: https://bcp.crwdcntrl.net/5/c=15238/rand=778027257/pv=y/amskip=Y/pltfrm=%23OpR%2399944%23ads.us.e-planning.net%20%3A%20Referral%20Site%20%3A%20securityaffairs.co/rt=ifr
Protocol
H2
Server
18.233.246.214 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-18-233-246-214.compute-1.amazonaws.com
Software
Jetty(9.4.38.v20210224) /
Resource Hash
2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://bcp.crwdcntrl.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:10 GMT
server
Jetty(9.4.38.v20210224)
p3p
CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin
*
cache-control
no-cache
x-server
10.40.37.156
content-type
image/gif
content-length
49
expires
0

Redirect headers

location
https://sync.crwdcntrl.net/map/c=10915/tp=TRNN/tpid=3101355994236352031
pragma
no-cache
date
Mon, 08 Nov 2021 15:48:10 GMT
cache-control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length
0
p3p
policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
qmap
sync.crwdcntrl.net/ Frame 6145
Redirect Chain
  • https://sync.mathtag.com/sync/img?sync=auto&mt_exid=10040&redir=https%3A%2F%2Fsync.crwdcntrl.net%2Fqmap%3Fc%3D4735%26tp%3DMDMA%26tpid%3D%5BMM_UUID%5D
  • https://sync.crwdcntrl.net/qmap?c=4735&tp=MDMA&tpid=47ba6189-46b6-4f00-a922-0724bc220c16
49 B
265 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.crwdcntrl.net/qmap?c=4735&tp=MDMA&tpid=47ba6189-46b6-4f00-a922-0724bc220c16
Requested by
Host: bcp.crwdcntrl.net
URL: https://bcp.crwdcntrl.net/5/c=15238/rand=778027257/pv=y/amskip=Y/pltfrm=%23OpR%2399944%23ads.us.e-planning.net%20%3A%20Referral%20Site%20%3A%20securityaffairs.co/rt=ifr
Protocol
H2
Server
18.233.246.214 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-18-233-246-214.compute-1.amazonaws.com
Software
Jetty(9.4.38.v20210224) /
Resource Hash
2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://bcp.crwdcntrl.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:10 GMT
server
Jetty(9.4.38.v20210224)
p3p
CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin
*
cache-control
no-cache
x-server
10.40.36.172
content-type
image/gif
content-length
49
expires
0

Redirect headers

Date
Mon, 08 Nov 2021 15:48:10 GMT
Server
MT3 4067 88cc6bf master iad-pixel-x11 config:1.0.0
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location
https://sync.crwdcntrl.net/qmap?c=4735&tp=MDMA&tpid=47ba6189-46b6-4f00-a922-0724bc220c16
Cache-Control
no-cache
Connection
keep-alive
Content-Type
image/gif
Keep-Alive
timeout=360
Content-Length
0
Expires
Mon, 08 Nov 2021 15:48:09 GMT
image.sbxx
ib.mookie1.com/ Frame 6145
Redirect Chain
  • https://global.ib-ibi.com/image.sbxx?go=262106&pid=420&xid=5570d12073d005d655e3b9671c26cbf9
  • https://ib.mookie1.com/image.sbxx?go=262106&pid=420&xid=5570d12073d005d655e3b9671c26cbf9
120 B
982 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ib.mookie1.com/image.sbxx?go=262106&pid=420&xid=5570d12073d005d655e3b9671c26cbf9
Requested by
Host: bcp.crwdcntrl.net
URL: https://bcp.crwdcntrl.net/5/c=15238/rand=778027257/pv=y/amskip=Y/pltfrm=%23OpR%2399944%23ads.us.e-planning.net%20%3A%20Referral%20Site%20%3A%20securityaffairs.co/rt=ifr
Protocol
HTTP/1.1
Server
64.58.232.180 , United States, ASN13649 (ASN-VINS, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
42b601bc0d93dfca6e350b46d113bf8e7ff9e40a87a0c57ab9b3c9c219062423

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://bcp.crwdcntrl.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 15:48:10 GMT
Server
Microsoft-IIS/10.0
X-AspNet-Version
4.0.30319
X-Powered-By
ASP.NET
p3p
CP=\"DSP COR ADM DEV PSA PSD OUR\", CP="DSP COR ADM DEV PSA PSD OUR"
Access-Control-Allow-Origin
*
Cache-Control
no-cache
X-Server
LAS14
Content-Type
image/png
Content-Length
120
Expires
-1

Redirect headers

Date
Mon, 08 Nov 2021 15:48:10 GMT
Server
Microsoft-IIS/10.0
X-AspNet-Version
4.0.30319
X-Powered-By
ASP.NET
Location
https://ib.mookie1.com:443/image.sbxx?go=262106&pid=420&xid=5570d12073d005d655e3b9671c26cbf9
p3p
CP="DSP COR ADM DEV PSA PSD OUR"
Access-Control-Allow-Origin
*
Cache-Control
private
X-Server
LAS12
Content-Type
text/html; charset=utf-8
Content-Length
217
tpid=aec29ca0-3c0f-4554-9025-2ee595f559f2
sync.crwdcntrl.net/map/c=10158/tp=TPAD/ Frame 6145
Redirect Chain
  • https://pixel.tapad.com/idsync/ex/receive?partner_id=LOTAME&partner_device_id=5570d12073d005d655e3b9671c26cbf9&gdpr=0&partner_url=https%3A%2F%2Fsync.crwdcntrl.net%2Fmap%2Fc%3D10158%2Ftp%3DTPAD%2Ftp...
  • https://dpm.demdex.net/ibs:dpid=540&dpuuid=aec29ca0-3c0f-4554-9025-2ee595f559f2&redir=https%3A%2F%2Fpixel.tapad.com%2Fidsync%2Fex%2Freceive%3Fpartner_id%3DADB%26partner_device_id%3D%24%7BDD_UUID%7D...
  • https://pixel.tapad.com/idsync/ex/receive?partner_id=ADB&partner_device_id=64726530674853989592561403219984982038&pt=aec29ca0-3c0f-4554-9025-2ee595f559f2%2Chttps%3A%2F%2Fsync.crwdcntrl.net%2Fmap%2F...
  • https://sync.crwdcntrl.net/map/c=10158/tp=TPAD/tpid=aec29ca0-3c0f-4554-9025-2ee595f559f2
49 B
265 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.crwdcntrl.net/map/c=10158/tp=TPAD/tpid=aec29ca0-3c0f-4554-9025-2ee595f559f2
Requested by
Host: bcp.crwdcntrl.net
URL: https://bcp.crwdcntrl.net/5/c=15238/rand=778027257/pv=y/amskip=Y/pltfrm=%23OpR%2399944%23ads.us.e-planning.net%20%3A%20Referral%20Site%20%3A%20securityaffairs.co/rt=ifr
Protocol
H2
Server
18.233.246.214 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-18-233-246-214.compute-1.amazonaws.com
Software
Jetty(9.4.38.v20210224) /
Resource Hash
2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://bcp.crwdcntrl.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:11 GMT
server
Jetty(9.4.38.v20210224)
p3p
CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin
*
cache-control
no-cache
x-server
10.40.47.116
content-type
image/gif
content-length
49
expires
0

Redirect headers

location
https://sync.crwdcntrl.net/map/c=10158/tp=TPAD/tpid=aec29ca0-3c0f-4554-9025-2ee595f559f2
date
Mon, 08 Nov 2021 15:48:11 GMT
via
1.1 google
alt-svc
clear
content-length
0
strict-transport-security
max-age=31536000
p3p
policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
usermatch.gif
beacon.krxd.net/ Frame 6145 		0
337 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://beacon.krxd.net/usermatch.gif?partner=lotame&partner_uid=5570d12073d005d655e3b9671c26cbf9
Requested by
Host: bcp.crwdcntrl.net
URL: https://bcp.crwdcntrl.net/5/c=15238/rand=778027257/pv=y/amskip=Y/pltfrm=%23OpR%2399944%23ads.us.e-planning.net%20%3A%20Referral%20Site%20%3A%20securityaffairs.co/rt=ifr
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.156.89.184 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-156-89-184.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://bcp.crwdcntrl.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:10 GMT
cache-control
private, no-cache, no-store
x-request-time
D=33 t=1636386490
x-served-by
beacon-n005-ash-prod.krxd.net
p3p
policyref="https://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
match
ps.eyeota.net/ Frame A012
Redirect Chain
  • https://dmp.adform.net/serving/cookie/match/?party=1003&gdpr=0&gdpr_consent=
  • https://a.audrte.com/a?adform_uid=4632481810353762187
  • https://cm.g.doubleclick.net/pixel?google_nid=ar101281&google_cm&red=eyJ1IjoiaHR0cHM6Ly9hLmF1ZHJ0ZS5jb206NDQzL3AiLCJkIjpbeyJuYW1lIjoiZXllb3RhIn1dfQ%3D%3D&gdpr=0&gdpr_consent=
  • https://a.audrte.com/g?red=eyJ1IjoiaHR0cHM6Ly9hLmF1ZHJ0ZS5jb206NDQzL3AiLCJkIjpbeyJuYW1lIjoiZXllb3RhIn1dfQ%3D%3D&gdpr=0&gdpr_consent=&google_gid=CAESEBgzdWek5j7WERnJEKP6-L4&google_cver=1
  • https://ps.eyeota.net/match?bid=kh51m51&uid=cilEvucxbC8TKWVP5WiP8KMYQ&gdpr=0&gdpr_consent=
0
344 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ps.eyeota.net/match?bid=kh51m51&uid=cilEvucxbC8TKWVP5WiP8KMYQ&gdpr=0&gdpr_consent=
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html
Protocol
HTTP/1.1
Server
34.197.192.192 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-197-192-192.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ads.us.e-planning.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date
Mon, 08 Nov 2021 15:48:11 GMT
Content-Length
0
P3P
CP="CURa ADMa DEVa TAIo PSAo PSDo OUR SAMo BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR", policyref="http://ps.eyeota.net/w3c/p3p.xml"

Redirect headers

Date
Mon, 08 Nov 2021 15:48:10 GMT
Server
nginx/1.18.0
Access-Control-Allow-Origin
*
Vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Methods
POST, GET, OPTIONS
Location
https://ps.eyeota.net/match?bid=kh51m51&uid=cilEvucxbC8TKWVP5WiP8KMYQ&gdpr=0&gdpr_consent=
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
0
p
a.audrte.com/ Frame A012
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=ar101281&google_cm&red=eyJ1IjoiaHR0cHM6Ly9hLmF1ZHJ0ZS5jb206NDQzL3AiLCJkIjpbXX0%3D&ar_id=cilEvucxbC8TKWVP5WiP8KMYQ&gdpr=0&gdpr_consent=
  • https://a.audrte.com/g?red=eyJ1IjoiaHR0cHM6Ly9hLmF1ZHJ0ZS5jb206NDQzL3AiLCJkIjpbXX0%3D&ar_id=cilEvucxbC8TKWVP5WiP8KMYQ&gdpr=0&gdpr_consent=&google_gid=CAESEBgzdWek5j7WERnJEKP6-L4&google_cver=1
  • https://a.audrte.com/p
68 B
617 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://a.audrte.com/p
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html
Protocol
HTTP/1.1
Server
34.206.192.53 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-206-192-53.compute-1.amazonaws.com
Software
nginx/1.18.0 /
Resource Hash
2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ads.us.e-planning.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date
Mon, 08 Nov 2021 15:48:10 GMT
Server
nginx/1.18.0
Vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Methods
POST, GET, OPTIONS
Content-Type
image/png
Access-Control-Allow-Origin
*
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
68

Redirect headers

Date
Mon, 08 Nov 2021 15:48:10 GMT
Server
nginx/1.18.0
Access-Control-Allow-Origin
*
Vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Methods
POST, GET, OPTIONS
Location
https://a.audrte.com:443/p
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
0
pixel
ps.eyeota.net/ Frame A012 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ps.eyeota.net/pixel?pid=kh51m51&t=ajs&uid=cilEvucxbC8TKWVP5WiP8KMYQ&gdpr=0&gdpr_consent=
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
34.197.192.192 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-197-192-192.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ads.us.e-planning.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date
Mon, 08 Nov 2021 15:48:11 GMT
Content-Length
1241
P3P
CP="CURa ADMa DEVa TAIo PSAo PSDo OUR SAMo BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR", policyref="http://ps.eyeota.net/w3c/p3p.xml"
SPug
simage4.pubmatic.com/AdServer/ Frame 719F 		0
128 B 		Script
General
Check archive.org
Download Go to
Full URL
https://simage4.pubmatic.com/AdServer/SPug?partnerID=156212&gdpr=0&gdpr_consent=&us_privacy=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156212&predirect=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D71%263pid%3D&gdpr=1&gdpr_consent=ABCFETYFDJLNBFCV&gdpr=0&gdpr_consent=
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.36.115.114 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 15:48:09 GMT
cache-control
no-store, no-cache, private
server
nginx
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
usync.js
eus.rubiconproject.com/ Frame CE68 		32 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.js
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=gumgum
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.73.244.44 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-73-244-44.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash
53ae292e0af77f3d8caa3e6cff97711182c63f2389e1c253387301a3647d2d4d

