threatpost.com Open in urlscan Pro
35.173.160.135 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://threatpost.com/android-malware-flytrap-facebook/168463/
Submission: On February 18 via manual (February 18th 2022, 11:23:47 am UTC) from GB — Scanned from GB

Summary HTTP 458 Redirects Links 15 Behaviour Indicators

Summary

This website contacted 104 IPs in 11 countries across 90 domains to perform 458 HTTP transactions. The main IP is 35.173.160.135, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is threatpost.com. The Cisco Umbrella rank of the primary domain is 158454.
TLS certificate: Issued by DigiCert TLS RSA SHA256 2020 CA1 on June 2nd 2021. Valid for: a year.

This is the only time threatpost.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
35	35.173.160.135 35.173.160.135	14618 (AMAZON-AES) (AMAZON-AES)
11	108.157.4.43 108.157.4.43	16509 (AMAZON-02) (AMAZON-02)
3	2a00:1450:400... 2a00:1450:4001:810::2002	15169 (GOOGLE) (GOOGLE)
7	2606:4700:303... 2606:4700:3031::6815:456d	13335 (CLOUDFLAR...) (CLOUDFLARENET)
13	2600:9000:231... 2600:9000:2315:3a00:2:9275:3d40:93a1	16509 (AMAZON-02) (AMAZON-02)
11	2600:9000:220... 2600:9000:2204:8e00:0:5c46:4f40:93a1	16509 (AMAZON-02) (AMAZON-02)
2 8	2a00:1450:400... 2a00:1450:4001:82b::2004	15169 (GOOGLE) (GOOGLE)
1	77.74.178.23 77.74.178.23	200107 (KL-EXT) (KL-EXT)
6	108.156.255.177 108.156.255.177	16509 (AMAZON-02) (AMAZON-02)
1 13	151.101.66.137 151.101.66.137	54113 (FASTLY) (FASTLY)
5	2a00:1450:400... 2a00:1450:4001:813::2008	15169 (GOOGLE) (GOOGLE)
12	18.191.54.29 18.191.54.29	16509 (AMAZON-02) (AMAZON-02)
7	142.250.74.194 142.250.74.194	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:800::2003	15169 (GOOGLE) (GOOGLE)
1	104.89.31.187 104.89.31.187	16625 (AKAMAI-AS) (AKAMAI-AS)
1	46.105.202.126 46.105.202.126	16276 (OVH) (OVH)
1	151.101.194.137 151.101.194.137	54113 (FASTLY) (FASTLY)
4	2a00:1450:400... 2a00:1450:4001:810::200a	15169 (GOOGLE) (GOOGLE)
3	34.249.135.188 34.249.135.188	16509 (AMAZON-02) (AMAZON-02)
2	2606:4700:20:... 2606:4700:20::681a:9a9	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	141.95.3.10 141.95.3.10	16276 (OVH) (OVH)
7	2a00:1450:400... 2a00:1450:4001:811::200e	15169 (GOOGLE) (GOOGLE)
4 6	2620:116:800d... 2620:116:800d:21:f916:5049:f87f:108e	16509 (AMAZON-02) (AMAZON-02)
1	151.101.12.157 151.101.12.157	54113 (FASTLY) (FASTLY)
1 3	72.251.249.13 72.251.249.13	29791 (VOXEL-DOT...) (VOXEL-DOT-NET)
10	34.253.111.207 34.253.111.207	16509 (AMAZON-02) (AMAZON-02)
1 3	147.75.38.124 147.75.38.124	54825 (PACKET) (PACKET)
3 14	185.33.221.53 185.33.221.53	29990 (ASN-APPNEX) (ASN-APPNEX)
3	52.29.1.115 52.29.1.115	16509 (AMAZON-02) (AMAZON-02)
2 7	178.128.135.80 178.128.135.80	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
4	2602:803:c003... 2602:803:c003:200::61	26667 (RUBICONPR...) (RUBICONPROJECT)
1	2606:4700::68... 2606:4700::6812:272	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	204.237.133.116 204.237.133.116	62713 (AS-PUBMATIC) (AS-PUBMATIC)
9	213.19.147.42 213.19.147.42	26120 (RHYTHMONE) (RHYTHMONE)
12	35.244.159.8 35.244.159.8	15169 (GOOGLE) (GOOGLE)
3	35.157.246.167 35.157.246.167	16509 (AMAZON-02) (AMAZON-02)
3	184.31.84.150 184.31.84.150	16625 (AKAMAI-AS) (AKAMAI-AS)
1	18.157.232.7 18.157.232.7	16509 (AMAZON-02) (AMAZON-02)
1	64.140.160.2 64.140.160.2	18450 (WEBNX) (WEBNX)
2	13.36.218.177 13.36.218.177	16509 (AMAZON-02) (AMAZON-02)
1 1	52.51.88.158 52.51.88.158	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:4001:80f::2006	15169 (GOOGLE) (GOOGLE)
1	2600:9000:231... 2600:9000:2315:be00:6:44e3:f8c0:93a1	16509 (AMAZON-02) (AMAZON-02)
1	18.192.29.118 18.192.29.118	16509 (AMAZON-02) (AMAZON-02)
1	104.244.42.195 104.244.42.195	13414 (TWITTER) (TWITTER)
1	104.244.42.5 104.244.42.5	13414 (TWITTER) (TWITTER)
2	2a00:1450:400... 2a00:1450:400c:c0c::9b	15169 (GOOGLE) (GOOGLE)
14	2a00:1450:400... 2a00:1450:4001:809::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:810::2003	15169 (GOOGLE) (GOOGLE)
2	2a02:26f0:fb:... 2a02:26f0:fb::5f65:58e0	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1 2	142.250.186.134 142.250.186.134	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:831::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:828::2002	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:80e::2001	15169 (GOOGLE) (GOOGLE)
3 4	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	108.174.10.24 108.174.10.24	14413 (LINKEDIN) (LINKEDIN)
21	2a00:1450:400... 2a00:1450:4001:809::2001	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:803::2002	15169 (GOOGLE) (GOOGLE)
10	2a00:1450:400... 2a00:1450:4001:802::2001	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:82b::200a	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:830::2003	15169 (GOOGLE) (GOOGLE)
2	142.250.185.66 142.250.185.66	15169 (GOOGLE) (GOOGLE)
1 2	2a02:2638:1::13 2a02:2638:1::13	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
2	178.250.2.146 178.250.2.146	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
5	2.21.141.175 2.21.141.175	16625 (AKAMAI-AS) (AKAMAI-AS)
3	151.101.193.108 151.101.193.108	54113 (FASTLY) (FASTLY)
6 30	2.21.141.232 2.21.141.232	16625 (AKAMAI-AS) (AKAMAI-AS)
5 5	35.158.233.132 35.158.233.132	16509 (AMAZON-02) (AMAZON-02)
5 10	3.126.56.137 3.126.56.137	16509 (AMAZON-02) (AMAZON-02)
8 18	142.250.185.162 142.250.185.162	15169 (GOOGLE) (GOOGLE)
3 4	151.101.66.49 151.101.66.49	54113 (FASTLY) (FASTLY)
5 12	15.197.193.217 15.197.193.217	16509 (AMAZON-02) (AMAZON-02)
5 5	185.29.132.245 185.29.132.245	30419 (MEDIAMATH...) (MEDIAMATH-INC)
1 8	34.98.64.218 34.98.64.218	15169 (GOOGLE) (GOOGLE)
4 5	37.157.6.245 37.157.6.245	198622 (ADFORM) (ADFORM)
3 6	52.46.154.242 52.46.154.242	16509 (AMAZON-02) (AMAZON-02)
3 5	2a05:d018:d29... 2a05:d018:d29:3601:48c:2850:f91f:4df0	16509 (AMAZON-02) (AMAZON-02)
3 3	18.196.175.109 18.196.175.109	16509 (AMAZON-02) (AMAZON-02)
1 2	169.50.137.184 169.50.137.184	36351 (SOFTLAYER) (SOFTLAYER)
1 3	37.252.172.36 37.252.172.36	29990 (ASN-APPNEX) (ASN-APPNEX)
2 2	193.0.160.129 193.0.160.129	54312 (ROCKETFUEL) (ROCKETFUEL)
2	52.87.64.174 52.87.64.174	14618 (AMAZON-AES) (AMAZON-AES)
1 2	52.204.231.109 52.204.231.109	14618 (AMAZON-AES) (AMAZON-AES)
8	34.95.81.22 34.95.81.22	15169 (GOOGLE) (GOOGLE)
2 8	104.92.74.8 104.92.74.8	16625 (AKAMAI-AS) (AKAMAI-AS)
2 6	76.223.111.18 76.223.111.18	16509 (AMAZON-02) (AMAZON-02)
1	205.185.216.42 205.185.216.42	20446 (HIGHWINDS3) (HIGHWINDS3)
1	2620:1ec:bdf::69 2620:1ec:bdf::69	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	35.186.253.211 35.186.253.211	15169 (GOOGLE) (GOOGLE)
5 7	18.193.253.133 18.193.253.133	16509 (AMAZON-02) (AMAZON-02)
2 2	18.192.161.141 18.192.161.141	16509 (AMAZON-02) (AMAZON-02)
2 4	52.30.16.91 52.30.16.91	16509 (AMAZON-02) (AMAZON-02)
1 1	2001:678:cb4:... 2001:678:cb4:bbbb::11	56396 (AMOBEE) (AMOBEE)
1 1	52.72.71.171 52.72.71.171	14618 (AMAZON-AES) (AMAZON-AES)
1 1	185.183.112.148 185.183.112.148	60350 (VP) (VP)
1 1	34.102.163.6 34.102.163.6	15169 (GOOGLE) (GOOGLE)
1	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
4 4	70.42.32.255 70.42.32.255	22075 (AS-OUTBRAIN) (AS-OUTBRAIN)
1 16	54.77.66.11 54.77.66.11	16509 (AMAZON-02) (AMAZON-02)
2	67.202.105.24 67.202.105.24	32748 (STEADFAST) (STEADFAST)
1	51.89.9.252 51.89.9.252	16276 (OVH) (OVH)
2	185.86.138.120 185.86.138.120	201081 (SMARTADSE...) (SMARTADSERVER)
1 1	216.52.2.19 216.52.2.19	30282 (AS-INAPCD...) (AS-INAPCDN-OCY)
6 7	213.19.147.44 213.19.147.44	26120 (RHYTHMONE) (RHYTHMONE)
1	3.230.28.223 3.230.28.223	14618 (AMAZON-AES) (AMAZON-AES)
4 4	69.173.144.139 69.173.144.139	26667 (RUBICONPR...) (RUBICONPROJECT)
5	69.173.144.138 69.173.144.138	26667 (RUBICONPR...) (RUBICONPROJECT)
1	2a00:1288:80:... 2a00:1288:80:807::2	203220 (YAHOO-DEB) (YAHOO-DEB)
1 1	2a02:fa8:8806... 2a02:fa8:8806:13::1400	41041 (VCLK-EU-SE) (VCLK-EU-SE)
1 1	66.155.71.150 66.155.71.150	13768 (COGECO-PEER1) (COGECO-PEER1)
1 1	34.111.151.213 34.111.151.213	15169 (GOOGLE) (GOOGLE)
2	18.195.155.181 18.195.155.181	16509 (AMAZON-02) (AMAZON-02)
1	178.162.133.148 178.162.133.148	60781 (LEASEWEB-...) (LEASEWEB-NL-AMS-01 Netherlands)
2 2	35.172.159.73 35.172.159.73	14618 (AMAZON-AES) (AMAZON-AES)
1	2600:1f18:444... 2600:1f18:444a:4602:2c20:3113:5c28:1366	14618 (AMAZON-AES) (AMAZON-AES)
1 1	157.90.167.185 157.90.167.185	24940 (HETZNER-AS) (HETZNER-AS)
3 4	64.202.112.31 64.202.112.31	22075 (AS-OUTBRAIN) (AS-OUTBRAIN)
3 3	185.184.8.65 185.184.8.65	204995 (RTB-HOUSE...) (RTB-HOUSE-AMS)
1 1	52.200.181.105 52.200.181.105	14618 (AMAZON-AES) (AMAZON-AES)
1 1	54.226.209.67 54.226.209.67	14618 (AMAZON-AES) (AMAZON-AES)
1	150.136.156.92 150.136.156.92	31898 (ORACLE-BM...) (ORACLE-BMC-31898)
1	169.197.150.8 169.197.150.8	398989 (DEEPINTENT) (DEEPINTENT)
1 1	104.90.192.27 104.90.192.27	16625 (AKAMAI-AS) (AKAMAI-AS)
2 2	52.214.183.42 52.214.183.42	16509 (AMAZON-02) (AMAZON-02)
1 1	198.148.27.140 198.148.27.140	19189 (PULSEPOINT) (PULSEPOINT)
1 1	202.241.208.56 202.241.208.56	4694 (IDCF IDC ...) (IDCF IDC Frontier Inc.)
1 1	85.114.159.93 85.114.159.93	24961 (MYLOC-AS ...) (MYLOC-AS IP Backbone of myLoc managed IT AG)
1 4	185.86.137.131 185.86.137.131	201081 (SMARTADSE...) (SMARTADSERVER)
1	69.173.151.100 69.173.151.100	26667 (RUBICONPR...) (RUBICONPROJECT)
458	104

35 35.173.160.135 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-35-173-160-135.compute-1.amazonaws.com

threatpost.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
kasperskycontenthub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 108.157.4.43 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-157-4-43.dus51.r.cloudfront.net

tagan.adlightning.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:810::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2606:4700:3031::6815:456d (United States)

ASN13335 (CLOUDFLARENET, US)

qd.admetricspro.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 2600:9000:2315:3a00:2:9275:3d40:93a1 (United States)

ASN16509 (AMAZON-02, US)

assets.threatpost.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2600:9000:2204:8e00:0:5c46:4f40:93a1 (United States)

ASN16509 (AMAZON-02, US)

media.threatpost.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:82b::2004 (Frankfurt am Main, Germany) 2 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 77.74.178.23 (Switzerland)

ASN200107 (KL-EXT, RU)

media.kaspersky.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 108.156.255.177 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-156-255-177.dus51.r.cloudfront.net

c.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 151.101.66.137 (United States) 1 redirects

ASN54113 (FASTLY, US)

cd.connatix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cds.connatix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
vid.connatix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
img.connatix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:813::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 18.191.54.29 (Columbus, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-191-54-29.us-east-2.compute.amazonaws.com

capi.connatix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 142.250.74.194 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s02-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:800::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.89.31.187 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-89-31-187.deploy.static.akamaitechnologies.com

secure.cdn.fastclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 46.105.202.126 (France)

ASN16276 (OVH, FR)

cdn.id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.194.137 (United States)

ASN54113 (FASTLY, US)

lit.connatix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:810::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

imasdk.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 34.249.135.188 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-249-135-188.eu-west-1.compute.amazonaws.com

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
kaspersky.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:20::681a:9a9 (United States)

ASN13335 (CLOUDFLARENET, US)

script.4dex.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 141.95.3.10 (France)

ASN16276 (OVH, FR)
PTR: p31.id5-sync.com

id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:811::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2620:116:800d:21:f916:5049:f87f:108e (United States) 4 redirects

ASN16509 (AMAZON-02, US)

secure.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.12.157 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

static.ads-twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 72.251.249.13 (Amsterdam, Netherlands) 1 redirects

ASN29791 (VOXEL-DOT-NET, US)

ap.lijit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 34.253.111.207 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-253-111-207.eu-west-1.compute.amazonaws.com

ads.servenobid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 147.75.38.124 (Amsterdam, Netherlands) 1 redirects

ASN54825 (PACKET, US)

prebid.a-mo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 185.33.221.53 (Amsterdam, Netherlands) 3 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 718.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 52.29.1.115 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-29-1-115.eu-central-1.compute.amazonaws.com

btlr.sharethrough.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 178.128.135.80 (North Bergen, United States) 2 redirects

ASN14061 (DIGITALOCEAN-ASN, US)

e.serverbid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
sync.serverbid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2602:803:c003:200::61 (Amsterdam, Netherlands)

ASN26667 (RUBICONPROJECT, US)

fastlane.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:272 (United States)

ASN13335 (CLOUDFLARENET, US)

mp.4dex.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 204.237.133.116 (United States)

ASN62713 (AS-PUBMATIC, US)

hbopenbid.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 213.19.147.42 (United Kingdom)

ASN26120 (RHYTHMONE, US)

tag.1rx.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 35.244.159.8 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 8.159.244.35.bc.googleusercontent.com

teachingaids-d.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
us-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
eu-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
gift-connect-d.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 35.157.246.167 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-35-157-246-167.eu-central-1.compute.amazonaws.com

c2shb.ssp.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 184.31.84.150 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a184-31-84-150.deploy.static.akamaitechnologies.com

htlb.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.157.232.7 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-157-232-7.eu-central-1.compute.amazonaws.com

tlx.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 64.140.160.2 (Ogden, United States)

ASN18450 (WEBNX, US)
PTR: threatintelligenceplatform.com

geo.ipify.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.36.218.177 (Paris, France)

ASN16509 (AMAZON-02, US)
PTR: ec2-13-36-218-177.eu-west-3.compute.amazonaws.com

kaspersky.d3.sc.omtrdc.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.51.88.158 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-51-88-158.eu-west-1.compute.amazonaws.com

cm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80f::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2315:be00:6:44e3:f8c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

rules.quantcount.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.192.29.118 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-192-29-118.eu-central-1.compute.amazonaws.com

ads.adaptv.advertising.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.195 (United States)

ASN13414 (TWITTER, US)

analytics.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.5 (United States)

ASN13414 (TWITTER, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400c:c0c::9b (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 2a00:1450:4001:809::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:810::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:26f0:fb::5f65:58e0 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.186.134 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s07-in-f6.1e100.net

9582686.fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:831::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:828::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:80e::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fddb3c9496fcaf8b8a980280780c51e3.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2620:1ec:21::14 (United States) 3 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 108.174.10.24 (United States)

ASN14413 (LINKEDIN, US)
PTR: 108-174-10-24.fwd.linkedin.com

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

21 2a00:1450:4001:809::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:803::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a00:1450:4001:802::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

cdn.ampproject.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:82b::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:830::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.185.66 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s48-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:2638:1::13 (France) 1 redirects

ASN44788 (ASN-CRITEO-EUROPE, FR)

gum.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 178.250.2.146 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

mug.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2.21.141.175 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-21-141-175.deploy.static.akamaitechnologies.com

ads.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 151.101.193.108 (United States)

ASN54113 (FASTLY, US)

acdn.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

30 2.21.141.232 (Frankfurt am Main, Germany) 6 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a2-21-141-232.deploy.static.akamaitechnologies.com

js-sec.indexww.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ssum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
dsum.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 35.158.233.132 (Frankfurt am Main, Germany) 5 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-35-158-233-132.eu-central-1.compute.amazonaws.com

pixel.advertising.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 3.126.56.137 (Frankfurt am Main, Germany) 5 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-126-56-137.eu-central-1.compute.amazonaws.com

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

18 142.250.185.162 (United States) 8 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s51-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 151.101.66.49 (United States) 3 redirects

ASN54113 (FASTLY, US)

sync-tm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 15.197.193.217 (United States) 5 redirects

ASN16509 (AMAZON-02, US)
PTR: a12b7a488abeaa9e4.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 185.29.132.245 (United Kingdom) 5 redirects

ASN30419 (MEDIAMATH-INC, US)

sync.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 34.98.64.218 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 218.64.98.34.bc.googleusercontent.com

eu-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
us-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
teachingaids-d.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 37.157.6.245 (Denmark) 4 redirects

ASN198622 (ADFORM, DK)

c1.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 52.46.154.242 (Ashburn, United States) 3 redirects

ASN16509 (AMAZON-02, US)

s.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a05:d018:d29:3601:48c:2850:f91f:4df0 (Dublin, Ireland) 3 redirects

ASN16509 (AMAZON-02, US)

pr-bh.ybp.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 18.196.175.109 (Frankfurt am Main, Germany) 3 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-196-175-109.eu-central-1.compute.amazonaws.com

pm.w55c.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 169.50.137.184 (United States) 1 redirects

ASN36351 (SOFTLAYER, US)
PTR: b8.89.32a9.ip4.static.sl-reverse.com

um.simpli.fi	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 37.252.172.36 (Frankfurt am Main, Germany) 1 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 692.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 193.0.160.129 (United States) 2 redirects

ASN54312 (ROCKETFUEL, US)

p.rfihub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.87.64.174 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-87-64-174.compute-1.amazonaws.com

rtb.adentifi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.204.231.109 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-204-231-109.compute-1.amazonaws.com

um2.eqads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 34.95.81.22 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 22.81.95.34.bc.googleusercontent.com

c.4dex.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 104.92.74.8 (Frankfurt am Main, Germany) 2 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a104-92-74-8.deploy.static.akamaitechnologies.com

eus.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
secure-assets.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 76.223.111.18 (United States) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: a0f671730127a0812.awsglobalaccelerator.com

eb2.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 205.185.216.42 (United States)

ASN20446 (HIGHWINDS3, US)
PTR: map2.hwcdn.net

serverbid-sync.nyc3.cdn.digitaloceanspaces.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:bdf::69 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

public.servenobid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.186.253.211 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 211.253.186.35.bc.googleusercontent.com

rtb.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 18.193.253.133 (Frankfurt am Main, Germany) 5 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-193-253-133.eu-central-1.compute.amazonaws.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.192.161.141 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-192-161-141.eu-central-1.compute.amazonaws.com

ads.creative-serving.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 52.30.16.91 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-30-16-91.eu-west-1.compute.amazonaws.com

match.prod.bidr.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:678:cb4:bbbb::11 (United Kingdom) 1 redirects

ASN56396 (AMOBEE, GB)

ad.turn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.72.71.171 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-72-71-171.compute-1.amazonaws.com

beacon.lynx.cognitivlabs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.183.112.148 (Paris, France) 1 redirects

ASN60350 (VP, FR)

sync.adotmob.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.102.163.6 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 6.163.102.34.bc.googleusercontent.com

ad.mrtnsvr.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:c11::200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

c.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 70.42.32.255 (United States) 4 redirects

ASN22075 (AS-OUTBRAIN, US)
PTR: ny.outbrain.com

b1sync.zemanta.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 54.77.66.11 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-54-77-66-11.eu-west-1.compute.amazonaws.com

g2.gumgum.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
rtb.gumgum.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 67.202.105.24 (United States)

ASN32748 (STEADFAST, US)
PTR: ip24.67-202-105.static.steadfastdns.net

pixel.33across.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ssc-cms.33across.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 51.89.9.252 (London, United Kingdom)

ASN16276 (OVH, FR)
PTR: ip252.ip-51-89-9.eu

onetag-sys.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.86.138.120 (France)

ASN201081 (SMARTADSERVER, FR)

ssbsync.smartadserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 216.52.2.19 (United States) 1 redirects

ASN30282 (AS-INAPCDN-OCY, US)

ce.lijit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 213.19.147.44 (United Kingdom) 6 redirects

ASN26120 (RHYTHMONE, US)

sync.1rx.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
sync.targeting.unrulymedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.230.28.223 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-230-28-223.compute-1.amazonaws.com

jadserve.postrelease.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 69.173.144.139 (Frankfurt am Main, Germany) 4 redirects

ASN26667 (RUBICONPROJECT, US)

token.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 69.173.144.138 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1288:80:807::2 (United Kingdom)

ASN203220 (YAHOO-DEB, GB)

ads.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:fa8:8806:13::1400 (Singapore) 1 redirects

ASN41041 (VCLK-EU-SE, US)

casale-match.dotomi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 66.155.71.150 (Portsmouth, United Kingdom) 1 redirects

ASN13768 (COGECO-PEER1, CA)

pixel-sync.sitescout.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.111.151.213 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 213.151.111.34.bc.googleusercontent.com

dmp.brand-display.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.195.155.181 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-195-155-181.eu-central-1.compute.amazonaws.com

cs.emxdgt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.162.133.148 (Rijswijk, Netherlands)

ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL)
PTR: ams-1.go.sonobi.com

go.sonobi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.172.159.73 (Ashburn, United States) 2 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-35-172-159-73.compute-1.amazonaws.com

i.liadm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1f18:444a:4602:2c20:3113:5c28:1366 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

i6.liadm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 157.90.167.185 (Germany) 1 redirects

ASN24940 (HETZNER-AS, DE)
PTR: static.185.167.90.157.clients.your-server.de

bidswitch-eu.splicky.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 64.202.112.31 (United States) 3 redirects

ASN22075 (AS-OUTBRAIN, US)
PTR: ny.outbrain.com

sync.outbrain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 185.184.8.65 (Amsterdam, Netherlands) 3 redirects

ASN204995 (RTB-HOUSE-AMS, PL)
PTR: ip-185-184-8-65.rtbhouse.net

creativecdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.200.181.105 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-200-181-105.compute-1.amazonaws.com

sync.srv.stackadapt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.226.209.67 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-226-209-67.compute-1.amazonaws.com

sync.ipredictive.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 150.136.156.92 (Ashburn, United States)

ASN31898 (ORACLE-BMC-31898, US)

sync.technoratimedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 169.197.150.8 (United States)

ASN398989 (DEEPINTENT, US)
PTR: g.deepintent.com

match.deepintent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.90.192.27 (Frankfurt am Main, Germany) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a104-90-192-27.deploy.static.akamaitechnologies.com

stags.bluekai.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.214.183.42 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-214-183-42.eu-west-1.compute.amazonaws.com

ad.360yield.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 198.148.27.140 (New York, United States) 1 redirects

ASN19189 (PULSEPOINT, US)

bh.contextweb.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 202.241.208.56 (Japan) 1 redirects

ASN4694 (IDCF IDC Frontier Inc., JP)

tg.socdm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 85.114.159.93 (Germany) 1 redirects

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)
PTR: dsp.adfarm1.adition.com

dsp.adfarm1.adition.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 185.86.137.131 (France) 1 redirects

ASN201081 (SMARTADSERVER, FR)

rtb-csync.smartadserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.173.151.100 (United States)

ASN26667 (RUBICONPROJECT, US)

pixel-us-east.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
57	threatpost.com threatpost.com — Cisco Umbrella Rank: 158454 assets.threatpost.com — Cisco Umbrella Rank: 426456 media.threatpost.com — Cisco Umbrella Rank: 301508	828 KB
38	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 92 fddb3c9496fcaf8b8a980280780c51e3.safeframe.googlesyndication.com tpc.googlesyndication.com — Cisco Umbrella Rank: 120	241 KB
35	doubleclick.net 9 redirects securepubads.g.doubleclick.net — Cisco Umbrella Rank: 159 stats.g.doubleclick.net — Cisco Umbrella Rank: 67 9582686.fls.doubleclick.net — Cisco Umbrella Rank: 401620 googleads.g.doubleclick.net — Cisco Umbrella Rank: 37 googleads4.g.doubleclick.net — Cisco Umbrella Rank: 276 cm.g.doubleclick.net — Cisco Umbrella Rank: 175	239 KB
27	casalemedia.com 6 redirects htlb.casalemedia.com — Cisco Umbrella Rank: 427 dsum-sec.casalemedia.com — Cisco Umbrella Rank: 488 ssum-sec.casalemedia.com — Cisco Umbrella Rank: 463 dsum.casalemedia.com — Cisco Umbrella Rank: 1042	32 KB
26	connatix.com 1 redirects cd.connatix.com — Cisco Umbrella Rank: 3152 cds.connatix.com — Cisco Umbrella Rank: 3185 capi.connatix.com — Cisco Umbrella Rank: 2720 lit.connatix.com — Cisco Umbrella Rank: 6948 vid.connatix.com — Cisco Umbrella Rank: 3732 img.connatix.com — Cisco Umbrella Rank: 3844	2 MB
22	rubiconproject.com 6 redirects fastlane.rubiconproject.com — Cisco Umbrella Rank: 436 eus.rubiconproject.com — Cisco Umbrella Rank: 512 token.rubiconproject.com — Cisco Umbrella Rank: 593 pixel.rubiconproject.com — Cisco Umbrella Rank: 288 secure-assets.rubiconproject.com — Cisco Umbrella Rank: 917 pixel-us-east.rubiconproject.com — Cisco Umbrella Rank: 935	40 KB
21	openx.net 1 redirects teachingaids-d.openx.net — Cisco Umbrella Rank: 20871 u.openx.net — Cisco Umbrella Rank: 636 eu-u.openx.net — Cisco Umbrella Rank: 1733 us-u.openx.net — Cisco Umbrella Rank: 322 rtb.openx.net — Cisco Umbrella Rank: 1330 gift-connect-d.openx.net — Cisco Umbrella Rank: 12359	4 KB
20	adnxs.com 4 redirects ib.adnxs.com — Cisco Umbrella Rank: 210 acdn.adnxs.com — Cisco Umbrella Rank: 547 secure.adnxs.com — Cisco Umbrella Rank: 350	71 KB
19	yahoo.com 8 redirects c2shb.ssp.yahoo.com — Cisco Umbrella Rank: 654 ups.analytics.yahoo.com — Cisco Umbrella Rank: 269 pr-bh.ybp.yahoo.com — Cisco Umbrella Rank: 419 ads.yahoo.com — Cisco Umbrella Rank: 835	8 KB
16	gumgum.com 1 redirects g2.gumgum.com — Cisco Umbrella Rank: 1367 rtb.gumgum.com — Cisco Umbrella Rank: 978	5 KB
14	1rx.io 5 redirects tag.1rx.io — Cisco Umbrella Rank: 1196 sync.1rx.io — Cisco Umbrella Rank: 480	4 KB
12	adsrvr.org 5 redirects match.adsrvr.org — Cisco Umbrella Rank: 295	4 KB
12	amazon-adsystem.com 3 redirects c.amazon-adsystem.com — Cisco Umbrella Rank: 263 s.amazon-adsystem.com — Cisco Umbrella Rank: 266	45 KB
11	servenobid.com ads.servenobid.com — Cisco Umbrella Rank: 1489 public.servenobid.com — Cisco Umbrella Rank: 2761	8 KB
11	4dex.io script.4dex.io — Cisco Umbrella Rank: 1902 mp.4dex.io — Cisco Umbrella Rank: 2329 c.4dex.io — Cisco Umbrella Rank: 5612	25 KB
11	adlightning.com tagan.adlightning.com — Cisco Umbrella Rank: 1168	285 KB
10	ampproject.org cdn.ampproject.org — Cisco Umbrella Rank: 346	221 KB
10	google.com 2 redirects www.google.com — Cisco Umbrella Rank: 2 adservice.google.com — Cisco Umbrella Rank: 59	3 KB
9	pubmatic.com hbopenbid.pubmatic.com — Cisco Umbrella Rank: 420 ads.pubmatic.com — Cisco Umbrella Rank: 429	29 KB
9	googleapis.com imasdk.googleapis.com — Cisco Umbrella Rank: 407 fonts.googleapis.com — Cisco Umbrella Rank: 35	699 KB
8	gstatic.com www.gstatic.com fonts.gstatic.com	215 KB
7	bidswitch.net 5 redirects x.bidswitch.net — Cisco Umbrella Rank: 265	3 KB
7	3lift.com 2 redirects tlx.3lift.com — Cisco Umbrella Rank: 532 eb2.3lift.com — Cisco Umbrella Rank: 356	4 KB
7	serverbid.com 2 redirects e.serverbid.com — Cisco Umbrella Rank: 2568 sync.serverbid.com — Cisco Umbrella Rank: 5626	1 KB
7	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 31	40 KB
7	admetricspro.com qd.admetricspro.com — Cisco Umbrella Rank: 19685	323 KB
6	smartadserver.com 1 redirects ssbsync.smartadserver.com — Cisco Umbrella Rank: 1193 rtb-csync.smartadserver.com — Cisco Umbrella Rank: 535	3 KB
6	indexww.com js-sec.indexww.com — Cisco Umbrella Rank: 618	6 KB
6	advertising.com 5 redirects ads.adaptv.advertising.com — Cisco Umbrella Rank: 1058 pixel.advertising.com — Cisco Umbrella Rank: 307	2 KB
6	quantserve.com 4 redirects secure.quantserve.com — Cisco Umbrella Rank: 829 pixel.quantserve.com — Cisco Umbrella Rank: 374	12 KB
5	adform.net 4 redirects c1.adform.net — Cisco Umbrella Rank: 529	2 KB
5	mathtag.com 5 redirects sync.mathtag.com — Cisco Umbrella Rank: 387	3 KB
5	linkedin.com 3 redirects px.ads.linkedin.com — Cisco Umbrella Rank: 439 www.linkedin.com — Cisco Umbrella Rank: 602 px4.ads.linkedin.com — Cisco Umbrella Rank: 5087	4 KB
5	everesttech.net 4 redirects cm.everesttech.net — Cisco Umbrella Rank: 881 sync-tm.everesttech.net — Cisco Umbrella Rank: 491	1 KB
5	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 50	383 KB
4	outbrain.com 3 redirects sync.outbrain.com — Cisco Umbrella Rank: 717	1 KB
4	zemanta.com 4 redirects b1sync.zemanta.com — Cisco Umbrella Rank: 523	2 KB
4	bidr.io 2 redirects match.prod.bidr.io — Cisco Umbrella Rank: 444	2 KB
4	criteo.com 1 redirects gum.criteo.com — Cisco Umbrella Rank: 355 mug.criteo.com — Cisco Umbrella Rank: 3197	1 KB
4	google.de www.google.de — Cisco Umbrella Rank: 6342 adservice.google.de — Cisco Umbrella Rank: 9027	2 KB
4	lijit.com 2 redirects ap.lijit.com — Cisco Umbrella Rank: 598 ce.lijit.com — Cisco Umbrella Rank: 696	2 KB
4	id5-sync.com cdn.id5-sync.com — Cisco Umbrella Rank: 1505 id5-sync.com — Cisco Umbrella Rank: 493	13 KB
3	creativecdn.com 3 redirects creativecdn.com — Cisco Umbrella Rank: 585	966 B
3	liadm.com 2 redirects i.liadm.com — Cisco Umbrella Rank: 458 i6.liadm.com — Cisco Umbrella Rank: 1371	1 KB
3	w55c.net 3 redirects pm.w55c.net — Cisco Umbrella Rank: 704	2 KB
3	sharethrough.com btlr.sharethrough.com — Cisco Umbrella Rank: 1093	337 B
3	a-mo.net 1 redirects prebid.a-mo.net — Cisco Umbrella Rank: 1014	805 B
3	demdex.net dpm.demdex.net — Cisco Umbrella Rank: 187 kaspersky.demdex.net — Cisco Umbrella Rank: 279798	5 KB
3	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 146	103 KB
2	360yield.com 2 redirects ad.360yield.com — Cisco Umbrella Rank: 621	616 B
2	emxdgt.com cs.emxdgt.com — Cisco Umbrella Rank: 801
2	unrulymedia.com 1 redirects sync.targeting.unrulymedia.com — Cisco Umbrella Rank: 821	868 B
2	33across.com pixel.33across.com — Cisco Umbrella Rank: 2047 ssc-cms.33across.com — Cisco Umbrella Rank: 760
2	creative-serving.com 2 redirects ads.creative-serving.com — Cisco Umbrella Rank: 3024	1 KB
2	eqads.com 1 redirects um2.eqads.com — Cisco Umbrella Rank: 2780	564 B
2	adentifi.com rtb.adentifi.com — Cisco Umbrella Rank: 931	176 B
2	rfihub.com 2 redirects p.rfihub.com — Cisco Umbrella Rank: 615	2 KB
2	simpli.fi 1 redirects um.simpli.fi — Cisco Umbrella Rank: 691	842 B
2	licdn.com snap.licdn.com — Cisco Umbrella Rank: 830	3 KB
2	2mdn.net s0.2mdn.net — Cisco Umbrella Rank: 246	148 KB
2	omtrdc.net kaspersky.d3.sc.omtrdc.net — Cisco Umbrella Rank: 260626	558 B
2	kasperskycontenthub.com kasperskycontenthub.com — Cisco Umbrella Rank: 325008	1 KB
1	adition.com 1 redirects dsp.adfarm1.adition.com — Cisco Umbrella Rank: 1393	487 B
1	socdm.com 1 redirects tg.socdm.com — Cisco Umbrella Rank: 1249	698 B
1	contextweb.com 1 redirects bh.contextweb.com — Cisco Umbrella Rank: 516	383 B
1	bluekai.com 1 redirects stags.bluekai.com — Cisco Umbrella Rank: 447	1 KB
1	deepintent.com match.deepintent.com — Cisco Umbrella Rank: 807	44 B
1	technoratimedia.com sync.technoratimedia.com — Cisco Umbrella Rank: 1041	293 B
1	ipredictive.com 1 redirects sync.ipredictive.com — Cisco Umbrella Rank: 882	428 B
1	stackadapt.com 1 redirects sync.srv.stackadapt.com — Cisco Umbrella Rank: 768	578 B
1	splicky.com 1 redirects bidswitch-eu.splicky.com — Cisco Umbrella Rank: 21446	221 B
1	brand-display.com 1 redirects dmp.brand-display.com — Cisco Umbrella Rank: 1545	318 B
1	sitescout.com 1 redirects pixel-sync.sitescout.com — Cisco Umbrella Rank: 542	299 B
1	dotomi.com 1 redirects casale-match.dotomi.com — Cisco Umbrella Rank: 2279	187 B
1	sonobi.com sync.go.sonobi.com Failed go.sonobi.com — Cisco Umbrella Rank: 661	573 B
1	postrelease.com jadserve.postrelease.com — Cisco Umbrella Rank: 900	427 B
1	onetag-sys.com onetag-sys.com — Cisco Umbrella Rank: 865	814 B
1	bing.com c.bing.com — Cisco Umbrella Rank: 212	594 B
1	mrtnsvr.com 1 redirects ad.mrtnsvr.com — Cisco Umbrella Rank: 1554	248 B
1	adotmob.com 1 redirects sync.adotmob.com — Cisco Umbrella Rank: 1254	307 B
1	cognitivlabs.com 1 redirects beacon.lynx.cognitivlabs.com — Cisco Umbrella Rank: 1174	380 B
1	turn.com 1 redirects ad.turn.com — Cisco Umbrella Rank: 653	425 B
1	digitaloceanspaces.com serverbid-sync.nyc3.cdn.digitaloceanspaces.com — Cisco Umbrella Rank: 6325	5 KB
1	t.co t.co — Cisco Umbrella Rank: 456	336 B
1	twitter.com analytics.twitter.com — Cisco Umbrella Rank: 468	458 B
1	quantcount.com rules.quantcount.com — Cisco Umbrella Rank: 770	352 B
1	ipify.org geo.ipify.org — Cisco Umbrella Rank: 43659	585 B
1	ads-twitter.com static.ads-twitter.com — Cisco Umbrella Rank: 539	6 KB
1	fastclick.net secure.cdn.fastclick.net — Cisco Umbrella Rank: 1595	17 KB
1	kaspersky.com media.kaspersky.com — Cisco Umbrella Rank: 123848	48 KB
458	90

	Domain	Requested by
33	threatpost.com	threatpost.com
21	tpc.googlesyndication.com	tagan.adlightning.com threatpost.com fddb3c9496fcaf8b8a980280780c51e3.safeframe.googlesyndication.com cdn.ampproject.org
18	cm.g.doubleclick.net	8 redirects googleads.g.doubleclick.net u.openx.net ssum-sec.casalemedia.com eb2.3lift.com g2.gumgum.com
15	rtb.gumgum.com	1 redirects g2.gumgum.com
15	dsum-sec.casalemedia.com	3 redirects googleads.g.doubleclick.net ssum-sec.casalemedia.com um2.eqads.com
14	pagead2.googlesyndication.com	srcdoc securepubads.g.doubleclick.net tpc.googlesyndication.com fddb3c9496fcaf8b8a980280780c51e3.safeframe.googlesyndication.com tagan.adlightning.com
14	ib.adnxs.com	3 redirects qd.admetricspro.com cds.connatix.com acdn.adnxs.com ssum-sec.casalemedia.com
13	assets.threatpost.com	threatpost.com assets.threatpost.com
12	match.adsrvr.org	5 redirects u.openx.net ssum-sec.casalemedia.com eb2.3lift.com
12	capi.connatix.com	cd.connatix.com
11	media.threatpost.com	threatpost.com
11	tagan.adlightning.com	threatpost.com tagan.adlightning.com fddb3c9496fcaf8b8a980280780c51e3.safeframe.googlesyndication.com
10	ups.analytics.yahoo.com	5 redirects ssum-sec.casalemedia.com
10	cdn.ampproject.org	threatpost.com
10	ads.servenobid.com	qd.admetricspro.com public.servenobid.com ssum-sec.casalemedia.com g2.gumgum.com ssbsync.smartadserver.com
9	tag.1rx.io	qd.admetricspro.com cds.connatix.com
8	c.4dex.io	threatpost.com
8	www.google.com	2 redirects threatpost.com tagan.adlightning.com fddb3c9496fcaf8b8a980280780c51e3.safeframe.googlesyndication.com
7	x.bidswitch.net	5 redirects eb2.3lift.com ssum-sec.casalemedia.com
7	ssum-sec.casalemedia.com	3 redirects js-sec.indexww.com public.servenobid.com
7	eu-u.openx.net	u.openx.net qd.admetricspro.com eu-u.openx.net
7	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com threatpost.com
7	vid.connatix.com	cd.connatix.com
7	securepubads.g.doubleclick.net	tagan.adlightning.com www.googletagservices.com securepubads.g.doubleclick.net threatpost.com
7	qd.admetricspro.com	threatpost.com qd.admetricspro.com
6	eb2.3lift.com	2 redirects qd.admetricspro.com eb2.3lift.com
6	eus.rubiconproject.com	qd.admetricspro.com eus.rubiconproject.com serverbid-sync.nyc3.cdn.digitaloceanspaces.com g2.gumgum.com
6	s.amazon-adsystem.com	3 redirects ssum-sec.casalemedia.com eb2.3lift.com
6	us-u.openx.net	1 redirects u.openx.net eu-u.openx.net
6	js-sec.indexww.com	cds.connatix.com ssum-sec.casalemedia.com qd.admetricspro.com
6	e.serverbid.com	1 redirects qd.admetricspro.com serverbid-sync.nyc3.cdn.digitaloceanspaces.com
6	c.amazon-adsystem.com	qd.admetricspro.com c.amazon-adsystem.com
5	pixel.rubiconproject.com	g2.gumgum.com
5	sync.1rx.io	5 redirects
5	pr-bh.ybp.yahoo.com	3 redirects ssum-sec.casalemedia.com eu-u.openx.net
5	c1.adform.net	4 redirects ssum-sec.casalemedia.com
5	sync.mathtag.com	5 redirects
5	pixel.advertising.com	5 redirects
5	ads.pubmatic.com	cds.connatix.com qd.admetricspro.com serverbid-sync.nyc3.cdn.digitaloceanspaces.com g2.gumgum.com
5	fonts.googleapis.com	threatpost.com fddb3c9496fcaf8b8a980280780c51e3.safeframe.googlesyndication.com
5	pixel.quantserve.com	4 redirects threatpost.com
5	www.googletagmanager.com	threatpost.com www.googletagmanager.com
4	rtb-csync.smartadserver.com	1 redirects ssbsync.smartadserver.com
4	sync.outbrain.com	3 redirects g2.gumgum.com
4	token.rubiconproject.com	4 redirects
4	b1sync.zemanta.com	4 redirects
4	match.prod.bidr.io	2 redirects eu-u.openx.net ssum-sec.casalemedia.com
4	sync-tm.everesttech.net	3 redirects ssum-sec.casalemedia.com
4	googleads.g.doubleclick.net	threatpost.com fddb3c9496fcaf8b8a980280780c51e3.safeframe.googlesyndication.com
4	fonts.gstatic.com	fonts.googleapis.com
4	teachingaids-d.openx.net	qd.admetricspro.com cds.connatix.com
4	hbopenbid.pubmatic.com	qd.admetricspro.com cds.connatix.com
4	fastlane.rubiconproject.com	qd.admetricspro.com
4	imasdk.googleapis.com	cd.connatix.com imasdk.googleapis.com
4	www.gstatic.com	www.google.com fddb3c9496fcaf8b8a980280780c51e3.safeframe.googlesyndication.com
3	creativecdn.com	3 redirects
3	secure.adnxs.com	1 redirects ssum-sec.casalemedia.com
3	pm.w55c.net	3 redirects
3	acdn.adnxs.com	cds.connatix.com qd.admetricspro.com
3	px.ads.linkedin.com	2 redirects eb2.3lift.com
3	fddb3c9496fcaf8b8a980280780c51e3.safeframe.googlesyndication.com	securepubads.g.doubleclick.net tagan.adlightning.com
3	htlb.casalemedia.com	qd.admetricspro.com cds.connatix.com
3	c2shb.ssp.yahoo.com	qd.admetricspro.com
3	btlr.sharethrough.com	qd.admetricspro.com
3	prebid.a-mo.net	1 redirects qd.admetricspro.com cds.connatix.com
3	ap.lijit.com	1 redirects qd.admetricspro.com
3	id5-sync.com	qd.admetricspro.com cdn.id5-sync.com ssbsync.smartadserver.com
3	cds.connatix.com	threatpost.com cd.connatix.com
3	www.googletagservices.com	threatpost.com fddb3c9496fcaf8b8a980280780c51e3.safeframe.googlesyndication.com
2	ad.360yield.com	2 redirects
2	i.liadm.com	2 redirects
2	secure-assets.rubiconproject.com	2 redirects
2	cs.emxdgt.com	serverbid-sync.nyc3.cdn.digitaloceanspaces.com g2.gumgum.com
2	dsum.casalemedia.com	ssum-sec.casalemedia.com
2	sync.targeting.unrulymedia.com	1 redirects g2.gumgum.com
2	ssbsync.smartadserver.com	public.servenobid.com g2.gumgum.com
2	ads.creative-serving.com	2 redirects
2	um2.eqads.com	1 redirects ssum-sec.casalemedia.com
2	rtb.adentifi.com	ssum-sec.casalemedia.com
2	p.rfihub.com	2 redirects
2	um.simpli.fi	1 redirects ssum-sec.casalemedia.com
2	u.openx.net	cds.connatix.com
2	mug.criteo.com
2	gum.criteo.com	1 redirects
2	googleads4.g.doubleclick.net	fddb3c9496fcaf8b8a980280780c51e3.safeframe.googlesyndication.com
2	adservice.google.com	tagan.adlightning.com 9582686.fls.doubleclick.net
2	adservice.google.de	tagan.adlightning.com adservice.google.com
2	9582686.fls.doubleclick.net	1 redirects www.googletagmanager.com
2	snap.licdn.com	www.googletagmanager.com snap.licdn.com
2	www.google.de	threatpost.com
2	stats.g.doubleclick.net	www.google-analytics.com
2	s0.2mdn.net	imasdk.googleapis.com fddb3c9496fcaf8b8a980280780c51e3.safeframe.googlesyndication.com
2	kaspersky.d3.sc.omtrdc.net	media.kaspersky.com
2	script.4dex.io	qd.admetricspro.com script.4dex.io
2	dpm.demdex.net	media.kaspersky.com threatpost.com
2	img.connatix.com	threatpost.com
2	kasperskycontenthub.com	threatpost.com
1	pixel-us-east.rubiconproject.com	serverbid-sync.nyc3.cdn.digitaloceanspaces.com
1	dsp.adfarm1.adition.com	1 redirects
1	tg.socdm.com	1 redirects
1	ssc-cms.33across.com	g2.gumgum.com
1	bh.contextweb.com	1 redirects
1	stags.bluekai.com	1 redirects
1	match.deepintent.com	g2.gumgum.com
1	sync.technoratimedia.com	g2.gumgum.com
1	sync.ipredictive.com	1 redirects
1	sync.srv.stackadapt.com	1 redirects
1	bidswitch-eu.splicky.com	1 redirects
1	i6.liadm.com	serverbid-sync.nyc3.cdn.digitaloceanspaces.com
1	gift-connect-d.openx.net	serverbid-sync.nyc3.cdn.digitaloceanspaces.com
1	go.sonobi.com	serverbid-sync.nyc3.cdn.digitaloceanspaces.com
1	dmp.brand-display.com	1 redirects
1	pixel-sync.sitescout.com	1 redirects
1	casale-match.dotomi.com	1 redirects
1	ads.yahoo.com
1	jadserve.postrelease.com	public.servenobid.com
1	ce.lijit.com	1 redirects
1	onetag-sys.com	public.servenobid.com
1	pixel.33across.com	public.servenobid.com
1	g2.gumgum.com	public.servenobid.com
1	c.bing.com	eb2.3lift.com
1	ad.mrtnsvr.com	1 redirects
1	sync.adotmob.com	1 redirects
1	beacon.lynx.cognitivlabs.com	1 redirects
1	ad.turn.com	1 redirects
1	rtb.openx.net	eu-u.openx.net
1	public.servenobid.com	qd.admetricspro.com
1	serverbid-sync.nyc3.cdn.digitaloceanspaces.com	qd.admetricspro.com
1	sync.serverbid.com	1 redirects
1	px4.ads.linkedin.com
1	www.linkedin.com	1 redirects
1	t.co	threatpost.com
1	analytics.twitter.com	tagan.adlightning.com
1	ads.adaptv.advertising.com	cds.connatix.com
1	rules.quantcount.com	secure.quantserve.com
1	cm.everesttech.net	1 redirects
1	kaspersky.demdex.net	tagan.adlightning.com
1	geo.ipify.org	qd.admetricspro.com
1	tlx.3lift.com	qd.admetricspro.com
1	mp.4dex.io	qd.admetricspro.com
1	static.ads-twitter.com	www.googletagmanager.com
1	secure.quantserve.com	www.googletagmanager.com
1	lit.connatix.com	cd.connatix.com
1	cdn.id5-sync.com	tagan.adlightning.com
1	secure.cdn.fastclick.net	tagan.adlightning.com
1	cd.connatix.com	1 redirects
1	media.kaspersky.com	threatpost.com
0	sync.go.sonobi.com Failed	public.servenobid.com serverbid-sync.nyc3.cdn.digitaloceanspaces.com
458	148

This site contains links to these domains. Also see Links.

Domain
www.facebook.com
twitter.com
www.linkedin.com
www.youtube.com
feedly.com
www.instagram.com
blog.zimperium.com
media.threatpost.com
owasp.org

Subject Issuer	Validity	Valid
threatpost.com DigiCert TLS RSA SHA256 2020 CA1	`2021-06-02` - `2022-07-03`	a year	crt.sh
*.adlightning.com Amazon	`2021-06-24` - `2022-07-23`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-02-07` - `2022-05-02`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-08-11` - `2022-08-10`	a year	crt.sh
assets.threatpost.com Amazon	`2022-01-05` - `2023-02-03`	a year	crt.sh
media.threatpost.com Amazon	`2022-01-05` - `2023-02-03`	a year	crt.sh
kasperskycontenthub.com DigiCert TLS RSA SHA256 2020 CA1	`2021-06-02` - `2022-07-03`	a year	crt.sh
www.google.com GTS CA 1C3	`2022-01-17` - `2022-04-11`	3 months	crt.sh
media.kaspersky.com DigiCert TLS RSA SHA256 2020 CA1	`2021-04-23` - `2022-04-28`	a year	crt.sh
c.amazon-adsystem.com Amazon	`2021-07-06` - `2022-06-27`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-01-17` - `2022-04-11`	3 months	crt.sh
*.connatix.com Go Daddy Secure Certificate Authority - G2	`2021-08-20` - `2022-09-21`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2022-02-07` - `2022-05-02`	3 months	crt.sh
secure.cdn.fastclick.net DigiCert SHA2 Secure Server CA	`2022-01-15` - `2023-01-17`	a year	crt.sh
cdn.id5-sync.com R3	`2022-02-02` - `2022-05-03`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2022-02-07` - `2022-05-02`	3 months	crt.sh
*.demdex.net DigiCert TLS RSA SHA256 2020 CA1	`2021-10-19` - `2022-11-19`	a year	crt.sh
*.id5-sync.com R3	`2021-12-20` - `2022-03-20`	3 months	crt.sh
*.quantserve.com DigiCert TLS RSA SHA256 2020 CA1	`2021-09-22` - `2022-09-21`	a year	crt.sh
ads-twitter.com DigiCert TLS RSA SHA256 2020 CA1	`2021-07-21` - `2022-07-26`	a year	crt.sh
*.lijit.com Go Daddy Secure Certificate Authority - G2	`2021-03-11` - `2022-04-12`	a year	crt.sh
ads.servenobid.com Amazon	`2021-06-28` - `2022-07-27`	a year	crt.sh
*.a-mo.net R3	`2021-12-28` - `2022-03-28`	3 months	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2022-02-11` - `2023-03-14`	a year	crt.sh
*.sharethrough.com Amazon	`2021-08-13` - `2022-09-11`	a year	crt.sh
e.serverbid.com R3	`2022-01-17` - `2022-04-17`	3 months	crt.sh
*.rubiconproject.com DigiCert TLS RSA SHA256 2020 CA1	`2021-03-30` - `2022-04-04`	a year	crt.sh
*.pubmatic.com DigiCert Baltimore TLS RSA SHA256 2020 CA1	`2021-08-04` - `2022-09-04`	a year	crt.sh
*.1rx.io Sectigo RSA Domain Validation Secure Server CA	`2021-06-01` - `2022-07-02`	a year	crt.sh
*.openx.net GeoTrust RSA CA 2018	`2021-07-08` - `2022-08-08`	a year	crt.sh
web.ssp.yahoo.com DigiCert SHA2 High Assurance Server CA	`2021-10-14` - `2022-04-06`	6 months	crt.sh
san.casalemedia.com GeoTrust RSA CA 2018	`2021-12-12` - `2022-12-13`	a year	crt.sh
*.3lift.com Amazon	`2021-06-12` - `2022-07-11`	a year	crt.sh
*.ipify.org Sectigo RSA Domain Validation Secure Server CA	`2022-02-07` - `2023-03-10`	a year	crt.sh
*.d3.sc.omtrdc.net DigiCert SHA2 High Assurance Server CA	`2020-02-28` - `2022-03-04`	2 years	crt.sh
*.doubleclick.net GTS CA 1C3	`2022-02-07` - `2022-05-02`	3 months	crt.sh
*.v.ssp.yahoo.com DigiCert SHA2 High Assurance Server CA	`2021-10-19` - `2022-04-13`	6 months	crt.sh
*.twitter.com DigiCert TLS RSA SHA256 2020 CA1	`2021-10-31` - `2022-10-30`	a year	crt.sh
t.co DigiCert TLS RSA SHA256 2020 CA1	`2021-12-13` - `2022-12-12`	a year	crt.sh
*.google.com GTS CA 1C3	`2022-01-17` - `2022-04-11`	3 months	crt.sh
www.google.de GTS CA 1C3	`2022-02-07` - `2022-05-02`	3 months	crt.sh
*.licdn.com DigiCert SHA2 Secure Server CA	`2021-07-15` - `2022-07-20`	a year	crt.sh
*.google.de GTS CA 1C3	`2022-02-07` - `2022-05-02`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2022-01-17` - `2022-04-11`	3 months	crt.sh
misc-sni.google.com GTS CA 1C3	`2022-01-17` - `2022-04-11`	3 months	crt.sh
*.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-02-04` - `2022-05-03`	3 months	crt.sh
cdn.adnxs.com GlobalSign Organization Validated CA - SHA256 - G4	`2021-05-10` - `2022-06-11`	a year	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2021-03-18` - `2022-04-19`	a year	crt.sh
*.ybp.yahoo.com DigiCert SHA2 High Assurance Server CA	`2022-01-18` - `2022-07-13`	6 months	crt.sh
ups.analytics.yahoo.com DigiCert SHA2 High Assurance Server CA	`2022-01-11` - `2022-07-06`	6 months	crt.sh
adentifi.com Amazon	`2021-09-04` - `2022-10-03`	a year	crt.sh
um3.eqads.com Amazon	`2021-06-26` - `2022-07-25`	a year	crt.sh
c.4dex.io GTS CA 1D4	`2021-12-24` - `2022-03-24`	3 months	crt.sh
*.nyc3.cdn.digitaloceanspaces.com DigiCert TLS RSA SHA256 2020 CA1	`2021-03-30` - `2022-04-30`	a year	crt.sh
public.servenobid.com DigiCert TLS RSA SHA256 2020 CA1	`2021-05-22` - `2022-05-22`	a year	crt.sh
*.everesttech.net GlobalSign Atlas R3 DV TLS CA 2022 Q1	`2022-02-03` - `2023-03-07`	a year	crt.sh
www.linkedin.com DigiCert SHA2 Secure Server CA	`2021-12-06` - `2022-06-06`	6 months	crt.sh
www.bing.com Microsoft RSA TLS CA 01	`2021-12-22` - `2022-06-22`	6 months	crt.sh
*.bidswitch.net Sectigo RSA Domain Validation Secure Server CA	`2020-04-23` - `2022-05-04`	2 years	crt.sh
*.gumgum.com Amazon	`2021-06-05` - `2022-07-04`	a year	crt.sh
*.33across.com Sectigo RSA Domain Validation Secure Server CA	`2021-09-23` - `2022-09-30`	a year	crt.sh
*.onetag-sys.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-01-10` - `2023-01-03`	a year	crt.sh
*.smartadserver.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-01-25` - `2023-01-25`	a year	crt.sh
*.postrelease.com Amazon	`2021-12-28` - `2023-01-25`	a year	crt.sh
*.match.prod.bidr.io Amazon	`2022-01-27` - `2023-02-25`	a year	crt.sh
track.adform.net DigiCert TLS RSA SHA256 2020 CA1	`2021-09-06` - `2022-10-07`	a year	crt.sh
*.emxdgt.com Go Daddy Secure Certificate Authority - G2	`2021-05-18` - `2022-06-19`	a year	crt.sh
*.go.sonobi.com Go Daddy Secure Certificate Authority - G2	`2021-12-08` - `2023-01-09`	a year	crt.sh
*.technoratimedia.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2021-09-17` - `2022-10-05`	a year	crt.sh
*.deepintent.com Go Daddy Secure Certificate Authority - G2	`2020-04-09` - `2022-06-08`	2 years	crt.sh

This page contains 65 frames:

Primary Page: https://threatpost.com/android-malware-flytrap-facebook/168463/
Frame ID: 3DD5F647D42BB2880E89309C9C0C9EEB
Requests: 160 HTTP requests in this frame

Frame: https://cds.connatix.com/p/151003/connatix.player.dc.js
Frame ID: 276217AE02A8255C898C93B63754E3DC
Requests: 23 HTTP requests in this frame

Frame: https://cds.connatix.com/p/plugins/prebid6.7.0.js
Frame ID: 68C5E8B98B09667CDFB70EB66BB21EC1
Requests: 25 HTTP requests in this frame

Frame: https://kaspersky.demdex.net/dest5.html?d_nsid=0
Frame ID: 9EB92800512D503388ADBA3CE3BC73D4
Requests: 1 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.501.0_en.html
Frame ID: 9246CEF8A575DE6B11DED46D4C13C526
Requests: 1 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.501.0_en.html
Frame ID: D023C514249BC6E1B56DBFC49F7CCC2A
Requests: 1 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.501.0_en.html
Frame ID: 1391AB12FD0C1F9EBD8D1536DAE4C55F
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: E92ADD0BBECE6C8D5BE95DFCD5B3C1D2
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: 27B9506FAE526D647D39C9A456FD3308
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: 01CDAEADEA413AB859ABC846A2A1F9F0
Requests: 1 HTTP requests in this frame

Frame: https://9582686.fls.doubleclick.net/activityi;dc_pre=CMuD0-aRifYCFSRDHQkdnIAFsA;src=9582686;type=globalc;cat=globa0;ord=5699076971420;gtm=2od2g0;auiddc=723368599.1645183413;u1=B2C;u2=no_locale;u4=threatpost.com;u5=%2Fandroid-malware-flytrap-facebook%2F168463%2F;u6=;u7=03632348524271944892590416654143285768-810955728.1645183412;u9=_android-malware-flytrap-facebook_168463_;~oref=https%3A%2F%2Fthreatpost.com%2Fandroid-malware-flytrap-facebook%2F168463%2F
Frame ID: B85FC49B32B40246FFA73172EE6432FC
Requests: 1 HTTP requests in this frame

Frame: https://fddb3c9496fcaf8b8a980280780c51e3.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 8D00F6CD86326CDB5B82FF89C55A710A
Requests: 1 HTTP requests in this frame

Frame: https://adservice.google.com/ddm/fls/i/dc_pre=CMuD0-aRifYCFSRDHQkdnIAFsA;src=9582686;type=globalc;cat=globa0;ord=5699076971420;gtm=2od2g0;auiddc=723368599.1645183413;u1=B2C;u2=no_locale;u4=threatpost.com;u5=%2Fandroid-malware-flytrap-facebook%2F168463%2F;u6=;u7=03632348524271944892590416654143285768-810955728.1645183412;u9=_android-malware-flytrap-facebook_168463_;~oref=https%3A%2F%2Fthreatpost.com%2Fandroid-malware-flytrap-facebook%2F168463%2F
Frame ID: 2E7CCA0D017B22163100F7F2FFB49D56
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 5B8CA0848C2176D17E161E3F66CB5F55
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 3E6422ED326503B5121A924763BA9835
Requests: 2 HTTP requests in this frame

Frame: https://adservice.google.de/ddm/fls/i/dc_pre=CMuD0-aRifYCFSRDHQkdnIAFsA;src=9582686;type=globalc;cat=globa0;ord=5699076971420;gtm=2od2g0;auiddc=723368599.1645183413;u1=B2C;u2=no_locale;u4=threatpost.com;u5=%2Fandroid-malware-flytrap-facebook%2F168463%2F;u6=;u7=03632348524271944892590416654143285768-810955728.1645183412;u9=_android-malware-flytrap-facebook_168463_;~oref=https%3A%2F%2Fthreatpost.com%2Fandroid-malware-flytrap-facebook%2F168463%2F
Frame ID: CF922DD033D7D56C4BE0AF64F4358032
Requests: 1 HTTP requests in this frame

Frame: https://tagan.adlightning.com/math-aids-threatpost/bl-8f58e1d-bb67780e.js
Frame ID: 51D04C435AF5A223A2A52EAB43132BEC
Requests: 19 HTTP requests in this frame

Frame: https://tagan.adlightning.com/math-aids-threatpost/bl-8f58e1d-bb67780e.js
Frame ID: BD0B393C51243F79EAE4C98B22B2F4E0
Requests: 20 HTTP requests in this frame

Frame: https://fddb3c9496fcaf8b8a980280780c51e3.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 512E09877A48C9118707FD660516809B
Requests: 15 HTTP requests in this frame

Frame: https://fddb3c9496fcaf8b8a980280780c51e3.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 4F3B6DA1BC85BCE399C6A6270BF4E2DE
Requests: 7 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJb4yM4CEJ-0q4IDGK2HtLsBMAE&v=APEucNXwOvwvsNVjQjqG_cOPw8Xw2rUjvacPFo5eBzE6DsDFzU54xa7JqQ8pxfYcHqczO7bTcHzOLHDc4sRUTl6G6ZPXj4pbBC8dVFwVG41mLLTHTqvRS2c
Frame ID: C8F6FE617B8276CA6B5312627F19936A
Requests: 4 HTTP requests in this frame

Frame: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
Frame ID: 6E3F6D0F1112703621EAD8A77F08BA64
Requests: 7 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156858&gdpr=0&gdpr_consent=
Frame ID: C61513E0D571306CC799B0F50540AC6D
Requests: 1 HTTP requests in this frame

Frame: https://u.openx.net/w/1.0/pd?gdpr=0&gdpr_consent=
Frame ID: 0A8095AA89626656E9AF0819570E07B4
Requests: 7 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: B9F257F1ECCD8F2756B9F758EB2DF42C
Requests: 3 HTTP requests in this frame

Frame: https://js-sec.indexww.com/um/ixmatch.html
Frame ID: ED44DE0707CBBE6AC4CA074A7C02E4AD
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156858&gdpr=0&gdpr_consent=
Frame ID: 61B0D261D0566929627FD2B207BD4EA2
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: E40CD85745CF0D3361AEB07E65ECA4D1
Requests: 3 HTTP requests in this frame

Frame: https://js-sec.indexww.com/um/ixmatch.html
Frame ID: 79E559882F12742B99CD4B598702E9C6
Requests: 1 HTTP requests in this frame

Frame: https://u.openx.net/w/1.0/pd?gdpr=0&gdpr_consent=
Frame ID: B38462DD064F0C263744EFCCEE2C5B93
Requests: 7 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 8A62902592788B152463307EA36EE679
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 3133CF6FC6543BF97911C672423464AF
Requests: 3 HTTP requests in this frame

Frame: https://ssum-sec.casalemedia.com/usermatch?d=https://threatpost.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Frame ID: 30312E7BC0186AD06B93BDE88D4E95D9
Requests: 10 HTTP requests in this frame

Frame: https://ssum-sec.casalemedia.com/usermatch?d=https://threatpost.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Frame ID: 2FF9BDB26DA6547FC5C8E60A2278997A
Requests: 9 HTTP requests in this frame

Frame: https://um2.eqads.com/um/cs&eq_cc=1
Frame ID: 56D3C53ED27D5374BECF0EA6BE6605A5
Requests: 2 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html
Frame ID: C72C652F8E53136BCAAB96AB197FE3DB
Requests: 10 HTTP requests in this frame

Frame: https://eb2.3lift.com/sync?&ld=1
Frame ID: B4C052C0AE0F38E5A4769F97E3652FB2
Requests: 11 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156858&gdpr=0&gdpr_consent=
Frame ID: 3CC111578340ACB2603C2B001AB14F5E
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: 58FB4CC1CA39EC1AE6D6257B6A9068B0
Requests: 3 HTTP requests in this frame

Frame: https://ap.lijit.com/beacon?informer=13394437
Frame ID: 19D889FB425EFF150C156C08AEA92C4D
Requests: 1 HTTP requests in this frame

Frame: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=e1b1f5e1-3c2c-4287-9806-317cfbf3bd12&gdpr=0
Frame ID: 259FE9B2C65827D943735C073F7692F9
Requests: 7 HTTP requests in this frame

Frame: https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/ss/2000891.html
Frame ID: 1C11D62E01F4D19FD11C041488193C49
Requests: 8 HTTP requests in this frame

Frame: https://public.servenobid.com/sync.html
Frame ID: C9BB3B1C53FEEDFBB9CB4ECC3CA7B062
Requests: 9 HTTP requests in this frame

Frame: https://js-sec.indexww.com/um/ixmatch.html
Frame ID: DE6298C272BE5FFA0389B756775B4F52
Requests: 1 HTTP requests in this frame

Frame: https://ssum-sec.casalemedia.com/usermatch?d=https://threatpost.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Frame ID: D5038BB74E33DC34F04D5989C1D5407B
Requests: 10 HTTP requests in this frame

Frame: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Frame ID: 45D6C4EA534CE89E042B9D7439CCCF37
Requests: 16 HTTP requests in this frame

Frame: https://pixel.33across.com/ps?m=xch&rt=html&id=0010b00002Mq2FYAAZ&ru=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D304%26uid%3D33XUSERID33X
Frame ID: C7C2D9D80FC57324BDA451BE7BCF6988
Requests: 1 HTTP requests in this frame

Frame: https://onetag-sys.com/usync/?pubId=694e68b73971b58&gdpr=0&gdpr_consent=&us_privacy=1YN-&https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D318%26uid%3D
Frame ID: E2F8FAB844EDAAFACCA8E6AC1A5A5A14
Requests: 1 HTTP requests in this frame

Frame: https://ssbsync.smartadserver.com/api/sync?callerId=9&gdpr=0&gdpr_consent=&us_privacy=1YN-&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D317%26uid%3D%24UID
Frame ID: BAEB5709A6FA64E1426410B5BF8A74D7
Requests: 6 HTTP requests in this frame

Frame: https://ssum-sec.casalemedia.com/usermatch?s=195491&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D
Frame ID: 8D5E7E9B194C170458BCCD8B45D955FA
Requests: 10 HTTP requests in this frame

Frame: https://cs.emxdgt.com/um?ssp=pbs&redirect=https%3A%2F%2Fe.serverbid.com%2Fudb%2F9969%2Fsync%2Fi.gif%3FpartnerId%3D44%26userId%3D%24UID
Frame ID: 2F55429BAACE3185FD1332979B2BB641
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?p=17632&endpoint=us-east
Frame ID: 2A063A3653C7CD61E252B97424921C00
Requests: 3 HTTP requests in this frame

Frame: https://go.sonobi.com/uc.html?pubid=e55fb5d7c2
Frame ID: CE82495F66F847FA562A38B45D5322E6
Requests: 1 HTTP requests in this frame

Frame: https://gift-connect-d.openx.net/w/1.0/cm?id=fd531c74-f5ed-4e60-8874-939fb2acafa1&r=https%3A%2F%2Fe.serverbid.com%2Fudb%2F9969%2Fsync%2Fi.gif%3FpartnerId%3D19%26userId%3D
Frame ID: 91E9D6990C03B208C139C5FF6181BFF7
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156319&userIdMacro=PM_UID&predirect=https%3A%2F%2Fe.serverbid.com%2Fudb%2F9969%2Fsync%2Fi.gif%3FpartnerId%3D4%26userId%3DPM_UID
Frame ID: 89C673867DA4F64FEACB933EF060FD5C
Requests: 1 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usersync?b=mmh&i=4913620f-81b6-4700-989d-2aa87d99eb45&gdpr=0&gdpr_consent=
Frame ID: 86ABD0595F5FA0E046C1D8438E34BF9D
Requests: 1 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usersync?b=atm&i=Yg_BsgAAAIGs2QQz&gdpr=0&gdpr_consent=
Frame ID: 77BA4E4248B3B59883BA3BCD9843B154
Requests: 1 HTTP requests in this frame

Frame: https://cm.g.doubleclick.net/pixel?google_nid=gumgum_dbm&google_hm=ZV8yOGRhMjM2OC01ZDBmLTRiYjYtYTNlNi1lMDY0MjRlMWVmYmQ=&gdpr=0&gdpr_consent=
Frame ID: D5F12B403948B061DBE44F867829F8EE
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=0&gdprConsent=
Frame ID: 0217DD25FC2631EF4CAB8287CC359050
Requests: 1 HTTP requests in this frame

Frame: https://ssc-cms.33across.com/ps/?m=xch&rt=html&id=0013300001r0t9mAAA&ru=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dtta%26i%3D33XUSERID33X
Frame ID: F567F1956B2188064BEDF725B778D2B0
Requests: 1 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usersync?b=ttd&i=5237a546-8536-4403-b4ff-984b6912ae90&t=1647775417
Frame ID: 70950F6A8CA336F56303903DE1D17E14
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?p=gumgum
Frame ID: F1D855823152A3F0FCD1168C3F2B63FB
Requests: 3 HTTP requests in this frame

Frame: https://cs.emxdgt.com/um?redirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Demx%26i%3D%24UID
Frame ID: 4586598AAD6911FEDA3BDF02D5035B85
Requests: 1 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usersync?b=sus&i=Yg.BucCo5ssAADv9ebUAAAAA
Frame ID: 36B98DF68111A61F205DC63D504FAFF4
Requests: 1 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usersync?b=rth&i=d0ni14mX7zVrowXRBqJJ&pi=gumgum&tc=1
Frame ID: 6414BABD4F3D29A55CF81B70563F8585
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Android Malware ‘FlyTrap’ Hijacks Facebook Accounts | Threatpost

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

<link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
/wp-(?:content|includes)/
wp-embed\.min\.js\?ver=([\d.]+)

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

DoubleClick for Publishers (DFP) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googletagservices\.com/tag/js/gpt(?:_mobile)?\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

Prebid (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

/prebid\.js
adnxs\.com/[^"]*(?:prebid|/pb\.js)

PubMatic (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.pubmatic\.com

Quantcast Measure (Analytics) Expand

Overall confidence: 100%
Detected patterns

\.quantserve\.com/quant\.js

Rubicon Project (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.rubiconproject\.com

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

reCAPTCHA (Captchas) Expand

Overall confidence: 100%
Detected patterns

/recaptcha/api\.js

Page Statistics

458
Requests

83 %
HTTPS

28 %
IPv6

90
Domains

148
Subdomains

104
IPs

11
Countries

6331 kB
Transfer

14086 kB
Size

122
Cookies

15 Outgoing links

These are links going to different origins than the main page.