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://eus.rubiconproject.com/usync.html?p=gumgum
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date
Mon, 08 Nov 2021 15:48:12 GMT
Content-Encoding
gzip
Last-Modified
Wed, 03 Nov 2021 21:03:19 GMT
Server
Apache/2.2.15 (CentOS)
X-Powered-By
PHP/5.3.3
Vary
Accept-Encoding
p3p
CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control
max-age=62602
Connection
keep-alive
Content-Type
text/html; charset=UTF-8
Content-Length
9511
Expires
Tue, 09 Nov 2021 09:11:34 GMT
pixel.gif
px.moatads.com/ Frame B1D3 		43 B
260 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.moatads.com/pixel.gif?e=9&q=0&hp=1&ra=1&pxm=7&sgs=3&vb=-1&kq=1&lo=0&uk=null&pk=0&wk=0&rk=0&tk=0&ak=-&i=SENDGRID_DCM1&ol=453615052&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~tM!90vv9L%24%2FoDb%2FG)lKr%23l9jmUdTfN%5Bqir1fcSC%3AU%3FWOvTh%7CzFK%3F%5B%22l!j%3F%5DV%22%3BU!%2FBwj%5DUG0U20!9%3Am%5EG..%2C*%5D%407%25rxaxcpaO%2BZ%5EhG%22%3ExZq%224%7CQjw%60.%7Bi%3F%5DQZ%2CA2%2BNhloI%40s1%7CZ5*%3FVl%3Fe3%7CqL5%40J%3D%5B*EjrG%3DH%3CA.a%24%7D9H%3BatASYUby%3D(tN%23V.x%3Bm_Qrw5.W%2F84VKp%40i6AKx!f%3EUYoo813_xB%2CN22Ib%40aFB&tf=1_nMzjG---CSa7H-nHVQZC-bW7qhB-LRwqH-nMzjG-&vi=111111&rc=2%2C1%2C0%2C3%2C3326192205%2C1%2C4%2C0%2Cprobably%2Cprobably&rb=1-KyBnW%2BgiY9PHPf0uHVjPGlx1P1tMeAYh8VIp1Vf7AbESGfrl5%2FmliBNlAlwWxmRnpyWz&rs=1-3F41M1%2F1Kg7M0g%3D%3D&sc=1&os=1-aw%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MxOtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJfR0BqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=&qc=0&qd=0&qf=728&qe=90&qh=1600&qg=1200&qm=0&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&ql=%3B%5BpwxnRd%7Dt%3Aal9EU%22y%2F.D%5B5%2F%5BGI%3Fi6%5EB61%2F%3DSqcMr1%7B%2CTu9LJJ(a.P%2B)s1(uA&qo=0&qr=0&vf=1&vg=100&bq=0&g=5&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&h=90&w=728&zGSRC=1&gu=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F112825%2Fmalware%2Fgolang-based-worm-windows-linux.html&id=0&ii=6&f=1&j=https%3A%2F%2Fsecurityaffairs.co&lp=https%3A%2F%2Fsecurityaffairs.co&t=1636386486929&de=974024140004&cu=1636386486929&m=5245&ar=553ffc12ef5-clean&iw=9a4f3d2&cb=0&ym=0&ll=2&lm=2&ln=1&r=0&dl=0&nh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=94&le=1&gm=1&io=1&ch=1&vv=3&vw=0%3A3%3A0&vp=100&vx=-%3A100%3A-&pe=0%3A523%3A523%3A3591%3A1100&aa=1&ad=4943&cn=1323&gn=1&gk=4943&gl=1323&ik=4943&ic=4943&ez=1&co=1323&cp=848&cq=1&im=1&in=1&pd=1&nb=1&em=0&en=0&st=1&su=1&of=1&oz=1&oe=0%3A0%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=5021&cd=848&ah=5021&am=848&xd=00&rf=0&re=1&wb=2&cl=0&at=0&d=22143192%3A3112338%3A318428647%3A160158782&bo=securityaffairs.co&bd=securityaffairs.co&gw=sendgriddcm593119715704&zMoatOrigSlicer1=N%2FA&zMoatOrigSlicer2=N%2FA&hv=Standard%20Image%20Ad%20finding%20&ab=1&ac=1&fd=1&kt=sframe&it=500&fz=1&oq=1&ot=ff&zMoatJS=3%3A-&ti=0&ih=1&jm=-1&tc=0&fs=195402&na=1940635544&cs=0
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
184.29.129.187 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-29-129-187.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:12 GMT
last-modified
Fri, 20 May 2016 15:16:00 GMT
server
AkamaiNetStorage
etag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type
image/gif
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-length
43
expires
Mon, 08 Nov 2021 15:48:12 GMT
pixel.gif
px.moatads.com/ Frame B1D3 		43 B
260 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.moatads.com/pixel.gif?e=9&q=1&hp=1&ra=1&pxm=7&sgs=3&vb=-1&kq=1&lo=0&uk=null&pk=0&wk=0&rk=0&tk=0&ak=-&i=SENDGRID_DCM1&ol=453615052&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~tM!90vv9L%24%2FoDb%2FG)lKr%23l9jmUdTfN%5Bqir1fcSC%3AU%3FWOvTh%7CzFK%3F%5B%22l!j%3F%5DV%22%3BU!%2FBwj%5DUG0U20!9%3Am%5EG..%2C*%5D%407%25rxaxcpaO%2BZ%5EhG%22%3ExZq%224%7CQjw%60.%7Bi%3F%5DQZ%2CA2%2BNhloI%40s1%7CZ5*%3FVl%3Fe3%7CqL5%40J%3D%5B*EjrG%3DH%3CA.a%24%7D9H%3BatASYUby%3D(tN%23V.x%3Bm_Qrw5.W%2F84VKp%40i6AKx!f%3EUYoo813_xB%2CN22Ib%40aFB&tf=1_nMzjG---CSa7H-nHVQZC-bW7qhB-LRwqH-nMzjG-&vi=111111&rc=2%2C1%2C0%2C3%2C3326192205%2C1%2C4%2C0%2Cprobably%2Cprobably&rb=1-KyBnW%2BgiY9PHPf0uHVjPGlx1P1tMeAYh8VIp1Vf7AbESGfrl5%2FmliBNlAlwWxmRnpyWz&rs=1-3F41M1%2F1Kg7M0g%3D%3D&sc=1&os=1-aw%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MxOtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJfR0BqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=&qc=0&qd=0&qf=728&qe=90&qh=1600&qg=1200&qm=0&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&ql=%3B%5BpwxnRd%7Dt%3Aal9EU%22y%2F.D%5B5%2F%5BGI%3Fi6%5EB61%2F%3DSqcMr1%7B%2CTu9LJJ(a.P%2B)s1(uA&qo=0&qr=0&vf=1&vg=100&bq=0&g=6&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&h=90&w=728&zGSRC=1&gu=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F112825%2Fmalware%2Fgolang-based-worm-windows-linux.html&id=0&ii=6&f=1&j=https%3A%2F%2Fsecurityaffairs.co&lp=https%3A%2F%2Fsecurityaffairs.co&t=1636386486929&de=974024140004&cu=1636386486929&m=5446&ar=553ffc12ef5-clean&iw=9a4f3d2&cb=0&ym=0&ll=2&lm=2&ln=1&r=0&dl=0&nh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=94&le=1&gm=1&io=1&ch=1&vv=3&vw=0%3A3%3A0&vp=100&vx=-%3A100%3A-&pe=0%3A523%3A523%3A3591%3A1100&aa=1&ad=5145&cn=4943&gn=1&gk=5145&gl=4943&ik=5145&ic=5145&ez=1&co=1323&cp=848&cq=1&im=1&in=1&pd=1&nb=1&em=0&en=0&st=1&su=1&of=1&oz=1&oe=0%3A0%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=5222&cd=5021&ah=5222&am=5021&xd=00&rf=0&re=1&wb=2&cl=0&at=0&d=22143192%3A3112338%3A318428647%3A160158782&bo=securityaffairs.co&bd=securityaffairs.co&gw=sendgriddcm593119715704&zMoatOrigSlicer1=N%2FA&zMoatOrigSlicer2=N%2FA&hv=Standard%20Image%20Ad%20finding%20&ab=1&ac=1&fd=1&kt=sframe&it=500&fz=1&oq=1&ot=ff&zMoatJS=3%3A-&ti=0&ih=1&jm=-1&tc=0&fs=195402&na=834868063&cs=0
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
184.29.129.187 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-29-129-187.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:12 GMT
last-modified
Fri, 20 May 2016 15:16:00 GMT
server
AkamaiNetStorage
etag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type
image/gif
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-length
43
expires
Mon, 08 Nov 2021 15:48:12 GMT
ptmd
dt.clnmde.com/ 		70 B
330 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dt.clnmde.com/ptmd?t=16363864849763280910398_N4IgLgDghiBcDaiCMAaADAXSykAzGCAzAOwCsAHEmseaQGwpXnotqvtucfoY74DOcBiAAWIuPABMbSUl55ccSTgCuKuKWJs8ANzggQOAJZ7YzEPzBQwKwQgAsyyaUYBOeQC8CqEBADm+no4AKYAdqa+hiB+4rAgSHSEieR09uT2rsSJkuRorlSEruRRYHbxjkXU9nTOFFE6ZXQAdGhN9vZIUVAANnCEfADGcAC0PsFgRvoJSYQpafZRlgGw2vwA1lOJyanpAPqUrs5odGg5OVHBRhD6JE1I0k3SpHcZ9cEATvoQ7wD2ACYXFTeVSTFYhHS9BCgUJQAC2wX0ACMjH8-h9diion9rARQMjUejMbBQiput0cDojBiAXFptt5oRZqQSGh7KQQABfDkoaFwhFxfFo97UrE4uB4lFCkXE0nkkCU6XxLazHaONk1DKzTnc3nwpGSwkAnDYqzikCCw1wElkilUolKmZzdLEF3M1LnLk8kAwvUCg3CzHGsWwCUEgM061yhX2ukqhmJLKaYiSbXyCANCTyfjdSybR2q1x0VxRbqKWA+aM0h309IzRMulM4Aa2MCK8gAYQAqqQAEIAEToAFEAOpRPxDcvKuauQhoag4ACO-J8uFBaA5QA
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.211.217.109 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-18-211-217-109.compute-1.amazonaws.com
Software
/ Express
Resource Hash
c414cd0e204de974f73753c7e28d7638e7b3691bb8b1a2bab6b25bb7fed7ce77

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

access-control-allow-origin
*
date
Mon, 08 Nov 2021 15:48:13 GMT
x-powered-by
Express
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Bafp-Eg, Bafp-Ec, Bafp-Eg-T, Bafp-Ec-T
access-control-max-age
1800
access-control-allow-methods
GET,PUT,POST,DELETE,OPTIONS
content-type
image/gif
ptmdP
dt.clnmde.com/ 		7 B
328 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://dt.clnmde.com/ptmdP
Requested by
Host: pxlclnmdecom-a.akamaihd.net
URL: https://pxlclnmdecom-a.akamaihd.net/javascripts/browserfp.min.js?templateId=3&customerId=8CU5BD6EW
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.211.217.109 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-18-211-217-109.compute-1.amazonaws.com
Software
/ Express
Resource Hash
aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27

Request headers

Referer
https://securityaffairs.co/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Mon, 08 Nov 2021 15:48:15 GMT
vary
Accept-Encoding
x-powered-by
Express
etag
W/"7-Jgyp3YpFd/wAt71YECmAdg"
access-control-max-age
1800
access-control-allow-methods
GET,PUT,POST,DELETE,OPTIONS
content-type
text/html; charset=utf-8
access-control-allow-origin
*
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Bafp-Eg, Bafp-Ec, Bafp-Eg-T, Bafp-Ec-T
content-length
7
img
pixel.mathtag.com/misc/ Frame 1D3B 		43 B
502 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.mathtag.com/misc/img?mm_bnc&bcdv=1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.41.168.211 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-41-168-211.deploy.static.akamaitechnologies.com
Software
MT3 4067 88cc6bf master ord-pixel-x19 config:1.0.0 /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://api.retargetly.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date
Mon, 08 Nov 2021 15:48:16 GMT
Server
MT3 4067 88cc6bf master ord-pixel-x19 config:1.0.0
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control
no-cache
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Mon, 08 Nov 2021 15:48:15 GMT
img
pixel.mathtag.com/misc/ Frame 3D7F 		43 B
502 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.mathtag.com/misc/img?mm_bnc&bcdv=1
Requested by
Host: pixel.mathtag.com
URL: https://pixel.mathtag.com/sync/iframe?mt_uuid=47ba6189-46b6-4f00-a922-0724bc220c16&no_iframe=1&exsync=https%3A%2F%2Fapp.retargetly.com%2Fsync%3Fsid%3D%5BMM_UUID%5D%26pid%3D10&mt_lim=12&source=mathtag
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.41.168.211 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-41-168-211.deploy.static.akamaitechnologies.com
Software
MT3 4067 88cc6bf master ord-pixel-x18 config:1.0.0 /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://pixel.mathtag.com/sync/iframe?mt_uuid=47ba6189-46b6-4f00-a922-0724bc220c16&no_iframe=1&exsync=https%3A%2F%2Fapp.retargetly.com%2Fsync%3Fsid%3D%5BMM_UUID%5D%26pid%3D10&mt_lim=12&source=mathtag
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date
Mon, 08 Nov 2021 15:48:16 GMT
Server
MT3 4067 88cc6bf master ord-pixel-x18 config:1.0.0
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control
no-cache
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Mon, 08 Nov 2021 15:48:15 GMT
img
pixel.mathtag.com/misc/ Frame 3D7F 		43 B
497 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.mathtag.com/misc/img?mop_seq=1:1&mt_cb=125317&check=47ba6189-46b6-4f00-a922-0724bc220c16&mop_top=&final&timings=0:100|0:848|10000:1237|&errors=
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.41.168.211 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-41-168-211.deploy.static.akamaitechnologies.com
Software
MT3 4067 88cc6bf master iad-pixel-x32 config:1.0.0 /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://pixel.mathtag.com/sync/iframe?mt_uuid=47ba6189-46b6-4f00-a922-0724bc220c16&no_iframe=1&exsync=https%3A%2F%2Fapp.retargetly.com%2Fsync%3Fsid%3D%5BMM_UUID%5D%26pid%3D10&mt_lim=12&source=mathtag
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date
Mon, 08 Nov 2021 15:48:16 GMT
Server
MT3 4067 88cc6bf master iad-pixel-x32 config:1.0.0
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control
no-cache
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Mon, 08 Nov 2021 15:48:15 GMT
pixel.gif
px.moatads.com/ Frame B1D3 		43 B
260 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.moatads.com/pixel.gif?e=25&q=2&hp=1&ra=1&pxm=7&sgs=3&vb=-1&kq=1&lo=0&uk=null&pk=0&wk=0&rk=0&tk=0&ak=https%3A%2F%2Fs2.2mdn.net%2Fproxy%2FuxyFXEcgEeCM1h9D8yFVK7Egjb7uiG80umz3V9MXL9-ITJmbVXMjhSkc7cljUB2dWlpm0wwOILWpq5HKQBk_EyT5jGXuiC1XDwIYN3B0ZXLBg0ZHjqrGLyS1zffvneXHm2VTFveHdinr%3Dw728-h90-n&i=SENDGRID_DCM1&ol=453615052&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~tM!90vv9L%24%2FoDb%2FG)lKr%23l9jmUdTfN%5Bqir1fcSC%3AU%3FWOvTh%7CzFK%3F%5B%22l!j%3F%5DV%22%3BU!%2FBwj%5DUG0U20!9%3Am%5EG..%2C*%5D%407%25rxaxcpaO%2BZ%5EhG%22%3ExZq%224%7CQjw%60.%7Bi%3F%5DQZ%2CA2%2BNhloI%40s1%7CZ5*%3FVl%3Fe3%7CqL5%40J%3D%5B*EjrG%3DH%3CA.a%24%7D9H%3BatASYUby%3D(tN%23V.x%3Bm_Qrw5.W%2F84VKp%40i6AKx!f%3EUYoo813_xB%2CN22Ib%40aFB&tf=1_nMzjG---CSa7H-nHVQZC-bW7qhB-LRwqH-nMzjG-&vi=111111&rc=2%2C1%2C0%2C3%2C3326192205%2C1%2C4%2C0%2Cprobably%2Cprobably&rb=1-KyBnW%2BgiY9PHPf0uHVjPGlx1P1tMeAYh8VIp1Vf7AbESGfrl5%2FmliBNlAlwWxmRnpyWz&rs=1-3F41M1%2F1Kg7M0g%3D%3D&sc=1&os=1-aw%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MxOtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJfR0BqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=&qc=0&qd=0&qf=728&qe=90&qh=1600&qg=1200&qm=0&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&ql=%3B%5BpwxnRd%7Dt%3Aal9EU%22y%2F.D%5B5%2F%5BGI%3Fi6%5EB61%2F%3DSqcMr1%7B%2CTu9LJJ(a.P%2B)s1(uA&qo=0&qr=0&vf=1&vg=100&bq=0&g=7&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&h=90&w=728&zGSRC=1&gu=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F112825%2Fmalware%2Fgolang-based-worm-windows-linux.html&id=0&ii=6&f=1&j=https%3A%2F%2Fsecurityaffairs.co%2F&lp=https%3A%2F%2Fsecurityaffairs.co&t=1636386486929&de=974024140004&cu=1636386486929&m=10324&ar=553ffc12ef5-clean&iw=9a4f3d2&cb=0&ym=0&ll=2&lm=2&ln=1&r=0&dl=0&nh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=94&le=1&gm=1&io=1&ch=1&vv=3&vw=0%3A3%3A0&vp=100&vx=-%3A100%3A-&pe=0%3A523%3A523%3A3591%3A1100&aa=1&ad=10022&cn=5145&gn=1&gk=10022&gl=5145&ik=10022&ic=10022&ez=1&co=1323&cp=848&cq=1&im=1&in=1&pd=1&nb=1&em=0&en=0&st=1&su=1&of=1&oz=1&oe=0%3A0%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=10101&cd=5222&ah=10101&am=5222&xd=00&rf=0&re=1&wb=2&cl=0&at=0&d=22143192%3A3112338%3A318428647%3A160158782&bo=securityaffairs.co&bd=securityaffairs.co&gw=sendgriddcm593119715704&zMoatOrigSlicer1=N%2FA&zMoatOrigSlicer2=N%2FA&hv=Standard%20Image%20Ad%20finding%20&ab=1&ac=1&fd=1&kt=sframe&it=500&fz=1&oq=1&ot=ff&zMoatJS=3%3A-&ti=0&ih=1&jm=-1&tc=0&fs=195402&na=494229509&cs=0
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
184.29.129.187 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-29-129-187.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:17 GMT
last-modified
Fri, 20 May 2016 15:16:00 GMT
server
AkamaiNetStorage
etag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type
image/gif
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-length
43
expires
Mon, 08 Nov 2021 15:48:17 GMT
pixel.gif
px.moatads.com/ Frame B1D3 		43 B
260 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.moatads.com/pixel.gif?e=9&q=3&hp=1&ra=1&pxm=7&sgs=3&vb=-1&kq=1&lo=0&uk=null&pk=0&wk=0&rk=0&tk=0&ak=-&i=SENDGRID_DCM1&ol=453615052&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~tM!90vv9L%24%2FoDb%2FG)lKr%23l9jmUdTfN%5Bqir1fcSC%3AU%3FWOvTh%7CzFK%3F%5B%22l!j%3F%5DV%22%3BU!%2FBwj%5DUG0U20!9%3Am%5EG..%2C*%5D%407%25rxaxcpaO%2BZ%5EhG%22%3ExZq%224%7CQjw%60.%7Bi%3F%5DQZ%2CA2%2BNhloI%40s1%7CZ5*%3FVl%3Fe3%7CqL5%40J%3D%5B*EjrG%3DH%3CA.a%24%7D9H%3BatASYUby%3D(tN%23V.x%3Bm_Qrw5.W%2F84VKp%40i6AKx!f%3EUYoo813_xB%2CN22Ib%40aFB&tf=1_nMzjG---CSa7H-nHVQZC-bW7qhB-LRwqH-nMzjG-&vi=111111&rc=2%2C1%2C0%2C3%2C3326192205%2C1%2C4%2C0%2Cprobably%2Cprobably&rb=1-KyBnW%2BgiY9PHPf0uHVjPGlx1P1tMeAYh8VIp1Vf7AbESGfrl5%2FmliBNlAlwWxmRnpyWz&rs=1-3F41M1%2F1Kg7M0g%3D%3D&sc=1&os=1-aw%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MxOtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJfR0BqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=&qc=0&qd=0&qf=728&qe=90&qh=1600&qg=1200&qm=0&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&ql=%3B%5BpwxnRd%7Dt%3Aal9EU%22y%2F.D%5B5%2F%5BGI%3Fi6%5EB61%2F%3DSqcMr1%7B%2CTu9LJJ(a.P%2B)s1(uA&qo=0&qr=0&vf=1&vg=100&bq=0&g=8&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&h=90&w=728&zGSRC=1&gu=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F112825%2Fmalware%2Fgolang-based-worm-windows-linux.html&id=0&ii=6&f=1&j=https%3A%2F%2Fsecurityaffairs.co&lp=https%3A%2F%2Fsecurityaffairs.co&t=1636386486929&de=974024140004&cu=1636386486929&m=15336&ar=553ffc12ef5-clean&iw=9a4f3d2&cb=0&ym=0&ll=2&lm=2&ln=1&r=0&dl=0&nh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=94&le=1&gm=1&io=1&ch=1&vv=3&vw=0%3A3%3A0&vp=100&vx=-%3A100%3A-&pe=0%3A523%3A523%3A3591%3A1100&aa=1&ad=15035&cn=10022&gn=1&gk=15035&gl=10022&ik=15035&ic=15035&ez=1&co=1323&cp=848&cq=1&im=1&in=1&pd=1&nb=1&em=0&en=0&st=1&su=1&of=1&oz=1&oe=0%3A0%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=15113&cd=10101&ah=15113&am=10101&xd=00&rf=0&re=1&wb=2&cl=0&at=0&d=22143192%3A3112338%3A318428647%3A160158782&bo=securityaffairs.co&bd=securityaffairs.co&gw=sendgriddcm593119715704&zMoatOrigSlicer1=N%2FA&zMoatOrigSlicer2=N%2FA&hv=Standard%20Image%20Ad%20finding%20&ab=1&ac=1&fd=1&kt=sframe&it=500&fz=1&oq=1&ot=ff&zMoatJS=3%3A-&ti=0&ih=1&jm=-1&tc=0&fs=195402&na=1265565688&cs=0
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
184.29.129.187 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-29-129-187.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:22 GMT
last-modified
Fri, 20 May 2016 15:16:00 GMT
server
AkamaiNetStorage
etag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type
image/gif
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-length
43
expires
Mon, 08 Nov 2021 15:48:22 GMT
pixel.gif
px.moatads.com/ Frame B1D3 		43 B
260 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.moatads.com/pixel.gif?e=9&q=4&hp=1&ra=1&pxm=7&sgs=3&vb=-1&kq=1&lo=0&uk=null&pk=0&wk=0&rk=0&tk=0&ak=-&i=SENDGRID_DCM1&ol=453615052&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~tM!90vv9L%24%2FoDb%2FG)lKr%23l9jmUdTfN%5Bqir1fcSC%3AU%3FWOvTh%7CzFK%3F%5B%22l!j%3F%5DV%22%3BU!%2FBwj%5DUG0U20!9%3Am%5EG..%2C*%5D%407%25rxaxcpaO%2BZ%5EhG%22%3ExZq%224%7CQjw%60.%7Bi%3F%5DQZ%2CA2%2BNhloI%40s1%7CZ5*%3FVl%3Fe3%7CqL5%40J%3D%5B*EjrG%3DH%3CA.a%24%7D9H%3BatASYUby%3D(tN%23V.x%3Bm_Qrw5.W%2F84VKp%40i6AKx!f%3EUYoo813_xB%2CN22Ib%40aFB&tf=1_nMzjG---CSa7H-nHVQZC-bW7qhB-LRwqH-nMzjG-&vi=111111&rc=2%2C1%2C0%2C3%2C3326192205%2C1%2C4%2C0%2Cprobably%2Cprobably&rb=1-KyBnW%2BgiY9PHPf0uHVjPGlx1P1tMeAYh8VIp1Vf7AbESGfrl5%2FmliBNlAlwWxmRnpyWz&rs=1-3F41M1%2F1Kg7M0g%3D%3D&sc=1&os=1-aw%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MxOtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJfR0BqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=&qc=0&qd=0&qf=728&qe=90&qh=1600&qg=1200&qm=0&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&ql=%3B%5BpwxnRd%7Dt%3Aal9EU%22y%2F.D%5B5%2F%5BGI%3Fi6%5EB61%2F%3DSqcMr1%7B%2CTu9LJJ(a.P%2B)s1(uA&qo=0&qr=0&vf=1&vg=100&bq=0&g=9&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&h=90&w=728&zGSRC=1&gu=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F112825%2Fmalware%2Fgolang-based-worm-windows-linux.html&id=0&ii=6&f=1&j=https%3A%2F%2Fsecurityaffairs.co&lp=https%3A%2F%2Fsecurityaffairs.co&t=1636386486929&de=974024140004&cu=1636386486929&m=15538&ar=553ffc12ef5-clean&iw=9a4f3d2&cb=0&ym=0&ll=2&lm=2&ln=1&r=0&dl=0&nh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=94&le=1&gm=1&io=1&ch=1&vv=3&vw=0%3A3%3A0&vp=100&vx=-%3A100%3A-&pe=0%3A523%3A523%3A3591%3A1100&aa=1&ad=15236&cn=15035&gn=1&gk=15236&gl=15035&ik=15236&ic=15236&ez=1&co=1323&cp=848&cq=1&im=1&in=1&pd=1&nb=1&em=0&en=0&st=1&su=1&of=1&oz=1&oe=0%3A0%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=15314&cd=15113&ah=15314&am=15113&xd=00&rf=0&re=1&wb=2&cl=0&at=0&d=22143192%3A3112338%3A318428647%3A160158782&bo=securityaffairs.co&bd=securityaffairs.co&gw=sendgriddcm593119715704&zMoatOrigSlicer1=N%2FA&zMoatOrigSlicer2=N%2FA&hv=Standard%20Image%20Ad%20finding%20&ab=1&ac=1&fd=1&kt=sframe&it=500&fz=1&oq=1&ot=ff&zMoatJS=3%3A-&ti=0&ih=1&jm=-1&tc=0&fs=195402&na=72203394&cs=0
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
184.29.129.187 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-29-129-187.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 15:48:22 GMT
last-modified
Fri, 20 May 2016 15:16:00 GMT
server
AkamaiNetStorage
etag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type
image/gif
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-length
43
expires
Mon, 08 Nov 2021 15:48:22 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
fonts.googleapis.com
URL
http://fonts.googleapis.com/css?family=Roboto+Condensed%3A400italic%2C700italic%2C400%2C700&subset=latin%2Ccyrillic-ext%2Cgreek-ext%2Cgreek%2Ccyrillic%2Clatin-ext%2Cvietnamese&ver=4e9fb397a60a1f94ccb51524dee6bbf2
Domain
fonts.googleapis.com
URL
http://fonts.googleapis.com/css?family=Lato%3A400%2C700%2C400italic%2C700italic&ver=4e9fb397a60a1f94ccb51524dee6bbf2
Domain
fonts.googleapis.com
URL
http://fonts.googleapis.com/css?family=Playfair+Display%3A400%2C700%2C400italic&subset=latin%2Ccyrillic-ext%2Cgreek-ext%2Ccyrillic&ver=4e9fb397a60a1f94ccb51524dee6bbf2
Domain
fonts.googleapis.com
URL
http://fonts.googleapis.com/css?family=Oswald%3A400%2C700%2C400italic&subset=latin%2Ccyrillic-ext%2Cgreek-ext%2Ccyrillic&ver=4e9fb397a60a1f94ccb51524dee6bbf2
Domain
api.rlcdn.com
URL
https://api.rlcdn.com/api/identity/envelope?pid=c2d18b01-4905-4aba-a83e-e41eac932694
Domain
pagead2.googlesyndication.com
URL
https://pagead2.googlesyndication.com/pagead/show_ads.js
Domain
ice.360yield.com
URL
https://ice.360yield.com/match?publisher_dsp_id=313&dsp_callback=1&external_user_id=ID5-ZHMOgpMYU4Sy97VUWlx8FiFMQ8P0lOmI-7p-N1WlPw&r=https%3A%2F%2Fid5-sync.com%2Fcq%2F434%2F916%2F1%2F9.gif%3Fpuid%3D%7BPUB_USER_ID%7D%26gdpr%3D0%26gdpr_consent%3D&gdpr=0&gdpr_consent=

Verdicts & Comments Add Verdict or Comment

169 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| 6 object| 7 object| 8 object| 9 object| 10 object| 11 object| 12 object| 13 object| 14 object| 15 object| 16 object| 17 object| 18 object| 19 object| 20 object| 21 object| 22 object| 23 object| 24 object| 25 object| 26 object| 27 object| 28 object| 29 object| 30 object| onbeforexrselect function| reportError boolean| originAgentCluster object| scheduler string| em_version boolean| em_track_user string| em_no_track_reason object| disableStrs function| __gtagTrackerIsOptedOut undefined| index function| __gtagTrackerOptout function| gaOptout function| __gtagDataLayer function| __gtagTracker object| dataLayer object| ExactMetricsDualTracker function| gtag function| __gaTracker object| _wpemojiSettings object| google_tag_manager object| google_tag_data string| GoogleAnalyticsObject function| ga object| exactmetrics_frontend function| ExactMetrics object| ExactMetricsObject undefined| $ function| jQuery object| Cli_Data object| cli_cookiebar_settings object| log_object object| CLI_Cookie object| CLI object| cliBlocker string| CLI_ACCEPT_COOKIE_NAME string| CLI_PREFERNCE_COOKIE number| CLI_ACCEPT_COOKIE_EXPIRE boolean| CLI_COOKIEBAR_AS_POPUP object| mnetCustomerData function| injectMnetScript object| _mNHandle string| medianet_versionId object| stlib boolean| tpcCookiesEnableCheckingDone boolean| tpcCookiesEnabledStatus boolean| sop_pview_logged string| stWidgetVersion string| refQuery object| stLight boolean| st_showing object| st object| __stdos__ function| __sharethis__docReady object| __sharethis__ boolean| cli_flush_cache object| WPCOM_sharing_counts object| click_object object| Main object| FB object| gaplugins object| gaGlobal object| gaData object| BrowserDetect object| mejs function| onYouTubePlayerAPIReady function| onYouTubePlayerReady function| MediaElement function| MediaElementPlayer object| displayPlacement_PF_script boolean| pixfuture_environment_started function| init_____display____pixfuture object| _mN object| _mNSrv function| setup string| _mN_Idf number| _mN_ctr string| _mN_ctrM object| mnjs object| _mNDetails function| _cmL1Require function| _cmL1Define undefined| _mNE object| _mNadPrvLog boolean| _mNVideoInjection object| _mNX number| medianetTimer function| $j function| imagePreview object| wp object| sharing_js_options object| WPCOMSharing undefined| windowOpen object| _stq function| st_go function| linktracker_init object| wpcom string| currentText string| categoryCookie object| categoryCookieValue object| cli_chkbox_elm string| cli_chkbox_data_id string| cli_chkbox_data_id_trimmed boolean| isPending string| prebid_file function| findCMP_PixFuture object| twemoji string| eti string| esi_ip string| esi_ua object| hs string| adod string| sdod string| sdodi string| customerId number| templateId string| cp string| pd object| ad_regex string| noCookies number| cstSmpPer string| dl number| staging string| ver function| browserfp object| sppx number| bfObjLdCnt string| endTime function| pbjs_pixChunk object| pbjs_pix object| _pbjsGlobals object| mnet function| _mNRequireX function| _mNDefineX object| google_reactive_ads_global_state object| google_ad_modifications number| google_global_correlator object| google_prev_clients object| googletag