URL: https://www.facebook.com/Threatpost/

Search URL Search Domain Scan URL

URL: https://twitter.com/threatpost/

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/threatpost/

Search URL Search Domain Scan URL

URL: https://www.youtube.com/user/threatpost

Search URL Search Domain Scan URL

URL: https://feedly.com/threatpost

Search URL Search Domain Scan URL

URL: https://www.instagram.com/Threatpost/

Search URL Search Domain Scan URL

URL: https://blog.zimperium.com/flytrap-android-malware-compromises-thousands-of-facebook-accounts/
Title: report

Search URL Search Domain Scan URL

URL: https://media.threatpost.com/wp-content/uploads/sites/103/2021/08/09113314/come-ons.jpeg

Search URL Search Domain Scan URL

URL: https://media.threatpost.com/wp-content/uploads/sites/103/2021/08/09113318/facebook-hacking-app.jpeg

Search URL Search Domain Scan URL

URL: https://owasp.org/www-community/attacks/xss/
Title: JavaScript injection

Search URL Search Domain Scan URL

URL: https://media.threatpost.com/wp-content/uploads/sites/103/2021/08/09114111/flytrap-map-e1628523685705.jpg

Search URL Search Domain Scan URL

URL: http://twitter.com/Trellix
Title: @Trellix

Search URL Search Domain Scan URL

URL: http://twitter.com/t
Title: @t

Search URL Search Domain Scan URL

URL: https://twitter.com/threatpost
Title: Follow @threatpost

Search URL Search Domain Scan URL

URL: https://media.threatpost.com/wp-content/uploads/sites/103/2021/12/09015533/ThreatpostMK_TEMPLATE.pdf
Title: Advertise With Us

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 44

https://cd.connatix.com/connatix.player.js HTTP 302
https://cds.connatix.com/p/151003/connatix.player.dc.js

Request Chain 130

https://cm.everesttech.net/cm/dd?d_uuid=08153247148641684833290415637164377170 HTTP 302
https://dpm.demdex.net/ibs:dpid=411&dpuuid=Yg_BsgAAAIGs2QQz

Request Chain 176

https://9582686.fls.doubleclick.net/activityi;src=9582686;type=globalc;cat=globa0;ord=5699076971420;gtm=2od2g0;auiddc=723368599.1645183413;u1=B2C;u2=no_locale;u4=threatpost.com;u5=%2Fandroid-malware-flytrap-facebook%2F168463%2F;u6=;u7=03632348524271944892590416654143285768-810955728.1645183412;u9=_android-malware-flytrap-facebook_168463_;~oref=https%3A%2F%2Fthreatpost.com%2Fandroid-malware-flytrap-facebook%2F168463%2F HTTP 302
https://9582686.fls.doubleclick.net/activityi;dc_pre=CMuD0-aRifYCFSRDHQkdnIAFsA;src=9582686;type=globalc;cat=globa0;ord=5699076971420;gtm=2od2g0;auiddc=723368599.1645183413;u1=B2C;u2=no_locale;u4=threatpost.com;u5=%2Fandroid-malware-flytrap-facebook%2F168463%2F;u6=;u7=03632348524271944892590416654143285768-810955728.1645183412;u9=_android-malware-flytrap-facebook_168463_;~oref=https%3A%2F%2Fthreatpost.com%2Fandroid-malware-flytrap-facebook%2F168463%2F

Request Chain 185

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=39138&time=1645183413266&url=https%3A%2F%2Fthreatpost.com%2Fandroid-malware-flytrap-facebook%2F168463%2F HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D39138%26time%3D1645183413266%26url%3Dhttps%253A%252F%252Fthreatpost.com%252Fandroid-malware-flytrap-facebook%252F168463%252F%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=39138&time=1645183413266&url=https%3A%2F%2Fthreatpost.com%2Fandroid-malware-flytrap-facebook%2F168463%2F&liSync=true HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=39138&time=1645183413266&url=https%3A%2F%2Fthreatpost.com%2Fandroid-malware-flytrap-facebook%2F168463%2F&liSync=true&e_ipv6=AQLR1pVPmBfEgQAAAX8Mkqgr-8TKTp0ComnIXUb8ZZDyKTbQJTCN7ffSRF83s_W1cg

Request Chain 245

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 261

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fthreatpost.com%2F&domain=threatpost.com&cw=1&lsw=1 HTTP 302
https://mug.criteo.com/sid?cpp=eMLT5nxPOW1LM3hoTHBOeUkyOWRXQjNyL3k3Qm1OYVhwd05nT3h3MUxvUHRQcUk5Y1BVMTlPeXhuSzNxbFZuU0NtWDlMb3JaRnFycUg1RDFrQ0N2dEJRUFE3SFQwcjZyaW9vM1VZNVBzdWhwdngzaTF3WDRtc1ZsbHExNHV3d1BNZjFMTFJGQWt3Z2YrNk9RV1VqMnp3a0d0dkxPUWhLdHpyWnRLNGFTanczNEtMUEg3QWdEdm4xU3BpNFA4aDQzRlkrU1pHVVJyU0YweXpPbW54L3BKQjN4VktJbERoWDQwTkcxYVA0VHhZRFppOW1rPXw&cppv=2

Request Chain 270

https://pixel.advertising.com/ups/57304/sync?gdpr=&gdpr_consent=&_origin=0&redir=true HTTP 302
https://pixel.advertising.com/ups/57304/sync?gdpr=&gdpr_consent=&_origin=0&redir=true&verify=true HTTP 302
https://ups.analytics.yahoo.com/ups/57304/sync?gdpr=&gdpr_consent=&_origin=0&redir=true&apid=UP359805b7-90ad-11ec-ae57-0654adbd93ae HTTP 302
https://ups.analytics.yahoo.com/ups/57304/sync?gdpr=&gdpr_consent=&_origin=0&redir=true&apid=UP359805b7-90ad-11ec-ae57-0654adbd93ae&verify=true HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=adaptv_dbm&google_cm&google_hm=VVAzNTk4MDViNy05MGFkLTExZWMtYWU1Ny0wNjU0YWRiZDkzYWU%3D HTTP 302
https://pixel.advertising.com/ups/57304/sync?uid=CAESEHXuVm9xQaDGBXIlkhvTC5s&google_cver=1 HTTP 302
https://ups.analytics.yahoo.com/ups/57304/sync?uid=CAESEHXuVm9xQaDGBXIlkhvTC5s&google_cver=1&apid=UP359805b7-90ad-11ec-ae57-0654adbd93ae

Request Chain 271

https://sync-tm.everesttech.net/upi/pid/m7y5t93k?gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fpixel.advertising.com%2Fups%2F55986%2Fsync%3Fuid%3D%24%7BUSER_ID%7D%26_origin%3D0&gdpr=0&gdpr_consent= HTTP 302
https://pixel.advertising.com/ups/55986/sync?uid=Yg_BsgAAAIGs2QQz&_origin=0&gdpr=0&gdpr_consent= HTTP 302
https://ups.analytics.yahoo.com/ups/55986/sync?uid=Yg_BsgAAAIGs2QQz&_origin=0&gdpr=0&gdpr_consent=&apid=UP359805b7-90ad-11ec-ae57-0654adbd93ae HTTP 302
https://ups.analytics.yahoo.com/ups/55986/sync?uid=Yg_BsgAAAIGs2QQz&_origin=0&gdpr=0&gdpr_consent=&apid=UP359805b7-90ad-11ec-ae57-0654adbd93ae&verify=true

Request Chain 272

https://match.adsrvr.org/track/cmf/generic?ttd_pid=adaptv&ttd_tpi=1 HTTP 302
https://match.adsrvr.org/track/cmb/generic?ttd_pid=adaptv&ttd_tpi=1 HTTP 302
https://ups.analytics.yahoo.com/ups/55953/sync?uid=5237a546-8536-4403-b4ff-984b6912ae90&_origin=1&gdpr=1&gdpr_consent=

Request Chain 276

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm&gdpr=0 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDYmpHoJatiZ7wWXOyZrN8g&google_cver=1&gdpr=0 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDYmpHoJatiZ7wWXOyZrN8g&google_cver=1&gdpr=0&C=1

Request Chain 277

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&gdpr=0&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgdpr%3D0%26google_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&gdpr=0&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?gdpr=0&google_nid=casale_media2_dsp_secure&google_cm&google_hm=Yg.BtthjTwNlHGMUg.e2YwAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDYmpHoJatiZ7wWXOyZrN8g&google_cver=1&gdpr=0&google_hm=2

Request Chain 281

https://sync.mathtag.com/sync/img?mt_exid=5&redir=https%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D536872786%26val%3D%5BMM_UUID%5D HTTP 302
https://eu-u.openx.net/w/1.0/sd?id=536872786&val=4913620f-81b6-4700-989d-2aa87d99eb45

Request Chain 282

https://pixel.quantserve.com/pixel/p-25CIknq_eSg16.gif?idmatch=0&gdpr=0 HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072956&&val=EsPz9hzAoaIJkvf2HJDu9RbJ9KkJwaH1F8SCYmSc

Request Chain 283

https://c1.adform.net/serving/cookie/match?party=22 HTTP 302
https://c1.adform.net/serving/cookie/match?CC=1&party=22 HTTP 302
https://eu-u.openx.net/w/1.0/sd?id=537113484&val=3214093212461078255

Request Chain 286

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEBMKcsuLEneHaCpq0g0cEGs&google_cver=1

Request Chain 287

https://sync.mathtag.com/sync/img?mt_exid=5&redir=https%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D536872786%26val%3D%5BMM_UUID%5D HTTP 302
https://eu-u.openx.net/w/1.0/sd?id=536872786&val=d89e620f-81b6-4800-98f1-89cc01062d5d

Request Chain 288

https://pixel.quantserve.com/pixel/p-25CIknq_eSg16.gif?idmatch=0&gdpr=0 HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072956&&val=EsPz9hzAoaIJkvf2HJDu9RbJ9KkJwaH1F8SCYmSc

Request Chain 289

https://c1.adform.net/serving/cookie/match?party=22 HTTP 302
https://c1.adform.net/serving/cookie/match?CC=1&party=22 HTTP 302
https://eu-u.openx.net/w/1.0/sd?id=537113484&val=2071559945432283229

Request Chain 292

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEBMKcsuLEneHaCpq0g0cEGs&google_cver=1

Request Chain 295

https://ssum-sec.casalemedia.com/usermatch?d=https://threatpost.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F HTTP 302
https://ssum-sec.casalemedia.com/usermatch?d=https://threatpost.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1

Request Chain 296

https://ssum-sec.casalemedia.com/usermatch?d=https://threatpost.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F HTTP 302
https://ssum-sec.casalemedia.com/usermatch?d=https://threatpost.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1

Request Chain 300

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 306

https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=Yg-Btm2geTWNEjXPGDdxGQAAANMAAAAB HTTP 302
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=Yg-Btm2geTWNEjXPGDdxGQAAANMAAAAB&dcc=t

Request Chain 308

https://pm.w55c.net/ping_match.gif?ei=CASALE&rurl=https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=_wfivefivec_&gdpr=1 HTTP 302
https://pm.w55c.net/ping_match.gif?scc=1&ei=CASALE&rurl=https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=_wfivefivec_&gdpr=1 HTTP 302
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=ljuiJqpp1Nl1mn5&gdpr=1

Request Chain 309

https://sync.mathtag.com/sync/img?mt_exid=15&redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Fcrum%3Fcm_dsp_id%3D3%26external_user_id%3D%5BMM_UUID%5D&gdpr=1 HTTP 302
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=3&external_user_id=d89e620f-81b6-4800-98f1-89cc01062d5d&gdpr=1&gdpr_consent=

Request Chain 310

https://pixel.quantserve.com/pixel/p-Z8PuJEk6U7Hyq.gif?idmatch=0&gdpr=1 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=81&&external_user_id=D60-QwGubBcU_DpDAf4jQAunORwUr2xACqoU5OeV

Request Chain 311

https://um.simpli.fi/pm_match?https://dsum-sec.casalemedia.com/crum?cm_dsp_id=90&external_user_id=$UID&gdpr=1 HTTP 302
https://um.simpli.fi/no_match_opted_out

Request Chain 315

https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=Yg-Btm2geTWNEjXPGDdxGwAAANMAAAIB HTTP 302
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=Yg-Btm2geTWNEjXPGDdxGwAAANMAAAIB&dcc=t

Request Chain 318

https://p.rfihub.com/cm?in=1&pub=2079&gdpr=1 HTTP 302
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=57&external_user_id=5134455420404798272

Request Chain 321

https://um2.eqads.com/um/cs HTTP 302
https://um2.eqads.com/um/cs&eq_cc=1

Request Chain 331

https://eb2.3lift.com/sync HTTP 302
https://eb2.3lift.com/sync?&ld=1

Request Chain 336

https://sync.serverbid.com/ss/2000891.html HTTP 302
https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/ss/2000891.html

Request Chain 342

https://pm.w55c.net/ping_match.gif?ei=OPENX&rurl=https%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537072979%26val%3D_wfivefivec_ HTTP 302
https://eu-u.openx.net/w/1.0/sd?id=537072979&val=ljuiJqpp1Nl1mn5

Request Chain 343

https://x.bidswitch.net/sync?ssp=openx HTTP 302
https://x.bidswitch.net/ul_cb/sync?ssp=openx HTTP 302
https://ads.creative-serving.com/bsw_sync?bidswitch_ssp_id=openx&bsw_custom_parameter=d4e8f76e-a84d-46fd-9470-9fe19a023459 HTTP 302
https://ads.creative-serving.com/ul_cb/bsw_sync?bidswitch_ssp_id=openx&bsw_custom_parameter=d4e8f76e-a84d-46fd-9470-9fe19a023459 HTTP 302
https://x.bidswitch.net/sync?dsp_id=4&user_id=4b34a6c7-fbab-4492-968f-470d650e9ff7&ssp=openx&expires=30&user_group=5&bsw_param=d4e8f76e-a84d-46fd-9470-9fe19a023459 HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072968&val=d4e8f76e-a84d-46fd-9470-9fe19a023459

Request Chain 344

https://ib.adnxs.com/getuid?https://eu-u.openx.net/w/1.0/sd?id=537072399&val=$UID HTTP 302
https://eu-u.openx.net/w/1.0/sd?id=537072399&val=1909263020753827595

Request Chain 345

https://match.prod.bidr.io/cookie-sync/ox HTTP 303
https://match.prod.bidr.io/cookie-sync/ox?_bee_ppp=1 HTTP 303
https://cm.g.doubleclick.net/pixel?google_nid=beeswaxio&google_sc=&google_hm=QUFFYk1VN0VId01BQUhZMG1LR0JSZw&bee_sync_partners=pm%2Cpp%2Csas%2Cox&bee_sync_current_partner=adx&bee_sync_initiator=ox&bee_sync_hop_count=1 HTTP 302
https://match.prod.bidr.io/cookie-sync/adx?bee_sync_partners=pm%2Cpp%2Csas%2Cox&bee_sync_current_partner=adx&bee_sync_initiator=ox&bee_sync_hop_count=1

Request Chain 349

https://ad.turn.com/r/cs?pid=21&gdpr=1 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=4&external_user_id=4083493531649227031

Request Chain 351

https://beacon.lynx.cognitivlabs.com/ix.gif HTTP 302
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=8&external_user_id=da89cb42-7be6-4e21-810d-373f8d3b745a&expiration=1676719416

Request Chain 352

https://pixel.quantserve.com/pixel/p-Z8PuJEk6U7Hyq.gif?idmatch=0&gdpr=1 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=81&&external_user_id=D60-QwGubBcU_DpDAf4jQAunORwUr2xACqoU5OeV

Request Chain 353

https://sync.adotmob.com/cookie/indexexchange?r=https%3A%2F%2Fdsum-sec.casalemedia.com%2Fcrum%3Fcm_dsp_id%3D13%26external_user_id%3D%7bamob_user_id%7d%26expiration%3D%5bEXPIRATION%5d&gdpr=1 HTTP 302
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=13&external_user_id=%7Bamob_user_id%7D&expiration=[EXPIRATION]&gdpr=1

Request Chain 358

https://ad.mrtnsvr.com/sync/triplelift HTTP 302
https://eb2.3lift.com/xuidmid=7976&xuid=s3eipnqfM&dongle=u6nf

Request Chain 360

https://eb2.3lift.com/sync/google/demand?sync=1&gdpr=1&gdpr_consent= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=triplelift&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MTQ3ODE0NDY2Mjg3NzYxNDY0NTQ4NQ%3D%3D

Request Chain 362

https://pr-bh.ybp.yahoo.com/sync/triplelift/1478144662877614645485?gdpr=1&gdpr_consent= HTTP 302
https://eb2.3lift.com/xuid?mid=2662&xuid=y-w9IwM0pE2oRpD5uO73SpAHGbfOECf8ShXaQfu29csw--~A&dongle=0883

Request Chain 364

https://s.amazon-adsystem.com/x/757c0557066e95cfd4c7?gdpr=1&gdpr_consent=&uid=1478144662877614645485 HTTP 302
https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&dl=3lift&gdpr=1&gdpr_consent=&uid=1478144662877614645485&dcc=t

Request Chain 366

https://b1sync.zemanta.com/usersync/triplelift?gdpr=1&gdpr_consent= HTTP 302
https://eb2.3lift.com/xuid?mid=2460&dongle=dba8&xuid=&gdpr=1

Request Chain 372

https://ib.adnxs.com/getuid?https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D312%26uid%3D%24UID HTTP 302
https://ads.servenobid.com/sync?pid=312&uid=1909263020753827595

Request Chain 373

https://ce.lijit.com/merge?pid=273657&3pid=273657&gdpr=0&gdpr_consent=&us_privacy=1YN-&&location=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D310%26uid%3D%5BSOVRNID%5D HTTP 302
https://ads.servenobid.com/sync?pid=310&uid=574b49d7cf97c21c0479308a

Request Chain 374

https://sync.1rx.io/usersync2/rmpssp?sub=duration&redir=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D321%26uid%3D%5BRX_UUID%5D HTTP 302
https://sync.1rx.io/usersync2/rmpssp?sub=duration&zcc=1&redir=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D321%26uid%3D%5BRX_UUID%5D&cb=1645183416965 HTTP 302
https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=435633217 HTTP 302
https://sync.1rx.io/usersync/tradedesk/5237a546-8536-4403-b4ff-984b6912ae90 HTTP 302
https://sync.targeting.unrulymedia.com/csync/RX-0e137beb-11ac-4db2-afe2-840f62072fba-003?redir=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D321%26uid%3DRX-0e137beb-11ac-4db2-afe2-840f62072fba-003 HTTP 302
https://ads.servenobid.com/sync?pid=321&uid=RX-0e137beb-11ac-4db2-afe2-840f62072fba-003

Request Chain 376

https://p.rfihub.com/cm?pub=44007&in=1 HTTP 302
https://ads.servenobid.com/sync?pid=324&uid=5134455420404798272

Request Chain 378

https://prebid.a-mo.net/cchain/0?gdpr=0&gdpr_consent=&us_privacy=1YN-&&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D327%26uid%3D HTTP 302
https://ads.servenobid.com/sync?pid=327&uid=a6e9f0dd-4f14-45d7-87e2-c8ad66c5c361&gdpr=0&gdpr_consent=&us_privacy=1YN-

Request Chain 379

https://ups.analytics.yahoo.com/ups/58559/occ HTTP 302
https://ads.servenobid.com/sync?pid=337&uid=y-STBQWuJE2uH2L9J_BiiSONFeGJH4eREv18lrxtc-~A

Request Chain 380

https://token.rubiconproject.com/token?pid=25470 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1pTQlEzVFMtTC1ISk81

Request Chain 381

https://sync.mathtag.com/sync/img?mt_exid=9&redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D4222%26nid%3D1512%26put%3D%5BMM_UUID%5D HTTP 302
https://pixel.rubiconproject.com/tap.php?v=4222&nid=1512&put=4913620f-81b6-4700-989d-2aa87d99eb45&expires=28

Request Chain 382

https://token.rubiconproject.com/token?pid=26594 HTTP 302
https://ads.yahoo.com/cms/v1?nwid=10000010181&eid=KZSBQ3TS-L-HJO5&sigv=1&esig=2~956c03b2b6ab6faf60a9fa192cbda9b6adb9de0a

Request Chain 384

https://sync-tm.everesttech.net/upi/pid/btu4jd3a?redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D191940%26nid%3D3778%26put%3D%24%7BUSER_ID%7D HTTP 302
https://pixel.rubiconproject.com/tap.php?v=191940&nid=3778&put=Yg_BsgAAAIGs2QQz

Request Chain 385

https://token.rubiconproject.com/token?pid=2974&pt=n&a=1 HTTP 302
https://pr-bh.ybp.yahoo.com/sync/rubicon/9RNKdRzhmSIUeWVewpnRhA?csrc= HTTP 302
https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=3141890380068579190

Request Chain 386

https://token.rubiconproject.com/token?pid=2249&pt=n HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=OWY3ZDNlMjZmYzQyMDcwZTBkMjY3NzMzOWY4OWVmYjk2OGIzYjNlOA

Request Chain 387

https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm&google_sc HTTP 302
https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESELQ8L2BiKKEhmkjhL7O3bUE&google_cver=1

Request Chain 389

https://casale-match.dotomi.com/match/bounce/current?networkId=19998&version=1&gdpr=1 HTTP 302
https://dsum.casalemedia.com/rum?cm_dsp_id=65&external_user_id=&expiration=1645269817&gdpr=1

Request Chain 390

https://pixel-sync.sitescout.com/dmp/pixelSync?nid=48&gdpr=1 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=64&external_user_id=no-consent&expiration=1647775417

Request Chain 395

https://dmp.brand-display.com/cm/api/index?cm_dsp_id=191&cm_user_id=%3CIndex_user_id%3E&gdpr=1 HTTP 302
https://dsum.casalemedia.com/crum?cm_dsp_id=191&external_user_id=246dbb63-14f5-4810-26af8e97

Request Chain 399

https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=17632&endpoint=us-east HTTP 301
https://eus.rubiconproject.com/usync.html?p=17632&endpoint=us-east

Request Chain 403

https://ib.adnxs.com/getuid?https%3A%2F%2Fe.serverbid.com%2Fudb%2F9969%2Fsync%2Fi.gif%3FpartnerId%3D28%26userId%3D%24UID HTTP 302
https://e.serverbid.com/udb/9969/sync/i.gif?partnerId=28&userId=1909263020753827595

Request Chain 404

https://ssum-sec.casalemedia.com/usermatchredir?s=185073&cb=https%3A%2F%2Fe.serverbid.com%2Fudb%2F9969%2Fsync%2Fi.gif%3FpartnerId%3D1%26userId%3D HTTP 302
https://e.serverbid.com/udb/9969/sync/i.gif?partnerId=1&userId=Yg.Btm2geTWNEjXPGDdxGQAA%26211

Request Chain 405

https://ap.lijit.com/pixel?redir=https%3A%2F%2Fe.serverbid.com%2Fudb%2F9969%2Fsync%2Fi.gif%3FpartnerId%3D24%26userId%3D%24UID HTTP 307
https://e.serverbid.com/udb/9969/sync/i.gif?partnerId=24&userId=574b49d7cf97c21c0479308a

Request Chain 407

https://pixel.advertising.com/ups/56621/occ HTTP 302
https://ups.analytics.yahoo.com/ups/56621/occ?apid=UP359805b7-90ad-11ec-ae57-0654adbd93ae HTTP 302
https://e.serverbid.com/udb/9969/sync/i.gif?partnerId=29&userId=UP359805b7-90ad-11ec-ae57-0654adbd93ae

Request Chain 408

https://e.serverbid.com/udb/9969/match?redir=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Dco%26nuid%3D HTTP 302
https://sync.go.sonobi.com/us.gif?nw=co&nuid=ue1-sb1-f64f7a7c-8db9-47f5-bd76-fa89c84799f0

Request Chain 409

https://e.serverbid.com/udb/9969/match?redir=https%3A%2F%2Fi.liadm.com%2Fs%2F56939%3Fbidder_id%3D203802%26bidder_uuid%3D HTTP 302
https://i.liadm.com/s/56939?bidder_id=203802&bidder_uuid=ue1-sb1-f64f7a7c-8db9-47f5-bd76-fa89c84799f0 HTTP 303
https://i.liadm.com/s/56939?bidder_id=203802&bidder_uuid=ue1-sb1-f64f7a7c-8db9-47f5-bd76-fa89c84799f0&_li_chk=true&previous_uuid=50f6434c7fa54b77990cba94bd9149eb HTTP 303
https://i6.liadm.com/s/56939?bidder_id=203802&bidder_uuid=ue1-sb1-f64f7a7c-8db9-47f5-bd76-fa89c84799f0

Request Chain 410

https://secure.adnxs.com/getuid?https://rtb.gumgum.com/usersync?b=apn&i=$UID HTTP 302
https://rtb.gumgum.com/usersync?b=apn&i=1909263020753827595

Request Chain 411

https://x.bidswitch.net/sync?ssp=gumgum2&user_id=e_28da2368-5d0f-4bb6-a3e6-e06424e1efbd&gdpr=0&gdpr_consent=&us_privacy=1--- HTTP 302
https://bidswitch-eu.splicky.com/cm?bidswitch_ssp_id=gumgum2&bsw_custom_parameter=d4e8f76e-a84d-46fd-9470-9fe19a023459 HTTP 302
https://x.bidswitch.net/sync?dsp_id=311&user_id=&user_group=2&ssp=gumgum2&expires=10&bsw_param=d4e8f76e-a84d-46fd-9470-9fe19a023459 HTTP 302
https://rtb.gumgum.com/usersync?b=bsw&i=d4e8f76e-a84d-46fd-9470-9fe19a023459

Request Chain 412

https://sync.outbrain.com/redirectObuid?platformId=GUMGU18H7EL9NI653I7DPEH51&gdpr=0&gdprConsent=&platformRdUrl=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dobn%26i%3D%7BOB_UID%7D%26r%3D%7BobRdUrl%7D HTTP 302
https://rtb.gumgum.com/usersync?b=obn&i=ENC%28tG9URrU6QpgKkGeNm3e4OFolnLKEwz_GZFN1sIVJTjTiUoaKgfJQVb2DXEPwAvj5%29&r=https%3A%2F%2Fsync.outbrain.com%2FsyncUser%3FplatformId%3D%7Bplatform_id%7D%26platformUid%3D%7Bplatform_uid%7D%26obuid%3DENC%28tG9URrU6QpgKkGeNm3e4OFolnLKEwz_GZFN1sIVJTjTiUoaKgfJQVb2DXEPwAvj5%29 HTTP 302
https://sync.outbrain.com/syncUser?platformId=GUMGU18H7EL9NI653I7DPEH51&platformUid=e_28da2368-5d0f-4bb6-a3e6-e06424e1efbd&obuid=ENC(tG9URrU6QpgKkGeNm3e4OFolnLKEwz_GZFN1sIVJTjTiUoaKgfJQVb2DXEPwAvj5) HTTP 302
https://sync.outbrain.com/syncPartner?platformId=GUMGU18H7EL9NI653I7DPEH51 HTTP 302
https://creativecdn.com/cm-notify?pi=outbrain HTTP 302
https://sync.outbrain.com/cookie-sync?p=rtbhouse&uid=d0ni14mX7zVrowXRBqJJ&pi=outbrain

Request Chain 413

https://us-u.openx.net/w/1.0/cm?_={CACHEBUSTER}&id=47f31213-389c-4904-aaa6-9b11aab9c211&gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dopx%26i%3D HTTP 302
https://rtb.gumgum.com/usersync?b=opx&i=b5cc8908-4534-49fb-829d-1dfac4f09197

Request Chain 414

https://sync.srv.stackadapt.com/sync?nid=1&gdpr=0&gdpr_consent= HTTP 302
https://rtb.gumgum.com/usersync?b=sta&i=0-67657e12-2de9-4a1b-40da-fd12ed63c16b$ip$82.199.130.39

Request Chain 415

https://pr-bh.ybp.yahoo.com/sync/gumgum?gdpr=0&gdpr_consent= HTTP 302
https://rtb.gumgum.com/usersync?b=oth&i=y-i27WuJ9E2pfVsstqZLm5K542cJaVvPXYQplN~A

Request Chain 416

https://sync.ipredictive.com/d/sync/cookie/generic?partner=gumgum&cspid=9&append=1&cb=${ADELPHIC_CACHE_BUSTER}&gdpr=0&gdpr_consent=&us_privacy=1---&redirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dvnt%26i%3D HTTP 302
https://rtb.gumgum.com/usersync?b=vnt&i=378bbfa7-90ad-11ec-bbd0-abe8a0c4b996

Request Chain 419

https://b1sync.zemanta.com/usersync/gumgum/?puid=e_28da2368-5d0f-4bb6-a3e6-e06424e1efbd&gdpr=0&gdpr_consent=&us_privacy=1--- HTTP 302
https://stags.bluekai.com/site/23178?id=xxsjDtX6LtV9ha5UvKgj&redir=https%3A%2F%2Fb1sync.zemanta.com%2Fusersync%2Fbluekai%2Fcallback%2F%3Fd%3DNB2HI4DTHIXS64TUMIXGO5LNM52W2LTDN5WS65LTMVZHG6LOMM7WEPL2MVWSMZLYMNUGC3THMU6WO5LNM52W2JTHMRYHEPJQEZUT26DYONVEI5CYGZGHIVRZNBQTKVLWJNTWUJTVONPXA4TJOZQWG6J5GEWS2LI&gdpr=0&us_privacy=1--- HTTP 302
https://b1sync.zemanta.com/usersync/bluekai/callback/?d=NB2HI4DTHIXS64TUMIXGO5LNM52W2LTDN5WS65LTMVZHG6LOMM7WEPL2MVWSMZLYMNUGC3THMU6WO5LNM52W2JTHMRYHEPJQEZUT26DYONVEI5CYGZGHIVRZNBQTKVLWJNTWUJTVONPXA4TJOZQWG6J5GEWS2LI HTTP 302
https://rtb.gumgum.com/usersync?b=zem&gdpr=0&i=xxsjDtX6LtV9ha5UvKgj&us_privacy=1---

Request Chain 420

https://ad.360yield.com/server_match?partner_id=N&r=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Didi%26i%3D%7BPUB_USER_ID%7D HTTP 302
https://ad.360yield.com/ul_cb/server_match?partner_id=N&r=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Didi%26i%3D%7BPUB_USER_ID%7D HTTP 302
https://rtb.gumgum.com/usersync?b=idi&i=fe3ba700-583c-4ee9-9916-91caa5e8f51c

Request Chain 421

https://sync.1rx.io/usersync2/floor6&gdpr=0&gdpr_consent= HTTP 302
https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=5881651182 HTTP 302
https://sync.1rx.io/usersync/tradedesk/5237a546-8536-4403-b4ff-984b6912ae90 HTTP 302
https://sync.targeting.unrulymedia.com/csync/RX-0e137beb-11ac-4db2-afe2-840f62072fba-003

Request Chain 422

https://bh.contextweb.com/bh/rtset?pid=558355&ev=1&rurl=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dpln%26i%3D%25%25VGUID%25%25 HTTP 302
https://rtb.gumgum.com/usersync?b=pln&i=Yx40W4TasdrK&ev=1&pid=558355

Request Chain 425

https://sync.mathtag.com/sync/img?mt_exid=71&gdpr=0&gdpr_consent=&redir=https%3a%2f%2frtb.gumgum.com%2fusersync%3fb%3dmmh%26i%3d%5bMM_UUID%5d HTTP 302
https://rtb.gumgum.com/usersync?b=mmh&i=4913620f-81b6-4700-989d-2aa87d99eb45&gdpr=0&gdpr_consent=

Request Chain 426

https://sync-tm.everesttech.net/upi/pid/URnmbSKM?redir=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Datm%26i%3D%24%7BTM_USER_ID%7D&gdpr=0&gdpr_consent= HTTP 302
https://rtb.gumgum.com/usersync?b=atm&i=Yg_BsgAAAIGs2QQz&gdpr=0&gdpr_consent=

Request Chain 430

https://match.adsrvr.org/track/cmf/generic?ttd_pid=gumgum&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
https://rtb.gumgum.com/usersync?b=ttd&i=5237a546-8536-4403-b4ff-984b6912ae90&t=1647775417

Request Chain 431

https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=gumgum HTTP 301
https://eus.rubiconproject.com/usync.html?p=gumgum

Request Chain 433

https://tg.socdm.com/aux/idsync?proto=gumgum HTTP 302
https://rtb.gumgum.com/usersync?b=sus&i=Yg.BucCo5ssAADv9ebUAAAAA

Request Chain 434

https://creativecdn.com/cm-notify?pi=gumgum HTTP 302
https://creativecdn.com/cm-notify?pi=gumgum&tc=1 HTTP 302
https://rtb.gumgum.com/usersync?b=rth&i=d0ni14mX7zVrowXRBqJJ&pi=gumgum&tc=1

Request Chain 438

https://dsp.adfarm1.adition.com/cookie/?ssp=5&gdpr=0&gdpr_consent= HTTP 302
https://rtb-csync.smartadserver.com/redir/?partnerid=49&partneruserid=7066008971948259475&gdpr=0&gdpr_consent=

Request Chain 439

https://b1sync.zemanta.com/usersync/smart/?cb=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D116%26partneruserid%3D__ZUID__&gdpr=0&gdpr_consent= HTTP 302
https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=116&partneruserid=xxsjDtX6LtV9ha5UvKgj&gdpr=0

Request Chain 440

https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=76&partneruserid=GOOGLE_HOSTED_SI&redirurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dsmartrtb_dbm%26google_cm%26google_sc%26google_hm%3DSMART_USER_ID_B64&gdpr=0&gdpr_consent= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=smartrtb_dbm&google_cm&google_sc&google_hm=MzAxMzYxOTQxOTA1NzI2MTUxMg==&gdpr=0&gdpr_consent= HTTP 302
https://rtb-csync.smartadserver.com/redir/?partnerid=76&partneruserid=CAESEH-tlXcVYL5QJGzucF2aAYI&gdpr=0&gdpr_consent=&google_cver=1

458 HTTP transactions
4 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request / Show response
threatpost.com/android-malware-flytrap-facebook/168463/ 94 KB
25 KB 543ms
266ms Document
text/html 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://threatpost.com/android-malware-flytrap-facebook/168463/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-35-173-160-135.compute-1.amazonaws.com

Software

nginx /

Resource Hash

8f86626ac89367faab639e291a1d576d01946aae72c561333d0355db2c38cb99

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: en-GB,en;q=0.9

Response headers

Server: nginx
Date: Fri, 18 Feb 2022 11:23:27 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Link: <https://threatpost.com/wp-json/>; rel="https://api.w.org/" <https://threatpost.com/wp-json/wp/v2/posts/168463>; rel="alternate"; type="application/json" <https://threatpost.com/?p=168463>; rel=shortlink
X-Frame-Options: SAMEORIGIN
X-Debug-Auth: off
X-Request-Host: threatpost.com
x-cache-hit: HIT
Content-Encoding: gzip

GET
H/1.1 200
OK museosans-900italic-webfont.woff2
threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 15 KB
15 KB 535ms
267ms Font
font/woff2 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-900italic-webfont.woff2
Requested by: Host: threatpost.com
URL: https://threatpost.com/android-malware-flytrap-facebook/168463/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 8edaef698e025c37ba9e8d632a895d7252c62251df3f095d5cff17b6f3304854

Request headers

Referer: https://threatpost.com/android-malware-flytrap-facebook/168463/
Origin: https://threatpost.com
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Fri, 18 Feb 2022 11:23:27 GMT
Last-Modified: Thu, 17 Feb 2022 13:51:26 GMT
Server: nginx
ETag: "620e52de-3ca8"
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Connection: close
Accept-Ranges: bytes
Content-Length: 15528

GET
H/1.1 200
OK museosans-900-webfont.woff2
threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 20 KB
21 KB 530ms
262ms Font
font/woff2 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-900-webfont.woff2
Requested by: Host: threatpost.com
URL: https://threatpost.com/android-malware-flytrap-facebook/168463/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 4823c011e4b4cb4b7f35ced3ab09d57215ee243676d9bfcc24d10ec77d3db398

Request headers

Referer: https://threatpost.com/android-malware-flytrap-facebook/168463/
Origin: https://threatpost.com
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Fri, 18 Feb 2022 11:23:27 GMT
Last-Modified: Thu, 17 Feb 2022 13:51:26 GMT
Server: nginx
ETag: "620e52de-5124"
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Connection: close
Accept-Ranges: bytes
Content-Length: 20772

GET
H/1.1 200
OK museosans-700italic-webfont.woff2
threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 15 KB
16 KB 535ms
268ms Font
font/woff2 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-700italic-webfont.woff2
Requested by: Host: threatpost.com
URL: https://threatpost.com/android-malware-flytrap-facebook/168463/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 859faa9b9ed0990288b2f393a102b1fe2668ac79088b113b6f0beaee521221eb

Request headers

Referer: https://threatpost.com/android-malware-flytrap-facebook/168463/
Origin: https://threatpost.com
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Fri, 18 Feb 2022 11:23:27 GMT
Last-Modified: Thu, 17 Feb 2022 13:51:27 GMT
Server: nginx
ETag: "620e52df-3dcc"
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Connection: close
Accept-Ranges: bytes
Content-Length: 15820

GET
H/1.1 200
OK museosans-700-webfont.woff2
threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 20 KB
21 KB 533ms
265ms Font
font/woff2 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-700-webfont.woff2
Requested by: Host: threatpost.com
URL: https://threatpost.com/android-malware-flytrap-facebook/168463/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: ae00ae9c862bc8b8923efd1d9a18befa912678a869d4dd01179a59ed3de731be

Request headers

Referer: https://threatpost.com/android-malware-flytrap-facebook/168463/
Origin: https://threatpost.com
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Fri, 18 Feb 2022 11:23:27 GMT
Last-Modified: Thu, 17 Feb 2022 13:51:26 GMT
Server: nginx
ETag: "620e52de-51a4"
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Connection: close
Accept-Ranges: bytes
Content-Length: 20900

GET
H/1.1 200
OK museosans-500italic-webfont.woff2
threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 23 KB
23 KB 536ms
268ms Font
font/woff2 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-500italic-webfont.woff2
Requested by: Host: threatpost.com
URL: https://threatpost.com/android-malware-flytrap-facebook/168463/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 17aee1fe3d7d16e647b97f568230c2ff36c1855ce35ce930c26aec5d2c58eaf4

Request headers

Referer: https://threatpost.com/android-malware-flytrap-facebook/168463/
Origin: https://threatpost.com
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Fri, 18 Feb 2022 11:23:27 GMT
Last-Modified: Thu, 17 Feb 2022 13:51:26 GMT
Server: nginx
ETag: "620e52de-5c74"
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Connection: close
Accept-Ranges: bytes
Content-Length: 23668

GET
H/1.1 200
OK museosans-500-webfont.woff2
threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 20 KB
21 KB 531ms
263ms Font
font/woff2 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-500-webfont.woff2
Requested by: Host: threatpost.com
URL: https://threatpost.com/android-malware-flytrap-facebook/168463/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 2de77164bb9924542e1dea4ee4a0ff27d40b51a3d7939dac7db11a95045c9b7d

Request headers

Referer: https://threatpost.com/android-malware-flytrap-facebook/168463/
Origin: https://threatpost.com
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Fri, 18 Feb 2022 11:23:27 GMT
Last-Modified: Thu, 17 Feb 2022 13:51:26 GMT
Server: nginx
ETag: "620e52de-5194"
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Connection: close
Accept-Ranges: bytes
Content-Length: 20884

GET
H/1.1 200
OK museosans-300italic-webfont.woff2
threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 23 KB
23 KB 1057ms
263ms Font
font/woff2 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-300italic-webfont.woff2
Requested by: Host: threatpost.com
URL: https://threatpost.com/android-malware-flytrap-facebook/168463/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: f8a2b5b62eb722c3379b30cf0cc58d3176ee6be48036d6ad2aa838d2029c4189

Request headers

Referer: https://threatpost.com/android-malware-flytrap-facebook/168463/
Origin: https://threatpost.com
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Fri, 18 Feb 2022 11:23:28 GMT
Last-Modified: Thu, 17 Feb 2022 13:51:26 GMT
Server: nginx
ETag: "620e52de-5bac"
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Connection: close
Accept-Ranges: bytes
Content-Length: 23468

GET
H/1.1 200
OK museosans-300-webfont.woff2
threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 20 KB
21 KB 1063ms
263ms Font
font/woff2 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-300-webfont.woff2
Requested by: Host: threatpost.com
URL: https://threatpost.com/android-malware-flytrap-facebook/168463/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 45ddc09b0ad6ab916bd9a0282070b161045e186fc025303f4aa1aa821fc45ac7

Request headers

Referer: https://threatpost.com/android-malware-flytrap-facebook/168463/
Origin: https://threatpost.com
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Fri, 18 Feb 2022 11:23:28 GMT
Last-Modified: Thu, 17 Feb 2022 13:51:26 GMT
Server: nginx
ETag: "620e52de-51b8"
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Connection: close
Accept-Ranges: bytes
Content-Length: 20920

GET
H/1.1 200
OK museosans-100italic-webfont.woff2
threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 23 KB
23 KB 1064ms
262ms Font
font/woff2 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-100italic-webfont.woff2
Requested by: Host: threatpost.com
URL: https://threatpost.com/android-malware-flytrap-facebook/168463/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 038fc4d49a9191d416d49841f371b6e0b06bb40f719124099d40fe8f393b9e2c

Request headers

Referer: https://threatpost.com/android-malware-flytrap-facebook/168463/
Origin: https://threatpost.com
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Fri, 18 Feb 2022 11:23:28 GMT
Last-Modified: Thu, 17 Feb 2022 13:51:26 GMT
Server: nginx
ETag: "620e52de-5b34"
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Connection: close
Accept-Ranges: bytes
Content-Length: 23348

GET
H/1.1 200
OK museosans-100-webfont.woff2
threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 20 KB
20 KB 1098ms
295ms Font
font/woff2 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-100-webfont.woff2
Requested by: Host: threatpost.com
URL: https://threatpost.com/android-malware-flytrap-facebook/168463/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 06fc565587b8b700936a1677218cb269a6cc31ca5f701eb45461e86a3d54d5c7

Request headers

Referer: https://threatpost.com/android-malware-flytrap-facebook/168463/
Origin: https://threatpost.com
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Fri, 18 Feb 2022 11:23:28 GMT
Last-Modified: Thu, 17 Feb 2022 13:51:26 GMT
Server: nginx
ETag: "620e52de-50c8"
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Connection: close
Accept-Ranges: bytes
Content-Length: 20680

GET
H2 200 op.js Show response
tagan.adlightning.com/math-aids-threatpost/ 44 KB
19 KB 189ms
61ms Script
application/javascript 108.157.4.43
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Requested by: Host: threatpost.com
URL: https://threatpost.com/android-malware-flytrap-facebook/168463/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.157.4.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-157-4-43.dus51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: b5a539f5fce43c8db39077c775a305cb9d7ec9957bc47163aa99304f4b97cff6

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 18 Feb 2022 11:09:42 GMT
content-encoding: gzip
age: 828
x-cache: Hit from cloudfront
content-length: 18498
x-amz-meta-git_commit: 7b120a5
last-modified: Fri, 18 Feb 2022 10:53:23 GMT
server: AmazonS3
etag: "e391ff0fd02ea015b550faadaa0b5dbf"
x-amz-version-id: wiku2EZMK8I6GY1Ge0ayAWl72rn0z5qI
via: 1.1 ba922c695b86542cbfc03c782d8776d4.cloudfront.net (CloudFront)
cache-control: max-age=3600
x-amz-cf-pop: DUS51-P2
accept-ranges: bytes
content-type: application/javascript
x-amz-cf-id: T3iA9WeSo1vJBUzff9VCGg1WI5DaaTHEZY_7_j3s-esYlTakcYE6_A==

GET
H2 200 gpt.js Show response
www.googletagservices.com/tag/js/ 82 KB
28 KB 261ms
63ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: threatpost.com
URL: https://threatpost.com/android-malware-flytrap-facebook/168463/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0dd28e2ba4df409b619643afbbb1c6e8976aa1ddef9904f8570a8cf8b911f05e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 18 Feb 2022 11:23:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27570
x-xss-protection: 0
server: sffe
etag: "1135 / 447 of 1000 / last-modified: 1645139182"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Fri, 18 Feb 2022 11:23:29 GMT

GET
H2 200 ros-layout.js Show response
qd.admetricspro.com/js/threatpost/ 26 KB
4 KB 185ms
73ms Script
application/javascript 2606:4700:3031::6815:456d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://qd.admetricspro.com/js/threatpost/ros-layout.js
Requested by: Host: threatpost.com
URL: https://threatpost.com/android-malware-flytrap-facebook/168463/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::6815:456d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4fddec1cb13ee6848cce386a733d405fff2be9ab4d904f55a1d15c7cc84f410d

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 18 Feb 2022 11:23:27 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 415
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Wed, 03 Nov 2021 12:58:13 GMT
server: cloudflare
etag: W/"67a6-5cfe1f68177b1-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=muQkuwGB%2B6KitAehgjV3JbLBmEOTPxbfZVtWTB7tWxB6EZt3%2FsbtsjduyO2lwEvby9NupIy7To8y2RlvtWi2VQ3yx53FqvznaeXz4fwrbb2Qqfw2yda%2Bf1EhNLF7MCv1tnO9uuTd5tNhANQYgCuZuj1T"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=14400
cf-ray: 6df6e22a1f0f7741-LHR
expires: Fri, 18 Feb 2022 11:17:59 GMT

GET
H2 200 cmp.js Show response
qd.admetricspro.com/js/threatpost/ 310 KB
90 KB 105ms
103ms Script
application/javascript 2606:4700:3031::6815:456d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://qd.admetricspro.com/js/threatpost/cmp.js
Requested by: Host: threatpost.com
URL: https://threatpost.com/android-malware-flytrap-facebook/168463/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::6815:456d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 519815bc4a3dd9a571cb56f57c7c6abfbda2b4e2de8c4b884a7535a1705438f2

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 18 Feb 2022 11:23:29 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 166
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Tue, 01 Jun 2021 14:47:10 GMT
server: cloudflare
etag: W/"4d957-5c3b56abf6028-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KQQe9EbC7Hiyn1MXN6gnoGJ0Gdj9VaRf6t6f%2FkZMBm4LVVnbnQnyPHOKFqkon2OF2a8VEQuVbLE9G6KnHMOhvmpGTtnZdF88PBc2nAtHUazavOTUP%2BUXwemqDpAvJ9tTCwwjsaw%2BWbRffgCtqAUysHrm"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=14400
cf-ray: 6df6e232d9737741-LHR
expires: Fri, 18 Feb 2022 11:28:20 GMT

GET
H2 200 uspcmp.js Show response
qd.admetricspro.com/js/threatpost/ 148 KB
58 KB 62ms
60ms Script
application/javascript 2606:4700:3031::6815:456d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://qd.admetricspro.com/js/threatpost/uspcmp.js
Requested by: Host: threatpost.com
URL: https://threatpost.com/android-malware-flytrap-facebook/168463/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::6815:456d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1ae61ed61290f9bf2619f52667aafa622c805072c75765025f0b61a23862005f

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 18 Feb 2022 11:23:29 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 166
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Sat, 08 Aug 2020 22:40:07 GMT
server: cloudflare
etag: W/"24e50-5ac65673cef1c-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PQ1qi98q7gUhJZq1ZwhfQDRAX1pmXu4p33Kjf2kJAEvAqoPY3GfaBrBeIdRJvUOIymTenGSPzyexx4VNUeYUXk1JLSfMeiVPiUl2XQzk720L4NRX7riOLSSkFs0g%2BphwaayxFgtmGwVNnXaYsyj7UAmE"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=14400
cf-ray: 6df6e232d9807741-LHR
expires: Fri, 18 Feb 2022 11:28:01 GMT

GET
H2 200 targeting.js Show response
qd.admetricspro.com/js/threatpost/ 393 B
557 B 61ms
59ms Script
application/javascript 2606:4700:3031::6815:456d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://qd.admetricspro.com/js/threatpost/targeting.js
Requested by: Host: threatpost.com
URL: https://threatpost.com/android-malware-flytrap-facebook/168463/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::6815:456d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 03cc687f0c8a2d1694e509b91fcd6c62c0fbdbdbdb850b8007b8052f649c7f77

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 18 Feb 2022 11:23:29 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 166
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Wed, 04 Aug 2021 21:50:12 GMT
server: cloudflare
etag: W/"189-5c8c2c96f96c7-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vb0GtXRsCwcKZkOfc158zZBUF3DU6FyABke0BdFGBfFcPk%2BtA%2BPrx1HYGgCRUZlCuv9N0zg5%2FYdn8Co8q%2Ba1Qw%2FL6ojf9F0Rh0YYgYSunktP4ofobbrakgAmcP6lWiySIDyHY0unXrOHE74AQIlfFS%2F8"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=14400
cf-ray: 6df6e232d9867741-LHR
expires: Fri, 18 Feb 2022 11:28:01 GMT

GET
H2 200 prebid.js Show response
qd.admetricspro.com/js/threatpost/ 430 KB
124 KB 108ms
107ms Script
application/javascript 2606:4700:3031::6815:456d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Requested by: Host: threatpost.com
URL: https://threatpost.com/android-malware-flytrap-facebook/168463/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::6815:456d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c8c03fd4dea0f2c83fa05b10dfd913bfcff51d05e0c6e84b7f340b857fdda517

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 18 Feb 2022 11:23:29 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 166
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Thu, 14 Oct 2021 15:35:01 GMT
server: cloudflare
etag: W/"6b738-5ce51d26ef74c-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=N8giMgx%2B0ik60WechvAUb5xn3pNDU8l4yrDYYm6KrSAYABIIHRwtuKx2HNWKBraBVWquTRC45U3fsTzcK0UEsacqaOgZ%2FjBfZ847TWdnlD0ok4Osax0tWIP5cRLFVkkC%2Fn9cbWd%2B0VOza%2B1pA9O%2Bj8or"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=14400
cf-ray: 6df6e232d98a7741-LHR
expires: Fri, 18 Feb 2022 11:28:01 GMT

GET
H2 200 engine.js Show response
qd.admetricspro.com/js/threatpost/ 35 KB
11 KB 208ms
96ms Script
application/javascript 2606:4700:3031::6815:456d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://qd.admetricspro.com/js/threatpost/engine.js
Requested by: Host: threatpost.com
URL: https://threatpost.com/android-malware-flytrap-facebook/168463/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::6815:456d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6e6377776a1104aed9b11142115b22dcaad3cf78ae76d255e454b04b7189af32

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 18 Feb 2022 11:23:27 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 528
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Mon, 24 Jan 2022 02:31:38 GMT
server: cloudflare
etag: W/"8cae-5d64ac49b9c1c-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dCRIYE8cTMaCADCUjoYoX5jsvZ0%2FZvU2fDTiyI5tcyncZWGhId7SO2QLWxPLVwNmS53pe9AbatXQpcahFEnwFK52KhyZ1uU8yW0dVVGl%2BlSVvHXYBtYg%2FeBDaqRClCs21CvCQYl5wpsCVbCKDcwyK201"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=14400
cf-ray: 6df6e22a1f107741-LHR
expires: Fri, 18 Feb 2022 11:18:04 GMT

GET
H2 200 /
assets.threatpost.com/wp-content/plugins/bwp-minify/min/ 294 KB
42 KB 581ms
428ms Stylesheet
text/css 2600:9000:2315:3a00:2:9275:3d40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=4a0d7867

Requested by

Host: threatpost.com
URL: https://threatpost.com/android-malware-flytrap-facebook/168463/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2315:3a00:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

62cbf085d014439b719c84c3d2f3222fde66e299c2da1b41dfc4dbb315db0456

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 18 Feb 2022 11:23:27 GMT
content-encoding: gzip
x-amz-cf-pop: DUS51-P2
x-cache: Miss from cloudfront
content-length: 42696
x-cache-hit: HIT
last-modified: Thu, 17 Feb 2022 13:51:26 GMT
server: nginx
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/css; charset=utf-8
via: 1.1 656be55f933cf25841b96f9c9070a178.cloudfront.net (CloudFront)
cache-control: max-age=86400
x-debug-auth: off
x-request-host: assets.threatpost.com
x-amz-cf-id: rYuknrTMBDekeRSMlTPiYTms0Xk9GoYpTLf6iSggwl5SNUul48jHiQ==
expires: Fri, 18 Feb 2022 17:30:15 GMT

GET
H/1.1 200
OK jquery-1.12.4-wp.js Show response
threatpost.com/wp-content/plugins/kaspersky-enable-jquery-migrate-helper/js/jquery/ 95 KB
37 KB 1098ms
296ms Script
application/x-javascript 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/plugins/kaspersky-enable-jquery-migrate-helper/js/jquery/jquery-1.12.4-wp.js?ver=1.12.4-wp
Requested by: Host: threatpost.com
URL: https://threatpost.com/android-malware-flytrap-facebook/168463/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 3bb2621a4c0c710f6e78404473aebff8e115a28f8d53f44339b867c63ad93b26

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://threatpost.com/android-malware-flytrap-facebook/168463/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Pragma: public
Date: Fri, 18 Feb 2022 11:23:28 GMT
Content-Encoding: gzip
Last-Modified: Thu, 17 Feb 2022 13:51:26 GMT
Server: nginx
ETag: W/"620e52de-17a56"
Transfer-Encoding: chunked
Content-Type: application/x-javascript
Cache-Control: max-age=604800, public
Connection: close
Expires: Fri, 25 Feb 2022 11:23:28 GMT

GET
H/1.1 200
OK alert_text.js Show response
threatpost.com/wp-content/plugins/kaspersky-cookies-notification/scripts/ 107 B
461 B 939ms
134ms Script
application/x-javascript 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/plugins/kaspersky-cookies-notification/scripts/alert_text.js?ver=1645105886
Requested by: Host: threatpost.com
URL: https://threatpost.com/android-malware-flytrap-facebook/168463/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 68cdaaeccd079ab33df06d3e5fb47594a4458a6491d48a8ae2f394defb419eb5

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://threatpost.com/android-malware-flytrap-facebook/168463/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Pragma: public
Date: Fri, 18 Feb 2022 11:23:28 GMT
Content-Encoding: gzip
Last-Modified: Thu, 17 Feb 2022 13:51:26 GMT
Server: nginx
ETag: W/"620e52de-6b"
Transfer-Encoding: chunked
Content-Type: application/x-javascript
Cache-Control: max-age=604800, public
Connection: close
Expires: Fri, 25 Feb 2022 11:23:28 GMT

GET
H/1.1 200
OK alert.js Show response
threatpost.com/wp-content/plugins/kaspersky-cookies-notification/scripts/ 4 KB
2 KB 1366ms
135ms Script
application/x-javascript 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/plugins/kaspersky-cookies-notification/scripts/alert.js?ver=1645105886
Requested by: Host: threatpost.com
URL: https://threatpost.com/android-malware-flytrap-facebook/168463/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 500288356853c7199a27a6a2cdcd14b217d18dd9c8103272d8e6def6acbe2580

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://threatpost.com/android-malware-flytrap-facebook/168463/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Pragma: public
Date: Fri, 18 Feb 2022 11:23:28 GMT
Content-Encoding: gzip
Last-Modified: Thu, 17 Feb 2022 13:51:26 GMT
Server: nginx
ETag: W/"620e52de-104a"
Transfer-Encoding: chunked
Content-Type: application/x-javascript
Cache-Control: max-age=604800, public
Connection: close
Expires: Fri, 25 Feb 2022 11:23:28 GMT

GET
H/1.1 200
OK public.js Show response
threatpost.com/wp-content/plugins/honeypot-comments/public/assets/js/ 116 B
495 B 1465ms
133ms Script
application/x-javascript 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/plugins/honeypot-comments/public/assets/js/public.js?ver=1.0.0
Requested by: Host: threatpost.com
URL: https://threatpost.com/android-malware-flytrap-facebook/168463/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 931dc539e87db7f509be9c77dfcc9b2baee0b91e5236aa04580ab14ed81e2cc0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://threatpost.com/android-malware-flytrap-facebook/168463/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Pragma: public
Date: Fri, 18 Feb 2022 11:23:28 GMT
Content-Encoding: gzip
Last-Modified: Wed, 11 Jun 2014 19:20:42 GMT
Server: nginx
ETag: W/"5398ac0a-74"
Transfer-Encoding: chunked
Content-Type: application/x-javascript
Cache-Control: max-age=604800, public
Connection: close
Expires: Fri, 25 Feb 2022 11:23:28 GMT

GET
H/1.1 200
OK kaspersky-twitter-pullquote.js Show response
threatpost.com/wp-content/plugins/kspr_twitter_pullquote/js/ 599 B
713 B 1465ms
133ms Script
application/x-javascript 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/plugins/kspr_twitter_pullquote/js/kaspersky-twitter-pullquote.js?ver=1.0
Requested by: Host: threatpost.com
URL: https://threatpost.com/android-malware-flytrap-facebook/168463/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 1791bf831c158912a11ca40bcf5f3573fc54ec8f8343c37780dab679c0203d63

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://threatpost.com/android-malware-flytrap-facebook/168463/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Pragma: public
Date: Fri, 18 Feb 2022 11:23:28 GMT
Content-Encoding: gzip
Last-Modified: Thu, 17 Feb 2022 13:51:26 GMT
Server: nginx
ETag: W/"620e52de-257"
Transfer-Encoding: chunked
Content-Type: application/x-javascript
Cache-Control: max-age=604800, public
Connection: close
Expires: Fri, 25 Feb 2022 11:23:28 GMT

GET
H/1.1 200
OK loadmore.js Show response
threatpost.com/wp-content/themes/threatpost-2018/assets/js/ 4 KB
2 KB 1463ms
132ms Script
application/x-javascript 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/js/loadmore.js?ver=5.8.3
Requested by: Host: threatpost.com
URL: https://threatpost.com/android-malware-flytrap-facebook/168463/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: e0f1df7af81fd8eb920863093c426fdafd241b8d9aeb6126fb2fd24f36c061b3

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://threatpost.com/android-malware-flytrap-facebook/168463/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Pragma: public
Date: Fri, 18 Feb 2022 11:23:28 GMT
Content-Encoding: gzip
Last-Modified: Thu, 17 Feb 2022 13:51:26 GMT
Server: nginx
ETag: W/"620e52de-11e7"
Transfer-Encoding: chunked
Content-Type: application/x-javascript
Cache-Control: max-age=604800, public
Connection: close
Expires: Fri, 25 Feb 2022 11:23:28 GMT

GET
H/1.1 200
OK social-share.js Show response
threatpost.com/wp-content/plugins/kaspersky-social-sharing/assets/js/ 18 KB
6 KB 1499ms
134ms Script
application/x-javascript 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/plugins/kaspersky-social-sharing/assets/js/social-share.js?ver=1.0.0
Requested by: Host: threatpost.com
URL: https://threatpost.com/android-malware-flytrap-facebook/168463/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 546be401414bcb20cdea07cdbcd806409b9629e4895737e214401948c40409f3

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://threatpost.com/android-malware-flytrap-facebook/168463/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Pragma: public
Date: Fri, 18 Feb 2022 11:23:29 GMT
Content-Encoding: gzip
Last-Modified: Thu, 17 Feb 2022 13:51:27 GMT
Server: nginx
ETag: W/"620e52df-484d"
Transfer-Encoding: chunked
Content-Type: application/x-javascript
Cache-Control: max-age=604800, public
Connection: close
Expires: Fri, 25 Feb 2022 11:23:29 GMT

GET
H2 200 bad-android-apps.jpeg
media.threatpost.com/wp-content/uploads/sites/103/2021/08/09115159/ 23 KB
23 KB 389ms
103ms Image
image/jpeg 2600:9000:2204:8e00:0:5c46:4f40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.threatpost.com/wp-content/uploads/sites/103/2021/08/09115159/bad-android-apps.jpeg
Requested by: Host: threatpost.com
URL: https://threatpost.com/android-malware-flytrap-facebook/168463/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2204:8e00:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 54cc8fe392a032ef560b174b35be3b13b7666d3c6fa2c040cc69c2a696cfb5f6

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Tue, 15 Feb 2022 06:17:37 GMT
via: 1.1 b44e2902bb3501d47514e51618f1bda4.cloudfront.net (CloudFront), 1.1 552d1a24616d6b8d6e3fbbdf18a54b6a.cloudfront.net (CloudFront)
last-modified: Mon, 09 Aug 2021 15:52:00 GMT
server: AmazonS3
age: 277553
etag: "914b9bcfeb6385c0e55abee8ee3a3afa"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=31536000
x-amz-cf-pop: FRA50-C1, AMS50-C1
accept-ranges: bytes
content-length: 23245
x-amz-cf-id: l7M3qSW_T-h1eKc0iPWz_7hchTQTVVBEhuybq6Tm2fWClL59imVt8g==
expires: Tue, 09 Aug 2022 15:51:59 GMT

GET
H/1.1 200
OK scripts.js Show response
kasperskycontenthub.com/threatpost-global/wp-content/plugins/kaspersky-embeds/js/ 2 KB
1 KB 508ms
134ms Script
application/x-javascript 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://kasperskycontenthub.com/threatpost-global/wp-content/plugins/kaspersky-embeds/js/scripts.js?ver=1.0
Requested by: Host: threatpost.com
URL: https://threatpost.com/android-malware-flytrap-facebook/168463/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: b1f863d13dbad7d5240f577a73b47b06227d218909259042da95301e2eb8be55

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Pragma: public
Date: Fri, 18 Feb 2022 11:23:29 GMT
Content-Encoding: gzip
Last-Modified: Thu, 17 Feb 2022 13:51:26 GMT
Server: nginx
ETag: W/"620e52de-828"
Transfer-Encoding: chunked
Content-Type: application/x-javascript
Cache-Control: max-age=604800, public
Connection: close
Expires: Fri, 25 Feb 2022 11:23:29 GMT

GET
H2 200 api.js Show response
www.google.com/recaptcha/ 852 B
969 B 181ms
63ms Script
text/javascript 2a00:1450:4001:82b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api.js?render=explicit&ver=202124050927

Requested by

Host: threatpost.com
URL: https://threatpost.com/android-malware-flytrap-facebook/168463/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

9cfeab3fd93c5848f2e9bd2a7cef3fb03c911e0fcf85ee4adf2f0d8e5b37ee85

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 18 Feb 2022 11:23:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
content-security-policy: frame-ancestors 'self'
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 556
x-xss-protection: 1; mode=block
expires: Fri, 18 Feb 2022 11:23:29 GMT

GET
H/1.1 200
OK main.js Show response
threatpost.com/wp-content/plugins/kaspersky-gravity-forms-dynamic-recaptcha/assets/js/ 3 KB
1 KB 396ms
134ms Script
application/x-javascript 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/plugins/kaspersky-gravity-forms-dynamic-recaptcha/assets/js/main.js?ver=202124050927
Requested by: Host: threatpost.com
URL: https://threatpost.com/android-malware-flytrap-facebook/168463/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 4d52f37b83f70c5035632548c652508d793eec55e17f2ac19552f4fa19d323be

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://threatpost.com/android-malware-flytrap-facebook/168463/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Pragma: public
Date: Fri, 18 Feb 2022 11:23:29 GMT
Content-Encoding: gzip
Last-Modified: Thu, 17 Feb 2022 13:51:25 GMT
Server: nginx
ETag: W/"620e52dd-ab4"
Transfer-Encoding: chunked
Content-Type: application/x-javascript
Cache-Control: max-age=604800, public
Connection: close
Expires: Fri, 25 Feb 2022 11:23:29 GMT

GET
H2 200 s_code_single_suite.js Show response
media.kaspersky.com/tracking/omniture/ 171 KB
48 KB 591ms
253ms Script
application/javascript 77.74.178.23
KL-EXT

General

Check archive.org

Show headers Download Go to

Full URL

https://media.kaspersky.com/tracking/omniture/s_code_single_suite.js?ver=5.8.3

Requested by

Host: threatpost.com
URL: https://threatpost.com/android-malware-flytrap-facebook/168463/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

77.74.178.23 , Switzerland, ASN200107 (KL-EXT, RU),

Reverse DNS

Software

/ Kaspersky Labs, Kaspersky Labs

Resource Hash

ac63716a755cb58f9930d686c3e7fe419c1e6edbb8a50e4d6c9c4fda57ef6ce6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
etag: "0dd70fad011d81:0"
x-powered-by: Kaspersky Labs, Kaspersky Labs
content-length: 48974
x-xss-protection: 1; mode=block
last-modified: Tue, 25 Jan 2022 09:50:26 GMT
server
x-frame-options: SAMEORIGIN
date: Fri, 18 Feb 2022 11:23:28 GMT
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=3600
x-server: msk1/FRA3
accept-ranges: bytes
x-content-type-options: nosniff

GET
H/1.1 200
OK main.js Show response
threatpost.com/wp-content/themes/threatpost-2018/assets/js/ 114 KB
40 KB 530ms
267ms Script
application/x-javascript 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/js/main.js?ver=202107061113
Requested by: Host: threatpost.com
URL: https://threatpost.com/android-malware-flytrap-facebook/168463/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 4e0b5563ff1fc5175d65e11e1546bee1945486d65d76c9248bdd77487532dadf