347 Cookies

Domain/Path Name / Value
.resetdigital.co/csync Name: ckbk
Value: 000000885342A08A
i.liadm.com/s Name: _li_ss
Value: MgkI_____wcQ6RA
.t.co/ Name: muc
Value: 4686f084-1f53-4c72-863e-76e0dbbdab56
.t.co/ Name: muc-ads
Value: e2eeb80c-23c1-4667-ad87-fd0bf4e93bf1
.securityaffairs.co/ Name: _ga
Value: GA1.2.826445048.1636386485
.securityaffairs.co/ Name: _gid
Value: GA1.2.1085941347.1636386485
.securityaffairs.co/ Name: _gat_gtag_UA_59069958_1
Value: 1
.securityaffairs.co/ Name: _gat
Value: 1
.sharethis.com/ Name: __stidv
Value: 2
.sharethis.com/ Name: __stid
Value: ZGUABWGJRrQAAAAIFBrzAw==
securityaffairs.co/ Name: session_depth
Value: securityaffairs.co%3D1%7C816788371%3D2%7C184323154%3D1%7C647633027%3D1
.securityaffairs.co/ Name: fpestid
Value: w4HR3WwFbuShXWTISxS8ptOzRQiCXiGayaFDMj3j7QOdxc3oxndbXpQ_VmLECyZo3rzjwQ
securityaffairs.co/ Name: cookielawinfo-checkbox-necessary
Value: yes
securityaffairs.co/ Name: cookielawinfo-checkbox-non-necessary
Value: yes
.securityaffairs.co/ Name: bfp_sn_rf_8b2087b102c9e3e5ffed1c1478ed8b78
Value: https://t.co/
.securityaffairs.co/ Name: bfp_sn_rt_8b2087b102c9e3e5ffed1c1478ed8b78
Value: 1636386484979
.securityaffairs.co/ Name: bfp_sn_pl
Value: 1636386484|1_819250602828
.pxlclnmdecom-a.akamaihd.net/ Name: bfp_sn
Value: 1636386484_819250602828
.pxlclnmdecom-a.akamaihd.net/ Name: bfp_sn_t_8b2087b102c9e3e5ffed1c1478ed8b78
Value: 1636386484_819250602828_8b2087b102c9e3e5ffed1c1478ed8b78
.pxlclnmdecom-a.akamaihd.net/ Name: bfp_sn_td_2a17fb019fa8803fcc76a437c68e2235
Value: 1636386484_819250602828_2a17fb019fa8803fcc76a437c68e2235
securityaffairs.co/ Name: _pbjs_userid_consent_data
Value: 3524755945110770
.agkn.com/ Name: ab
Value: 0001%3AQvhl8EnJORgQaZfH2dmHQWOl6H3ebChc
securityaffairs.co/ Name: _lr_retry_request
Value: true
securityaffairs.co/ Name: _lr_env_src_ats
Value: false
.securityaffairs.co/ Name: bafp
Value: 431ca9e0-40ab-11ec-bc1c-035117794dcf
.pxlclnmdecom-a.akamaihd.net/ Name: bafp_t
Value: 431ca9e0-40ab-11ec-91f6-1d20dda0599c
.adsrvr.org/ Name: TDID
Value: bef21cd7-0fed-4f87-bc0f-da97b65f7cb9
securityaffairs.co/ Name: pbjs-unifiedid
Value: %7B%22TDID%22%3A%22bef21cd7-0fed-4f87-bc0f-da97b65f7cb9%22%2C%22TDID_LOOKUP%22%3A%22FALSE%22%2C%22TDID_CREATED_AT%22%3A%222021-11-08T15%3A48%3A05%22%7D
.media.net/ Name: visitor-id
Value: 2793880847394129000V10
.adnxs.com/ Name: uuid2
Value: 6624566760367890375
.rubiconproject.com/ Name: rsid
Value: 1|AIfsdBUH+v3fWCPuzNowDE/cu41hKaStkydRTZb1Pwh3wYWROmqPGcfOdLvaiI/PRhnCqTioDwugFijIXUmqGzTE/2wGlVwK8BMqZcvhERk6pwW1CaJBOKyTTM+KZgD/ANSf
.openx.net/ Name: i
Value: 61874d22-24e1-4de4-8b45-82d7cde969e7|1636386485
.yahoo.com/ Name: A3
Value: d=AQABBLVGiWECEM3XX8djNXEtHwElnTSyiGYFEgEBAQGYimGTYQAAAAAA_eMAAA&S=AQAAAh8ZxT3BMfNDTx06jcUPvX4
.lijit.com/ Name: ljt_reader
Value: f184a978f0e8c2d1833e39ce
.go.sonobi.com/ Name: _usd_securityaffairs.co
Value: 70cd24f5-799a-4308-92a0-754e64eb032f
.go.sonobi.com/ Name: __uir_td
Value: 1
.go.sonobi.com/ Name: __uir_bw
Value: 1
.go.sonobi.com/ Name: __uir_mm
Value: 1
.go.sonobi.com/ Name: __uir_pp
Value: 1
.go.sonobi.com/ Name: __uir_zt
Value: 1
.go.sonobi.com/ Name: __uir_eb
Value: 1
ads.us.e-planning.net/ Name: CT
Value: 1
.rubiconproject.com/ Name: khaos
Value: KVQU9H03-1P-5D30
.e-planning.net/ Name: E
Value: AOltqTKsRf3LV5Jt
.go.sonobi.com/ Name: __uis
Value: f3bb0ca7-bd05-4942-8f6c-d6a9657e2b3f
.go.sonobi.com/ Name: HAPLB8A
Value: s8591|YYlGu
securityaffairs.co/ Name: cto_bidid
Value: fAKzG18lMkZ5am94aTd4djBoTFJ5c0NoZlV2b0ROdG95VlVOUHdLQW1tWHQlMkZKd3pDcjh6Ym52bk5lYUloanRHRTRTT1NoMnBZQXhKSXhLaXJuTjQlMkJtTW9ZWWppZyUzRCUzRA
securityaffairs.co/ Name: cto_bundle
Value: J3y_T184QWRmTUNSaG81MDNNbWF5SmxXcXV3RUNTSEMlMkZkVHNva1gwJTJGYktMOFlXNGJpb29jUXRPbUklMkZWY2xjZk83UHFXbU9nMWwzMEpCVFBWWDdNZ3BjdDFENUpTOWZEekE4UXJkaGN5ZVp0V3FRRThaR3VCZm14UzlqQlFXSk8lMkZjRXYlMkY
.sitescout.com/ Name: ssi
Value: c5a8c34f-a2af-431f-bc5a-09806d7b694f#1636386485684
.pubmatic.com/ Name: KADUSERCOOKIE
Value: 909D4247-195C-4A1C-B725-510C1A2C19E4
.casalemedia.com/ Name: CMID
Value: YYlGtSCPhl8A5ZZDXjjRgQAA
.casalemedia.com/ Name: CMPS
Value: 138
.zeotap.com/ Name: zc
Value: f0830e63-3c13-4bc2-5bbe-276457c3e442
.quantumdex.io/ Name: uid
Value: f49e2eb1-acb5-45cd-a25f-decf871b58bb
.go.sonobi.com/ Name: HAPLB8S
Value: s8536|YYlGu
.adform.net/ Name: C
Value: 1
.exelator.com/ Name: EE
Value: "4f092b052c94ab2b8f6773b337f5d0a3"
.casalemedia.com/ Name: CMPRO
Value: 479
.everesttech.net/ Name: everest_g_v2
Value: g_surferid~YYlGtQADCzBZAQAz
.adform.net/ Name: uid
Value: 4632481810353762187
.deepintent.com/ Name: CDIUSER
Value: di_ea88ca4abc7e417ea04f8
.adgrx.com/ Name: ADGRX_UID
Value: 439792cc-40ab-11ec-918a-3b0a3813f2a6
sync.srv.stackadapt.com/ Name: sa-user-id
Value: s%3A0-8544da17-d2de-436c-4d9b-fd7d43708f80.DSwYjVSrlBzDmbvnf2S708zrufMOh6uWMW3tqX3oZ3U
.srv.stackadapt.com/ Name: sa-user-id-v2
Value: s%3A0-8544da17-d2de-436c-4d9b-fd7d43708f80%24ip%2437.120.205.149.%2FeuUJZ%2BFdAfRLVU%2B%2F3d8OMLrrzVYoHpZFdanQ%2Flsiys
.taboola.com/ Name: t_gid
Value: 8fd59bcc-d66b-43c7-9a7e-bd761d6b0394-tuct882cc35
.retargetly.com/ Name: _rlid
Value: 0a2e2888-773d-4afd-bf1b-4c6e9c21042c
.mathtag.com/ Name: uuid
Value: 47ba6189-46b6-4f00-a922-0724bc220c16
.acuityplatform.com/ Name: auid
Value: 620923216780
.exelator.com/ Name: ud
Value: "eJxrXxzq6XKLQcEkzcDSKMnA1CjZ0iQxySjJIs3M3Nw4ydjYPM00xSDReHFZatGCpaXFqSlJh5ZU5JTkNK0uiw91jHdz9PX0iVzmnFGUn5u6AiwU5hq0yNJ0SX5RZvoiZ8fFRSlpDItKik8F72uQAwBqKimN"
.w55c.net/ Name: wfivefivec
Value: XuW5Oh981MK6Sp5
.admanmedia.com/ Name: admtr
Value: 8b9c57a28a641e890a1326df957fbbd9dbdd5e73
.owneriq.net/ Name: si
Value: Q6896728851048605046P
.owneriq.net/ Name: pmc
Value: 1
.pubmatic.com/ Name: KRTBCOOKIE_57
Value: 22776-6624566760367890375
.pubmatic.com/ Name: PUBMDCID
Value: 2
.targeting.unrulymedia.com/ Name: _rxuuid
Value: %7B%22rx_uuid%22%3A%22RX-af56c6db-498f-42fc-9369-e44a2dbc1924-005%22%7D
.adgrx.com/ Name: ADGRX_CM_PUBMATIC_BRIDGED
Value: 1
.turn.com/ Name: uid
Value: 3101355994236352031
.w55c.net/ Name: matchpubmatic
Value: 5
.bidr.io/ Name: bito
Value: AACqDk7DEo0AABkfKQPxKQ
.bidr.io/ Name: bitoIsSecure
Value: ok
.pubmatic.com/ Name: KRTBCOOKIE_860
Value: 16335-hUTaF9LeQ2xNm_19Q3CPgCV4zZU
.pubmatic.com/ Name: KRTBCOOKIE_377
Value: 6810-bef21cd7-0fed-4f87-bc0f-da97b65f7cb9&KRTB&22918-bef21cd7-0fed-4f87-bc0f-da97b65f7cb9&KRTB&23031-bef21cd7-0fed-4f87-bc0f-da97b65f7cb9
.pubmatic.com/ Name: KRTBCOOKIE_469
Value: 8273-620923216780
.pubmatic.com/ Name: KRTBCOOKIE_1003
Value: 22761-439792cc-40ab-11ec-918a-3b0a3813f2a6
.pubmatic.com/ Name: KRTBCOOKIE_218
Value: 4056-YYlGtQADCzBZAQAz&KRTB&22978-YYlGtQADCzBZAQAz&KRTB&23194-YYlGtQADCzBZAQAz&KRTB&23209-YYlGtQADCzBZAQAz
.simpli.fi/ Name: suid
Value: 961AF1076BCA42258C4489EC777AF824
.bidswitch.net/ Name: tuuid
Value: 85c87065-7ef7-4b17-88e8-8c602c265f67
.bidswitch.net/ Name: c
Value: 1636386486
.bidswitch.net/ Name: tuuid_lu
Value: 1636386486
.id5-sync.com/ Name: callback
Value:
.pubmatic.com/ Name: KRTBCOOKIE_107
Value: 1471-uid:XuW5Oh981MK6Sp5
.pubmatic.com/ Name: KRTBCOOKIE_27
Value: 16735-uid:47ba6189-46b6-4f00-a922-0724bc220c16&KRTB&16736-uid:47ba6189-46b6-4f00-a922-0724bc220c16&KRTB&23019-uid:47ba6189-46b6-4f00-a922-0724bc220c16&KRTB&23114-uid:47ba6189-46b6-4f00-a922-0724bc220c16
.pubmatic.com/ Name: KRTBCOOKIE_22
Value: 14911-3101355994236352031
.mathtag.com/ Name: mt_mop
Value: 9:1636386486
.pubmatic.com/ Name: KRTBCOOKIE_148
Value: 19421-uid:961AF1076BCA42258C4489EC777AF824
.pubmatic.com/ Name: KRTBCOOKIE_80
Value: 22987-CAESEHWrEwm--yYmr12Y-k6SOYA&KRTB&16514-CAESEHWrEwm--yYmr12Y-k6SOYA&KRTB&23025-CAESEHWrEwm--yYmr12Y-k6SOYA
.tapad.com/ Name: TapAd_TS
Value: 1636386486147
.tapad.com/ Name: TapAd_DID
Value: aec29ca0-3c0f-4554-9025-2ee595f559f2
.richaudience.com/ Name: pdid
Value: 3f14f7ee-db42-4bb0-854a-1zz1636386486
.securityaffairs.co/ Name: __gads
Value: ID=44d3cab990c74070-2250721568cc00e3:T=1636386486:RT=1636386486:S=ALNI_MaQSW6K3K3reVCVbEM_-lhKvQGOzA
beacon.lynx.cognitivlabs.com/ Name: UID
Value: d94a373b-c211-44ba-8717-a80e29e0f3e1
beacon.lynx.cognitivlabs.com/ Name: ss
Value: kpa%2B0CmTJxHhNno62K%2Bfp1iKHRZeBvm%2BZXFVjArGjHzs8CxeHBoFVGHSXjj02wA6hzsy3bgW%2FnPAYl0B34cQMQ%3D%3D
.weborama.fr/ Name: AFFICHE_W
Value: jYVZxQZRtwiN41
.go.sonobi.com/ Name: __uqc
Value: 1
.go.sonobi.com/ Name: __uin_tp
Value: 1
.go.sonobi.com/ Name: __uir_tp
Value: 1
.go.sonobi.com/ Name: __uin_iq
Value: 1
.go.sonobi.com/ Name: __uir_iq
Value: 1
.go.sonobi.com/ Name: __uin_i5
Value: 1
.go.sonobi.com/ Name: __uir_i5
Value: 1
.tidaltv.com/ Name: tidal_ttid
Value: 23353786-7d43-4f07-83ef-59f3a06c3bb5
.rfihub.com/ Name: rud
Value: H4sIAAAAAAAAAOMSsjS3MDe1AGIDYyNjc0MLEzMhPkPdIovgoMwC33jv8PxEKV5DM2MzYwszEwszIyNzACKMrSozAAAA
.rfihub.com/ Name: ruds
Value: H4sIAAAAAAAAAOMSsjS3MDe1AGIDYyNjc0MLEzMhPkPdIovgoMwC33jv8PxEAAQoxcEkAAAA
.sharethrough.com/ Name: stx_user_id
Value: 76c2086f-ea18-48df-9400-9341ac1d465a
.ipredictive.com/ Name: cu
Value: 43ca9dab-40ab-11ec-9d66-2b2cac59886f|1636386486258
.pubmatic.com/ Name: KRTBCOOKIE_391
Value: 22924-4632481810353762187&KRTB&23263-4632481810353762187
.quantserve.com/ Name: mc
Value: 618946b6-4284c-10972-27171
.amazon-adsystem.com/ Name: ad-id
Value: Awal5x0d50b7lmhRXn0XaIg
.amazon-adsystem.com/ Name: ad-privacy
Value: 0
.pubmatic.com/ Name: KRTBCOOKIE_286
Value: 5193-Q6896728851048605046&KRTB&22521-Q6896728851048605046
.fwmrm.net/ Name: _uid
Value: "a121_7028226440986617699"
event.clientgear.com/ Name: mkuuid
Value: mk3b3536ea-2edf-49ca-9ae0-72ccb4dd4411
.pubmatic.com/ Name: KRTBCOOKIE_32
Value: 11175-AAAGdRmRckESgQMeIAmPAAAAAAA&KRTB&22713-AAAGdRmRckESgQMeIAmPAAAAAAA&KRTB&22715-AAAGdRmRckESgQMeIAmPAAAAAAA
.tidaltv.com/ Name: sync-his
Value: "H4sIAAAAAAAAADM0sjQ2sDK0MAIAIsPoYwkAAAA="
.pippio.com/ Name: did
Value: INmdfJP-gwKc6esZ
.pippio.com/ Name: didts
Value: 1636386486
.pippio.com/ Name: nnls
Value:
.pubmatic.com/ Name: KRTBCOOKIE_153
Value: 19420-U88XBlHITQlIyh0HUZ0CDlXHGA1IzBgOUs8nyYch&KRTB&22979-U88XBlHITQlIyh0HUZ0CDlXHGA1IzBgOUs8nyYch
.crwdcntrl.net/ Name: _cc_dc
Value: 0
.crwdcntrl.net/ Name: _cc_id
Value: 5570d12073d005d655e3b9671c26cbf9
.pubmatic.com/ Name: KRTBCOOKIE_279
Value: 22890-43ca9dab-40ab-11ec-9d66-2b2cac59886f&KRTB&23011-43ca9dab-40ab-11ec-9d66-2b2cac59886f
.smartadserver.com/ Name: TestIfCookieP
Value: ok
.smartadserver.com/ Name: pbw
Value: %24b%3d16950%3b%24o%3d11100
.doubleclick.net/ Name: IDE
Value: AHWqTUmSJPiXhQ4fIzeR3Y7Qahu0PyDrOrsCLwviPSXuVp_nQsKlkIZRlcbXLXgGd6s
.adfarm1.adition.com/ Name: UserID1
Value: 7028226440993372315
.pubmatic.com/ Name: KRTBCOOKIE_1199
Value: 23175-000000885342A08A
.pubmatic.com/ Name: KRTBCOOKIE_188
Value: 3189-c5a8c34f-a2af-431f-bc5a-09806d7b694f-618946b5-4341
.id5-sync.com/ Name: id5
Value: 45747faf-8744-3fe7-8abc-2462ef552e81#1636386478674#3
.go.sonobi.com/ Name: __uin_zt
Value: 978758875032371846
.go.sonobi.com/ Name: __uin_mm
Value: 47ba6189-46b6-4f00-a922-0724bc220c16
rt.idx.lat/ Name: _idx3p
Value: {"ridx":"1ca6e2b72efdae5feddd8c6c76ece60d408410aedfdfdb408c27db696c52b03f"}
.contextweb.com/ Name: V
Value: H8Pc5X87Q0ue
bh.contextweb.com/ Name: INGRESSCOOKIE
Value: ef99ae9561308991
.bluekai.com/ Name: bkdc
Value: phx
.bluekai.com/ Name: bkpa
Value: KJy50nWvy09DxBsF1jrJKDG6Q8uVWii51yKMnIteoOPN052UY7KT7Y8Eyxb1Pw3066caiGSYaxTxMeazShZTzkFQb2SFUwAOHyI2DmYqC/su4jzu18BUOkwBh5QZnYb2Lmh7bf2chUhIwJBEoLeA7RaSqL2k7C2NCdilXx4sl0MD
.bluekai.com/ Name: bku
Value: rtT99njsiVWcB5xQ
.groovinads.com/ Name: GRV_IDU
Value: 1636386490782174
.groovinads.com/ Name: GRV_RT
Value: 0a2e2888-773d-4afd-bf1b-4c6e9c21042c
.go.sonobi.com/ Name: __uin_td
Value: bef21cd7-0fed-4f87-bc0f-da97b65f7cb9
.sportradarserving.com/ Name: zuuid
Value: 969ab515-771e-4a36-b33b-f48fc2378c18
.sportradarserving.com/ Name: c
Value: 1636386486
.sportradarserving.com/ Name: zuuid_lu
Value: 1636386486
.krxd.net/ Name: _kuid_
Value: OeEHC_iZ
.intentiq.com/ Name: IQver
Value: 1.9
.intentiq.com/ Name: intentIQ
Value: XnxJeeNw8N
.pubmatic.com/ Name: KRTBCOOKIE_52
Value: 22772-R1B331_E63D087A_53B0049B&KRTB&23092-R1B331_E63D087A_53B0049B
.mathtag.com/ Name: mt_misc
Value: mt_bt:1
.mookie1.com/ Name: id
Value: 10600910574261568507
.mookie1.com/ Name: mdata
Value: 1|10600910574261568507|1636386486513
.mookie1.com/ Name: ov
Value: 75fe98e8439fffb0366fcc3bdcc818e7
.adstanding.com/ Name: _adstanding_id
Value: 3195ec6e475b4ca1064afc2e5639af18
.demdex.net/ Name: demdex
Value: 64726530674853989592561403219984982038
.adnxs.com/ Name: anj
Value: dTM7k!M41.D>6NRF']wIg2Ilgjz=RP!]tb`8i_iqf!oN/@E'zz<*Z0Qf%WE_Zm0`3F7tI`nnrm!@+:!pZkMC-bm@d+/X%W#.wL4W1Qw1DAw!/!
.smartadserver.com/ Name: pid
Value: 4168224421957587973
.smartadserver.com/ Name: pdomid
Value: 24
.sportradarserving.com/ Name: zuuid_k
Value: 1
.sportradarserving.com/ Name: zuuid_k_lu
Value: 1636386486
.lijit.com/ Name: ljtrtbexp
Value: eJxlkDkSAyEMBP9C7AAJdPlrLv99y3gT9YYtoGfEZ8h4iy%2FfoZn%2BGnowrHz%2B0L3z6hjS2ebERCZe%2FIVeJXrOEVhV8ZgknCiVyEi0zA02MH1ooPQVGiJf7x23lh%2BOvvNC3oZ%2Fw2%2B4b%2FyP2Rt%2BL6EhXTc%3D
.go.sonobi.com/ Name: __uin_pp
Value: H8Pc5X87Q0ue
.go.sonobi.com/ Name: __uin_bw
Value: 85c87065-7ef7-4b17-88e8-8c602c265f67
.intentiq.com/ Name: intentIQCDate
Value: 1636386486633
.intentiq.com/ Name: IQAppnexusCookieSync
Value: 1636386486633
.go.sonobi.com/ Name: __uin_eb
Value: CAESELkQjHna8jnu1s_Adycsk7c||1
.dpm.demdex.net/ Name: dpm
Value: 64726530674853989592561403219984982038
.doubleclick.net/ Name: DSID
Value: NO_DATA
.linksynergy.com/ Name: rmuid
Value: 24055759-e17a-4501-ab3c-6739b9b4c477
.linksynergy.com/ Name: icts
Value: 2021-11-08T15:48:06Z
.richaudience.com/ Name: avcid-sma-uid
Value: 4168224421957587973
.pubmatic.com/ Name: KRTBCOOKIE_466
Value: 16530-85c87065-7ef7-4b17-88e8-8c602c265f67
.33across.com/ Name: 33x_ps
Value: u%3D118767487923505%3As1%3D1636386486784%3Ats%3D1636386486784
.casalemedia.com/ Name: CMRUM3
Value: 03618946b6276047ba6189-46b6-4f00-a922-0724bc220c16&f1618946b505a0&05618946b505a00&2e618946b505a0&08618946b505a0&27618946b50b40&39618946b62760978758875032371846&e6618946b52760&2d618946b62760CAESEI3JkYmOSl7hSERwyzWj0WI
.gumgum.com/ Name: vst
Value: u_d4d7bffb-5e3e-4ba9-9b01-d2554f1b5306
.mfadsrvr.com/ Name: tuuid
Value: 26295e74-e49e-4fdb-bc3c-d6eea2adfd9f
.mfadsrvr.com/ Name: c
Value: 1636386486
.lijit.com/ Name: _ljtrtb_85
Value: AACqDk7DEo0AABkfKQPxKQ
.postrelease.com/ Name: visitor
Value: 789d06c7-a154-4038-be75-24adf78e8e7e
.postrelease.com/ Name: status
Value: 1
.lijit.com/ Name: _ljtrtb_10
Value: 978758875032371846
.intentiq.com/ Name: IQOpenxPrimisCookieSync
Value: 1636386487007
.intentiq.com/ Name: ASDT
Value: 0
.tynt.com/ Name: uid
Value: hPS7qGGJRrcR45bsJK7TYw==
.lijit.com/ Name: _ljtrtb_43
Value: rqv37KysreO1rv3trPni5Kij-Oe1qPjkr6scz64_
.lijit.com/ Name: _ljtrtb_27
Value: bef21cd7-0fed-4f87-bc0f-da97b65f7cb9
.lijit.com/ Name: _ljtrtb_49
Value: H8Pc5X87Q0ue
.lijit.com/ Name: _ljtrtb_66
Value: 620923216780
.lijit.com/ Name: _ljtrtb_80
Value: KVQU9H03-1P-5D30
.lijit.com/ Name: _ljtrtb_90
Value: 789d06c7-a154-4038-be75-24adf78e8e7e
.lijit.com/ Name: _ljtrtb_2
Value: 961AF1076BCA42258C4489EC777AF824
.lijit.com/ Name: _ljtrtb_12
Value: 6624566760367890375
.postrelease.com/ Name: ver
Value: 1
.media.net/ Name: data-sov
Value: f184a978f0e8c2d1833e39ce~~3
.mfadsrvr.com/ Name: tuuid_lu
Value: 1636386487
.lijit.com/ Name: _ljtrtb_1
Value: 3101355994236352031
.creative-serving.com/ Name: tuuid
Value: acaccc5b-16df-46aa-89a5-cf714a54628c
.creative-serving.com/ Name: c
Value: 1636386487
.creative-serving.com/ Name: tuuid_lu
Value: 1636386487
.w55c.net/ Name: matchmedianet
Value: 5
.media.net/ Name: data-rk
Value: 978758875032371846~~8
.criteo.com/ Name: uid
Value: 551ef6f7-5dc1-4e5f-9bfd-d061d6f90f5b
.lijit.com/ Name: _ljtrtb_3
Value: 47ba6189-46b6-4f00-a922-0724bc220c16
.lijit.com/ Name: _ljtrtb_16
Value: c5a8c34f-a2af-431f-bc5a-09806d7b694f-618946b5-4341
.creativecdn.com/ Name: ts
Value: 1636386487
.creativecdn.com/ Name: u
Value: tQ69bRhylMgWIwynDRVw
.lijit.com/ Name: _ljtrtb_87
Value: 26295e74-e49e-4fdb-bc3c-d6eea2adfd9f
.openx.net/ Name: univ_id
Value: 537072971|bef21cd7-0fed-4f87-bc0f-da97b65f7cb9|1636386487561571
.mookie1.com/ Name: syncdata_IOW
Value: 1
.zemanta.com/ Name: zuid
Value: P5m7GJPyKk1ysTdwS0Ap
.intentiq.com/ Name: IQSpotXPrimisCookieSync
Value: 1636386487591
.id5-sync.com/ Name: cf
Value:
.id5-sync.com/ Name: cip
Value:
.id5-sync.com/ Name: cnac
Value:
.id5-sync.com/ Name: car
Value:
.id5-sync.com/ Name: gdpr
Value:
.lijit.com/ Name: _ljtrtb_5001
Value: 5570d12073d005d655e3b9671c26cbf9
.acuityplatform.com/ Name: aum
Value: "OikKAfqbdXNlck1hdGNoQnlVc2VyTWF0Y2hpbmdJZE1hcPqANvqNdXNlck1hdGNoaW5nSWTMkWxhc3REcm9wVGltZU1pbGxpcyUBPkAHQzWomGxhc3RTdWNjZXNzZnVsTWF0Y2hNaWxsaXMlAT5AB0M1qI90aGlyZFBhcnR5VXNlcklkIfuBMjf6QiS2QyUBPkAHQ2qyRCUBPkAHQ2qyRVdmMTg0YTk3OGYwZThjMmQxODMzZTM5Y2X7+4Z2ZXJzaW9uwvs="
.mfadsrvr.com/ Name: bsw_uid
Value: 85c87065-7ef7-4b17-88e8-8c602c265f67
.media.net/ Name: data-c-ts
Value: 1636386487
.owneriq.net/ Name: gguuid
Value: 1
.media.net/ Name: data-ttd
Value: bef21cd7-0fed-4f87-bc0f-da97b65f7cb9~~1
.media.net/ Name: data-xu
Value: XuW5Oh981MK6Sp5~~8
.lijit.com/ Name: _ljtrtb_84
Value: c:78971647e6cca795f33714a1b8203b60
.media.net/ Name: data-so
Value: f3bb0ca7-bd05-4942-8f6c-d6a9657e2b3f~~8
.media.net/ Name: data-mf
Value: 26295e74-e49e-4fdb-bc3c-d6eea2adfd9f~~1
.lijit.com/ Name: _ljtrtb_76
Value: dec5acbb-67d2-481e-962f-fc99d17f6548
.advertising.com/ Name: APID
Value: UP44b8ce41-40ab-11ec-bb7b-02c4b955a223
.lijit.com/ Name: _ljtrtb_83
Value: KVQU9H03-1P-5D30
.media.net/ Name: data-g
Value: CAESEBzLc6tc-k1Nt0oO8k_EncU~~8
.media.net/ Name: data-amb
Value: 3101355994236352031~~8
.contextweb.com/ Name: pb_rtb_ev
Value: 3-1acy|4is.0.CAESENGwBjvJMhZSVJM7jnumHSc|7bq.0.1|7LJ.0.2ea308b6-caf9-46ef-bcb9-6e411187dfed|7dW.0.1
.deepintent.com/ Name: CDIPARTNERS
Value: %7B%22142%22%3A%2220211108%22%7D
.media.net/ Name: data-c
Value: 5cba545f-43f7-4e60-9846-afe9aa88eb6c~~1
.betweendigital.com/ Name: dc
Value: was1
.betweendigital.com/ Name: tuuid
Value: fb460195-fc0b-5338-9e17-7d70ff9e3bc7
.betweendigital.com/ Name: ss
Value: 1
.spotxchange.com/ Name: audience
Value: 44cea979-40ab-11ec-a825-15e8696a0103
.lijit.com/ Name: _ljtrtb_86
Value: tQ69bRhylMgWIwynDRVw
.lijit.com/ Name: _ljtrtb_36
Value: u_d4d7bffb-5e3e-4ba9-9b01-d2554f1b5306
.pubmatic.com/ Name: DPSync3
Value: 1637539200%3A197_219_221_228_236_201%7C1636934400%3A164%7C1636416000%3A174
.pubmatic.com/ Name: SyncRTB3
Value: 1638921600%3A224%7C1636761600%3A216%7C1637625600%3A35%7C1637539200%3A81_54_3_233_99_176_104_8_48_234_22_21_165_204_57_238_166_7_222_220_96_189_71_13_231_5_55_56_178%7C1636934400%3A223_15_2_38%7C1637193600%3A63%7C1641513600%3A69
.technoratimedia.com/ Name: tads_uid_cd
Value: 20211108104808-0500
.technoratimedia.com/ Name: tads_zora
Value: 2
.360yield.com/ Name: tuuid_lu
Value: 1636386488
.technoratimedia.com/ Name: tads_uid
Value: C1885AA0E2F44867B9B646ED34305A2C
.rlcdn.com/ Name: rlas3
Value: dFKIJ4vtIECivxgTeOmRwvF1kNpcqRg5iwZlicsIAJA=
.360yield.com/ Name: tuuid
Value: f01c79f3-9500-4d87-8696-09efc50af0a6
.emxdgt.com/ Name: uid
Value: 76091636386488213196a6
.lijit.com/ Name: _ljtrtb_56
Value: RX-af56c6db-498f-42fc-9369-e44a2dbc1924-005
.mookie1.com/ Name: syncdata_TAP
Value: 1
.liadm.com/ Name: lidid
Value: e8a522ba-ae4c-4000-a288-b0f0fb28dc1d
.emxdgt.com/ Name: apn_id
Value: 6624566760367890375
.retargetly.com/ Name: _rlmp1
Value: 2|6624566760367890375|1636386486&&9|FaFD/999999Bv/kC|1636386486&&10|47ba6189-46b6-4f00-a922-0724bc220c16|1636386486&&11|CAESEKgazWiIrb2mZb9McGEYrBU|1636386486&&13||1636386486&&14||1636386486&&15||1636386486&&22|y-XkdWwu9E2oJh_i0Gm78c9IFaYeXUGvQ9OUU-~A|1636386486&&23|c5a8c34f-a2af-431f-bc5a-09806d7b694f-618946b5-4341|1636386486&&24||1636386486&&27||1636386486&&39||1636386486&&51|0a2e2888-773d-4afd-bf1b-4c6e9c21042c|1636386486&&63||1636386486