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://threatpost.com/android-malware-flytrap-facebook/168463/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Pragma: public
Date: Fri, 18 Feb 2022 11:23:29 GMT
Content-Encoding: gzip
Last-Modified: Thu, 17 Feb 2022 13:51:26 GMT
Server: nginx
ETag: W/"620e52de-1c643"
Transfer-Encoding: chunked
Content-Type: application/x-javascript
Cache-Control: max-age=604800, public
Connection: close
Expires: Fri, 25 Feb 2022 11:23:29 GMT

GET
H/1.1 200
OK wp-embed.min.js Show response
threatpost.com/wp-includes/js/ 1 KB
1 KB 398ms
134ms Script
application/x-javascript 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-includes/js/wp-embed.min.js?ver=5.8.3
Requested by: Host: threatpost.com
URL: https://threatpost.com/android-malware-flytrap-facebook/168463/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 5be614bce53f767993a5f5f14a6badd6aae6bf3af7cbdbf4d31520de49e27991

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://threatpost.com/android-malware-flytrap-facebook/168463/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Pragma: public
Date: Fri, 18 Feb 2022 11:23:29 GMT
Content-Encoding: gzip
Last-Modified: Thu, 06 Jan 2022 19:24:18 GMT
Server: nginx
ETag: W/"61d741e2-592"
Transfer-Encoding: chunked
Content-Type: application/x-javascript
Cache-Control: max-age=604800, public
Connection: close
Expires: Fri, 25 Feb 2022 11:23:29 GMT

GET
H/1.1 200
OK regenerator-runtime.min.js Show response
threatpost.com/wp-includes/js/dist/vendor/ 6 KB
3 KB 400ms
135ms Script
application/x-javascript 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-includes/js/dist/vendor/regenerator-runtime.min.js?ver=0.13.7
Requested by: Host: threatpost.com
URL: https://threatpost.com/android-malware-flytrap-facebook/168463/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: e87a1c5e24f9a7c7dcb437417f0b05b0a3c12947ce32d65c990c988a8b5ed4d7

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://threatpost.com/android-malware-flytrap-facebook/168463/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Pragma: public
Date: Fri, 18 Feb 2022 11:23:29 GMT
Content-Encoding: gzip
Last-Modified: Thu, 06 Jan 2022 19:24:18 GMT
Server: nginx
ETag: W/"61d741e2-1906"
Transfer-Encoding: chunked
Content-Type: application/x-javascript
Cache-Control: max-age=604800, public
Connection: close
Expires: Fri, 25 Feb 2022 11:23:29 GMT

GET
H/1.1 200
OK wp-polyfill.min.js Show response
threatpost.com/wp-includes/js/dist/vendor/ 16 KB
7 KB 400ms
135ms Script
application/x-javascript 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=3.15.0
Requested by: Host: threatpost.com
URL: https://threatpost.com/android-malware-flytrap-facebook/168463/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 293913879d30bab7499013e935009f5183facbddd63bfc9656a859622590b80b

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://threatpost.com/android-malware-flytrap-facebook/168463/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Pragma: public
Date: Fri, 18 Feb 2022 11:23:29 GMT
Content-Encoding: gzip
Last-Modified: Thu, 06 Jan 2022 19:24:18 GMT
Server: nginx
ETag: W/"61d741e2-4056"
Transfer-Encoding: chunked
Content-Type: application/x-javascript
Cache-Control: max-age=604800, public
Connection: close
Expires: Fri, 25 Feb 2022 11:23:29 GMT

GET
H/1.1 200
OK dom-ready.min.js Show response
threatpost.com/wp-includes/js/dist/ 1 KB
989 B 398ms
132ms Script
application/x-javascript 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-includes/js/dist/dom-ready.min.js?ver=71883072590656bf22c74c7b887df3dd
Requested by: Host: threatpost.com
URL: https://threatpost.com/android-malware-flytrap-facebook/168463/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: e127aead57cd6625f795f8c41d8b7c463c2c50158e3a3dc398424db2b16bd5db

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://threatpost.com/android-malware-flytrap-facebook/168463/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Pragma: public
Date: Fri, 18 Feb 2022 11:23:29 GMT
Content-Encoding: gzip
Last-Modified: Thu, 06 Jan 2022 19:24:18 GMT
Server: nginx
ETag: W/"61d741e2-4e9"
Transfer-Encoding: chunked
Content-Type: application/x-javascript
Cache-Control: max-age=604800, public
Connection: close
Expires: Fri, 25 Feb 2022 11:23:29 GMT

GET
H/1.1 200
OK hooks.min.js Show response
threatpost.com/wp-includes/js/dist/ 5 KB
2 KB 398ms
134ms Script
application/x-javascript 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-includes/js/dist/hooks.min.js?ver=a7edae857aab69d69fa10d5aef23a5de
Requested by: Host: threatpost.com
URL: https://threatpost.com/android-malware-flytrap-facebook/168463/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 04e6fb814fccce3a0aecb83be0bc24665cf3e6a5e993f296471a63708f63e138

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://threatpost.com/android-malware-flytrap-facebook/168463/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Pragma: public
Date: Fri, 18 Feb 2022 11:23:29 GMT
Content-Encoding: gzip
Last-Modified: Thu, 06 Jan 2022 19:24:18 GMT
Server: nginx
ETag: W/"61d741e2-1540"
Transfer-Encoding: chunked
Content-Type: application/x-javascript
Cache-Control: max-age=604800, public
Connection: close
Expires: Fri, 25 Feb 2022 11:23:29 GMT

GET
H/1.1 200
OK i18n.min.js Show response
threatpost.com/wp-includes/js/dist/ 10 KB
4 KB 398ms
134ms Script
application/x-javascript 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-includes/js/dist/i18n.min.js?ver=5f1269854226b4dd90450db411a12b79
Requested by: Host: threatpost.com
URL: https://threatpost.com/android-malware-flytrap-facebook/168463/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: dceda745a0fb58233a95eff6d10796026df6792cb960cdf675eb7b8a6750a2d2

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://threatpost.com/android-malware-flytrap-facebook/168463/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Pragma: public
Date: Fri, 18 Feb 2022 11:23:29 GMT
Content-Encoding: gzip
Last-Modified: Thu, 06 Jan 2022 19:24:18 GMT
Server: nginx
ETag: W/"61d741e2-268a"
Transfer-Encoding: chunked
Content-Type: application/x-javascript
Cache-Control: max-age=604800, public
Connection: close
Expires: Fri, 25 Feb 2022 11:23:29 GMT

GET
H/1.1 200
OK a11y.min.js Show response
threatpost.com/wp-includes/js/dist/ 3 KB
2 KB 398ms
133ms Script
application/x-javascript 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-includes/js/dist/a11y.min.js?ver=0ac8327cc1c40dcfdf29716affd7ac63
Requested by: Host: threatpost.com
URL: https://threatpost.com/android-malware-flytrap-facebook/168463/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: edc988f9162131dfa6d20d122013987468254662e7cdbc7565c39a5789edb6ca

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://threatpost.com/android-malware-flytrap-facebook/168463/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Pragma: public
Date: Fri, 18 Feb 2022 11:23:29 GMT
Content-Encoding: gzip
Last-Modified: Thu, 06 Jan 2022 19:24:18 GMT
Server: nginx
ETag: W/"61d741e2-bc1"
Transfer-Encoding: chunked
Content-Type: application/x-javascript
Cache-Control: max-age=604800, public
Connection: close
Expires: Fri, 25 Feb 2022 11:23:29 GMT

GET
H/1.1 200
OK jquery.json.min.js Show response
threatpost.com/wp-content/plugins/gravityforms/js/ 2 KB
1 KB 398ms
134ms Script
application/x-javascript 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/plugins/gravityforms/js/jquery.json.min.js?ver=2.5.16.3
Requested by: Host: threatpost.com
URL: https://threatpost.com/android-malware-flytrap-facebook/168463/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 693c8b61667ac94847264924178702a190c5113b41b82085dad0641f89e3f864

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://threatpost.com/android-malware-flytrap-facebook/168463/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Pragma: public
Date: Fri, 18 Feb 2022 11:23:29 GMT
Content-Encoding: gzip
Last-Modified: Thu, 17 Feb 2022 13:51:26 GMT
Server: nginx
ETag: W/"620e52de-730"
Transfer-Encoding: chunked
Content-Type: application/x-javascript
Cache-Control: max-age=604800, public
Connection: close
Expires: Fri, 25 Feb 2022 11:23:29 GMT

GET
H/1.1 200
OK gravityforms.min.js Show response
threatpost.com/wp-content/plugins/gravityforms/js/ 43 KB
15 KB 528ms
264ms Script
application/x-javascript 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/plugins/gravityforms/js/gravityforms.min.js?ver=2.5.16.3
Requested by: Host: threatpost.com
URL: https://threatpost.com/android-malware-flytrap-facebook/168463/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 69f0ade8cca67112ef495f707fb73c68fd5099a6cd9c51d9ba9ceda8dcca16f7

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://threatpost.com/android-malware-flytrap-facebook/168463/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Pragma: public
Date: Fri, 18 Feb 2022 11:23:29 GMT
Content-Encoding: gzip
Last-Modified: Thu, 17 Feb 2022 13:51:26 GMT
Server: nginx
ETag: W/"620e52de-abe0"
Transfer-Encoding: chunked
Content-Type: application/x-javascript
Cache-Control: max-age=604800, public
Connection: close
Expires: Fri, 25 Feb 2022 11:23:29 GMT

GET
H/1.1 200
OK conditional_logic.min.js Show response
threatpost.com/wp-content/plugins/gravityforms/js/ 8 KB
3 KB 397ms
134ms Script
application/x-javascript 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/plugins/gravityforms/js/conditional_logic.min.js?ver=2.5.16.3
Requested by: Host: threatpost.com
URL: https://threatpost.com/android-malware-flytrap-facebook/168463/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 7104f88840a420f1702717d900db98910deb6141ad639bb7338b88993e989c72

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://threatpost.com/android-malware-flytrap-facebook/168463/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Pragma: public
Date: Fri, 18 Feb 2022 11:23:30 GMT
Content-Encoding: gzip
Last-Modified: Thu, 17 Feb 2022 13:51:26 GMT
Server: nginx
ETag: W/"620e52de-213f"
Transfer-Encoding: chunked
Content-Type: application/x-javascript
Cache-Control: max-age=604800, public
Connection: close
Expires: Fri, 25 Feb 2022 11:23:30 GMT

GET
H/1.1 200
OK placeholders.jquery.min.js Show response
threatpost.com/wp-content/plugins/gravityforms/js/ 5 KB
2 KB 395ms
132ms Script
application/x-javascript 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/plugins/gravityforms/js/placeholders.jquery.min.js?ver=2.5.16.3
Requested by: Host: threatpost.com
URL: https://threatpost.com/android-malware-flytrap-facebook/168463/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: d62a7b7ec5313469ebff5c006b9068dc44d6d1c122cf787ffa29a10113b34060

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://threatpost.com/android-malware-flytrap-facebook/168463/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Pragma: public
Date: Fri, 18 Feb 2022 11:23:30 GMT
Content-Encoding: gzip
Last-Modified: Thu, 17 Feb 2022 13:51:25 GMT
Server: nginx
ETag: W/"620e52dd-121f"
Transfer-Encoding: chunked
Content-Type: application/x-javascript
Cache-Control: max-age=604800, public
Connection: close
Expires: Fri, 25 Feb 2022 11:23:30 GMT

GET
H2 200 apstag.js Show response
c.amazon-adsystem.com/aax2/ 134 KB
36 KB 218ms
59ms Script
application/javascript 108.156.255.177
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/aax2/apstag.js
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/engine.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.156.255.177 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-156-255-177.dus51.r.cloudfront.net
Software: Server /
Resource Hash: 784acd540b5fcfb87c47dfe12e5311084ce692366a2ac196fd5cc8eb28ff4c23

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

x-amz-version-id: GtBleBshAfJx9KFXwg43LDlo50FXi9le
content-encoding: gzip
etag: c1da564f59b83b9805e8df92eca012f5
age: 48
x-cache: Hit from cloudfront
server: Server
x-amz-rid: 1EFP056ZK2A4YY4HY08M
date: Fri, 18 Feb 2022 11:22:41 GMT
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 7ef588f1ad9c3a185cdaf4119943040e.cloudfront.net (CloudFront)
cache-control: public, max-age=900
x-amz-cf-pop: DUS51-P2
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: ZwGXfTDXn-LaGaX4eklkjg9krLWDV2agqjtUgE-tVPmAfKm4HRoaBA==

GET
H2

200

connatix.player.dc.js Show response
cds.connatix.com/p/151003/ Frame 2762
Redirect Chain

https://cd.connatix.com/connatix.player.js
https://cds.connatix.com/p/151003/connatix.player.dc.js

965 KB
235 KB

76ms
56ms

Script
application/javascript

151.101.66.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cds.connatix.com/p/151003/connatix.player.dc.js
Requested by: Host: threatpost.com
URL: https://threatpost.com/android-malware-flytrap-facebook/168463/
Protocol: H2
Server: 151.101.66.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: b77a51d96d3c04bffbe48e73edd813c0edde1cf5dd4c69369bef16ea85d2c723

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 18 Feb 2022 11:23:28 GMT
content-encoding: br
last-modified: Thu, 17 Feb 2022 14:50:57 GMT
age: 73207
etag: "740feefa86210e7da747c298cda7bee8"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges: bytes
content-length: 239807

Redirect headers

location: https://cds.connatix.com/p/151003/connatix.player.dc.js
date: Fri, 18 Feb 2022 11:23:28 GMT
cache-control: no-cache, no-store, must-revalidate, max-age=0
server: Kestrel
accept-ranges: bytes
content-length: 0

GET
H/1.1 200
OK / Show response
kasperskycontenthub.com/ 0
398 B 398ms
134ms Script
application/javascript 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://kasperskycontenthub.com/?dm=ed1f9e435dc885292eab65620c51f3fb&action=load&blogid=103&siteid=1&t=1172254388&back=https%3A%2F%2Fthreatpost.com%2Fandroid-malware-flytrap-facebook%2F168463%2F

Requested by

Host: threatpost.com
URL: https://threatpost.com/android-malware-flytrap-facebook/168463/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-35-173-160-135.compute-1.amazonaws.com

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Fri, 18 Feb 2022 11:23:29 GMT
X-Content-Type-Options: nosniff
Server: nginx
X-Frame-Options: SAMEORIGIN
Connection: close
Content-Type: application/javascript
x-cache-hit: HIT
Transfer-Encoding: chunked
X-Debug-Auth: off
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Request-Host: kasperskycontenthub.com
X-XSS-Protection: 1; mode=block

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 180 KB
60 KB 179ms
63ms Script
application/javascript 2a00:1450:4001:813::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-PM29HLF

Requested by

Host: threatpost.com
URL: https://threatpost.com/android-malware-flytrap-facebook/168463/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

2daa3e6def3ddccfe12952bab41eb6808d13f0a654e150e055a3ecd57d5f0d1a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 18 Feb 2022 11:23:29 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 61172
x-xss-protection: 0
last-modified: Fri, 18 Feb 2022 09:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 18 Feb 2022 11:23:29 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 502 KB
116 KB 221ms
125ms Script
application/javascript 2a00:1450:4001:813::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-WZ7LJ3

Requested by

Host: threatpost.com
URL: https://threatpost.com/android-malware-flytrap-facebook/168463/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

bbf0f22dc22a14a6f5c34e3831a0a3c50fc831e581193649087ce2e45f597b21

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 18 Feb 2022 11:23:29 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 118587
x-xss-protection: 0
last-modified: Fri, 18 Feb 2022 09:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 18 Feb 2022 11:23:29 GMT

GET
H/1.1 200
OK icons.svg
threatpost.com/wp-content/themes/threatpost-2018//assets/sprite/ 13 KB
13 KB 526ms
264ms Other
image/svg+xml 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018//assets/sprite/icons.svg
Requested by: Host: threatpost.com
URL: https://threatpost.com/android-malware-flytrap-facebook/168463/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 97f5070aadd9475bb56a49a7bc1114e9fe1b992b55f2b227502f35f8bba71d74

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://threatpost.com/android-malware-flytrap-facebook/168463/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Fri, 18 Feb 2022 11:23:30 GMT
Last-Modified: Thu, 17 Feb 2022 13:51:26 GMT
Server: nginx
ETag: "620e52de-328e"
Content-Type: image/svg+xml
Access-Control-Allow-Origin: *
Connection: close
Accept-Ranges: bytes
Content-Length: 12942

GET
H/1.1 200
OK icons.svg
threatpost.com/wp-content/themes/threatpost-2018/assets/sprite/ 13 KB
13 KB 527ms
263ms Other
image/svg+xml 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/sprite/icons.svg
Requested by: Host: threatpost.com
URL: https://threatpost.com/android-malware-flytrap-facebook/168463/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 97f5070aadd9475bb56a49a7bc1114e9fe1b992b55f2b227502f35f8bba71d74

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://threatpost.com/android-malware-flytrap-facebook/168463/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Fri, 18 Feb 2022 11:23:30 GMT
Last-Modified: Thu, 17 Feb 2022 13:51:26 GMT
Server: nginx
ETag: "620e52de-328e"
Content-Type: image/svg+xml
Access-Control-Allow-Origin: *
Connection: close
Accept-Ranges: bytes
Content-Length: 12942

GET
H2 200 logo.png
assets.threatpost.com/wp-content/themes/threatpost-2018/assets/images/ 19 KB
19 KB 436ms
435ms Image
image/png 2600:9000:2315:3a00:2:9275:3d40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.threatpost.com/wp-content/themes/threatpost-2018/assets/images/logo.png
Requested by: Host: assets.threatpost.com
URL: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=4a0d7867
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2315:3a00:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 39af7c1116fb967a330e8770f775e6b5ee871add01ed45c98a1634911cebfb0a

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=4a0d7867
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: public
date: Fri, 18 Feb 2022 11:23:29 GMT
via: 1.1 656be55f933cf25841b96f9c9070a178.cloudfront.net (CloudFront)
last-modified: Thu, 17 Feb 2022 13:51:26 GMT
server: nginx
x-amz-cf-pop: DUS51-P2
etag: "620e52de-4a32"
x-cache: Miss from cloudfront
content-type: image/png
cache-control: max-age=604800, public
accept-ranges: bytes
content-length: 18994
x-amz-cf-id: 3r0yPS7W3LwTFBELynz3kplKB3OGFVbKgq6e7BlLJpXCAkrkPlkK8w==
expires: Fri, 25 Feb 2022 11:23:29 GMT

GET
H2 200 museosans-700-webfont.woff2
assets.threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 20 KB
21 KB 626ms
513ms Font
font/woff2 2600:9000:2315:3a00:2:9275:3d40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-700-webfont.woff2
Requested by: Host: assets.threatpost.com
URL: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=4a0d7867
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2315:3a00:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: ae00ae9c862bc8b8923efd1d9a18befa912678a869d4dd01179a59ed3de731be

Request headers

Referer: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=4a0d7867
Origin: https://threatpost.com
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 18 Feb 2022 11:23:29 GMT
via: 1.1 3a42f75e219a9a44a54979112dcb25dc.cloudfront.net (CloudFront)
last-modified: Thu, 17 Feb 2022 13:51:26 GMT
server: nginx
x-amz-cf-pop: DUS51-P2
etag: "620e52de-51a4"
x-cache: Miss from cloudfront
content-type: font/woff2
access-control-allow-origin: *
accept-ranges: bytes
content-length: 20900
x-amz-cf-id: nM_bL6JFvLaU7GtDgk9AZV6uBMIsRqE-xUi9ed-3kKPUCuIUPyWRTA==

GET
H2 200 museosans-100-webfont.woff2
assets.threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 20 KB
21 KB 598ms
485ms Font
font/woff2 2600:9000:2315:3a00:2:9275:3d40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-100-webfont.woff2
Requested by: Host: assets.threatpost.com
URL: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=4a0d7867
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2315:3a00:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 06fc565587b8b700936a1677218cb269a6cc31ca5f701eb45461e86a3d54d5c7

Request headers

Referer: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=4a0d7867
Origin: https://threatpost.com
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 18 Feb 2022 11:23:29 GMT
via: 1.1 3a42f75e219a9a44a54979112dcb25dc.cloudfront.net (CloudFront)
last-modified: Thu, 17 Feb 2022 13:51:27 GMT
server: nginx
x-amz-cf-pop: DUS51-P2
etag: "620e52df-50c8"
x-cache: Miss from cloudfront
content-type: font/woff2
access-control-allow-origin: *
accept-ranges: bytes
content-length: 20680
x-amz-cf-id: O4NLLDXVPrJNGpmLSwbP-hwmeK37s5-v_Mpi8BSEUIqWt8HQ85uBrA==

GET
H2 200 museosans-300-webfont.woff2
assets.threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 20 KB
21 KB 612ms
499ms Font
font/woff2 2600:9000:2315:3a00:2:9275:3d40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-300-webfont.woff2
Requested by: Host: assets.threatpost.com
URL: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=4a0d7867
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2315:3a00:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 45ddc09b0ad6ab916bd9a0282070b161045e186fc025303f4aa1aa821fc45ac7

Request headers

Referer: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=4a0d7867
Origin: https://threatpost.com
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 18 Feb 2022 11:23:29 GMT
via: 1.1 3a42f75e219a9a44a54979112dcb25dc.cloudfront.net (CloudFront)
last-modified: Thu, 17 Feb 2022 13:51:27 GMT
server: nginx
x-amz-cf-pop: DUS51-P2
etag: "620e52df-51b8"
x-cache: Miss from cloudfront
content-type: font/woff2
access-control-allow-origin: *
accept-ranges: bytes
content-length: 20920
x-amz-cf-id: BeQvd0zjR-IZBOUI9EJgfvtitsssjrHN9OhLugcWuy9cMooB-7R8sA==

GET
H2 200 museosans-500-webfont.woff2
assets.threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 20 KB
21 KB 545ms
432ms Font
font/woff2 2600:9000:2315:3a00:2:9275:3d40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-500-webfont.woff2
Requested by: Host: assets.threatpost.com
URL: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=4a0d7867
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2315:3a00:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 2de77164bb9924542e1dea4ee4a0ff27d40b51a3d7939dac7db11a95045c9b7d

Request headers

Referer: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=4a0d7867
Origin: https://threatpost.com
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 18 Feb 2022 11:23:29 GMT
via: 1.1 3a42f75e219a9a44a54979112dcb25dc.cloudfront.net (CloudFront)
last-modified: Thu, 17 Feb 2022 13:51:26 GMT
server: nginx
x-amz-cf-pop: DUS51-P2
etag: "620e52de-5194"
x-cache: Miss from cloudfront
content-type: font/woff2
access-control-allow-origin: *
accept-ranges: bytes
content-length: 20884
x-amz-cf-id: 5iqJ_-PmcVoyaxh63ehDOvAh8a4WcQ5GRIfFA-enK3VCuPRWe4APBQ==

GET
H2 200 Lisa-Vaas-Headshot.jpg
media.threatpost.com/wp-content/uploads/sites/103/2021/05/05095532/ 18 KB
19 KB 313ms
60ms Image
image/jpeg 2600:9000:2204:8e00:0:5c46:4f40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.threatpost.com/wp-content/uploads/sites/103/2021/05/05095532/Lisa-Vaas-Headshot.jpg
Requested by: Host: threatpost.com
URL: https://threatpost.com/android-malware-flytrap-facebook/168463/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2204:8e00:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 1d5a65e5129df0b4c89e73f205c6cb89cba0cd1d8e21a1512ca76b769634052d

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 01:12:27 GMT
via: 1.1 1f5757b46371746e677236d4fc67d364.cloudfront.net (CloudFront), 1.1 552d1a24616d6b8d6e3fbbdf18a54b6a.cloudfront.net (CloudFront)
last-modified: Tue, 25 May 2021 13:37:34 GMT
server: AmazonS3
age: 2542263
etag: "78f8fd88850c65941db84cb8bf0d741d"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=31536000
x-amz-cf-pop: FRA53-C1, AMS50-C1
accept-ranges: bytes
content-length: 18649
x-amz-cf-id: ZLIIvf805Sa4r7t11ISlrSwSUOb5QtKY6yC4_PTXHAHrDj80P1x9uw==
expires: Wed, 25 May 2022 13:37:32 GMT

GET
H2 200 subscribe2.jpg
media.threatpost.com/wp-content/uploads/sites/103/2019/02/19151457/ 8 KB
9 KB 314ms
60ms Image
image/jpeg 2600:9000:2204:8e00:0:5c46:4f40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.threatpost.com/wp-content/uploads/sites/103/2019/02/19151457/subscribe2.jpg
Requested by: Host: threatpost.com
URL: https://threatpost.com/android-malware-flytrap-facebook/168463/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2204:8e00:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: aa64fa30a3263fa3105736228a6feaaa4f7d32d8ef96b12e56f6fb95511b66a7

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 12:59:12 GMT
via: 1.1 bee9d99ac2913ec4167e166e6bdb691e.cloudfront.net (CloudFront), 1.1 552d1a24616d6b8d6e3fbbdf18a54b6a.cloudfront.net (CloudFront)
last-modified: Tue, 19 Feb 2019 20:14:58 GMT
server: AmazonS3
age: 10967058
etag: "5ba45563f793f39ef6baf02645651654"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=31536000
x-amz-cf-pop: FRA50-C1, AMS50-C1
accept-ranges: bytes
content-length: 8281
x-amz-cf-id: POoJ0dyjxCBOB0TlhceYrJkG9mZ4mkTKVeo2TxrBZOGQMfhz7bvSBQ==
expires: Wed, 19 Feb 2020 20:14:57 GMT

GET
H2 200 come-ons.jpeg
media.threatpost.com/wp-content/uploads/sites/103/2021/08/09113314/ 39 KB
39 KB 66ms
64ms Image
image/jpeg 2600:9000:2204:8e00:0:5c46:4f40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.threatpost.com/wp-content/uploads/sites/103/2021/08/09113314/come-ons.jpeg
Requested by: Host: threatpost.com
URL: https://threatpost.com/android-malware-flytrap-facebook/168463/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2204:8e00:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: f8d1cad2cb8a75bb0d0cc7cbf0c7d0f229baaec7a2051f25e9e537e95867f0b6

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 17 Feb 2022 22:50:35 GMT
via: 1.1 d627b75d0c1aedd3691390ac8498d3b0.cloudfront.net (CloudFront), 1.1 552d1a24616d6b8d6e3fbbdf18a54b6a.cloudfront.net (CloudFront)
last-modified: Mon, 09 Aug 2021 15:33:16 GMT
server: AmazonS3
age: 45175
etag: "01e490adbde0fc6cccca1b6eb8ba5e53"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=31536000
x-amz-cf-pop: FRA50-C1, AMS50-C1
accept-ranges: bytes
content-length: 39949
x-amz-cf-id: _vsyVrwQ3K1FZ8TmFDcrZD-wtEOBz-Db71jhv0woPvK4Hr3tCylAMQ==
expires: Tue, 09 Aug 2022 15:33:14 GMT

GET
H2 200 facebook-hacking-app.jpeg
media.threatpost.com/wp-content/uploads/sites/103/2021/08/09113318/ 43 KB
43 KB 83ms
82ms Image
image/jpeg 2600:9000:2204:8e00:0:5c46:4f40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.threatpost.com/wp-content/uploads/sites/103/2021/08/09113318/facebook-hacking-app.jpeg
Requested by: Host: threatpost.com
URL: https://threatpost.com/android-malware-flytrap-facebook/168463/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2204:8e00:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 3f7f1965d582fc469657ef5c1b6b4b03641de6d2b173c9a922889afd99eb8c69

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 17 Feb 2022 22:50:37 GMT
via: 1.1 c6702f5f3b6e77da6f394e67ef1a6aaa.cloudfront.net (CloudFront), 1.1 552d1a24616d6b8d6e3fbbdf18a54b6a.cloudfront.net (CloudFront)
last-modified: Mon, 09 Aug 2021 15:33:20 GMT
server: AmazonS3
age: 45173
etag: "63802ce8e52bba82d94ad4816c9a4b03"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=31536000
x-amz-cf-pop: FRA50-C1, AMS50-C1
accept-ranges: bytes
content-length: 43872
x-amz-cf-id: eriPSq7Ksouy5pQTfo-bx0dvijdeQk7DiBIHK0L6T9KOwV6rIbN95Q==
expires: Tue, 09 Aug 2022 15:33:18 GMT

GET
H2 200 flytrap-map-e1628523685705.jpg
media.threatpost.com/wp-content/uploads/sites/103/2021/08/09114111/ 47 KB
47 KB 111ms
110ms Image
image/jpeg 2600:9000:2204:8e00:0:5c46:4f40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.threatpost.com/wp-content/uploads/sites/103/2021/08/09114111/flytrap-map-e1628523685705.jpg
Requested by: Host: threatpost.com
URL: https://threatpost.com/android-malware-flytrap-facebook/168463/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2204:8e00:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 1e5604302ed0aba3f3c3236428f33dea20764365b2b577876d5beb3bf1ed5a38

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Tue, 15 Feb 2022 06:17:44 GMT
via: 1.1 d627b75d0c1aedd3691390ac8498d3b0.cloudfront.net (CloudFront), 1.1 552d1a24616d6b8d6e3fbbdf18a54b6a.cloudfront.net (CloudFront)
last-modified: Mon, 09 Aug 2021 15:41:27 GMT
server: AmazonS3
age: 277546
etag: "ea006e30db8c6951f4cdd189b5d188c6"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=31536000
x-amz-cf-pop: FRA50-C1, AMS50-C1
accept-ranges: bytes
content-length: 47682
x-amz-cf-id: C6Tayqetd8pPiUymXple7QofUtRvOmKEILHsjnDGD5ez7XcRef0uiw==
expires: Tue, 09 Aug 2022 15:41:26 GMT

GET
H2 200 mail-plane-light.svg
assets.threatpost.com/wp-content/themes/threatpost-2018/assets/images/ 828 B
1 KB 333ms
333ms Image
image/svg+xml 2600:9000:2315:3a00:2:9275:3d40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.threatpost.com/wp-content/themes/threatpost-2018/assets/images/mail-plane-light.svg
Requested by: Host: assets.threatpost.com
URL: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=4a0d7867
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2315:3a00:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 5a7ed822968963e31d88424c96387ad9f4fd4f4b5a5b581a33f65e3784d162cf

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=4a0d7867
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 18 Feb 2022 11:23:29 GMT
via: 1.1 656be55f933cf25841b96f9c9070a178.cloudfront.net (CloudFront)
last-modified: Thu, 17 Feb 2022 13:51:26 GMT
server: nginx
x-amz-cf-pop: DUS51-P2
etag: "620e52de-33c"
x-cache: Miss from cloudfront
content-type: image/svg+xml
access-control-allow-origin: *
accept-ranges: bytes
content-length: 828
x-amz-cf-id: -n8WBxlVhRFNHdoYtPyGm60WBH3zHuLeDUpBciiwii4ij7mMa_MnRg==

GET
H2 200 twitter-blue.svg
assets.threatpost.com/wp-content/themes/threatpost-2018/assets/images/ 868 B
1 KB 331ms
331ms Image
image/svg+xml 2600:9000:2315:3a00:2:9275:3d40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.threatpost.com/wp-content/themes/threatpost-2018/assets/images/twitter-blue.svg
Requested by: Host: assets.threatpost.com
URL: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=4a0d7867
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2315:3a00:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 420508fc523520f35de5c851905543294123d7676b5a5668744691f2abe9e730

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=4a0d7867
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 18 Feb 2022 11:23:29 GMT
via: 1.1 656be55f933cf25841b96f9c9070a178.cloudfront.net (CloudFront)
last-modified: Thu, 17 Feb 2022 13:51:26 GMT
server: nginx
x-amz-cf-pop: DUS51-P2
etag: "620e52de-364"
x-cache: Miss from cloudfront
content-type: image/svg+xml
access-control-allow-origin: *
accept-ranges: bytes
content-length: 868
x-amz-cf-id: 4a0pRTUpkrSr8zIk8EAZNQBEvj-u1OTljQqz9-TSiSBUdJSKb20VPQ==

GET
H2 200 museosans-700italic-webfont.woff2
assets.threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 15 KB
16 KB 511ms
444ms Font
font/woff2 2600:9000:2315:3a00:2:9275:3d40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-700italic-webfont.woff2
Requested by: Host: assets.threatpost.com
URL: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=4a0d7867
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2315:3a00:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 859faa9b9ed0990288b2f393a102b1fe2668ac79088b113b6f0beaee521221eb

Request headers

Referer: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=4a0d7867
Origin: https://threatpost.com
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 18 Feb 2022 11:23:29 GMT
via: 1.1 3a42f75e219a9a44a54979112dcb25dc.cloudfront.net (CloudFront)
last-modified: Thu, 17 Feb 2022 13:51:26 GMT
server: nginx
x-amz-cf-pop: DUS51-P2
etag: "620e52de-3dcc"
x-cache: Miss from cloudfront
content-type: font/woff2
access-control-allow-origin: *
accept-ranges: bytes
content-length: 15820
x-amz-cf-id: ZonfkKLJUzke9PaKCUjRBWU7FkF5lS2qFZcpNEspKGhv6Gggpbtyxw==

GET
H2 200 player.css
cds.connatix.com/p/151003/ 55 KB
8 KB 54ms
53ms Stylesheet
text/css 151.101.66.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cds.connatix.com/p/151003/player.css
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.66.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 9eefc4df7a8039f027e36034251662824c66af32cd42470fb332eb92a5051d91

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 18 Feb 2022 11:23:29 GMT
content-encoding: br
last-modified: Thu, 17 Feb 2022 14:50:57 GMT
age: 73207
etag: "95eead34519638743a7af7bc3d43f6e9"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges: bytes
content-length: 8437

GET
H2 200 mail-plane-large-dark.svg
assets.threatpost.com/wp-content/themes/threatpost-2018/assets/images/ 812 B
1 KB 332ms
332ms Image
image/svg+xml 2600:9000:2315:3a00:2:9275:3d40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.threatpost.com/wp-content/themes/threatpost-2018/assets/images/mail-plane-large-dark.svg
Requested by: Host: assets.threatpost.com
URL: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=4a0d7867
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2315:3a00:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: a9d2b2df99c1a115d5394c70a898d8801092208dc582f8bd6fb01b35c30d6b22