.outbrain.com/ Name: obuid
Value: 653cf3ac-b809-432a-b63d-a5cfcbf98518
.tynt.com/ Name: pids
Value: %5B%7B%22p%22%3A%22af668bdd51%22%2C%22f%22%3A1%2C%22ts%22%3A1636386488191%7D%2C%7B%22p%22%3A%227daaa56bb0%22%2C%22f%22%3A1%2C%22ts%22%3A1636386487120%7D%2C%7B%22p%22%3A%227912d88d74%22%2C%22f%22%3A1%2C%22ts%22%3A1636386488191%7D%2C%7B%22p%22%3A%22bac1bc34e2%22%2C%22f%22%3A1%2C%22ts%22%3A1636386487120%7D%2C%7B%22p%22%3A%22039cc98e54%22%2C%22f%22%3A1%2C%22ts%22%3A1636386488375%7D%2C%7B%22p%22%3A%223bfd58deb3%22%2C%22f%22%3A1%2C%22ts%22%3A1636386488191%7D%2C%7B%22p%22%3A%22029cc11ae7%22%2C%22f%22%3A1%2C%22ts%22%3A1636386488191%7D%2C%7B%22p%22%3A%226acf501833%22%2C%22f%22%3A1%2C%22ts%22%3A1636386488375%7D%2C%7B%22p%22%3A%226db3fb8a85%22%2C%22f%22%3A1%2C%22ts%22%3A1636386488191%7D%2C%7B%22p%22%3A%22002f98d420%22%2C%22f%22%3A1%2C%22ts%22%3A1636386488375%7D%2C%7B%22p%22%3A%2224c05c7b76%22%2C%22f%22%3A1%2C%22ts%22%3A1636386487120%7D%2C%7B%22p%22%3A%22725d221570%22%2C%22f%22%3A1%2C%22ts%22%3A1636386488375%7D%2C%7B%22p%22%3A%22d26852f088%22%2C%22f%22%3A1%2C%22ts%22%3A1636386487120%7D%2C%7B%22p%22%3A%2222833ea406%22%2C%22f%22%3A1%2C%22ts%22%3A1636386487120%7D%2C%7B%22p%22%3A%22f9a4a8fd15%22%2C%22f%22%3A1%2C%22ts%22%3A1636386487120%7D%2C%7B%22p%22%3A%22008c314e8f%22%2C%22f%22%3A1%2C%22ts%22%3A1636386488191%7D%5D
.quantserve.com/ Name: d
Value: EK4BGAHWJPijCJiTDNjIEA
.lijit.com/ Name: _ljtrtb_26
Value: 85c87065-7ef7-4b17-88e8-8c602c265f67
.cpx.to/ Name: cpSess
Value: 6bc563bc25ec1fdb
.cpx.to/ Name: dsp_OPENX
Value: f2165e68-b1ce-4e1c-b305-b293a8594598#1636386488385
.lijit.com/ Name: ljtrtb
Value: eJx1UktPm0EM%2FC8515J31481txBAVFFFglTKDX37aoGKivAqrfrf6%2B29B1%2Fs8Xg89u%2BVyOpoJREtphhEM64%2BrEKcOYnEIiqYPG2YlL3EE355DctgqdIKkOUBFEcFS2LQiZbYSg0WCRBnS5otLzeNmpYxCnBPHagsBlYwQIvMNELhhDIHIAbHMyu2EFFTc5Ym7F3FREONUsswR8bJm7lmRWHQPtRZg0LOPUOugtGxPETnRhNbeck10YAlLq45hQHFc4CWUVycmNckZCMp7HUK3knmned5V%2Fk66x5f%2Bpysnit9xFCbAo7egEZWZ8MBbTGn4qG1TJVzmRQwJGYzikkSR0yTeZpsEtZnAVWON2uKkfOGKNvpRlXXZznStM9hpGWZwsCVic9ChMViBNRIpcaINUzvDB3rt2ooVWEJTECYMpSuDJGWNtS96Tp3yBO7vdp%2FtnNMEHbAJ2nePqf%2F5Gk6eOTsGoS0S62LGo%2BUNNASSvativxDsiPX683jyb2enP7A9fr4fmz3u5%2Fb%2FazOSzzvxcrlt%2Ffvn75%2B%2Bfj2%2FnByefU2vZqaTLNy9sAUnTvT3IymqsPja9Lt%2B9OhX4TDa3o%2B7B5ueXt7Bxc9PO7u7g%2FyVH8J3The55TW%2Fbq1FBBtESiHDiZxwKhmLegQpjwVzWtGicZdyR%2FY%2FDuHf3apqUKT3v1d2mg2Vn%2F%2BArG1yHM%3D
.rlcdn.com/ Name: pxrc
Value: CLiNpYwGEgUI6EcQAA==
.betweendigital.com/ Name: ut
Value: YYlGuAAHM8B14Ma1irok39x0t3zMP1z_l7jLaw==
.w55c.net/ Name: matchopenx
Value: 5
.media.net/ Name: data-bs
Value: 85c87065-7ef7-4b17-88e8-8c602c265f67~~1
.server.cpmstar.com/ Name: USER_ID
Value: %2b%aa%b4w%9d%8a%81%27%19%f9i%f3g%cb%12
.yahoo.com/ Name: APID
Value: UP44b8ce41-40ab-11ec-bb7b-02c4b955a223
.socdm.com/ Name: SOC
Value: YYlGuMCo8XsAAEen3NwAAAAA
.1rx.io/ Name: _rxuuid
Value: %7B%22rx_uuid%22%3A%22RX-af56c6db-498f-42fc-9369-e44a2dbc1924-005%22%2C%22nxtrdr%22%3Afalse%7D
.pippio.com/ Name: pxrc
Value: CLaNpYwGEgQIAhAAEgUI3k4QAhIGCOzrARAA
.media.net/ Name: data-ze
Value: dc0acWdifNMAKMlxx4lt~~8
.mookie1.com/ Name: syncdata_NEU
Value: 1
.adsymptotic.com/ Name: U
Value: 6e89d44063c9dc34ed7aea95b573c19c
.intentiq.com/ Name: IQPubmaticCookieSync
Value: 1636386489095
ads.playground.xyz/ Name: connect.sid
Value: s%3AE_nxIyLXTYlSkqsbWm_XeJRfeEhL338N.p3ZehTXIL4%2Fep4HUr0KIuvO85gHl8xqRmnO6vCnhwiw
.fiftyt.com/ Name: fifid
Value: c061a073-d75c-49a7-77b9-0d70093ca751
.fiftyt.com/ Name: cs
Value: MTYzNjM4NjQ4OXxEdi1CQkFFQ180SUFBUkFCRUFBQUJQLUNBQUE9fPpnZxn04Kfmu6ZxGXgLjwKQuSiyBx106Y8U6Pkq5KZK
.rfihub.com/ Name: eud
Value: H4sIAAAAAAAAANvFyGtoZmxmbGFmYmFhYmhwCIlvbm5s9AuJb2ZkZL6KBUne1NRylSiSvKmZySoxJPOMLA1fIfEtDS2NAW-ur7pwAAAA
.lijit.com/ Name: _ljtrtb_71
Value: 909D4247-195C-4A1C-B725-510C1A2C19E4
io.narrative.io/ Name: io.narrative.guid.v2
Value: 458b38e0-40ab-11ec-b070-0a4515f2e365
.openx.net/ Name: pd
Value: v2|1636386486.1.2|iKbwuYvPvMgahEgKkWg2f8gy.g6mmvIfYn8mKvJeSvuoqvRke.hMs7vVhAlwvZnof4csvU
.pubmatic.com/ Name: pi
Value: 156872:3
e.serverbid.com/ Name: azk
Value: ue1-sb1-aac4b4ad-72e2-4304-9ea7-b6e578416ced
.fiftyt.com/ Name: fppm
Value: 20211108154809
.mfadsrvr.com/ Name: ssh
Value: !outbrain,1636386489!bidswitch,1636386487!google,1636386487!medianet,1636386487!sovrn,1636386487
.casalemedia.com/ Name: CMST
Value: YYlGtWGJRrkA
.sitescout.com/ Name: _ssuma
Value: eyI1NyI6MTYzNjM4NjQ4NjI5NSwiMyI6MTYzNjM4NjQ4Njg0MSwiNCI6MTYzNjM4NjQ4NTcyNywiNDgiOjE2MzYzODY0ODcyMzMsIjM5IjoxNjM2Mzg2NDg1NzI3LCI3IjoxNjM2Mzg2NDg2ODQxLCI2MCI6MTYzNjM4NjQ4OTMzMCwiNjQiOjE2MzYzODY0ODc4MDN9
.analytics.yahoo.com/ Name: IDSYNC
Value: "192m~21f3:18z8~21f3:192w~21f3:190u~21f3:18wq~21f3:18za~21f3:18yx~21f3:192i~21f3"
.yahoo.com/ Name: APIDTS
Value: 1636386489
.zemanta.com/ Name: obuid
Value: x6GjSS4Hc3J8eeGrV2Y86pVa6DEoT4nlDxD88HWhT8f95UEHpx0iva5rrLsFSylJ
.onaudience.com/ Name: cookie
Value: dd810367ff00673b
.onaudience.com/ Name: done_redirects147
Value: 1
.outbrain.com/ Name: criteo
Value: 551ef6f7-5dc1-4e5f-9bfd-d061d6f90f5b
.bttrack.com/ Name: GLOBALID
Value: 2uKlc8-sIBd987FnXwW7GuSDAIoCJyyHdHQ4nQ42IEMIvj9vcPC71YDNnR1UmI1TIWr2dvAaK5QC4TM1
.adsby.bidtheatre.com/ Name: __kuid
Value: 6137bad5-e581-42e8-a17f-612ea8692574.405600489
.outbrain.com/ Name: mdfrc
Value: 26295e74-e49e-4fdb-bc3c-d6eea2adfd9f
.outbrain.com/ Name: zmnta
Value: P5m7GJPyKk1ysTdwS0Ap
.pubmatic.com/ Name: chkChromeAb67Sec
Value: 4
.outbrain.com/ Name: spotx
Value: 44cea979-40ab-11ec-a825-15e8696a0103
.adsrvr.org/ Name: TDCPM
Value: CAESFwoIcHVibWF0aWMSCwjs-cSApraROhAFEhUKBmNhc2FsZRILCKqkuoOmtpE6EAUSFAoFdGFwYWQSCwiAvIiGpraROhAFEhQKBW9wZW54EgsIsuv3jKa2kToQBRIYCgliaWRzd2l0Y2gSCwjA6rKepraROhAFEhUKBmdvb2dsZRILCJqLxJ6mtpE6EAUYASABKAIyCwia0bTRvLaROhAFOAFaB3hrc3c5bGFgAg..
.eyeota.net/ Name: SERVERID
Value: 20251~DM
.iprom.net/ Name: UID
Value: 123372137146826
.blismedia.com/ Name: b
Value: 618946B9DD460DF70859B28FBLIS
.pubmatic.com/ Name: KRTBCOOKIE_1277
Value: 23327-uid:123372137146826
.pubmatic.com/ Name: PugT
Value: 1636386489
.owneriq.net/ Name: p2
Value: oxc
.owneriq.net/ Name: oxc
Value: 1
.media.net/ Name: data-o
Value: 7a071be4-2666-48f3-b2dc-34511b21c8c6~~3
.dotomi.com/ Name: DotomiTest
Value: 105dec247a91122e
.intentiq.com/ Name: IQMediaMathCookieSync
Value: 1636386489640
.c.appier.net/ Name: _auid
Value: jrWsujeLCPKVSmSouUaJYQ
.onaudience.com/ Name: done_redirects104
Value: 1
.pubmatic.com/ Name: KRTBCOOKIE_904
Value: 16787-jrWsujeLCPKVSmSouUaJYQ&KRTB&23130-jrWsujeLCPKVSmSouUaJYQ
.pubmatic.com/ Name: KRTBCOOKIE_699
Value: 22727-AACqDk7DEo0AABkfKQPxKQ
.onaudience.com/ Name: done_redirects219
Value: 1
.intentiq.com/ Name: IQRubiconCookieSync
Value: 1636386489887
.intentiq.com/ Name: CSDT
Value: UEQ6MTUxMjBfMCZTb0Jpd1hIIzI0XzAmU29CaXdnNCMxMDEzOV8wJlNvQml2emIjMTUxMTVfMCZTb0JpdzkxIzEwMTQwXzAmU29CaXdrMw
.intentiq.com/ Name: IQPData
Value: 628673941#1636386489887#0#1636386486975
.mxptint.net/ Name: mxpim
Value: R1B331_E63D087A_53B0049B.1.618946B900000000618946B60000000000000000618946B9
.rubiconproject.com/ Name: audit
Value: 1|mFVHqHkj5bFWYKGYmT6XZFMG4C6D/t+3W6FWnAiXnYBXpHB1iuQwqipnqL2l6vjSvkLIEzAtXEXHfwxQWzBao80CX3DPloK/YostrgFGgxFxX00DCqFLDw==
.zeotap.com/ Name: zsc
Value: n%D3u%BB%18%2F%81%E0%15j%FC%BBh%0A%89%05%BD%3E%D7W%E4%B2%F4%9B%7F%8D%23%9A%81%D0%3AE%DA%14%FC%A2%AB%A5%EB%8A%40I%3E%5D%9E%E6%C3%A7%07.%1D%5DJ%FD%92U%B1%CFJy%18%EF-%0D%CF%11%40%DA%C0%D4%F9%95O%FB%AB%A7opapZZ%C7%F3%EAo%3C%0A%5C~%17%E3BUlKo%15Jw%C8%5C%2F%03H%02%25QI%CD%93X%9C%DA%0C%3CU%EC%23%90Z%ADG%E0%C8%22%95%C4%AF%0B%A0%B9%3B%02%25%DE%26fF%891%0D%91%E1%BB%21%03%8E%A3%EAV%D1S%1F%FE
.tribalfusion.com/ Name: ANON_ID
Value: acnuBsr2PKcFuYnRY672TrGNTZdvLns8lqCUHQetbihMt6E5PUZd3QYVRRhrfM15nsSF5QjquYFMLeXInemN6IVZcA4LBRVbXJKeKBVUs8vW61d
.mediarithmics.com/ Name: mics_vid
Value: 22332276496
.mediarithmics.com/ Name: mics_uaid
Value: web:1:e59d7acb-1cda-40eb-92a1-8ac6acc70d38
.mediarithmics.com/ Name: mics_lts
Value: 1636386490168
.id5-sync.com/ Name: 3pi
Value: 434#1636386479466#71922353|2#1636386479710#183278776#6624566760367890375|18#1636386483450#913954124|3#1636386480106#559880644#47ba6189-46b6-4f00-a922-0724bc220c16|19#1636386483660#1467334897#5570d12073d005d655e3b9671c26cbf9|264#1636386480703#1510925052#bef21cd7-0fed-4f87-bc0f-da97b65f7cb9|136#1636386482235#-168919181|108#1636386481575#-1058706102
.360yield.com/ Name: um
Value: !313,ZUzH0UNodkawcEHJbuW8SR0DazYhcb0wmITP3kkInfKPei8XS7EJiiLdbMF-lKq4z2Hxdq2MjZmraEH0,1644162490
.360yield.com/ Name: umeh
Value: !313,0,1698594490,-1
.crwdcntrl.net/ Name: _cc_cc
Value: "ACZ4XmNQMDU1N0gxNDIwN04xMDBNMTM1TTVOsjQzN0w2MktOSrNkAILETrddf%2F7%2F%2F88P4oAB%2F%2FFNU1gY92gx%2FGdkZLj89zacfe7oIWaY%2BKVTj9hg7N37LgvA2B8a7sPZhxfPgetdvf4pN0zN1ps3%2BGHsySfUYcx3SxDKexHCOz9awlT87urSgbGPbEQ4DACGhkun"
.crwdcntrl.net/ Name: _cc_aud
Value: "ABR4XmNgYGBI7HTbBaQggJmBgWsGiMmoNRtCzQJSAFeABBs%3D"
.admixer.net/ Name: am-uid
Value: 4531b6f0825142aea016f01dfd7f8c3e
prebidserver.pixfuture.com/ Name: uids
Value: eyJ0ZW1wVUlEcyI6eyJhZG1peGVyb3BlbnJ0YiI6eyJ1aWQiOiI0NTMxYjZmMDgyNTE0MmFlYTAxNmYwMWRmZDdmOGMzZSIsImV4cGlyZXMiOiIyMDIxLTExLTIyVDE1OjQ4OjEwLjkyMDc0NDEzN1oifSwiZXBsYW5uaW5nIjp7InVpZCI6IkFPbHRxVEtzUmYzTFY1SnQiLCJleHBpcmVzIjoiMjAyMS0xMS0yMlQxNTo0ODowNS44NDM4MDM2NloifX0sImJkYXkiOiIyMDIxLTExLTA4VDE1OjQ4OjA1Ljg0Mzc5NFoifQ==
.audrte.com/ Name: arcki2
Value: cilEvucxbC8TKWVP5WiP8KMYQ!20210804!1636386490755
.pubmatic.com/ Name: SPugT
Value: 1636386489
global.ib-ibi.com/ Name: ASP.NET_SessionId
Value: mtzpg3aw3yqghamhw3wlk41e
.tapad.com/ Name: TapAd_3WAY_SYNCS
Value: 1!7503-2!7503-3!7503
ib.mookie1.com/ Name: ASP.NET_SessionId
Value: pgf0hmilxn5cgy0nubm4sulb
.ib.mookie1.com/ Name: ibkukiuno
Value: s=74589e57-fa72-4b11-bf60-3d4b5b12c709&h=&v=0&l=-8585652203938540650&op=&hl=0&vlu=0&tcs=1&dcc=-8585652203938540650
.ib.mookie1.com/ Name: ibkukinet
Value: 628673941=-8585652203938540650

16 Console Messages

Source Level URL
Text
security error URL: https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html(Line 511)
Message:
Mixed Content: The page at 'https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html' was loaded over HTTPS, but requested an insecure stylesheet 'http://fonts.googleapis.com/css?family=Roboto+Condensed%3A400italic%2C700italic%2C400%2C700&subset=latin%2Ccyrillic-ext%2Cgreek-ext%2Cgreek%2Ccyrillic%2Clatin-ext%2Cvietnamese&ver=4e9fb397a60a1f94ccb51524dee6bbf2'. This request has been blocked; the content must be served over HTTPS.
security error URL: https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html(Line 512)
Message:
Mixed Content: The page at 'https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html' was loaded over HTTPS, but requested an insecure stylesheet 'http://fonts.googleapis.com/css?family=Lato%3A400%2C700%2C400italic%2C700italic&ver=4e9fb397a60a1f94ccb51524dee6bbf2'. This request has been blocked; the content must be served over HTTPS.
security error URL: https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html(Line 513)
Message:
Mixed Content: The page at 'https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html' was loaded over HTTPS, but requested an insecure stylesheet 'http://fonts.googleapis.com/css?family=Playfair+Display%3A400%2C700%2C400italic&subset=latin%2Ccyrillic-ext%2Cgreek-ext%2Ccyrillic&ver=4e9fb397a60a1f94ccb51524dee6bbf2'. This request has been blocked; the content must be served over HTTPS.
security error URL: https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html(Line 514)
Message:
Mixed Content: The page at 'https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html' was loaded over HTTPS, but requested an insecure stylesheet 'http://fonts.googleapis.com/css?family=Oswald%3A400%2C700%2C400italic&subset=latin%2Ccyrillic-ext%2Cgreek-ext%2Ccyrillic&ver=4e9fb397a60a1f94ccb51524dee6bbf2'. This request has been blocked; the content must be served over HTTPS.
deprecation warning URL: https://pxlclnmdecom-a.akamaihd.net/javascripts/browserfp.min.js?templateId=3&customerId=8CU5BD6EW(Line 14)
Message:
RTP data channels are no longer supported. The "RtpDataChannels" constraint is currently ignored, and may cause an error at a later date.
other warning URL: https://pxlclnmdecom-a.akamaihd.net/javascripts/browserfp.min.js?templateId=3&customerId=8CU5BD6EW(Line 14)
Message:
The AudioContext was not allowed to start. It must be resumed (or created) after a user gesture on the page. https://goo.gl/7K7WLu
javascript error URL: https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html
Message:
Access to XMLHttpRequest at 'https://api.rlcdn.com/api/identity/envelope?pid=c2d18b01-4905-4aba-a83e-e41eac932694' from origin 'https://securityaffairs.co' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network error URL: https://api.rlcdn.com/api/identity/envelope?pid=c2d18b01-4905-4aba-a83e-e41eac932694
Message:
Failed to load resource: net::ERR_FAILED
network error URL: https://ib.adnxs.com/getuid?https://mwzeom.zeotap.com/mw?adnxs_uid=$UID&zpartnerid=2&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f0830e63-3c13-4bc2-5bbe-276457c3e442&reqId=9f19c3ca-11c3-4fb2-628c-957e8f7d28fa&zdid=1361
Message:
Failed to load resource: the server responded with a status of 400 (Request failed due to privacy signals)
network error URL: https://dmp.adform.net/serving/cookie/match/?party=1105&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f0830e63-3c13-4bc2-5bbe-276457c3e442&reqId=9f19c3ca-11c3-4fb2-628c-957e8f7d28fa&zdid=1361
Message:
Failed to load resource: the server responded with a status of 403 ()
javascript warning URL: https://z.moatads.com/sendgriddcm593119715704/moatad.js(Line 131)
Message:
The deviceorientation events are blocked by permissions policy. See https://github.com/w3c/webappsec-permissions-policy/blob/master/features.md#sensor-features
network error URL: https://sync.adaptv.advertising.com/gg_pixel?google_gid=CAESEHYtxS2FaXVclZJVrcpUGwI&google_cver=1&google_push=AYg5qPLuyx1DT4OCbLEpAxwCN25JrcR5lsXgQC_GoLqfKXXG9y9AOSFtefVHTRagj6gBNfkUQe35W0srhjtI0AcLUEH-4gKDpqjIN0hxaMeHAhZygb_K8sngXFJmpUXUfg5Wq0NJk5PqnZJ-9xUcKAZJAQ
Message:
Failed to load resource: the server responded with a status of 403 (Forbidden)
deprecation warning
Message:
'window.webkitStorageInfo' is deprecated. Please use 'navigator.webkitTemporaryStorage' or 'navigator.webkitPersistentStorage' instead.
network error URL: https://ice.360yield.com/match?publisher_dsp_id=313&dsp_callback=1&external_user_id=ID5-ZHMOgpMYU4Sy97VUWlx8FiFMQ8P0lOmI-7p-N1WlPw&r=https%3A%2F%2Fid5-sync.com%2Fcq%2F434%2F916%2F1%2F9.gif%3Fpuid%3D%7BPUB_USER_ID%7D%26gdpr%3D0%26gdpr_consent%3D&gdpr=0&gdpr_consent=
Message:
Failed to load resource: net::ERR_TOO_MANY_REDIRECTS
network error URL: https://csync.loopme.me/?partner_id=1285&vt=578a5e2b-2bb6-4696-8c98-414f1969c228&gdpr=0
Message:
Failed to load resource: the server responded with a status of 504 ()
network error URL: https://csync.loopme.me/?redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzImdGw9MTI5NjAw&piggybackCookie={device_id}&gdpr=0&gdpr_consent=
Message:
Failed to load resource: the server responded with a status of 504 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=0
X-Xss-Protection 0