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=4a0d7867
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 18 Feb 2022 11:23:29 GMT
via: 1.1 656be55f933cf25841b96f9c9070a178.cloudfront.net (CloudFront)
last-modified: Thu, 17 Feb 2022 13:51:26 GMT
server: nginx
x-amz-cf-pop: DUS51-P2
etag: "620e52de-32c"
x-cache: Miss from cloudfront
content-type: image/svg+xml
access-control-allow-origin: *
accept-ranges: bytes
content-length: 812
x-amz-cf-id: SuiH-m83VQli_OfR66g1c6nW_R1NwgGab1ZFvL1J3JUTiECPb8DS2g==

GET
H2 200 logo-white.png
assets.threatpost.com/wp-content/themes/threatpost-2018/assets/images/ 10 KB
10 KB 337ms
337ms Image
image/png 2600:9000:2315:3a00:2:9275:3d40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.threatpost.com/wp-content/themes/threatpost-2018/assets/images/logo-white.png
Requested by: Host: assets.threatpost.com
URL: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=4a0d7867
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2315:3a00:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: e4058d4ee9da1ceaddfa91ddb63650ba67285f1bbfee487d9dfe648bced669a0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=4a0d7867
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: public
date: Fri, 18 Feb 2022 11:23:29 GMT
via: 1.1 656be55f933cf25841b96f9c9070a178.cloudfront.net (CloudFront)
last-modified: Thu, 17 Feb 2022 13:51:26 GMT
server: nginx
x-amz-cf-pop: DUS51-P2
etag: "620e52de-260a"
x-cache: Miss from cloudfront
content-type: image/png
cache-control: max-age=604800, public
accept-ranges: bytes
content-length: 9738
x-amz-cf-id: Fhpp9ExPmRFf8bMLnCaXh4MU6fYsFhfrz2ovhimfRn_LP1gcIyJk8Q==
expires: Fri, 25 Feb 2022 11:23:29 GMT

GET
H2 200 nuclear-bomb-explosion-1478796377Hhl-64x64.jpeg
media.threatpost.com/wp-content/uploads/sites/103/2021/09/29112739/ 2 KB
3 KB 57ms
56ms Image
image/jpeg 2600:9000:2204:8e00:0:5c46:4f40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.threatpost.com/wp-content/uploads/sites/103/2021/09/29112739/nuclear-bomb-explosion-1478796377Hhl-64x64.jpeg
Requested by: Host: threatpost.com
URL: https://threatpost.com/android-malware-flytrap-facebook/168463/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2204:8e00:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 6c8e343da3b15a6a26e0367b83d1c97813863ea6e6a905bd9e69870bb0a0ebd0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 09 Feb 2022 21:08:04 GMT
via: 1.1 9c7c26f5beeb09381cea450ea3581b36.cloudfront.net (CloudFront), 1.1 552d1a24616d6b8d6e3fbbdf18a54b6a.cloudfront.net (CloudFront)
last-modified: Wed, 29 Sep 2021 15:27:43 GMT
server: AmazonS3
age: 742526
etag: "6d0d1a22dbbe088376115135bb5be675"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=31536000
x-amz-cf-pop: FRA50-C1, AMS50-C1
accept-ranges: bytes
content-length: 2337
x-amz-cf-id: uA6o0dGVzSncM3TDe5LDoOqJEk2-K5H7Twn5aImqUpHveKJAb65hUw==
expires: Thu, 29 Sep 2022 15:27:42 GMT

GET
H2 200 Log4J_shell_thrpst-e1643986376319-64x64.jpg
media.threatpost.com/wp-content/uploads/sites/103/2021/12/30110920/ 2 KB
3 KB 56ms
55ms Image
image/jpeg 2600:9000:2204:8e00:0:5c46:4f40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.threatpost.com/wp-content/uploads/sites/103/2021/12/30110920/Log4J_shell_thrpst-e1643986376319-64x64.jpg
Requested by: Host: threatpost.com
URL: https://threatpost.com/android-malware-flytrap-facebook/168463/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2204:8e00:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 41f047950d4db7e04d250ebe65613aaaf482546a855d9321d1536ecb8ab6cccf

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 04 Feb 2022 18:59:05 GMT
via: 1.1 e38834cd8f7f79ef118dc9bba0861780.cloudfront.net (CloudFront), 1.1 552d1a24616d6b8d6e3fbbdf18a54b6a.cloudfront.net (CloudFront)
last-modified: Fri, 04 Feb 2022 14:52:59 GMT
server: AmazonS3
age: 1182265
etag: "8b8e89e4e306930920312db10e2c0dbf"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=31536000
x-amz-cf-pop: FRA50-C1, AMS50-C1
accept-ranges: bytes
content-length: 2455
x-amz-cf-id: H7ihcATxd-SJ0JSnclssshZXtjD-p61JUIV8zNQ1WHFPqg9wrBjmug==
expires: Sat, 04 Feb 2023 14:52:57 GMT

GET
H2 200 supply-chain2-64x64.jpeg
media.threatpost.com/wp-content/uploads/sites/103/2022/02/02140943/ 2 KB
2 KB 59ms
58ms Image
image/jpeg 2600:9000:2204:8e00:0:5c46:4f40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.threatpost.com/wp-content/uploads/sites/103/2022/02/02140943/supply-chain2-64x64.jpeg
Requested by: Host: threatpost.com
URL: https://threatpost.com/android-malware-flytrap-facebook/168463/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2204:8e00:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 3dcc69c89f8421a30c4e63cf2c31dfac51d3bd83531a65bb69dd1ab337985187

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 02 Feb 2022 19:24:15 GMT
via: 1.1 6b8ac2d6d64dc42007741d312e2d73aa.cloudfront.net (CloudFront), 1.1 552d1a24616d6b8d6e3fbbdf18a54b6a.cloudfront.net (CloudFront)
last-modified: Wed, 02 Feb 2022 19:09:57 GMT
server: AmazonS3
age: 1353555
etag: "f202038f6e1dcefdb72bc1ccef283edf"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=31536000
x-amz-cf-pop: FRA50-C1, AMS50-C1
accept-ranges: bytes
content-length: 1848
x-amz-cf-id: XGjltR88SGkUAiakLtiuU-I6SejsofTr1qIjJXRINaI6IAO0uyhdEA==
expires: Thu, 02 Feb 2023 19:09:56 GMT

GET
H2 200 cat-and-mouse-64x64.jpeg
media.threatpost.com/wp-content/uploads/sites/103/2022/01/01155844/ 2 KB
2 KB 54ms
53ms Image
image/jpeg 2600:9000:2204:8e00:0:5c46:4f40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.threatpost.com/wp-content/uploads/sites/103/2022/01/01155844/cat-and-mouse-64x64.jpeg
Requested by: Host: threatpost.com
URL: https://threatpost.com/android-malware-flytrap-facebook/168463/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2204:8e00:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: bf92c33733f79c7bdbbdb4f7124333ad107d19dae52c9192dd6b82fecaae1df3

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Tue, 01 Feb 2022 20:59:59 GMT
via: 1.1 009e5e3e32afcd1d135a7234c9da5520.cloudfront.net (CloudFront), 1.1 552d1a24616d6b8d6e3fbbdf18a54b6a.cloudfront.net (CloudFront)
last-modified: Tue, 01 Feb 2022 20:58:53 GMT
server: AmazonS3
age: 1434211
etag: "a3ad1ff7393793d6755218523750e583"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=31536000
x-amz-cf-pop: FRA50-C1, AMS50-C1
accept-ranges: bytes
content-length: 1547
x-amz-cf-id: AErYHkI64ZtelBh5Lo23Ivx1QrJXzMEcB2jc17n3Dj-YvxLsUJM6Hg==
expires: Wed, 01 Feb 2023 20:58:52 GMT

GET
H2 200 knight-cyber-defense-64x64.jpeg
media.threatpost.com/wp-content/uploads/sites/103/2022/01/26151713/ 2 KB
2 KB 57ms
57ms Image
image/jpeg 2600:9000:2204:8e00:0:5c46:4f40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.threatpost.com/wp-content/uploads/sites/103/2022/01/26151713/knight-cyber-defense-64x64.jpeg
Requested by: Host: threatpost.com
URL: https://threatpost.com/android-malware-flytrap-facebook/168463/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2204:8e00:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 9e07972576092aeba94d2dbd48c39a726bb83ebd0a367c599ae573c36d987387

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 26 Jan 2022 20:23:54 GMT
via: 1.1 edfd22ec6695cdc9d7ac634220af1314.cloudfront.net (CloudFront), 1.1 552d1a24616d6b8d6e3fbbdf18a54b6a.cloudfront.net (CloudFront)
last-modified: Wed, 26 Jan 2022 20:17:26 GMT
server: AmazonS3
age: 1954776
etag: "50a90081ff46248d6df3a1a6d32852a9"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=31536000
x-amz-cf-pop: FRA2-C2, AMS50-C1
accept-ranges: bytes
content-length: 1757
x-amz-cf-id: 7gbhWyUc18J6S8VP5qUa-kt6jzmdfhvYJO4jGqvg9i5rHQEGeqW7Jg==
expires: Thu, 26 Jan 2023 20:17:25 GMT

POST
H/1.1 200
OK pls Show response
capi.connatix.com/core/ Frame 2762 11 KB
5 KB 573ms
150ms XHR
application/x-protobuf 18.191.54.29
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://capi.connatix.com/core/pls?v=151003
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.191.54.29 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-191-54-29.us-east-2.compute.amazonaws.com
Software: Kestrel /
Resource Hash: e0b1b548d94a8015d0a9089f0b23d81dcdafbecb80676b517d3149eefe6b023e

Request headers

Referer
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: multipart/form-data

Response headers

date: Fri, 18 Feb 2022 11:23:28 GMT
content-encoding: gzip
server: Kestrel
vary: Accept-Encoding
content-type: application/x-protobuf
access-control-allow-origin: https://threatpost.com
access-control-allow-credentials: true
Connection: keep-alive
Content-Length: 5083

GET
H3 200 vendor-list.json Show response
qd.admetricspro.com/js/cmp2/ 256 KB
36 KB 249ms
195ms XHR
application/json 2606:4700:3031::6815:456d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://qd.admetricspro.com/js/cmp2/vendor-list.json
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/cmp.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::6815:456d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1aeb3ee07f4b462935c5d8047ff038c8e279d75f9be1dcd0b848ba68223a3ee2

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 18 Feb 2022 11:23:29 GMT
content-encoding: br
cf-cache-status: DYNAMIC
last-modified: Mon, 31 May 2021 16:54:38 GMT
server: cloudflare
etag: W/"3ffae-5c3a314b5dcb2"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7Y8rYvbfXEJt6v0BdV6mfVcGW13Ft5aOghcv%2BUlQGgmmSSzh4c%2F84sh5w7x%2F9Wc8Cq%2FUKk9Qne%2FfwTHGb6kb92iirNVH7S8mpreR56V1MuRh18Us%2FImbpcJd7vv6zLGIAE48bAZXRvzH6bnTD4ixnspi"}],"group":"cf-nel","max_age":604800}
content-type: application/json
access-control-allow-origin: *
cache-control: max-age=600
cf-ray: 6df6e23459c471d5-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Fri, 18 Feb 2022 11:33:29 GMT

GET
H2 200 b-7b120a5-9b871d4e.js Show response
tagan.adlightning.com/math-aids-threatpost/ 73 KB
28 KB 88ms
88ms Script
application/javascript 108.157.4.43
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.157.4.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-157-4-43.dus51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 4658e1122a2190db712f6731d3e8c14b027f0a42bd7c1333b11d272f8e9ea3fd

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 01 Oct 2021 20:58:51 GMT
content-encoding: gzip
age: 12061479
x-cache: Hit from cloudfront
content-length: 28179
x-amz-meta-git_commit: 7b120a5
last-modified: Mon, 16 Aug 2021 17:49:31 GMT
server: AmazonS3
etag: "c42a7ac1ac405f3f0cad04305cad5553"
x-amz-version-id: HCJNSpgvHPkSF2.YDap.Qx6PnxOllH79
via: 1.1 ba922c695b86542cbfc03c782d8776d4.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: DUS51-P2
accept-ranges: bytes
content-type: application/javascript
x-amz-cf-id: KhNI3APqYaU_B3QVPtBLNiVHB55FrBcx7cD9NV9wJnm5mWh8OjOBSA==

GET
H2 200 bl-8f58e1d-bb67780e.js Show response
tagan.adlightning.com/math-aids-threatpost/ 63 KB
25 KB 97ms
96ms Script
application/javascript 108.157.4.43
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/math-aids-threatpost/bl-8f58e1d-bb67780e.js
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.157.4.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-157-4-43.dus51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 028779a4efd8cea0e6e45d0cf991eda01e8411d4a4720e0b3af92a9e522c0862

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 18 Feb 2022 11:09:43 GMT
content-encoding: gzip
age: 827
x-cache: Hit from cloudfront
content-length: 25558
x-amz-meta-git_commit: 8f58e1d
last-modified: Fri, 18 Feb 2022 10:52:21 GMT
server: AmazonS3
etag: "ff0bc48f6f0ef9ee2a9f3b217841ba6c"
x-amz-version-id: LpahR3XCvBpx5ra8rddk0bzg3u9nPOOD
via: 1.1 ba922c695b86542cbfc03c782d8776d4.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: DUS51-P2
accept-ranges: bytes
content-type: application/javascript
x-amz-cf-id: EUrb-jAHznJ7zUca9uPsz55bpR0UFTCFuR_Y9qx6acKTrjAqadNoNQ==

GET
H2 200 config Show response
c.amazon-adsystem.com/cdn/prod/ 662 B
1019 B 52ms
51ms XHR
application/json 108.156.255.177
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/cdn/prod/config?src=600&u=https%3A%2F%2Fthreatpost.com&pubid=cb8cfc89-e83e-44aa-a3a2-ff78eda781ef
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.156.255.177 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-156-255-177.dus51.r.cloudfront.net
Software: Server /
Resource Hash: 6493fe707262fb8d9bc0e4d487e319fc9ebe7de26ebe7e3b4f58a5d17f03a9ea

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 18 Feb 2022 08:10:25 GMT
via: 1.1 7ef588f1ad9c3a185cdaf4119943040e.cloudfront.net (CloudFront)
server: Server
age: 11583
x-cache: Hit from cloudfront
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://threatpost.com
cache-control: max-age=21550, s-maxage=21600
access-control-allow-credentials: true
x-amz-cf-pop: DUS51-P2
content-length: 662
x-amz-cf-id: Tno26ztIf37j_sH0_GWB4oGwwFSdMSqjJsxDuaHXVKl8NQ7nchB2-w==

GET
H2 200 aps_csm.js Show response
c.amazon-adsystem.com/bao-csm/aps-comm/ 6 KB
3 KB 157ms
54ms XHR
application/javascript 108.156.255.177
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.156.255.177 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-156-255-177.dus51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

x-amz-version-id: eaU6ir6qmGswM2SGRmLi7PKhBcBrRdvn
content-encoding: gzip
etag: W/"a4d296427fc806b21335359e398c025c"
age: 16271
x-cache: Hit from cloudfront
access-control-max-age: 3000
access-control-allow-origin: *
last-modified: Fri, 21 Jan 2022 02:54:57 GMT
server: AmazonS3
date: Fri, 18 Feb 2022 06:52:19 GMT
vary: Origin
access-control-allow-methods: GET
content-type: application/javascript
via: 1.1 7dc1e6ca5d933ea10694c61d8475b502.cloudfront.net (CloudFront)
cache-control: public, max-age=86400
x-amz-cf-pop: DUS51-P2
x-amz-cf-id: _qmuPmLV_E5XNPaX6NrAKF9uKj3CD5W3E98vtGiy7idqZRdr5wR_LA==

GET
H2 200 pubads_impl_2022021602.js Show response
securepubads.g.doubleclick.net/gpt/ 362 KB
122 KB 169ms
54ms Script
text/javascript 142.250.74.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022021602.js?31064988

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.74.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s02-in-f2.1e100.net

Software

sffe /

Resource Hash

a034073242b63a4bf8f20744f8cb4b4bb74e17464ecf7da2c2a001b082d5d3e8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 17 Feb 2022 04:14:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 112121
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 124238
x-xss-protection: 0
last-modified: Thu, 17 Feb 2022 02:36:01 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Fri, 17 Feb 2023 04:14:48 GMT

GET
H2 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 138 B
734 B 186ms
64ms XHR
application/json 142.250.74.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=threatpost.com

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.74.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s02-in-f2.1e100.net

Software

cafe /

Resource Hash

4333cdc0f2778c7b75c6aed9e4395bb5ae66fd6877116200b696c6a127a535a0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 18 Feb 2022 11:23:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 98
x-xss-protection: 0
expires: Fri, 18 Feb 2022 11:23:29 GMT

GET
H2 200 recaptcha__en.js Show response
www.gstatic.com/recaptcha/releases/BycHQdSIhzR_1EcOLw2mOzYQ/ 354 KB
140 KB 170ms
53ms Script
text/javascript 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/BycHQdSIhzR_1EcOLw2mOzYQ/recaptcha__en.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api.js?render=explicit&ver=202124050927

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

34ddb17fa5ce3277bc2c28f8baf901a219c50a7808feee12fe23f2a2a69961e4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/
Origin: https://threatpost.com
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 18 Feb 2022 09:30:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 6760
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 142486
x-xss-protection: 0
last-modified: Mon, 07 Feb 2022 05:03:43 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 18 Feb 2023 09:30:49 GMT

GET
H2 200 pubcid.min.js Show response
secure.cdn.fastclick.net/js/pubcid/latest/ 53 KB
17 KB 189ms
54ms Script
application/javascript 104.89.31.187
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.cdn.fastclick.net/js/pubcid/latest/pubcid.min.js
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.89.31.187 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-89-31-187.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: a4350fed8ed92bbf4f462fc245028928ac33afa25d2231b28c334b91cd0d3952

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 18 Feb 2022 11:23:29 GMT
content-encoding: gzip
last-modified: Tue, 01 Jun 2021 17:06:57 GMT
server: Apache
etag: "d398-5c3b75e9ebb41-gzip"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=900
accept-ranges: bytes
content-length: 17087
expires: Fri, 18 Feb 2022 11:38:29 GMT

GET
H2 200 id5-api.js Show response
cdn.id5-sync.com/api/1.0/ 38 KB
11 KB 245ms
121ms Script
text/javascript 46.105.202.126
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.id5-sync.com/api/1.0/id5-api.js

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

46.105.202.126 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

Resource Hash

60d76e5d3d47c3f67063f6ad8c4c19906031164734d901e60a8842d0a292a1cd

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
content-encoding: br
x-cacheable: Matched cache
x-cdn-pop-ip: 51.254.41.128/25
date: Fri, 18 Feb 2022 11:17:22 GMT
content-type: text/javascript;charset=utf-8
cache-control: max-age=3600
x-cdn-pop: rbx1
content-disposition: attachment;filename="id5-api.js"
accept-ranges: bytes
content-length: 10638
x-request-id: 462225586

GET
H2 200 blockedDomains_5.bin Show response
lit.connatix.com/08d79ac9-d151-59b7-8ffc-1666f862d246/ Frame 2762 74 B
315 B 184ms
55ms XHR
application/octet-stream 151.101.194.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://lit.connatix.com/08d79ac9-d151-59b7-8ffc-1666f862d246/blockedDomains_5.bin
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.194.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: afd5cc9a76644dae1f7c9fd64675c4b970aafeff1601ee5cfa7eb541c9afa955

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 18 Feb 2022 11:23:30 GMT
content-encoding: gzip
last-modified: Tue, 15 Feb 2022 18:25:23 GMT
age: 233789
etag: "47f07e08b9e6ee0233e933db7301f226"
vary: Accept-Encoding
content-type: application/octet-stream
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges: bytes
content-length: 79

POST
H/1.1 200
OK sr Show response
capi.connatix.com/tr/ Frame 2762 0
315 B 129ms
128ms XHR
application/x-protobuf 18.191.54.29
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://capi.connatix.com/tr/sr?v=151003
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.191.54.29 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-191-54-29.us-east-2.compute.amazonaws.com
Software: Kestrel /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: multipart/form-data

Response headers

date: Fri, 18 Feb 2022 11:23:29 GMT
content-encoding: gzip
server: Kestrel
vary: Accept-Encoding
content-type: application/x-protobuf
access-control-allow-origin: https://threatpost.com
access-control-allow-credentials: true
Connection: keep-alive
Content-Length: 20

GET
H3 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 82 KB
27 KB 157ms
95ms Script
text/javascript 142.250.74.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.74.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s02-in-f2.1e100.net

Software

sffe /

Resource Hash

eaab7ac52e61000702f11b9c93e0119bc833defca22e21bc39f98d9e405e6a13

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 18 Feb 2022 11:23:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27568
x-xss-protection: 0
server: sffe
etag: "1135 / 153 of 1000 / last-modified: 1645139182"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Fri, 18 Feb 2022 11:23:30 GMT

GET
H2 200 2_media.bin Show response
vid.connatix.com/pid-c2ecd04f-0dca-4ffa-8761-d93b34717380/60764267-557e-410f-85cb-f102d92ee134/a68ca1a1-aa27-4dcc-9ed9-88f2fea28b34/ Frame 2762 564 B
580 B 181ms
53ms XHR
application/octet-stream 151.101.66.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://vid.connatix.com/pid-c2ecd04f-0dca-4ffa-8761-d93b34717380/60764267-557e-410f-85cb-f102d92ee134/a68ca1a1-aa27-4dcc-9ed9-88f2fea28b34/2_media.bin
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.66.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: da9eff01d8b269dd36dc5ca6bac19dda13d08374c2c5a3de463ba6f09012d7c2

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 18 Feb 2022 11:23:30 GMT
content-encoding: gzip
last-modified: Wed, 17 Feb 2021 09:31:16 GMT
age: 73399
etag: "876e3a2f7fb14e31fbbd3c5b63a06cd2"
vary: Accept-Encoding
content-type: application/octet-stream
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges: bytes
content-length: 343

GET
H2 200 ima3.js Show response
imasdk.googleapis.com/js/sdkloader/ Frame 2762 366 KB
122 KB 187ms
65ms Script
text/javascript 2a00:1450:4001:810::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/sdkloader/ima3.js

Requested by

Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

65d70424eb7b0fe1d3fefe328ee059a245e27b6c3529f3e06d55e5cdb6c0e6b1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 18 Feb 2022 11:23:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 124137
x-xss-protection: 0
expires: Fri, 18 Feb 2022 11:23:30 GMT

GET
H2 200 1.png
img.connatix.com/c2ecd04f-0dca-4ffa-8761-d93b34717380/ 6 KB
7 KB 68ms
54ms Image
image/png 151.101.66.137
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.connatix.com/c2ecd04f-0dca-4ffa-8761-d93b34717380/1.png
Requested by: Host: threatpost.com
URL: https://threatpost.com/android-malware-flytrap-facebook/168463/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.66.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 739ab1cbd5fc795c806cfbc012e937834a1d566f02ed72ff02af2700c0629eb4

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 18 Feb 2022 11:23:29 GMT
content-encoding: br
age: 1227608
etag: "CDlq0wWU2N6Hha9Y1OkqKS7K/JyWAUvXYL5GlZ2se8g"
access-control-max-age: 86400
fastly-io-info: ifsz=8114 idim=288x42 ifmt=png ofsz=6487 odim=288x42 ofmt=png
access-control-allow-origin: *
cache-control: max-age=2592000, public
fastly-stats: io=1
accept-ranges: bytes
content-type: image/png
content-length: 6487

GET
H/1.1 200
OK id Show response
dpm.demdex.net/ 368 B
1 KB 290ms
58ms XHR
application/json 34.249.135.188
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://dpm.demdex.net/id?d_visid_ver=4.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=983502BE532960BE0A490D4C%40AdobeOrg&d_nsid=0&ts=1645183411820

Requested by

Host: media.kaspersky.com
URL: https://media.kaspersky.com/tracking/omniture/s_code_single_suite.js?ver=5.8.3

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.249.135.188 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-249-135-188.eu-west-1.compute.amazonaws.com

Software

Resource Hash

682dbab9b4fd239f3ea86adf3a719d2c12d1e91b3177e2b29a46011421bbcb32

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://threatpost.com/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

DCS: dcs-prod-irl1-2-v028-091a3d7f6.edge-irl1.demdex.com UNKNOWN
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-TID: dFH25yXlRu4=
Vary: Origin
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin: https://threatpost.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json;charset=utf-8
Content-Length: 311
Expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H2 200 localstore.js Show response
script.4dex.io/ 483 B
941 B 148ms
56ms Script
application/javascript 2606:4700:20::681a:9a9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.4dex.io/localstore.js
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:9a9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e8fe64429e5900c16c7f8dd7861704e2f4d38e00cbb16bc18820b46d92461389

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 18 Feb 2022 11:23:30 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 393115
x-amz-request-id: tx8a9eacc7b532418f8d353-00620977f5
x-amz-id-2: tx8a9eacc7b532418f8d353-00620977f5
last-modified: Sun, 13 Feb 2022 21:27:35 GMT
server: cloudflare
etag: W/"922cffdd75f7192f75231d92684885aa"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=59H8MS%2FyL2MS09fVrsi3AooTiEqUeJICIaMMaTRlwwPcwk9oFzn3RxaGd6HtRm%2FMPGC9FtlsaK8sB6lTtGup0i05VF83Q6pPx%2BGe4K92lMY4bCg9BTO3OnRK4eEhSMj1QomLsLwkX%2Bk1nenV"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=1800
x-amz-version-id: 1644787655409471
cf-ray: 6df6e2397c01770e-LHR

POST
H/1.1 200 724.json Show response
id5-sync.com/g/v2/ 213 B
532 B 303ms
62ms XHR
application/json 141.95.3.10
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://id5-sync.com/g/v2/724.json

Requested by

Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

141.95.3.10 , France, ASN16276 (OVH, FR),

Reverse DNS

p31.id5-sync.com

Software

Resource Hash

cf161bca2c3145fc59078afbd1cd4ebc269a74ed8c84ab5fbe4507ead463570b

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://threatpost.com/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: https://threatpost.com
Date: Fri, 18 Feb 2022 11:23:29 GMT
Access-Control-Allow-Credentials: true
Vary: Origin
Transfer-Encoding: chunked
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
Content-Type: application/json;charset=UTF-8

GET
H2 200 bid Show response
c.amazon-adsystem.com/e/dtb/ 64 B
532 B 87ms
87ms XHR
text/javascript 108.156.255.177
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fthreatpost.com%2Fandroid-malware-flytrap-facebook%2F168463%2F&pid=FEIuJx6RvqmwN&cb=0&ws=1600x1200&v=7.73.0&t=1200&slots=%5B%7B%22sd%22%3A%22div-gpt-ad-6794670-2%22%2C%22s%22%3A%5B%22728x90%22%2C%22970x250%22%2C%22970x90%22%5D%2C%22sn%22%3A%22%2F22404337467%2C21707124336%2Fthreatpost-970x250-ATF%22%7D%2C%7B%22sd%22%3A%22div-gpt-ad-6794670-3%22%2C%22s%22%3A%5B%22300x250%22%2C%22336x280%22%5D%2C%22sn%22%3A%22%2F22404337467%2C21707124336%2Fthreatpost-300x250-ATF%22%7D%2C%7B%22sd%22%3A%22div-gpt-ad-6794670-5%22%2C%22s%22%3A%5B%22300x250%22%2C%22300x600%22%5D%2C%22sn%22%3A%22%2F22404337467%2C21707124336%2Fthreatpost-300x600-ATF%22%7D%2C%7B%22sd%22%3A%22div-gpt-ad-6794670-1%22%2C%22s%22%3A%5B%222x2%22%5D%2C%22sn%22%3A%22%2F22404337467%2C21707124336%2Fthreatpost-2x2-Skin%22%7D%5D&pubid=cb8cfc89-e83e-44aa-a3a2-ff78eda781ef&gdpre=0&gdprl=%7B%22status%22%3A%22tcfv2-success%22%7D

Requested by

Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.156.255.177 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-156-255-177.dus51.r.cloudfront.net

Software

Server /

Resource Hash

d278491b1de51ad826d16be5ab27b1746999c02d45200f107218427e34eed798

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 18 Feb 2022 11:23:30 GMT
via: 1.1 7ef588f1ad9c3a185cdaf4119943040e.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: DUS51-P2
x-amz-rid: XDW9TRD1WSGW8F47Z93G
vary: Accept-Encoding,User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://threatpost.com
access-control-allow-credentials: true
permissions-policy: interest-cohort=()
strict-transport-security: max-age=47474747; includeSubDomains; preload
timing-allow-origin: *
content-length: 64
x-amz-cf-id: Ujd9yCZYav71Ow-2I8uPm3YPYSrd8M7ePfEQZlhzxgga0Vjtf3WtuQ==

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 171ms
53ms Script
text/javascript 2a00:1450:4001:811::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PM29HLF

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 02 Nov 2021 17:39:06 GMT
server: Golfe2
age: 6517
date: Fri, 18 Feb 2022 09:34:53 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Fri, 18 Feb 2022 11:34:53 GMT

GET
H2 200 quant.js Show response
secure.quantserve.com/ 24 KB
10 KB 187ms
61ms Script
application/javascript 2620:116:800d:21:f916:5049:f87f:108e
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.quantserve.com/quant.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PM29HLF
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2620:116:800d:21:f916:5049:f87f:108e , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: b236dccee1a0d5280842bdff52b4005e2b0c9ee5d74a15db3e939c53306576d3

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 18 Feb 2022 11:23:30 GMT
content-encoding: gzip
etag: "yoD6mq4JTyPdtDBolW+GUg=="
vary: Accept-Encoding
content-type: application/javascript
cache-control: private, max-age=604800
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
expires: Fri, 25 Feb 2022 11:23:30 GMT

GET
H2 200 uwt.js Show response
static.ads-twitter.com/ 14 KB
6 KB 183ms
53ms Script
application/javascript 151.101.12.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PM29HLF
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.12.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 4da3e3aa30b5b06390d7e7e3fcfb16d648909eb429d161c2748bd6d79a7ec5fb

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 18 Feb 2022 11:23:30 GMT
content-encoding: gzip
last-modified: Sat, 05 Feb 2022 00:44:37 GMT
etag: "8dc11b7ca1d5ed9ec3b1ab1beb621c75+gzip+gzip"
vary: Accept-Encoding,Host
x-tw-cdn: FT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
cache-control: no-cache
x-cache: HIT, HIT
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
content-length: 5410
x-served-by: cache-iad-kcgs7200051-IAD, cache-fra19152-FRA

GET
H3 200 gtm.js Show response
www.googletagmanager.com/ 415 KB
107 KB 127ms
64ms Script
application/javascript 2a00:1450:4001:813::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-T45JW6B&l=dataLayer

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WZ7LJ3

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

f417395bfa081a6a430827301cffda77f939f95be5f69ac1e58e04080f7684a3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 18 Feb 2022 11:23:30 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 109814
x-xss-protection: 0
last-modified: Fri, 18 Feb 2022 09:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 18 Feb 2022 11:23:30 GMT

POST
H/1.1 200
OK bid Show response
ap.lijit.com/rtb/ 94 B
741 B 220ms
87ms XHR
application/json 72.251.249.13
VOXEL-DOT-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://ap.lijit.com/rtb/bid?src=prebid_prebid_5.17.0
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 72.251.249.13 Amsterdam, Netherlands, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software: /
Resource Hash: 9a4ca833d7091b5cd12c2d96cc42db6bc8697137bdae501ec97d209b2cab28bc

Request headers

Referer: https://threatpost.com/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

Date: Fri, 18 Feb 2022 11:23:30 GMT
Content-Encoding: gzip
Vary: Accept-Encoding, User-Agent
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Content-Type: application/json
Access-Control-Allow-Origin: https://threatpost.com
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap2ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 98

POST
H2 200 adreq Show response
ads.servenobid.com/ 548 B
597 B 192ms
68ms XHR
application/json 34.253.111.207
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.servenobid.com/adreq?cb=3155
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.253.111.207 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-253-111-207.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 45dbe6ed06e67c681b9030a9a31ae3adfe8eb0b908b560275176c0385a21a1b5

Request headers

Referer: https://threatpost.com/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

date: Fri, 18 Feb 2022 11:23:30 GMT
content-encoding: gzip
amp-access-control-allow-source-origin: *
vary: accept-encoding
content-type: application/json
access-control-allow-origin: https://threatpost.com
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials: true

POST
H2 204 c Show response
prebid.a-mo.net/a/ 0
204 B 603ms
350ms XHR
text/plain 147.75.38.124
PACKET

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.a-mo.net/a/c
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 147.75.38.124 Amsterdam, Netherlands, ASN54825 (PACKET, US),
Reverse DNS
Software: envoy /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://threatpost.com/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://threatpost.com
date: Fri, 18 Feb 2022 11:23:30 GMT
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
server: envoy
x-envoy-upstream-service-time: 227
vary: origin, Accept-Encoding

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 365 B
1 KB 394ms
263ms XHR
application/json 185.33.221.53
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.53 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

718.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

cfe17dac729d86766edbf39989aa71d80b5785df98fd78260d731126ced90867

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Fri, 18 Feb 2022 11:23:30 GMT
X-Proxy-Origin: 82.199.130.39; 82.199.130.39; 718.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 551dfeb8-2844-401a-a324-9458c8d70463
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://threatpost.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 365
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 204 v1 Show response
btlr.sharethrough.com/universal/ 0
113 B 190ms
60ms XHR
text/plain 52.29.1.115
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.29.1.115 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-29-1-115.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://threatpost.com/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://threatpost.com
date: Fri, 18 Feb 2022 11:23:30 GMT
access-control-allow-credentials: true
vary: Origin

POST
H2 204 v1 Show response
btlr.sharethrough.com/universal/ 0
112 B 191ms
61ms XHR
text/plain 52.29.1.115
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.29.1.115 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-29-1-115.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://threatpost.com/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://threatpost.com
date: Fri, 18 Feb 2022 11:23:30 GMT
access-control-allow-credentials: true
vary: Origin

POST
H2 204 v1 Show response
btlr.sharethrough.com/universal/ 0
112 B 192ms
62ms XHR
text/plain 52.29.1.115
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.29.1.115 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-29-1-115.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://threatpost.com/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://threatpost.com
date: Fri, 18 Feb 2022 11:23:30 GMT
access-control-allow-credentials: true
vary: Origin

POST
H2 200 v2 Show response
e.serverbid.com/api/ 711 B
984 B 360ms
127ms XHR
application/json 178.128.135.80
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://e.serverbid.com/api/v2
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 178.128.135.80 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: /
Resource Hash: f4b064d961dd5c30917481f9cf22f400d352737e7dac10d70e574877eef1e8ea

Request headers

Referer: https://threatpost.com/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://threatpost.com
date: Fri, 18 Feb 2022 11:23:30 GMT
access-control-allow-credentials: true
content-length: 711
vary: Origin
content-type: application/json

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 579 B
1 KB 335ms
155ms XHR
application/json 2602:803:c003:200::61
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=19254&site_id=300372&zone_id=1509502&size_id=2&alt_size_ids=55%2C57&p_pos=atf&gdpr=0&rp_schain=1.0,1!admetricspro.com,1005,1,,,&rf=https%3A%2F%2Fthreatpost.com%2Fandroid-malware-flytrap-facebook%2F168463%2F&kw=Hacks%2CMalware%2CVulnerabilities%2CWebSecurity%2CMobileSecurity%2CPrivacy&tg_i.ref=https%3A%2F%2Fthreatpost.com%2Fandroid-malware-flytrap-facebook%2F168463%2F&tg_i.page=https%3A%2F%2Fthreatpost.com%2Fandroid-malware-flytrap-facebook%2F168463%2F&tg_i.domain=threatpost.com&tg_i.dfp_ad_unit_code=22404337467%2C21707124336%2Fthreatpost-970x250-ATF&tg_i.pbadslot=22404337467%2C21707124336%2Fthreatpost-970x250-ATF&tk_flint=pbjs_lite_v5.17.0&x_source.tid=34334885-68c1-4015-84aa-02018f69ed94&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.5721376576195318
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 2602:803:c003:200::61 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.16.0 /
Resource Hash: 63994fd10900d2ffe18742b1effd509a48f610f086c4676bb974256c1aca256f

Request headers

Referer: https://threatpost.com/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Fri, 18 Feb 2022 11:23:30 GMT
Server: nginx/1.16.0
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://threatpost.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Content-Length: 579
Expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 577 B
1 KB 305ms
123ms XHR
application/json 2602:803:c003:200::61
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=19254&site_id=300372&zone_id=1509502&size_id=15&alt_size_ids=16&p_pos=atf&gdpr=0&rp_schain=1.0,1!admetricspro.com,1005,1,,,&rf=https%3A%2F%2Fthreatpost.com%2Fandroid-malware-flytrap-facebook%2F168463%2F&kw=Hacks%2CMalware%2CVulnerabilities%2CWebSecurity%2CMobileSecurity%2CPrivacy&tg_i.ref=https%3A%2F%2Fthreatpost.com%2Fandroid-malware-flytrap-facebook%2F168463%2F&tg_i.page=https%3A%2F%2Fthreatpost.com%2Fandroid-malware-flytrap-facebook%2F168463%2F&tg_i.domain=threatpost.com&tg_i.dfp_ad_unit_code=22404337467%2C21707124336%2Fthreatpost-300x250-ATF&tg_i.pbadslot=22404337467%2C21707124336%2Fthreatpost-300x250-ATF&tk_flint=pbjs_lite_v5.17.0&x_source.tid=e2810136-652a-41d4-b90c-0c90ec9495a2&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.03671381738864277
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 2602:803:c003:200::61 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.16.0 /
Resource Hash: ed3a21237e42a2314bb0acd2fea8c013d634d7f55bfdba4867776b88bce4da4a

Request headers

Referer: https://threatpost.com/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Fri, 18 Feb 2022 11:23:30 GMT
Server: nginx/1.16.0
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://threatpost.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Content-Length: 577
Expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 577 B
1 KB 355ms
160ms XHR
application/json 2602:803:c003:200::61
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=19254&site_id=300372&zone_id=1509506&size_id=15&alt_size_ids=10&p_pos=atf&gdpr=0&rp_schain=1.0,1!admetricspro.com,1005,1,,,&rf=https%3A%2F%2Fthreatpost.com%2Fandroid-malware-flytrap-facebook%2F168463%2F&kw=Hacks%2CMalware%2CVulnerabilities%2CWebSecurity%2CMobileSecurity%2CPrivacy&tg_i.ref=https%3A%2F%2Fthreatpost.com%2Fandroid-malware-flytrap-facebook%2F168463%2F&tg_i.page=https%3A%2F%2Fthreatpost.com%2Fandroid-malware-flytrap-facebook%2F168463%2F&tg_i.domain=threatpost.com&tg_i.dfp_ad_unit_code=22404337467%2C21707124336%2Fthreatpost-300x600-ATF&tg_i.pbadslot=22404337467%2C21707124336%2Fthreatpost-300x600-ATF&tk_flint=pbjs_lite_v5.17.0&x_source.tid=56124221-10dd-490c-9c28-a2be9a935c10&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.8714176733137271
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 2602:803:c003:200::61 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.16.0 /
Resource Hash: 3fbd12ca4b018ce72483eb536b1bb4f8cd60375d0615ceca59aeab7733660557

Request headers

Referer: https://threatpost.com/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Fri, 18 Feb 2022 11:23:30 GMT
Server: nginx/1.16.0
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://threatpost.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Content-Length: 577
Expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 577 B
1 KB 366ms
168ms XHR
application/json 2602:803:c003:200::61
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=19254&site_id=300372&zone_id=1509502&size_id=15&alt_size_ids=10&p_pos=atf&gdpr=0&rp_schain=1.0,1!admetricspro.com,1005,1,,,&rf=https%3A%2F%2Fthreatpost.com%2Fandroid-malware-flytrap-facebook%2F168463%2F&kw=Hacks%2CMalware%2CVulnerabilities%2CWebSecurity%2CMobileSecurity%2CPrivacy&tg_i.ref=https%3A%2F%2Fthreatpost.com%2Fandroid-malware-flytrap-facebook%2F168463%2F&tg_i.page=https%3A%2F%2Fthreatpost.com%2Fandroid-malware-flytrap-facebook%2F168463%2F&tg_i.domain=threatpost.com&tg_i.dfp_ad_unit_code=22404337467%2C21707124336%2Fthreatpost-300x600-ATF&tg_i.pbadslot=22404337467%2C21707124336%2Fthreatpost-300x600-ATF&tk_flint=pbjs_lite_v5.17.0&x_source.tid=56124221-10dd-490c-9c28-a2be9a935c10&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.018436053206610126
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 2602:803:c003:200::61 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.16.0 /
Resource Hash: 36cb220dfd5dd69df08aa26e8b90a191e9129581fb2f2794a9c6b491f18097da

Request headers

Referer: https://threatpost.com/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Fri, 18 Feb 2022 11:23:30 GMT
Server: nginx/1.16.0
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://threatpost.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Content-Length: 577
Expires: Wed, 17 Sep 1975 21:32:10 GMT

POST
H2 200 prebid Show response
mp.4dex.io/ 99 B
573 B 170ms
66ms XHR
application/json 2606:4700::6812:272
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://mp.4dex.io/prebid
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:272 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 80ec9a168d8a9b22d56319fe00eb3751f41c3e30ae7e7aa8517d725f9d8bb648

Request headers

Referer: https://threatpost.com/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

cf-ray: 6df6e23a5b897753-LHR
pragma: no-cache
date: Fri, 18 Feb 2022 11:23:30 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin, Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: https://threatpost.com
expires: 0
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-encoding: gzip
x-err: Validating the Prebid Request adunits. Sampled or No valid non-debug AdUnits

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ 0
115 B 1124ms
267ms XHR
text/plain 204.237.133.116
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 204.237.133.116 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://threatpost.com/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://threatpost.com
date: Fri, 18 Feb 2022 11:23:31 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true

POST
H2 204 mvo Show response
tag.1rx.io/rmp/216477/0/ 0
170 B 195ms
64ms XHR
text/plain 213.19.147.42
RHYTHMONE

General

Check archive.org

Show headers Download Go to

Full URL: https://tag.1rx.io/rmp/216477/0/mvo?z=1r&hbv=5.17,2.1
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 213.19.147.42 , United Kingdom, ASN26120 (RHYTHMONE, US),
Reverse DNS
Software: Tengine /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://threatpost.com/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://threatpost.com
pragma: no-cache
date: Fri, 18 Feb 2022 11:23:30 GMT
cache-control: private, max-age=0, no-cache, no-store
access-control-allow-credentials: true
server: Tengine

GET
H2 200 arj Show response
teachingaids-d.openx.net/w/1.0/ 174 B
590 B 439ms
303ms XHR
application/json 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://teachingaids-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fthreatpost.com%2Fandroid-malware-flytrap-facebook%2F168463%2F&ch=UTF-8&res=1600x1200x24&ifr=false&tz=0&tws=1600x1200&be=1&bc=hb_pb_3.0.3&dddid=34334885-68c1-4015-84aa-02018f69ed94%2C34334885-68c1-4015-84aa-02018f69ed94%2Ce2810136-652a-41d4-b90c-0c90ec9495a2%2C56124221-10dd-490c-9c28-a2be9a935c10%2C56124221-10dd-490c-9c28-a2be9a935c10&nocache=1645183412014&gdpr=0&x_gdpr_f=1&pubcid=ab0f69c7-b061-4048-8185-9e7505534c12&schain=1.0%2C1!admetricspro.com%2C1005%2C1%2C%2C%2C&aus=728x90%2C970x250%2C970x90%7C728x90%2C970x250%2C970x90%7C300x250%2C336x280%7C300x250%2C300x600%7C300x250%2C300x600&divids=div-gpt-ad-6794670-2%2Cdiv-gpt-ad-6794670-2%2Cdiv-gpt-ad-6794670-3%2Cdiv-gpt-ad-6794670-5%2Cdiv-gpt-ad-6794670-5&aucs=%252F22404337467%252C21707124336%252Fthreatpost-970x250-ATF%2C%252F22404337467%252C21707124336%252Fthreatpost-970x250-ATF%2C%252F22404337467%252C21707124336%252Fthreatpost-300x250-ATF%2C%252F22404337467%252C21707124336%252Fthreatpost-300x600-ATF%2C%252F22404337467%252C21707124336%252Fthreatpost-300x600-ATF&auid=540932704%2C540932709%2C540932713%2C540932715%2C540932720
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/17.1.0 /
Resource Hash: b2be504ec244c4ed1e10f612915e61df53588b37c019eaba4b61b39902b20d87

Request headers

Referer: https://threatpost.com/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 18 Feb 2022 11:23:30 GMT
content-encoding: gzip
server: OXGW/17.1.0
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: https://threatpost.com
cache-control: private, max-age=0, no-cache
access-control-allow-credentials: true
content-type: application/json
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 164
via: 1.1 google
expires: Mon, 26 Jul 1997 05:00:00 GMT

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 17 KB
9 KB 350ms
232ms XHR
application/json 185.33.221.53
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.53 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

718.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

33d3d10db1f802de01a8c723eccd47d30168dc35dc2c2f83df435f7fd02515ac

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

Date: Fri, 18 Feb 2022 11:23:30 GMT
Content-Encoding: gzip
Transfer-Encoding: chunked
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 82.199.130.39; 82.199.130.39; 718.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: 19d0b398-72ab-43ba-9611-9dab7ff6e5ee
Server: nginx/1.17.9
Vary: Accept-Encoding
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://threatpost.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 bidRequest Show response
c2shb.ssp.yahoo.com/ 62 B
92 B 289ms
141ms XHR
application/json 35.157.246.167
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a9695ad017373d9b19cda6b03bc00b5&pos=threatpost.com_desktop_728x90-atf&cmd=bid&secure=1
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.157.246.167 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-157-246-167.eu-central-1.compute.amazonaws.com
Software: ATS/9.1.0.33 /
Resource Hash: 4c2b689d8c9ab22ad93bcac186be8995ed48b2c44843b3dacd8122c7ff58f70a

Request headers

Referer: https://threatpost.com/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

date: Fri, 18 Feb 2022 11:23:30 GMT
server: ATS/9.1.0.33
age: 0
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods: POST,GET,HEAD,OPTIONS
content-type: application/json;charset=utf-8
access-control-allow-origin: https://threatpost.com
access-control-allow-credentials: true
content-length: 62

GET
H2 200 bidRequest Show response
c2shb.ssp.yahoo.com/ 62 B
92 B 321ms
172ms XHR
application/json 35.157.246.167
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a9695ad017373d9b19cda6b03bc00b5&pos=threatpost.com_desktop_300x250-atf&cmd=bid&secure=1
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.157.246.167 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-157-246-167.eu-central-1.compute.amazonaws.com
Software: ATS/9.1.0.33 /
Resource Hash: 01cbde0b7af9d24846e432af7a367d43542f5907c9fbd633c4abc7b2abc6b6f9

Request headers

Referer: https://threatpost.com/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

date: Fri, 18 Feb 2022 11:23:30 GMT
server: ATS/9.1.0.33
age: 0
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods: POST,GET,HEAD,OPTIONS
content-type: application/json;charset=utf-8
access-control-allow-origin: https://threatpost.com
access-control-allow-credentials: true
content-length: 62

GET
H2 200 bidRequest Show response
c2shb.ssp.yahoo.com/ 62 B
291 B 278ms
130ms XHR
application/json 35.157.246.167
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a9695ad017373d9b19cda6b03bc00b5&pos=threatpost.com_desktop_300x600-atf&cmd=bid&secure=1
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.157.246.167 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-157-246-167.eu-central-1.compute.amazonaws.com
Software: ATS/9.1.0.33 /
Resource Hash: cb622a397487e9ad48b8c2510c760b7d397bc1ad32ea789a67cc0553a37ff5ee

Request headers

Referer: https://threatpost.com/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

date: Fri, 18 Feb 2022 11:23:30 GMT
server: ATS/9.1.0.33
age: 0
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods: POST,GET,HEAD,OPTIONS
content-type: application/json;charset=utf-8
access-control-allow-origin: https://threatpost.com
access-control-allow-credentials: true
content-length: 62

GET
H2 200 cygnus Show response
htlb.casalemedia.com/ 37 B
330 B 433ms
203ms XHR
application/json 184.31.84.150
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://htlb.casalemedia.com/cygnus?s=438654&v=7.2&ac=j&sd=1&r=%7B%22id%22%3A%22595526bb3516702%22%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fthreatpost.com%2Fandroid-malware-flytrap-facebook%2F168463%2F%22%2C%22ref%22%3A%22https%3A%2F%2Fthreatpost.com%2Fandroid-malware-flytrap-facebook%2F168463%2F%22%2C%22domain%22%3A%22threatpost.com%22%2C%22publisher%22%3A%7B%22domain%22%3A%22threatpost.com%22%7D%2C%22keywords%22%3A%22Hacks%2CMalware%2CVulnerabilities%2CWebSecurity%2CMobileSecurity%2CPrivacy%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%2C%22ixdiag%22%3A%7B%22msd%22%3A4%2C%22msi%22%3A4%2C%22mfu%22%3A0%2C%22bu%22%3A3%2C%22iu%22%3A0%2C%22nu%22%3A0%2C%22ou%22%3A0%2C%22allu%22%3A3%2C%22ren%22%3Afalse%2C%22version%22%3A%225.17.0%22%2C%22userIds%22%3A%5B%5D%2C%22fpd%22%3Atrue%7D%7D%2C%22imp%22%3A%5B%7B%22id%22%3A%2260d9f6c88d634b1%22%2C%22banner%22%3A%7B%22topframe%22%3A1%2C%22format%22%3A%5B%7B%22w%22%3A728%2C%22h%22%3A90%2C%22ext%22%3A%7B%22siteID%22%3A%22438654%22%2C%22dfp_ad_unit_code%22%3A%22%2F22404337467%2C21707124336%2Fthreatpost-970x250-ATF%22%2C%22sid%22%3A%22728x90%22%7D%7D%2C%7B%22w%22%3A970%2C%22h%22%3A250%2C%22ext%22%3A%7B%22siteID%22%3A%22438654%22%2C%22dfp_ad_unit_code%22%3A%22%2F22404337467%2C21707124336%2Fthreatpost-970x250-ATF%22%2C%22sid%22%3A%22970x250%22%7D%7D%2C%7B%22w%22%3A970%2C%22h%22%3A90%2C%22ext%22%3A%7B%22siteID%22%3A%22438654%22%2C%22dfp_ad_unit_code%22%3A%22%2F22404337467%2C21707124336%2Fthreatpost-970x250-ATF%22%2C%22sid%22%3A%22970x90%22%7D%7D%5D%7D%7D%2C%7B%22id%22%3A%2261fb3f08efde7a1%22%2C%22banner%22%3A%7B%22topframe%22%3A1%2C%22format%22%3A%5B%7B%22w%22%3A300%2C%22h%22%3A250%2C%22ext%22%3A%7B%22siteID%22%3A%22438649%22%2C%22dfp_ad_unit_code%22%3A%22%2F22404337467%2C21707124336%2Fthreatpost-300x250-ATF%22%2C%22sid%22%3A%22300x250%22%7D%7D%2C%7B%22w%22%3A336%2C%22h%22%3A280%2C%22ext%22%3A%7B%22siteID%22%3A%22438649%22%2C%22dfp_ad_unit_code%22%3A%22%2F22404337467%2C21707124336%2Fthreatpost-300x250-ATF%22%2C%22sid%22%3A%22336x280%22%7D%7D%5D%7D%7D%2C%7B%22id%22%3A%226260942684bbef7%22%2C%22banner%22%3A%7B%22topframe%22%3A1%2C%22format%22%3A%5B%7B%22w%22%3A300%2C%22h%22%3A250%2C%22ext%22%3A%7B%22siteID%22%3A%22438650%22%2C%22dfp_ad_unit_code%22%3A%22%2F22404337467%2C21707124336%2Fthreatpost-300x600-ATF%22%2C%22sid%22%3A%22300x250%22%7D%7D%2C%7B%22w%22%3A300%2C%22h%22%3A600%2C%22ext%22%3A%7B%22siteID%22%3A%22438650%22%2C%22dfp_ad_unit_code%22%3A%22%2F22404337467%2C21707124336%2Fthreatpost-300x600-ATF%22%2C%22sid%22%3A%22300x600%22%7D%7D%5D%7D%7D%5D%2C%22source%22%3A%7B%22ext%22%3A%7B%22schain%22%3A%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22admetricspro.com%22%2C%22sid%22%3A%221005%22%2C%22hp%22%3A1%7D%5D%7D%7D%7D%2C%22regs%22%3A%7B%22ext%22%3A%7B%22gdpr%22%3A0%7D%7D%2C%22user%22%3A%7B%22ext%22%3A%7B%22consent%22%3A%22%22%7D%7D%7D
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 184.31.84.150 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-31-84-150.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 34a08f0a216666bb9324df858aa864002949be3947ac98eac0178ba5cb456624

Request headers

Referer: https://threatpost.com/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 18 Feb 2022 11:23:30 GMT
x-ak-initial-geo: CC:[GB], RC:[EN], CN:[EU], CIP:[82.199.130.39], XFF:[]
server: Apache
content-type: application/json
access-control-allow-origin: https://threatpost.com
x-cs-client-geo: 27
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
content-length: 37
x-ak-client-geo: 27
expires: Fri, 18 Feb 2022 11:23:30 GMT

POST
H2 200 auction Show response
tlx.3lift.com/header/ 2 KB
2 KB 295ms
174ms XHR
application/json 18.157.232.7
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://tlx.3lift.com/header/auction?lib=prebid&v=5.17.0&referrer=https%3A%2F%2Fthreatpost.com%2Fandroid-malware-flytrap-facebook%2F168463%2F&tmax=1200&gdpr=false

Requested by

Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

18.157.232.7 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-157-232-7.eu-central-1.compute.amazonaws.com

Software

Resource Hash

4617037532b91c9cd3964a0034cf78db1227aa55418843428218d5520542f468

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 18 Feb 2022 11:23:30 GMT
content-encoding: gzip
content-type: application/json; charset=utf-8
access-control-allow-origin: https://threatpost.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-length: 1373
x-xss-protection: 0
expires: Thu, 15 Oct 1992 20:10:00 GMT

GET
H2 200 bid Show response
c.amazon-adsystem.com/e/dtb/ 64 B
532 B 88ms
87ms XHR
text/javascript 108.156.255.177
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fthreatpost.com%2Fandroid-malware-flytrap-facebook%2F168463%2F&pid=FEIuJx6RvqmwN&cb=1&ws=1600x1200&v=7.73.0&t=2000&slots=%5B%7B%22id%22%3A%22Amazon_400x225%22%2C%22mt%22%3A%22v%22%7D%5D&pubid=cb8cfc89-e83e-44aa-a3a2-ff78eda781ef&gdpre=0&gdprl=%7B%22status%22%3A%22tcfv2-success%22%7D

Requested by

Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.156.255.177 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-156-255-177.dus51.r.cloudfront.net

Software

Server /

Resource Hash

8db22950b3f47f686f4bad6b6d21386f03a4b0b24320c6715436424e41dcda09

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 18 Feb 2022 11:23:30 GMT
via: 1.1 7ef588f1ad9c3a185cdaf4119943040e.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: DUS51-P2
x-amz-rid: 0N6G6JAC6F84D3D7HXW0
vary: Accept-Encoding,User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://threatpost.com
access-control-allow-credentials: true
permissions-policy: interest-cohort=()
strict-transport-security: max-age=47474747; includeSubDomains; preload
timing-allow-origin: *
content-length: 64
x-amz-cf-id: 0WkzAMer3SdrT7MT-F5LIuMuZJRbqjzgE57zx09Vl5gKrwPdA9Hm-g==

POST
H/1.1 200
OK g Show response
capi.connatix.com/rtb/ Frame 2762 1 KB
1019 B 968ms
455ms XHR
application/x-protobuf 18.191.54.29
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://capi.connatix.com/rtb/g?v=151003
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.191.54.29 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-191-54-29.us-east-2.compute.amazonaws.com
Software: Kestrel /
Resource Hash: 3ce7a0096e3d516c753805cd71be3c8fb9b71e412e88436f1711aeaf1ee09a52

Request headers

Referer
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: multipart/form-data

Response headers

date: Fri, 18 Feb 2022 11:23:29 GMT
content-encoding: gzip
server: Kestrel
vary: Accept-Encoding
content-type: application/x-protobuf
access-control-allow-origin: https://threatpost.com
access-control-allow-credentials: true
Connection: keep-alive
Content-Length: 723

GET
H2 200 1_th.jpg
img.connatix.com/60764267-557e-410f-85cb-f102d92ee134/a68ca1a1-aa27-4dcc-9ed9-88f2fea28b34/ 7 KB
7 KB 55ms
55ms Image
image/jpeg 151.101.66.137
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.connatix.com/60764267-557e-410f-85cb-f102d92ee134/a68ca1a1-aa27-4dcc-9ed9-88f2fea28b34/1_th.jpg?crop=400:225,smart&width=400&height=225&format=jpeg&quality=60&fit=crop
Requested by: Host: threatpost.com
URL: https://threatpost.com/android-malware-flytrap-facebook/168463/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.66.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 09f665e99087637ce66b927fa72f6035c3014a1e72fec17af988ecebd27424da

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 18 Feb 2022 11:23:30 GMT
content-encoding: br
age: 84125
etag: "ctiTUtlV8Ghe3g//PyeG/TrGRnLMR4uHfaLnpnMftEI"
access-control-max-age: 86400
fastly-io-info: ifsz=77958 idim=2560x1440 ifmt=jpeg ofsz=7594 odim=400x225 ofmt=jpeg
access-control-allow-origin: *
cache-control: max-age=2592000, public
fastly-stats: io=1
accept-ranges: bytes
content-type: image/jpeg
content-length: 7138

GET
H2 200 prebid6.7.0.js Show response
cds.connatix.com/p/plugins/ Frame 68C5 425 KB
113 KB 54ms
54ms Script
application/javascript 151.101.66.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cds.connatix.com/p/plugins/prebid6.7.0.js
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.66.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 75d00d9deffe5417131ea0a704064a1e7abdfbf4a3f9bd0199db30e2b583b378

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 18 Feb 2022 11:23:30 GMT
content-encoding: br
last-modified: Wed, 26 Jan 2022 11:17:31 GMT
age: 1558396
etag: "c001df525a7f6bc2df186d22f1e462bc"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges: bytes
content-length: 115369

POST
H/1.1 200 724.json Show response
id5-sync.com/g/v2/ 212 B
531 B 165ms
64ms XHR
application/json 141.95.3.10
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://id5-sync.com/g/v2/724.json

Requested by

Host: cdn.id5-sync.com
URL: https://cdn.id5-sync.com/api/1.0/id5-api.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

141.95.3.10 , France, ASN16276 (OVH, FR),

Reverse DNS

p31.id5-sync.com

Software

Resource Hash

36ad3fdc65f000a564433c6f57cb1ed99c93e3ba1c9868e3a6b157cb9ba12015

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://threatpost.com/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: https://threatpost.com
Date: Fri, 18 Feb 2022 11:23:29 GMT
Access-Control-Allow-Credentials: true
Vary: Origin
Transfer-Encoding: chunked
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
Content-Type: application/json;charset=UTF-8

GET
H2 200 adagio.js Show response
script.4dex.io/ 72 KB
23 KB 158ms
66ms Fetch
application/javascript 2606:4700:20::681a:9a9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.4dex.io/adagio.js
Requested by: Host: script.4dex.io
URL: https://script.4dex.io/localstore.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:9a9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cd01ea3cd56c3f77b2d294910bbe09a139ee76ffe85a9d00f7d512606987d865

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 18 Feb 2022 11:23:30 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 394286
access-control-max-age: 3000
access-control-allow-methods: GET
x-amz-request-id: txe2d306b16026488c9cd06-0062097974
x-amz-id-2: txe2d306b16026488c9cd06-0062097974
last-modified: Sun, 13 Feb 2022 21:27:34 GMT
server: cloudflare
etag: W/"30fd6d2dd89cb7d26d6396caca2f6c6e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MnGIBDHagcBgituQ74uAH8QipKydydveaoFntYeIXWY5eaIQI2WAIg%2Ba8PZSaJwt2Yu11xZWAwmPbHegsI%2F1H4UMsUZg3ASop6k5uCxMdRYKAT9a%2B9EsfKhtbfFkKylk86UwjHXnq0F4GJHC"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=1800
access-control-allow-credentials: true
x-amz-version-id: 1644787654356307
cf-ray: 6df6e23adb4b719c-LHR
access-control-allow-headers: Authorization

GET
H2 200 playlist.m3u8 Show response
vid.connatix.com/pid-c2ecd04f-0dca-4ffa-8761-d93b34717380/60764267-557e-410f-85cb-f102d92ee134/a68ca1a1-aa27-4dcc-9ed9-88f2fea28b34/6a7ad34f-0b4a-4b3d-a65d-c0631672856c_/ Frame 2762 309 B
271 B 54ms
53ms XHR
application/x-mpegurl 151.101.66.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://vid.connatix.com/pid-c2ecd04f-0dca-4ffa-8761-d93b34717380/60764267-557e-410f-85cb-f102d92ee134/a68ca1a1-aa27-4dcc-9ed9-88f2fea28b34/6a7ad34f-0b4a-4b3d-a65d-c0631672856c_/playlist.m3u8
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.66.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 05a58707d25ec9885faf81f026410f37d3757c0689d56b7ec1fc8b2f9cffb9d1

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 18 Feb 2022 11:23:30 GMT
content-encoding: gzip
last-modified: Wed, 17 Feb 2021 09:31:15 GMT
age: 84103
etag: "8a966507b13615ecdc1330a4bc9dcfe1"
vary: Accept-Encoding
content-type: application/x-mpegURL
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges: bytes
content-length: 164

GET
H2 200 flipboard.svg
assets.threatpost.com/wp-content/plugins/kaspersky-social-sharing/assets/img/ 236 B
562 B 423ms
422ms Image
image/svg+xml 2600:9000:2315:3a00:2:9275:3d40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.threatpost.com/wp-content/plugins/kaspersky-social-sharing/assets/img/flipboard.svg
Requested by: Host: assets.threatpost.com
URL: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=4a0d7867
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2315:3a00:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 506d565f94cecbb486394c545a96e8459217f8d045496b511e8c815142abfc70

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=4a0d7867
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 18 Feb 2022 11:23:30 GMT
via: 1.1 656be55f933cf25841b96f9c9070a178.cloudfront.net (CloudFront)
last-modified: Thu, 17 Feb 2022 13:51:26 GMT
server: nginx
x-amz-cf-pop: DUS51-P2
etag: "620e52de-ec"
x-cache: Miss from cloudfront
content-type: image/svg+xml
access-control-allow-origin: *
accept-ranges: bytes
content-length: 236
x-amz-cf-id: NJigNythJv1sYK-dvxg3GQAOymEscxlwxK0c0pn1ixVyqVnOscQN5Q==

GET
H2 200 fontawesome-webfont.woff2
assets.threatpost.com/wp-content/plugins/kaspersky-social-sharing/assets/fonts/ 75 KB
76 KB 430ms
430ms Font
font/woff2 2600:9000:2315:3a00:2:9275:3d40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.threatpost.com/wp-content/plugins/kaspersky-social-sharing/assets/fonts/fontawesome-webfont.woff2?v=4.7.0
Requested by: Host: assets.threatpost.com
URL: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=4a0d7867
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2315:3a00:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe

Request headers

Referer: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=4a0d7867
Origin: https://threatpost.com
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 18 Feb 2022 11:23:30 GMT
via: 1.1 3a42f75e219a9a44a54979112dcb25dc.cloudfront.net (CloudFront)
last-modified: Thu, 17 Feb 2022 13:51:26 GMT
server: nginx
x-amz-cf-pop: DUS51-P2
etag: "620e52de-12d68"
x-cache: Miss from cloudfront
content-type: font/woff2
access-control-allow-origin: *
accept-ranges: bytes
content-length: 77160
x-amz-cf-id: cpqSsYRrex4Ov-fcH_rLtquZKDGLfnRUAvak_9j723kt-QVFBvGGlw==

GET
H/1.1 200
OK v1 Show response
geo.ipify.org/api/ 359 B
585 B 701ms
311ms XHR
application/json 64.140.160.2
WEBNX

General

Check archive.org

Show headers Download Go to

Full URL

https://geo.ipify.org/api/v1?apiKey=at_riPAQYz3EiQ6JhsH05bmtozma13RA

Requested by

Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/uspcmp.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

64.140.160.2 Ogden, United States, ASN18450 (WEBNX, US),

Reverse DNS

threatintelligenceplatform.com

Software

nginx /

Resource Hash

028d72fa8235aee5441587e7caeabfe643e910177332b5c1dc4017df6c38d899

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Fri, 18 Feb 2022 11:23:30 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Server: nginx
X-Frame-Options: SAMEORIGIN
Content-Type: application/json
Access-Control-Allow-Origin: *
Cache-Control: no-cache, private
Transfer-Encoding: chunked
Connection: keep-alive

GET
H/1.1 200
OK dest5.html Show response
kaspersky.demdex.net/ Frame 9EB9 7 KB
3 KB 249ms
56ms Document
text/html 34.249.135.188
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://kaspersky.demdex.net/dest5.html?d_nsid=0

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.249.135.188 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-249-135-188.eu-west-1.compute.amazonaws.com

Software

Resource Hash

7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://threatpost.com/

Response headers

Accept-Ranges: bytes
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: text/html;charset=UTF-8
date: Fri, 18 Feb 2022 11:23:30 GMT
DCS: dcs-prod-irl1-1-v028-01aae059a.edge-irl1.demdex.com UNKNOWN
Expires: Thu, 01 Jan 1970 00:00:00 UTC
last-modified: Mon, 14 Feb 2022 15:44:39 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
vary: accept-encoding
X-TID: koh6Ix52Rtw=
Content-Length: 2791
Connection: keep-alive

GET
H2 200 id Show response
kaspersky.d3.sc.omtrdc.net/ 2 B
314 B 187ms
57ms XHR
application/x-javascript 13.36.218.177
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://kaspersky.d3.sc.omtrdc.net/id?d_visid_ver=4.4.0&d_fieldgroup=A&mcorgid=983502BE532960BE0A490D4C%40AdobeOrg&mid=03632348524271944892590416654143285768&ts=1645183412172

Requested by

Host: media.kaspersky.com
URL: https://media.kaspersky.com/tracking/omniture/s_code_single_suite.js?ver=5.8.3

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.36.218.177 Paris, France, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-13-36-218-177.eu-west-3.compute.amazonaws.com

Software

jag /

Resource Hash

44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://threatpost.com/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Fri, 18 Feb 2022 11:23:30 GMT
x-content-type-options: nosniff
server: jag
xserver: anedge-cdfbd77b-6sfds
vary: Origin
x-c: main-1585.I7afc85.M0-540
p3p: CP="This is not a P3P policy"
access-control-allow-origin: https://threatpost.com
cache-control: no-cache, no-store, max-age=0, no-transform, private
access-control-allow-credentials: true
content-type: application/x-javascript;charset=utf-8
content-length: 2
x-xss-protection: 1; mode=block

GET
H/1.1

200
OK

ibs:dpid=411&dpuuid=Yg_BsgAAAIGs2QQz
dpm.demdex.net/
Redirect Chain

https://cm.everesttech.net/cm/dd?d_uuid=08153247148641684833290415637164377170
https://dpm.demdex.net/ibs:dpid=411&dpuuid=Yg_BsgAAAIGs2QQz

42 B
945 B

62ms
62ms

Image
image/gif

34.249.135.188
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=411&dpuuid=Yg_BsgAAAIGs2QQz

Requested by

Host: threatpost.com
URL: https://threatpost.com/android-malware-flytrap-facebook/168463/

Protocol

HTTP/1.1

Server

34.249.135.188 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-249-135-188.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

DCS: dcs-prod-irl1-1-v028-06a3e8a5c.edge-irl1.demdex.com UNKNOWN
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: a1JtlgQ3SKg=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

Location: https://dpm.demdex.net/ibs:dpid=411&dpuuid=Yg_BsgAAAIGs2QQz
Date: Fri, 18 Feb 2022 11:23:30 GMT
Cache-Control: no-cache
Server: AMO-cookiemap/1.1
Connection: keep-alive
Content-Length: 0
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"

GET
H2 200 0.m3u8 Show response
vid.connatix.com/pid-c2ecd04f-0dca-4ffa-8761-d93b34717380/60764267-557e-410f-85cb-f102d92ee134/a68ca1a1-aa27-4dcc-9ed9-88f2fea28b34/6a7ad34f-0b4a-4b3d-a65d-c0631672856c_/ Frame 2762 664 B
360 B 74ms
72ms XHR
application/x-mpegurl 151.101.66.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://vid.connatix.com/pid-c2ecd04f-0dca-4ffa-8761-d93b34717380/60764267-557e-410f-85cb-f102d92ee134/a68ca1a1-aa27-4dcc-9ed9-88f2fea28b34/6a7ad34f-0b4a-4b3d-a65d-c0631672856c_/0.m3u8
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.66.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 8a4e9deb8631be1ea8979f663a384020292660091154296740b96b3e4b049ef9