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

33across-match.dotomi.com
a.audrte.com
a.sportradarserving.com
a.tribalfusion.com
aa.agkn.com
acdn.adnxs.com
ad.360yield.com
ad.turn.com
ad4m.at
ads.betweendigital.com
ads.creative-serving.com
ads.playground.xyz
ads.pubmatic.com
ads.us.e-planning.net
ads01.groovinads.com
adservetx.media.net
adservice.google.ca
adservice.google.com
aep.mxptint.net
aorta.clickagy.com
ap.lijit.com
apex.go.sonobi.com
api.intentiq.com
api.retargetly.com
api.rlcdn.com
app.retargetly.com
b1sync.zemanta.com
bcp.crwdcntrl.net
beacon.krxd.net
beacon.lynx.cognitivlabs.com
bh.contextweb.com
btlr.sharethrough.com
bttrack.com
buttons-config.sharethis.com
c.eu1.dyntrk.com
c1.adform.net
c21lg-d.media.net
c2shb.ssp.yahoo.com
cdn.pixfuture.com
ce.lijit.com
cm.adgrx.com
cm.g.doubleclick.net
cms-xch-chicago.33across.com
cms-xch.33across.com
cms.analytics.yahoo.com
connect.facebook.net
contextual.media.net
core.iprom.net
creativecdn.com
cs.admanmedia.com
cs.emxdgt.com
cs.media.net
csync.loopme.me
d.turn.com
data.adsrvr.org
de.tynt.com
dis.criteo.com
dmp.adform.net
dmp.v.fwmrm.net
dpm.demdex.net
dsp.adfarm1.adition.com
dsum-sec.casalemedia.com
dt.clnmde.com
dt6.clnmde.com
e.serverbid.com
eu-u.openx.net
eus.rubiconproject.com
event.clientgear.com
fastlane.rubiconproject.com
fonts.googleapis.com
global.ib-ibi.com
gocm.c.appier.net
google-analytics.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
graph.facebook.com
gum.criteo.com
hbopenbid.pubmatic.com
i.liadm.com
i.w55c.net
i0.wp.com
i1.wp.com
i2.wp.com
i6.liadm.com
ib.adnxs.com
ib.mookie1.com
ice.360yield.com
id.rlcdn.com
id5-sync.com
idsync.frontend.weborama.fr
idsync.rlcdn.com
image2.pubmatic.com
image4.pubmatic.com
image6.pubmatic.com
image8.pubmatic.com
io.narrative.io
jadserve.postrelease.com
js.cookieless-data.com
l.sharethis.com
lg3.media.net
loadm.exelator.com
m.exactag.com
match.adsby.bidtheatre.com
match.adsrvr.org
match.bnmla.com
match.deepintent.com
match.prod.bidr.io
match.sharethrough.com
match.taboola.com
maxcdn.bootstrapcdn.com
mug.criteo.com
mwzeom.zeotap.com
navvy.media.net
nep.advangelists.com
odr.mookie1.com
onetag-sys.com
openx2-match.dotomi.com
oxp.mxptint.net
p.adsymptotic.com
p.rfihub.com
pagead2.googlesyndication.com
partner.googleadservices.com
pippio.com
pixel-eu.rubiconproject.com
pixel-sync.sitescout.com
pixel-us-east.rubiconproject.com
pixel.advertising.com
pixel.mathtag.com
pixel.onaudience.com
pixel.quantserve.com
pixel.rubiconproject.com
pixel.sitescout.com
pixel.tapad.com
pixel.wp.com
pixfuture-inv-nyc.admixer.net
pixfuture2-d.openx.net
platform-api.sharethis.com
pm.w55c.net
pmp.mxptint.net
pr-bh.ybp.yahoo.com
prebid-match.dotomi.com
prebid.media.net
prebidserver.pixfuture.com
ps.eyeota.net
pubmatic-match.dotomi.com
px.moatads.com
px.owneriq.net
pxlclnmdecom-a.akamaihd.net
qsearch-a.akamaihd.net
r.turn.com
resources-rt.idx.lat
rt.idx.lat
rtb.adentifi.com
rtb.adstanding.com
rtb.gumgum.com
rtb.mfadsrvr.com
rtb.openx.net
s.amazon-adsystem.com
s.cpx.to
s.e-planning.net
s.tribalfusion.com
s0.2mdn.net
s2.2mdn.net
secure-assets.rubiconproject.com
secure.adnxs.com
secure.gravatar.com
securityaffairs.co
served-by.pixfuture.com
server.cpmstar.com
simage2.pubmatic.com
simage4.pubmatic.com
spl.zeotap.com
ssbsync.smartadserver.com
ssc-cms.33across.com
ssc.33across.com
ssum-sec.casalemedia.com
ssum.casalemedia.com
stags.bluekai.com
stats.wp.com
sync-tm.everesttech.net
sync.1rx.io
sync.adaptv.advertising.com
sync.crwdcntrl.net
sync.e-planning.net
sync.extend.tv
sync.go.sonobi.com
sync.ipredictive.com
sync.mathtag.com
sync.outbrain.com
sync.quantumdex.io
sync.resetdigital.co
sync.richaudience.com
sync.search.spotxchange.com
sync.smartadserver.com
sync.srv.stackadapt.com
sync.targeting.unrulymedia.com
sync.teads.tv
sync.technoratimedia.com
sync.tidaltv.com
t.co
tags.bluekai.com
tags.crwdcntrl.net
tags.rd.linksynergy.com
tg.socdm.com
token.rubiconproject.com
tpc.googlesyndication.com
tr.blismedia.com
trc.taboola.com
u-iad04.e-planning.net
u.openx.net
um.simpli.fi
ums.acuityplatform.com
ups.analytics.yahoo.com
us-u.openx.net
usermatch.krxd.net
visitor.fiftyt.com
ws.sharethis.com
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.googletagservices.com
x.bidswitch.net
z.moatads.com
api.rlcdn.com
fonts.googleapis.com
ice.360yield.com
pagead2.googlesyndication.com
104.18.100.194
104.244.42.133
104.36.115.109
104.36.115.111
104.36.115.114
107.178.246.49
107.178.254.65
108.168.159.145
124.146.215.51
13.249.109.18
13.249.109.81
13.249.118.43
134.209.129.254
139.162.84.221
142.250.64.66
142.250.65.162
142.251.40.226
15.197.193.217
150.136.222.2
151.101.193.108
151.101.2.49
151.101.65.44
156.154.200.36
157.245.94.128
162.248.18.11
162.55.6.212
168.119.146.39
172.67.23.236
172.98.26.121
172.98.26.125
172.98.26.126
173.231.178.115
178.62.202.251
18.205.214.32
18.211.217.109
18.214.253.211
18.233.246.214
184.29.128.213
184.29.129.187
184.29.129.7
184.50.205.90
184.51.146.145
185.167.164.39
185.184.8.65
192.0.76.3
192.0.77.2
192.132.33.46
192.35.249.127
195.5.165.20
198.148.27.139
198.24.170.52
199.127.204.142
199.187.193.166
199.187.193.181
199.38.167.128
2001:438:65:11::1690
2001:8d8:100f:f000::289
204.2.255.224
204.2.255.232
204.62.13.72
207.198.113.169
209.54.176.128
212.129.3.112
213.19.162.90
216.152.140.211
23.195.109.72
23.205.72.10
23.215.130.91
23.38.2.151
23.41.168.211
23.46.249.89
23.73.244.44
23.78.168.242
2600:1f18:1c96:4102:98df:7314:c81c:e465
2600:1f18:42df:3a00:f366:a1cd:7aa0:18c2
2600:1f18:444a:4602:b51a:2bef:14:5241
2600:1f18:4e9:5a01:90f9:19e1:7d5f:7568
2600:9000:211c:4e00:3:c04e:c780:93a1
2600:9000:211c:c600:c:abe:f440:93a1
2602:803:c002:200::43
2606:4700:10::6816:118d
2606:4700:10::6816:1957
2606:4700:10::6816:397e
2606:4700:10::6816:4acb
2606:4700:20::681a:b9c
2606:4700:20::ac43:4a81
2606:4700::6812:acf
2606:4700::6812:d05
2607:ae80:5::49
2607:f8b0:4006:80b::2006
2607:f8b0:4006:80c::2002
2607:f8b0:4006:80c::2008
2607:f8b0:4006:816::2001
2607:f8b0:4006:816::2002
2607:f8b0:4006:817::2004
2607:f8b0:4006:81c::2002
2607:f8b0:4006:823::200e
2607:f8b0:4006:824::2004
2620:100:a001::c
2620:112:f002:bbbb::21
2620:112:f002:bbbb::23
2620:116:800b:21:559e:e8a8:8a19:7f11
2a03:2880:f012:1:face:b00c:0:1
2a03:2880:f012:8:face:b00c:0:1
2a04:4e42:600::300
2a04:fa87:fffe::c000:4902
3.217.216.1
34.102.149.62
34.107.148.139
34.117.239.71
34.149.20.76
34.197.192.192
34.198.192.195
34.198.89.40
34.199.172.6
34.200.50.237
34.206.192.53
34.209.21.51
34.224.137.182
34.233.157.225
34.234.8.115
34.255.141.19
34.96.105.8
34.98.107.212
34.98.64.218
34.98.67.3
35.172.5.168
35.190.60.146
35.190.90.30
35.201.81.244
35.201.96.126
35.207.24.140
35.211.178.172
35.211.233.246
35.227.252.103
35.244.159.8
38.27.122.126
38.91.45.7
4.78.226.233
45.35.192.162
47.252.78.131
50.16.197.56
51.178.20.140
51.210.112.63
51.222.239.232
51.89.42.88
52.0.54.12
52.20.77.98
52.200.159.188
52.200.167.170
52.3.173.52
52.4.33.45
52.45.33.138
52.71.142.200
52.71.83.156
52.86.129.164
54.156.89.184
54.161.144.238
54.161.185.212
54.161.247.27
54.165.73.61
54.166.52.96
54.81.207.173
54.85.129.7
63.251.86.49
64.58.232.176
64.58.232.180
67.202.105.24
67.202.105.31
68.183.31.14
68.67.161.183
68.67.179.135
69.166.1.10
69.166.1.14
69.173.151.100
69.175.41.32
69.90.254.78
70.42.32.191
70.42.32.31
74.119.119.139
74.119.119.150
74.121.140.14
76.13.32.147
8.28.7.81
8.28.7.83
8.28.7.84
8.43.72.98
85.114.159.93
85.14.248.91
88.214.206.247
96.46.183.20
00d534b6d1d7adf2faa7861ce9557403c3c08304e2791fd4301029b0e142c286
00f28fdb987ce0f9edc935ffe381123a2e1f79fcc0f55759a7bb4a83b4a88584
019703aabfd53ae35be0f3b0374fb6c08bde0fbf74745226513110d4cd00121d
02b68946ed6d42f94f14cb051ad4e820776a5cfc7e20444869fd37bca432fa92
0472d47ef402f41ee0233f80f2ce3f457a22bc957ae69c92149a772d9d5510b0
04e21d20f328c0ee5a990394a59a3c4ff33b3e0c4b0009f747af75018af1dc96
05042b0284f10e38dc5d11912481a6603e400514d9e4d6628478f615acd183d3
0757f7ff6e5f6a581922a5e2d42c5e0cf7475d880885a9802e8bdd5e4188dd34
08fd21c59272d298f44aaf30d0acc7c84b7980d9c8a8a31bb5890ac3ffa0aa23
0915fad60bc9b61b6dcd82d05da7ec4bc0232a647e75b8507c3cba6d4d6602f9
099ae6a4a5807b70bed41a46d80462e7ea70eaed8a6fc90b4a8ba804a00c029f
09bacf25f8a0aa6f3caaada6836e7bdf013a588257bfdff87c145401a8d35fb3
0af3aae90b7de9fdceee2ab421378ea2f54c74be81ef43fc6c1790a032755d80
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0c27a9c1aee9eacb73655f930a6bbf9ec721006695e5c38405296081cdbcb878
0db80e4ae35fcf307507f9ced66fe9ccb3147c1ea12a60ea034092e6aa3ebf40
0e53466218d7ff174e0a083ecce89b1c090c67ccbe55775eddca03e930ff9e35
0eb508c8ca0a1459e32275d7ddd40e17b6fc213a592ab4d9f511416b352d499b
0ebbc7fba9a50d36ef5422345f624431710db4528f25749d1d438c2c10bb69f2
0fd28fece9ebd606b8b071460ebd3fc2ed7bc7a66ef91c8834f11dfacab4a849
0fd6bf62a1c1132f82de6a3a92b60eb482be7524369a39e8cb87792e84e1a0ae
1190936dcb257a5d3b9b77de7588759a3455fd3d8dd4df4b6a2cb7fde213e1e0
119f16a48ee60048587f6148ccd7b4d166b5f77d22ac11c87d665f5dee82fc78
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
12e29fa8c4f9d7702cdea6663458a4084007fe4521117610c456c54e6644e07c
1326c88d831faec75944c75ab8fb61c5e5c18ade4c6a3fa2de16baafdc64ec97
13b61826fde5b78966364a0bfe1f2309da1f0ccd75923528a5014978b7276742
149bccf7e467541fc83e870e967ac322b26065e5d6797169c8a677a67db07e60
14d79e2cf47df339b79d25ffc6d0136e5d2e70a96b75e6782198ea6bbda3ca0a
1523ddaa632d195a1240668fb5c6870519e3cdfeabd5a346141bcbb03222e2e7
1571164d558704327d27cca5b4ec8ac6c2e53a34b69a738b37a9cead3f62ff80
167bdead3314274ec6816ae851d767dd0ca9d1f9a2858b8ed0f1820657096097
175437ab2d5703d39c01d0f479b19f9b1569bfb2cf43dca8cbf30ff962f0f48b
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
1832a6ee34745b08b1fcae42c24468086358b43071d7679a738951aa7dc243ea
1844237c138bd410bc7fcfecd38156aa58aa2968d59889386b17de5c796e3c84
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002
18cbfcb608af5885f7916274b60578d32006c90e8fce3d98dbcc89a646707608
18d61b5ee68a57bd7a4733f776f9f8aa5c353e7f35a420881523b6edbf7c6b19
19951e5b020502f96f0d1eee9aa14624aac2beb7513ca2461b083f5f7b935712
1aaab3c3d6f974416ae34893cebe3a544aea17931439b2449ec392061d11ec82
1c10397a3682540eabe56fb6076bc332ecfd0bf7e9dc978a577b596053f8328e
1c7d6ffdb728fe6c2270a5f33a340f4322cea6d96440cbde15c51fe4cda9b97c
1cc4f4c92b087dcaf73fae7b25faeb55c5b3399e5ccf1d8ac5dbc01231fdb61a
1cf004685c32d9f1895d8e9f6aba75d0dba191708e294289879f0c5dd6cf6bdc
1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4
2199990352edbb7ec586e01d26e2f6a7010a2fce1517711019b614dcec353ba3
2295c7a89c8ac4a19e2641283109be472d8f58bd78e42a38a0d16e34203e4bba
2333802e4a0c86b4cc4c71b376fc0aedc3b03039bfc777d96105f82231215732
243b2a6b65dc42ece74a2fd2e28712274472971c0333b1c09fe63b747c51c532
256419b7fb90970b8d38d8ed93f019058c1cba33b45fd55b12cdd3cbcc8c4273
27c842a9dec0bf406cce5758064484e738a6d85f6ee9de9cbe8ffd73abe987ec
2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11
2bae9fc3e57c860103d1e03360ba3246e3b6c5bcaa6f3183ce8066cc69843a5d
2bd583067ac5f178e727003086da3d2001edc018d9184db1ca65251e515f7b4a
2c1b96e53cc04a115b7c5fb6b63ff1f0d82a144e0530d4c28ffd2590092e5542
2c29defe29114d0e8b948e78d50ebb281035df53a9167089deb1e77e801bbd2f
2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef
2f8a1ddb6e89fc8f333f486b0c2e13261e4ac34ac4a264067142feb1abef73ff
3128950c186c2a4e7c33079002d78177b46fa179d3000e696e3eb431c73084ac
326c32d7ffbd04762a10cf5bb37441d418397959381d3893c9e9a48217aa5347
33b9397cb9cb04ba605309ea2bb1a681e92421ba1ab31442b1a5b5772328ef3f
34a1f24c7e257a159d1e393a1b7971e2d8d579d49db0413209c3bbb8cc510170
35f21538baceb8193d01700790a2c1daded79c6cb953805fe3f70ec1d897c7e0
36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068
37a31642af0a7fe695ed0fd68a06a55af44e854d083dc7f5d0e70535f0189ae0
37d925559381e9d5388c4a096fe1383570546b7b11548d7d6a7e560adcc24e5d
383a9d17be74bcc56101f4f9573c051e4890262eb6d696f4a344cace61178582
38df6342fa5306387b8debfc00e4ad8109fd50cf8331ea5563622d91e58130d2
3bd77576df66f3e27de9a7e73556433f75d6446051495cdc46b229a4b54474bd
3cc0624fe4f3227f9a210d31206e5e4ecae62e129037350040909946a0ef91fe
3cd5077a3d52017f278b54a7612c075ea3322f57c352c469e73a4bb7c41f8822
3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390
40e1b6af169aaaf2dfafe3044562ac0fbe1ad82905e4758cab67509836067191
42b601bc0d93dfca6e350b46d113bf8e7ff9e40a87a0c57ab9b3c9c219062423
4443eccbe460b086b56483fdbfdaafca2c11c369a796a56c097997b15c160660
45185c8f6cd2f9b42e3a02b78af40edc7d61328fac3167a0490c9c69bbecaaa6
45df10c585e01c07a3602ed16c1c6842d2572d6b15bceff9cb1f58256d330e31
46301d14c7c0a72aab269b32a3148a7b65b6cebda290d04c7ff0a3f0c194601d
46d7a7c1e3f4138c9bcb153915820ed145358d5eb4e8b5ccfc321bdfc4ae30b5
476dcbeae1b083da37796e8ee3205f04ede05aeec588144e3394d1666b37763e
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
48e9f46ec1bed8a3588375159ac0b207abf94ef34524e4699dca69387e39e27a
4ac95c59a70b7c78d9dcfce05d1dcfd512e8f083d1525cf5d34ee3f57bf8e325
4af635698cb6488a8df86b99febedbc979c76e04f675f3a9cdc66f7b4d86aff6
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4c9d68e6fcd7df4461d8628656db38b9b67c9f193e49fdd74e0ab213c56e3581
4cdecc62f5b2c8e9f7cf7b14b9fd42e0c4787d912c1b71426cdfbe0144cede46
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4f49e616d278a16d9cd55a6d5fe19c99ebd37d7d3848d14422190618b67011e0
4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
5254d96be509322cc0504523d073f20862e307a38d06af3e971db915fa54b148
536386f4e5a08dcde004ad0d24c4ea816a2054ba53f5da25ebb12fa4493f693f
53ae292e0af77f3d8caa3e6cff97711182c63f2389e1c253387301a3647d2d4d
541ac58217a8ade1a5e292a65a0661dc9db7a49ae13654943817a4fbc6761afd
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
5525d57ced576560de8777ea78e4bc0c9d55396c0b668a7563b354de9c165aee
55d8b7ff6d1b91ce802dd52df0b3e868db35968c2f99bb1acbfd7dfba447b4a2
5704638c6dbcf7969743e8b137b34eb2655039c6ff5c63a0e9f9016730ec5fa3
5ac5028ea59d7c4d9f8a189149081deee7f2a4dd92c71df9001db0d3410f37eb
5cbf31f01d7d1ce4853bcd6cc64dbfd103d412ec14d8bcc4ebca3b35dc3f3b74
5d3d6dd3bba0a1c3b1aef74b0763c1b072a8b9f5714e61c4fe3ff29c5c35e563
5e64c4fe02b81567b406aeaa3e3283f0c879bbe605a181c70dd8e386dd187a1f
5eec30cadd6feed16fedc341e865d305b9357fb60bced49dac83e04e7ff7ae08
6200f57c02db8c6db819c98b7d74580894c4e931ff8aa2db59753e08cf1b6e83
64bc5b8291f72d94f9c8c981862c632f4278c55846d43599d404424cce755222
65cfa6801a0886fab249b224e8a6982b4740fe7879fce99ff13ddaac9aaca01a
69a051355ad02c286b388a0013340d02657eb3f463d628f7fc1069c40ab8a7e5
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6b05d95c69ce52973451a4083fedf78e8da15ad839d56880ea143d8814e7b6e7
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6c567f5f0ea4a8f2b5ef941a4b6b4d4d616e8198a96b6fab88df74a5bc3b5dce
6d9f061cba81145d9bab0964192d66cb2e13a71591482cdfaf5b718341171da1
70f036a2d13407ec8f9a5d9d74482f0149e05cc6b4dc0922b246e3d0fe665acf
72beb0dd878e65b76fcc6b1307c8dcd635b2407d93c746542ba145c3aae02a88
7478123ab457a28ecf9df78f2832fbdbefc205eaef0930b4f6666903e756be46
759949fb0ffaa47eb3755d704adfee7be3ab4fd3d3fa2f37381ca6ea8b9506b1
76a18f5f0637e0d73ce1afece898ce8b0fa75bb6b1c1990ae4a7ac6b083045ce
76d1da9e9902ccf3d2983b706151d7c4f1a910c86b757fae4302ccf989c630a7
77243f779560b23caf9b2646e37c8dfba4a48ff999b2c1d561f409828bfb39d4
7739eefcdee8afcb00fbe9a35cc795fff0cff7092b10d56c4190484d42892433
77a6bfa0c74c0f4276af80d9d46d20e13b07b09ea18166289e014c08588fc952
78f4a6474672b7edfcf444c1e765a327a63257be9a32d068fefd488f9dfd66b0
792e8d90eda8320b9bad0aa1aa9b98cb609ac3a72a642e6d370f40131c88ebe4
796c46ec10bc9105545f6f90d51593921b69956bd9087eb72bee83f40ad86f90
7bb18d7f96f84c2abd16941c6b18a1c0b6ffcda6e893b54e7414f5ca872506d1
7ec5561af74114c3b4b8e0a3e4e2d6f0718e60449f99d4266d8c026bfba8ddcc
816b387ca3b21f93ed65ca4cc8195ad660608a5c36bbc8875904b4eba630bffb
832f63f4187160c195b04f1911c2e623a75e805f4b23abb9b0bea214b4283a43
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
8342d6c5eab6536f636e116038d85861574fa98a3e0367836796af227d83021e
8347aba6b19aca193d1c275b6f2860407dcf14b933873d47b6d53a8dae46bfbf
834ef1c433178b2156fe2eccc8baa606fca6986aa8273a90b25cb8babc4c2ce8
844b89347c63d8c219bed6618235cd446cd07480492b20c4e6db09b74079b104
85af3052d288ffd9157258dfe4daf5309f0b64d0067ab8221cd0c62909c18419
87b0fbe3561e8227506326034df0ac098e2596c71967fcc427515e4969f98d8f
89d9051ab90ff1daae409dbccb1898ada616671246df6b6697268cf0e2813e61
89f2d4e6c7a6c41c13c2e7a75e526aa60b9d5274fe28b2d82801c6beb6beb879
8c3010509fc7480b59413a90d69e9fafcb3d5aa202faf7862466f6bb8be1a335
8d732b3483eb44546a848a82cc9d6a584c81860aae7255f7ac589dcb3f130535
8e6479cd4913a87170eb62978960f57a2966a67fe1ce10ece3cbf9ee4097aa70
8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5
92bfb76bb5e4dd62fb0cf65969471456d1c34ffcfb1637c154ce818f7cad4a4c
945a9ab4018c188e6bb853ae7361bc62ab1a0074146f910616e2402d67805099
9580a3ac828ddce2c4e6c7e3a596a075b4877ece9ae336ad95fda54d6f2cb019
958cb8992e75141f60d67383af5df25397e04446753f027dd317be9d51136ab0
96f668c50a50b574c076ad3594aef652875a79642c7e1953572327cb37e00c55
978613804efdb1eb5bfa4998ded39720ad9c6126f3229ee6ad57b1617ea72f80
979eca747f465dabb43510faea2aa8e2361a340e91b0db37943623ef2045eab1
98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a
99d6b69393da784dfa6eaea91c3d03caf158d21a0d75e8c0104fa0b49d6abaf0
99e3e2418d1979ef171917b4618019e5c917cbd991cbcb411a6e00016753993f
9a47abcc220084cd32dd51bd76f84ff7839e2dbf1a132fb970e8a1437f03726b
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9b6bfc62667e9c051cc448e77549436a996616e5572ee8cbf241b610a3575fb8
9c062d10663416484b5a59bb47a0308526bec56cc69e9f3499fa087d8eae5c7a
9db8a678d1681c1c4a3f15e1769c3f54d96f126db4a7b00cea65127c820a7763
9dd0aa06803cf91604d71b279d99b9aabcdb20526e3650027938cc58fb55dcf6
9e57f7818649575f5dd38aa747647c1109e46764cda5a805dbc0c9253df9eccd
9ef6aba04e9faa760fe071252f511306b16527f4ef75f7db5aa306a067b7c4f8
9f86b3fc3aa55e7dcbea697bda46dbc2b47ba0faebb70069e85c7db357ad767f
9f940c3ff73eda67ecaf03b567f1b709caa697cf79152ddb94298bba5c394f5b
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f
a08e9751797499f970ef806586b1dbba22dc20a93a590c763018c07d40caf67b
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a0fded691aed767f851011cd3185b928619298a21a0fbdad4808a9e88b490833
a11755d3e7548454580cb97c3e4ffb2d29b87e5e6334bcce33ca71085fe79e78
a3558dfcc4869ed0597c57c829383dc2f61b3de12467dc05428e36ca78bbfe47
a3facb7a3e1870167a3894c2cfd9a75e2a80f17dfc5ffde24c756036a10097e3
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a571be55ecca189f07b523295ac93dc8951c84c5dc2de7b37eb530d8b4045c3c
a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db
a78f2daec021e8814ef51f47697bfdf84b774064114b3fd0f1b28c969941679d
a7bee3d8fdca1d4f777f71c50af5492b0f72bbe6f2ea46cb59260738bdb88400
a8451c3757b0729edcecf6edb54abacce58e3773b0e228073658377931523c29
a886a1cc7a7f0f87bf46ad0f56999d9649c0212d9bfecf96c1f93ed67b35d64d
a889ed53ea224d3134512762ff0cde5c4b0426379110a6592f9d0e337b859e95
a8f48eba8e124b4f672bf8155a67f756b035283e20459d33307a3325b93d6483
aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22
ac6b60cd1d7fb2d71a20dd4edbe1b4194bab5dc14ccfa1d9caff83d2cf4cf07f
ac7ba3f3eea997ca4adc017561e5aafcf777f40605907a375f5ec7da78ab8f12
aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27
aeeb5997c8333e15230c42db87efbdda8907bd989cc854fd6d3a06f1112ec1fc
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277
b00af338864761a37a208806e2e8815b46327a5e7e47bf141f4fbdf6d1fd3bcc
b01eb8534b871da0988c3f8f14f9e55aa86841624def13b93c44115f77748bbf
b0534210815c3c9ee7e1df828e0916d2997bf39db55466c2cb7353e423db4499
b12c1cd811f54d11bfdcb5e235e73934a8b8a7a85eafb8529117f9a5bb64ccf8
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b3dca6992b4f8770bc3dba5f82f6325a82d2adabf685da88d950f6fe87b16716
b7822b41c321048e2ef8cd1e72fed1cc0623b64b76bf78a18185f5b323cdb0ab
b7908a015a567ec2363011df2475368dbff34360e9da3fdff50604d6395fb646
b7c2309c6e08de495b618ca1d7325a767ce1f1921447efad9eb29fb42824d611
b8fa20af264fcdd99621fc4e3a770927452b0fe382599e0d890a3bfa31152f80
b97d80b9eedfeb29936f0d7f89afbdd425ef8d930d09fa1f98030ceb8b26cabd
b983dba3f0ca5cbf132672901a5787f5a65adae20679813c11b1ce61a033282a
bc1790fd7912b9fd329447505a8248b380576af8c87c0d98a93cf20a41ef6066
bc29c34d0738c5cb3f96585219667566799d9e142699e982f9406d5b04fa9794
bf27786b4381176350787d768bf5f7c5310ba640aa48ee98a3d2c310ddd971ab
c0475c55484f66ab99b89eb8cfe543c6371f6ad73cfe08489cdff78bfb6c15f2
c0515f174257e5e8c2b69445e28f1cca8792be06d315b7772fc16234937d5cde
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
c2ecff291918a3caf0b7e470323e89f2a1f05b92e12a10649e598cacebe62acf
c414cd0e204de974f73753c7e28d7638e7b3691bb8b1a2bab6b25bb7fed7ce77
c4776ba5f20d325e56e32546fff207574362793fe903a5a2562914bafae23dd6
c787e9dd6dc8ea3c935f5f0f30e3b9e4a3e066b4619bb244f569883f8e318a24
c7d737cd9ae148258b2962220574316d705c0f8daec061f863f3896f7356f1de
c96948201ea77c7cb2993f844fb3554e92b69391355d3808b0868c1ef1f659ca
c997bd58f90495d7cae559a68a0b7b02f33dbd22c6f4e01e47709df7def40e76
c9cadf1d26121954b58d54577d85df3bf40f3fce3493d965fed2b4b55155d8f6
ca546d26b13dff301c0fe4299dc7b7d112a78421184d7fb13df45fb43b88b46f
caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c
cdb9759596043346743671cdf793ade8c57fda225006d6da0dc813c62fbd27a2
cdcb815a61ee2604869002ea0216a0ed6a1c571c0773eacb220776fa769064cb
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d22884064f4d7b34e4a0c7ef2767d21363923c795416100088d9d910a32a63c5
d40731d1df11a93fc5faa6687ee011771fdb10c586cb65df6b8e859adf5934d3
d43993db4451098683408e1ab4b6d21938a60291c146c15a379cabfc0c1cb38f
d462af4d9803c28d57f79fec02519d8b86d8d8a4f5200d0cff209959449d8b0c
d490f2efc64637640a21c5282a89dd22344e58974641bc7bbbfa4c7e4dc8648e
d830f72f45dfe720fbb241bac171d7bc6068c4d8fc8447fd8c50e66d3b678bdc
d931ba2089021a1357761939c18bcc09aa856d39be2a707ea450333f5b3443c4
d99118365aebd8dec52624664c1bf5cdce9d001912acab42ca355735d8f10745
d99ea9db1da8549489666d36c9e3fb717842550eed1554e96860af8d30c3b008
dba2137af06d32f5b107332961e3f7e8254891adcd4e468a4e1a74d8cd195ef1
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
dd89bfea5dd89719f31edbbad76c487a98d0cd2d61228781789530723b04701a
df41d46868d9ca6723baad61f0697f65a4fc61728e0958aa7af1d1706a2eb7d0
e2a3522e6e082fa56d0eb9bf893a6bddc957911a05ff9a35a1c5e6982abe583e
e2dc35b0dbaa16b45d96eb3691927df48e091f4983ed2cc079568b789f9559da
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e503c59c36fc19803b2e9572b10e7c06236bda692aebd97f29e2a5a96f9aa5b6
e6c6a0ac3dcb0ab32c2338c9025a27fbb5b7a6eec94d16b099ff6194f2aacf3c
e881ad0df4507d3c60cee0b4ac6e2073af52b23c16864f317b09c399bf74b423
e89bbc7723c5114f9cf138c6019bbca4e4f5e13f6b9febaa38c92c4c3584a964
e97db8601c066ede460dbfceacf13b0adc33d3fa3fe853bd15c3395fb39f10cf
e98bc0fd53abc85dcdb9da6be552c09e4874a8b8c5e7a999aaa791a001ca746f
eafd1a3d38f044a1b16b51a020cf07e81d290e1f043182f5891d064e0aef9a52
eb1585ad47dc4de0b5593f74beb232a46e949c662d8701678b46f212ced7094f
eb3f5d35bb3f49c0057dd24c966bbbe98c7507e1e633cef8d09fd8255124c104
ed5c5a4affb432c9174fe5445d3b783fc031d87256abdf39fa0a795e79473096
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f0c6d2d27de284102b03e30cd74be808801ec53ca49f30b4d15620ee84ea39f5
f17507fde883e1ea7e0fe20d36e491f202e92bf940a5030e7b3b35b07a62b711
f2910156ea994e4b98c3bdd6e95f691c78c55970d940a9a6da1f8aac25bd5d4b
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1
f77f47058428a1c21dad5a75ac13fbfdeb9858947218fee2112fded5972a0b5d
f8957910f9a887e298f5c082685e139255d095ec819e8b8cc6469b0006ef204b
f9fae20d30474c95bf8745df26cfa5c62803462a9ee57dd710c8266d7ece3f3e
fb341d032923270c2097928803e11a567c7111c9c1b9964afac532a888a82cfe
fd222137f245c06ddb4c4d44db41f12138dad6cf8ef5d4d4a5e500f38f0c8c62
fd48790ee5e41e49833236acfc14f3cabed815a7d04713ad5e6cfedb5773d8a5
feae1113590087853e239a32024ed804cb812031a6abdff979d137598a340e50
ff46e8e9c5af218fcf5a190b941cef2980057d50f9a1b7d5fd7757433e00f059