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 18 Feb 2022 11:23:30 GMT
content-encoding: gzip
last-modified: Wed, 17 Feb 2021 09:31:14 GMT
age: 84102
etag: "15538fb3730b8fea7209ead7792a4173"
vary: Accept-Encoding
content-type: application/x-mpegURL
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges: bytes
content-length: 269

POST
H3 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 124ms
61ms XHR
text/plain 2a00:1450:4001:811::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&aip=1&a=1196432768&t=pageview&_s=1&dl=https%3A%2F%2Fthreatpost.com%2Fandroid-malware-flytrap-facebook%2F168463%2F&ul=en-us&de=UTF-8&dt=Android%20Malware%20%E2%80%98FlyTrap%E2%80%99%20Hijacks%20Facebook%20Accounts%20%7C%20Threatpost&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEABAAAAAC~&jid=1034750855&gjid=51654644&cid=810955728.1645183412&tid=UA-35676203-21&_gid=931004234.1645183412&_r=1&gtm=2wg2g0PM29HLF&z=2115784433

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://threatpost.com/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 18 Feb 2022 11:23:30 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://threatpost.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 112ms
54ms Image
image/gif 2a00:1450:4001:811::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j96&aip=1&a=1196432768&t=event&ni=0&_s=1&dl=https%3A%2F%2Fthreatpost.com%2Fandroid-malware-flytrap-facebook%2F168463%2F&ul=en-us&de=UTF-8&dt=Android%20Malware%20%E2%80%98FlyTrap%E2%80%99%20Hijacks%20Facebook%20Accounts%20%7C%20Threatpost&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=VISIBILITY&ea=elementVisibility%20%2F%20%5BHeader%5D%20%2F%20Social%20Networks%20View&_u=YEDAAEABAAAAAC~&jid=&gjid=&cid=810955728.1645183412&tid=UA-35676203-21&_gid=931004234.1645183412&gtm=2wg2g0PM29HLF&z=1885342002

Requested by

Host: threatpost.com
URL: https://threatpost.com/android-malware-flytrap-facebook/168463/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 18 Feb 2022 00:25:36 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 39474
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 bridge3.501.0_en.html Show response
imasdk.googleapis.com/js/core/ Frame 9246 588 KB
191 KB 142ms
79ms Document
text/html 2a00:1450:4001:810::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/core/bridge3.501.0_en.html

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fdcb43edde19e9c27b72b5cd1cd912e10e313b7fff62fc4cd609c48ba3b4ef23

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://threatpost.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-length: 195594
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 16 Feb 2022 03:54:54 GMT
expires: Thu, 16 Feb 2023 03:54:54 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 16 Feb 2022 03:50:02 GMT
content-type: text/html
age: 199716
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 client.js Show response
s0.2mdn.net/instream/video/ Frame 2762 44 KB
17 KB 191ms
69ms Script
text/javascript 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/instream/video/client.js

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d0bffc7261df1454c5e05475cda7d9e6647318dc6c3936767e1252bfe8849c54

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 18 Feb 2022 11:23:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16746
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 18 Feb 2022 11:23:30 GMT

GET
H3 200 bridge3.501.0_en.html Show response
imasdk.googleapis.com/js/core/ Frame D023 588 KB
191 KB 92ms
58ms Document
text/html 2a00:1450:4001:810::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/core/bridge3.501.0_en.html

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fdcb43edde19e9c27b72b5cd1cd912e10e313b7fff62fc4cd609c48ba3b4ef23

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://threatpost.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-length: 195594
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 16 Feb 2022 03:54:54 GMT
expires: Thu, 16 Feb 2023 03:54:54 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 16 Feb 2022 03:50:02 GMT
content-type: text/html
age: 199716
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 bridge3.501.0_en.html Show response
imasdk.googleapis.com/js/core/ Frame 1391 588 KB
191 KB 73ms
55ms Document
text/html 2a00:1450:4001:810::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/core/bridge3.501.0_en.html

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fdcb43edde19e9c27b72b5cd1cd912e10e313b7fff62fc4cd609c48ba3b4ef23

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://threatpost.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-length: 195594
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 16 Feb 2022 03:54:54 GMT
expires: Thu, 16 Feb 2023 03:54:54 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 16 Feb 2022 03:50:02 GMT
content-type: text/html
age: 199716
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 rules-p-_7kVx0t9Jqj90.js Show response
rules.quantcount.com/ 2 B
352 B 175ms
57ms Script
application/javascript 2600:9000:2315:be00:6:44e3:f8c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rules.quantcount.com/rules-p-_7kVx0t9Jqj90.js
Requested by: Host: secure.quantserve.com
URL: https://secure.quantserve.com/quant.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2315:be00:6:44e3:f8c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 18 Feb 2022 11:18:15 GMT
via: 1.1 672ccfdef8d96b8bfc26646386cb4488.cloudfront.net (CloudFront)
server: AmazonS3
age: 315
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=3600
cross-origin-resource-policy: cross-origin
x-cache: Hit from cloudfront
x-amz-cf-pop: DUS51-P2
content-length: 2
x-amz-cf-id: 4a1eai8PCkUjYietwY69tfeBE1fBCbetVJdpUomwKg0C1x8z1Kwt_w==

GET
H2 206 0.mp4 Show response
vid.connatix.com/pid-c2ecd04f-0dca-4ffa-8761-d93b34717380/60764267-557e-410f-85cb-f102d92ee134/a68ca1a1-aa27-4dcc-9ed9-88f2fea28b34/6a7ad34f-0b4a-4b3d-a65d-c0631672856c_/ Frame 2762 1 KB
1 KB 54ms
54ms XHR
video/mp4 151.101.66.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://vid.connatix.com/pid-c2ecd04f-0dca-4ffa-8761-d93b34717380/60764267-557e-410f-85cb-f102d92ee134/a68ca1a1-aa27-4dcc-9ed9-88f2fea28b34/6a7ad34f-0b4a-4b3d-a65d-c0631672856c_/0.mp4
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.66.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 936077d9065d9288f1173f7ee01b38e296ee7e73ec36f014d0ee536c6334d568

Request headers

Referer
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Range: bytes=0-1361

Response headers

date: Fri, 18 Feb 2022 11:23:30 GMT
last-modified: Wed, 17 Feb 2021 09:31:14 GMT
age: 84103
etag: "9b4bd981758ebb758de186da8db48106"
access-control-max-age: 86400
content-type: video/mp4
Content-Range: bytes 0-1361/5937558
cache-control: public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges: bytes
access-control-allow-origin: *
Content-Length: 1362

GET
H2 200 avjp Show response
teachingaids-d.openx.net/v/1.0/ Frame 68C5 106 B
299 B 77ms
77ms XHR
application/json 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://teachingaids-d.openx.net/v/1.0/avjp?ju=https%3A%2F%2Fthreatpost.com%2Fandroid-malware-flytrap-facebook%2F168463%2F&ch=UTF-8&res=1600x1200x24&ifr=true&tz=0&tws=1600x1200&be=1&bc=hb_pb_3.0.3&dddid=e612a6ad-3452-4625-99d8-d534d488f220&nocache=1645183412391&gdpr=0&pubcid=915d1221-c4a6-4e5a-bf30-c5ff6887a32c&schain=1.0%2C1!admetricspro.com%2C1005%2C1%2C%2C%2C&openrtb=%7B%22imp%22%3A%5B%7B%22video%22%3A%7B%22w%22%3A400%2C%22h%22%3A225%2C%22skippable%22%3Atrue%2C%22mimes%22%3A%5B%22video%2Fmp4%22%2C%22video%2Fwebm%22%2C%22application%2Fjavascript%22%2C%22video%2Fogg%22%2C%22video%2Fmpeg%22%5D%2C%22protocols%22%3A%5B5%2C2%2C3%2C6%5D%2C%22linearity%22%3A1%2C%22api%22%3A%5B1%2C2%5D%2C%22maxduration%22%3A180%7D%7D%5D%7D&auid=540882778&vwd=400&vht=225&aumfs=250
Requested by: Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.7.0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/17.1.0 /
Resource Hash: 730fa1f3e8b3c4a223c4e69f4a27e690a4552f96ab97dba05b943dff44967658

Request headers

Referer: https://threatpost.com/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 18 Feb 2022 11:23:30 GMT
via: 1.1 google
server: OXGW/17.1.0
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: https://threatpost.com
cache-control: private, max-age=0, no-cache
access-control-allow-credentials: true
content-type: application/json
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 106
expires: Mon, 26 Jul 1997 05:00:00 GMT

POST
H2 204 mvo Show response
tag.1rx.io/rmp/233148/0/ Frame 68C5 0
170 B 72ms
72ms XHR
text/plain 213.19.147.42
RHYTHMONE

General

Check archive.org

Show headers Download Go to

Full URL: https://tag.1rx.io/rmp/233148/0/mvo?z=1r&hbv=6.7,2.1
Requested by: Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.7.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 213.19.147.42 , United Kingdom, ASN26120 (RHYTHMONE, US),
Reverse DNS
Software: Tengine /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://threatpost.com/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://threatpost.com
pragma: no-cache
date: Fri, 18 Feb 2022 11:23:30 GMT
cache-control: private, max-age=0, no-cache, no-store
access-control-allow-credentials: true
server: Tengine

GET
H2 200 avjp Show response
teachingaids-d.openx.net/v/1.0/ Frame 68C5 106 B
296 B 113ms
113ms XHR
application/json 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://teachingaids-d.openx.net/v/1.0/avjp?ju=https%3A%2F%2Fthreatpost.com%2Fandroid-malware-flytrap-facebook%2F168463%2F&ch=UTF-8&res=1600x1200x24&ifr=true&tz=0&tws=1600x1200&be=1&bc=hb_pb_3.0.3&dddid=c870c494-2416-4686-a8ad-dfdc7a81d784&nocache=1645183412398&gdpr=0&pubcid=915d1221-c4a6-4e5a-bf30-c5ff6887a32c&schain=1.0%2C1!admetricspro.com%2C1005%2C1%2C%2C%2C&openrtb=%7B%22imp%22%3A%5B%7B%22video%22%3A%7B%22w%22%3A400%2C%22h%22%3A225%2C%22skippable%22%3Atrue%2C%22mimes%22%3A%5B%22video%2Fmp4%22%2C%22video%2Fwebm%22%2C%22application%2Fjavascript%22%2C%22video%2Fogg%22%2C%22video%2Fmpeg%22%5D%2C%22protocols%22%3A%5B5%2C2%2C3%2C6%5D%2C%22linearity%22%3A1%2C%22api%22%3A%5B1%2C2%5D%2C%22maxduration%22%3A180%7D%7D%5D%7D&auid=540882779&vwd=400&vht=225&aumfs=250
Requested by: Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.7.0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/17.1.0 /
Resource Hash: 730fa1f3e8b3c4a223c4e69f4a27e690a4552f96ab97dba05b943dff44967658

Request headers

Referer: https://threatpost.com/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 18 Feb 2022 11:23:30 GMT
via: 1.1 google
server: OXGW/17.1.0
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: https://threatpost.com
cache-control: private, max-age=0, no-cache
access-control-allow-credentials: true
content-type: application/json
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 106
expires: Mon, 26 Jul 1997 05:00:00 GMT

POST
H/1.1 204
No Content openrtb Show response
ads.adaptv.advertising.com/rtb/ Frame 68C5 0
215 B 490ms
275ms XHR
application/json 18.192.29.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.adaptv.advertising.com/rtb/openrtb?ext_id=TeachingAidsLLC
Requested by: Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.7.0.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.192.29.118 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-192-29-118.eu-central-1.compute.amazonaws.com
Software: adaptv/1.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://threatpost.com/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://threatpost.com
access-control-allow-credentials: true
server: adaptv/1.0
Connection: keep-alive
content-length: 0
content-type: application/json

POST
H2 204 mvo Show response
tag.1rx.io/rmp/216475/0/ Frame 68C5 0
170 B 81ms
80ms XHR
text/plain 213.19.147.42
RHYTHMONE

General

Check archive.org

Show headers Download Go to

Full URL: https://tag.1rx.io/rmp/216475/0/mvo?z=1r&hbv=6.7,2.1
Requested by: Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.7.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 213.19.147.42 , United Kingdom, ASN26120 (RHYTHMONE, US),
Reverse DNS
Software: Tengine /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://threatpost.com/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://threatpost.com
pragma: no-cache
date: Fri, 18 Feb 2022 11:23:30 GMT
cache-control: private, max-age=0, no-cache, no-store
access-control-allow-credentials: true
server: Tengine

GET
H2 200 cygnus Show response
htlb.casalemedia.com/ Frame 68C5 37 B
330 B 89ms
88ms XHR
application/json 184.31.84.150
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://htlb.casalemedia.com/cygnus?s=435870&v=8.1&ac=j&sd=1&nf=1&t=900&r=%7B%22id%22%3A%22115a406508e0d4e%22%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fthreatpost.com%2Fandroid-malware-flytrap-facebook%2F168463%2F%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%2C%22ixdiag%22%3A%7B%22msd%22%3A0%2C%22msi%22%3A0%2C%22mfu%22%3A0%2C%22bu%22%3A0%2C%22iu%22%3A1%2C%22nu%22%3A0%2C%22ou%22%3A0%2C%22allu%22%3A1%2C%22ren%22%3Afalse%2C%22version%22%3A%226.7.0%22%2C%22userIds%22%3A%5B%22pubcid%22%5D%2C%22dms%22%3Atrue%7D%7D%2C%22imp%22%3A%5B%7B%22id%22%3A%2212d8976b9445d14%22%2C%22ext%22%3A%7B%22siteID%22%3A%22435870%22%2C%22sid%22%3A%22400x225%22%2C%22fl%22%3A%22x%22%7D%2C%22video%22%3A%7B%22mimes%22%3A%5B%22video%2Fmp4%22%2C%22video%2Fwebm%22%2C%22application%2Fjavascript%22%2C%22video%2Fogg%22%2C%22video%2Fmpeg%22%5D%2C%22minduration%22%3A0%2C%22maxduration%22%3A180%2C%22protocols%22%3A%5B1%2C2%2C3%2C4%2C5%2C6%2C7%2C8%5D%2C%22playerSize%22%3A%5B%5B400%2C225%5D%5D%2C%22linearity%22%3A1%2C%22api%22%3A%5B1%2C2%5D%2C%22skip%22%3A1%2C%22skipmin%22%3A31%2C%22skipafter%22%3A5%2C%22placement%22%3A1%2C%22w%22%3A400%2C%22h%22%3A225%7D%2C%22bidfloor%22%3A0.25%2C%22bidfloorcur%22%3A%22USD%22%7D%5D%2C%22at%22%3A1%2C%22source%22%3A%7B%22ext%22%3A%7B%22schain%22%3A%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22admetricspro.com%22%2C%22hp%22%3A1%2C%22sid%22%3A%221005%22%2C%22rid%22%3A%22e1a2e0c2-3482-43b3-8411-2b63a494060a%22%7D%5D%7D%7D%7D%2C%22user%22%3A%7B%22eids%22%3A%5B%7B%22source%22%3A%22pubcid.org%22%2C%22uids%22%3A%5B%7B%22id%22%3A%22915d1221-c4a6-4e5a-bf30-c5ff6887a32c%22%7D%5D%7D%5D%2C%22ext%22%3A%7B%22consent%22%3A%22%22%7D%7D%2C%22regs%22%3A%7B%22ext%22%3A%7B%22gdpr%22%3A0%7D%7D%7D
Requested by: Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.7.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 184.31.84.150 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-31-84-150.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 60c82cc49189d9e954bbe81489de19e7709945e1e39dba368b7dda3c65f8157d

Request headers

Referer: https://threatpost.com/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 18 Feb 2022 11:23:30 GMT
x-ak-initial-geo: CC:[GB], RC:[EN], CN:[EU], CIP:[82.199.130.39], XFF:[]
server: Apache
content-type: application/json
access-control-allow-origin: https://threatpost.com
x-cs-client-geo: 27
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
content-length: 37
x-ak-client-geo: 27
expires: Fri, 18 Feb 2022 11:23:30 GMT

POST
H2 204 mvo Show response
tag.1rx.io/rmp/233098/0/ Frame 68C5 0
170 B 70ms
70ms XHR
text/plain 213.19.147.42
RHYTHMONE

General

Check archive.org

Show headers Download Go to

Full URL: https://tag.1rx.io/rmp/233098/0/mvo?z=1r&hbv=6.7,2.1
Requested by: Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.7.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 213.19.147.42 , United Kingdom, ASN26120 (RHYTHMONE, US),
Reverse DNS
Software: Tengine /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://threatpost.com/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://threatpost.com
pragma: no-cache
date: Fri, 18 Feb 2022 11:23:30 GMT
cache-control: private, max-age=0, no-cache, no-store
access-control-allow-credentials: true
server: Tengine

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame 68C5 139 B
972 B 89ms
89ms XHR
application/json 185.33.221.53
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.7.0.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.53 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

718.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

105c4847c1ee303eb1bc8a23772f3dac937de5640893b05064fa11ef32a5d4d0

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Fri, 18 Feb 2022 11:23:30 GMT
X-Proxy-Origin: 82.199.130.39; 82.199.130.39; 718.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: fa331e99-ffef-4035-9fba-715d775e7e70
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://threatpost.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 139
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ Frame 68C5 0
59 B 728ms
273ms XHR
text/plain 204.237.133.116
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.7.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 204.237.133.116 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://threatpost.com/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://threatpost.com
date: Fri, 18 Feb 2022 11:23:30 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame 68C5 139 B
972 B 190ms
189ms XHR
application/json 185.33.221.53
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.7.0.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.53 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

718.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

ffc2331ab7409258033256434bd0b89a133c98edd6a5da42b6c2d318743792de

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Fri, 18 Feb 2022 11:23:30 GMT
X-Proxy-Origin: 82.199.130.39; 82.199.130.39; 718.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 3820f3f0-2eba-4e8a-b69c-591623109981
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://threatpost.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 139
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 cygnus Show response
htlb.casalemedia.com/ Frame 68C5 37 B
330 B 104ms
104ms XHR
application/json 184.31.84.150
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://htlb.casalemedia.com/cygnus?s=435871&v=8.1&ac=j&sd=1&nf=1&t=900&r=%7B%22id%22%3A%222199ad2684be65f%22%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fthreatpost.com%2Fandroid-malware-flytrap-facebook%2F168463%2F%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%2C%22ixdiag%22%3A%7B%22msd%22%3A0%2C%22msi%22%3A0%2C%22mfu%22%3A0%2C%22bu%22%3A0%2C%22iu%22%3A1%2C%22nu%22%3A0%2C%22ou%22%3A0%2C%22allu%22%3A1%2C%22ren%22%3Afalse%2C%22version%22%3A%226.7.0%22%2C%22userIds%22%3A%5B%22pubcid%22%5D%2C%22dms%22%3Atrue%7D%7D%2C%22imp%22%3A%5B%7B%22id%22%3A%22227de9e920a04e5%22%2C%22ext%22%3A%7B%22siteID%22%3A%22435871%22%2C%22sid%22%3A%22400x225%22%2C%22fl%22%3A%22x%22%7D%2C%22video%22%3A%7B%22mimes%22%3A%5B%22video%2Fmp4%22%2C%22video%2Fwebm%22%2C%22application%2Fjavascript%22%2C%22video%2Fogg%22%2C%22video%2Fmpeg%22%5D%2C%22minduration%22%3A0%2C%22maxduration%22%3A180%2C%22protocols%22%3A%5B1%2C2%2C3%2C4%2C5%2C6%2C7%2C8%5D%2C%22playerSize%22%3A%5B%5B400%2C225%5D%5D%2C%22linearity%22%3A1%2C%22api%22%3A%5B1%2C2%5D%2C%22skip%22%3A1%2C%22skipmin%22%3A31%2C%22skipafter%22%3A5%2C%22placement%22%3A1%2C%22w%22%3A400%2C%22h%22%3A225%7D%2C%22bidfloor%22%3A0.25%2C%22bidfloorcur%22%3A%22USD%22%7D%5D%2C%22at%22%3A1%2C%22source%22%3A%7B%22ext%22%3A%7B%22schain%22%3A%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22admetricspro.com%22%2C%22hp%22%3A1%2C%22sid%22%3A%221005%22%2C%22rid%22%3A%22e1a2e0c2-3482-43b3-8411-2b63a494060a%22%7D%5D%7D%7D%7D%2C%22user%22%3A%7B%22eids%22%3A%5B%7B%22source%22%3A%22pubcid.org%22%2C%22uids%22%3A%5B%7B%22id%22%3A%22915d1221-c4a6-4e5a-bf30-c5ff6887a32c%22%7D%5D%7D%5D%2C%22ext%22%3A%7B%22consent%22%3A%22%22%7D%7D%2C%22regs%22%3A%7B%22ext%22%3A%7B%22gdpr%22%3A0%7D%7D%7D
Requested by: Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.7.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 184.31.84.150 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-31-84-150.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 5e1131c4691e17e8091087441f3c3628221f88fad26e9afbf2eaec92bcab90f3

Request headers

Referer: https://threatpost.com/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 18 Feb 2022 11:23:30 GMT
x-ak-initial-geo: CC:[GB], RC:[EN], CN:[EU], CIP:[82.199.130.39], XFF:[]
server: Apache
content-type: application/json
access-control-allow-origin: https://threatpost.com
x-cs-client-geo: 27
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
content-length: 37
x-ak-client-geo: 27
expires: Fri, 18 Feb 2022 11:23:30 GMT

POST
H2 204 c Show response
prebid.a-mo.net/a/ Frame 68C5 0
346 B 137ms
137ms XHR
text/plain 147.75.38.124
PACKET

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.a-mo.net/a/c
Requested by: Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.7.0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 147.75.38.124 Amsterdam, Netherlands, ASN54825 (PACKET, US),
Reverse DNS
Software: envoy /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://threatpost.com/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://threatpost.com
date: Fri, 18 Feb 2022 11:23:30 GMT
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
server: envoy
x-envoy-upstream-service-time: 14
vary: origin, Accept-Encoding

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ Frame 68C5 0
59 B 837ms
390ms XHR
text/plain 204.237.133.116
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.7.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 204.237.133.116 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://threatpost.com/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://threatpost.com
date: Fri, 18 Feb 2022 11:23:31 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true

POST
H2 204 mvo Show response
tag.1rx.io/rmp/216476/0/ Frame 68C5 0
170 B 67ms
67ms XHR
text/plain 213.19.147.42
RHYTHMONE

General

Check archive.org

Show headers Download Go to

Full URL: https://tag.1rx.io/rmp/216476/0/mvo?z=1r&hbv=6.7,2.1
Requested by: Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.7.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 213.19.147.42 , United Kingdom, ASN26120 (RHYTHMONE, US),
Reverse DNS
Software: Tengine /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://threatpost.com/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://threatpost.com
pragma: no-cache
date: Fri, 18 Feb 2022 11:23:30 GMT
cache-control: private, max-age=0, no-cache, no-store
access-control-allow-credentials: true
server: Tengine

GET
H2 200 adsct Show response
analytics.twitter.com/i/ 31 B
458 B 302ms
151ms Script
application/javascript 104.244.42.195
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://analytics.twitter.com/i/adsct?type=javascript&version=2.0.4&p_id=Twitter&p_user_id=0&txn_id=ntt0j&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&event_id=2c37b485-c700-4946-9cec-88b75d49206d&tw_document_href=https%3A%2F%2Fthreatpost.com%2Fandroid-malware-flytrap-facebook%2F168463%2F&tpx_cb=twttr.conversion.loadPixels

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.195 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_f /

Resource Hash

df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

x-response-time: 105
date: Fri, 18 Feb 2022 11:23:30 GMT
content-encoding: gzip
server: tsa_f
strict-transport-security: max-age=631138519
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
cache-control: no-cache, no-store, max-age=0
x-connection-hash: 30413a3111a89e711abeb384fc1d09b074d6a6277f54fac45d33be61828c0bef
content-type: application/javascript;charset=utf-8
content-length: 57

GET
H2 200 adsct
t.co/i/ 43 B
336 B 248ms
147ms Image
image/gif 104.244.42.5
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?type=javascript&version=2.0.4&p_id=Twitter&p_user_id=0&txn_id=ntt0j&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&event_id=2c37b485-c700-4946-9cec-88b75d49206d&tw_document_href=https%3A%2F%2Fthreatpost.com%2Fandroid-malware-flytrap-facebook%2F168463%2F

Requested by

Host: threatpost.com
URL: https://threatpost.com/android-malware-flytrap-facebook/168463/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.5 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_f /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

x-response-time: 103
date: Fri, 18 Feb 2022 11:23:30 GMT
server: tsa_f
strict-transport-security: max-age=0
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, max-age=0
x-connection-hash: ab826e23471b5082bfc94fd8628818ab7a0011ab4fe23817453f85c247ffe7c4
content-length: 43

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
441 B 169ms
55ms XHR
text/plain 2a00:1450:400c:c0c::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-35676203-21&cid=810955728.1645183412&jid=1034750855&gjid=51654644&_gid=931004234.1645183412&_u=YEBAAEAAAAAAAC~&z=2097822342

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c0c::9b Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://threatpost.com/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Fri, 18 Feb 2022 11:23:30 GMT
content-type: text/plain
access-control-allow-origin: https://threatpost.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 omweb-v1.js Show response
pagead2.googlesyndication.com/omsdk/releases/live/ Frame E92A 37 KB
13 KB 172ms
55ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js

Requested by

Host: srcdoc
URL: about:srcdoc

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2511b147f3cf95f742758d3e2062eac98f5265a859dc07959eb8a32f0a2f528

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 18 Feb 2022 10:51:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1935
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12861
x-xss-protection: 0
last-modified: Tue, 26 Oct 2021 20:08:54 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="omsdk-team-release-policy"
vary: Accept-Encoding
report-to: {"group":"omsdk-team-release-policy","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/omsdk-team-release-policy"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Fri, 18 Feb 2022 11:51:15 GMT

GET
H2 200 omweb-v1.js Show response
pagead2.googlesyndication.com/omsdk/releases/live/ Frame 27B9 37 KB
13 KB 220ms
111ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js

Requested by

Host: srcdoc
URL: about:srcdoc

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2511b147f3cf95f742758d3e2062eac98f5265a859dc07959eb8a32f0a2f528

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 18 Feb 2022 10:51:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1935
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12861
x-xss-protection: 0
last-modified: Tue, 26 Oct 2021 20:08:54 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="omsdk-team-release-policy"
vary: Accept-Encoding
report-to: {"group":"omsdk-team-release-policy","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/omsdk-team-release-policy"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Fri, 18 Feb 2022 11:51:15 GMT

GET
H2 200 omweb-v1.js Show response
pagead2.googlesyndication.com/omsdk/releases/live/ Frame 01CD 37 KB
13 KB 129ms
68ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js

Requested by

Host: srcdoc
URL: about:srcdoc

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2511b147f3cf95f742758d3e2062eac98f5265a859dc07959eb8a32f0a2f528

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 18 Feb 2022 10:51:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1935
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12861
x-xss-protection: 0
last-modified: Tue, 26 Oct 2021 20:08:54 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="omsdk-team-release-policy"
vary: Accept-Encoding
report-to: {"group":"omsdk-team-release-policy","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/omsdk-team-release-policy"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Fri, 18 Feb 2022 11:51:15 GMT

GET
H2 206 0.mp4 Show response
vid.connatix.com/pid-c2ecd04f-0dca-4ffa-8761-d93b34717380/60764267-557e-410f-85cb-f102d92ee134/a68ca1a1-aa27-4dcc-9ed9-88f2fea28b34/6a7ad34f-0b4a-4b3d-a65d-c0631672856c_/ Frame 2762 654 KB
654 KB 54ms
54ms XHR
video/mp4 151.101.66.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://vid.connatix.com/pid-c2ecd04f-0dca-4ffa-8761-d93b34717380/60764267-557e-410f-85cb-f102d92ee134/a68ca1a1-aa27-4dcc-9ed9-88f2fea28b34/6a7ad34f-0b4a-4b3d-a65d-c0631672856c_/0.mp4
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.66.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 652931d254f2c9179dc76bf35e289f397d9be597683abb1c2bd7e3afc81d3802

Request headers

Referer
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Range: bytes=1362-670640

Response headers

date: Fri, 18 Feb 2022 11:23:30 GMT
last-modified: Wed, 17 Feb 2021 09:31:14 GMT
age: 84103
etag: "9b4bd981758ebb758de186da8db48106"
access-control-max-age: 86400
content-type: video/mp4
Content-Range: bytes 1362-670640/5937558
cache-control: public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges: bytes
access-control-allow-origin: *
Content-Length: 669279

GET
H2 200 pixel;r=1110520026;source=gtm;rf=0;a=p-_7kVx0t9Jqj90;url=https%3A%2F%2Fthreatpost.com%2Fandroid-malware-flytrap-facebook%2F168463%2F;uht=2;fpan=1;fpa=P0-865686960-1645183412607;pbc=915d1221-c4a6-4e...
pixel.quantserve.com/ 35 B
371 B 63ms
62ms Image
image/gif 2620:116:800d:21:f916:5049:f87f:108e
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.quantserve.com/pixel;r=1110520026;source=gtm;rf=0;a=p-_7kVx0t9Jqj90;url=https%3A%2F%2Fthreatpost.com%2Fandroid-malware-flytrap-facebook%2F168463%2F;uht=2;fpan=1;fpa=P0-865686960-1645183412607;pbc=915d1221-c4a6-4e5a-bf30-c5ff6887a32c;ns=0;ce=1;qjs=1;qv=b4915a16-20220201183321;cm=;gdpr=0;us_privacy=1---;ref=;d=threatpost.com;je=0;sr=1600x1200x24;dst=0;et=1645183412607;tzo=0;ogl=image.https%3A%2F%2Fmedia%252Ethreatpost%252Ecom%2Fwp-content%2Fuploads%2Fsites%2F103%2F2021%2F08%2F09115159%2Fbad-a%2Ctype.article%2Ctitle.Android%20Malware%20%E2%80%98FlyTrap%E2%80%99%20Hijacks%20Facebook%20Accounts%2Cdescription.Coupon%20codes%20for%20Netlifx%20or%20Google%20AdWords%3F%20Voting%20for%20the%20best%20football%20team%3F%20B%2Curl.https%3A%2F%2Fthreatpost%252Ecom%2Fandroid-malware-flytrap-facebook%2F168463%2F

Requested by

Host: threatpost.com
URL: https://threatpost.com/android-malware-flytrap-facebook/168463/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:f916:5049:f87f:108e , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 18 Feb 2022 11:23:30 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
cache-control: private, no-cache, no-store, proxy-revalidate
content-type: image/gif
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3 200 ga-audiences
www.google.com/ads/ 42 B
63 B 242ms
176ms Image
image/gif 2a00:1450:4001:82b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-35676203-21&cid=810955728.1645183412&jid=1034750855&_u=YEBAAEAAAAAAAC~&z=1836364070

Requested by

Host: threatpost.com
URL: https://threatpost.com/android-malware-flytrap-facebook/168463/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 18 Feb 2022 11:23:30 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
501 B 187ms
71ms Image
image/gif 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-35676203-21&cid=810955728.1645183412&jid=1034750855&_u=YEBAAEAAAAAAAC~&z=1836364070

Requested by

Host: threatpost.com
URL: https://threatpost.com/android-malware-flytrap-facebook/168463/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 18 Feb 2022 11:23:30 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 62ms
61ms XHR
text/plain 2a00:1450:4001:811::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&a=1196432768&t=pageview&_s=1&dl=https%3A%2F%2Fthreatpost.com%2Fandroid-malware-flytrap-facebook%2F168463%2F&dp=%2Fandroid-malware-flytrap-facebook%2F168463%2F&ul=en-us&de=UTF-8&dt=Android%20Malware%20%E2%80%98FlyTrap%E2%80%99%20Hijacks%20Facebook%20Accounts%20%7C%20Threatpost&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aEDAAEABAAAAAC~&jid=1007150337&gjid=1166364397&cid=810955728.1645183412&uid=03632348524271944892590416654143285768&tid=UA-63997723-2&_gid=931004234.1645183412&_r=1&gtm=2wg2g0WZ7LJ3&cd14=no_locale&cd15=03632348524271944892590416654143285768&cd53=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F98.0.4758.80%20Safari%2F537.36&cd16=810955728.1645183412&z=1778579633

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://threatpost.com/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 18 Feb 2022 11:23:31 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://threatpost.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 54ms
54ms Script
text/javascript 2a00:1450:4001:811::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WZ7LJ3

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 02 Nov 2021 17:39:06 GMT
server: Golfe2
age: 6518
date: Fri, 18 Feb 2022 09:34:53 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Fri, 18 Feb 2022 11:34:53 GMT

GET
H/1.1 200
OK insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 1006 B
792 B 230ms
56ms Script
application/x-javascript 2a02:26f0:fb::5f65:58e0
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-T45JW6B&l=dataLayer
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:fb::5f65:58e0 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 0055b9d0429e9c194b4aa6b5f49cbc2ec31a7220ee7c8c186a9ee951feabd482

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Fri, 18 Feb 2022 11:23:31 GMT
Content-Encoding: gzip
Last-Modified: Thu, 17 Feb 2022 18:48:07 GMT
X-CDN: AKAM
Vary: Accept-Encoding
Content-Type: application/x-javascript;charset=utf-8
Cache-Control: max-age=26682
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 479

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 91 KB
36 KB 62ms
62ms Script
application/javascript 2a00:1450:4001:813::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-9582686

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-T45JW6B&l=dataLayer

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

ee5a08bd131cbf0d71690591146c68b28eb4ec0c71393aceb61cb0d6c86b5eca

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 18 Feb 2022 11:23:31 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37054
x-xss-protection: 0
last-modified: Fri, 18 Feb 2022 09:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 18 Feb 2022 11:23:31 GMT

GET
H2 206 0.mp4 Show response
vid.connatix.com/pid-c2ecd04f-0dca-4ffa-8761-d93b34717380/60764267-557e-410f-85cb-f102d92ee134/a68ca1a1-aa27-4dcc-9ed9-88f2fea28b34/6a7ad34f-0b4a-4b3d-a65d-c0631672856c_/ Frame 2762 591 KB
591 KB 56ms
56ms XHR
video/mp4 151.101.66.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://vid.connatix.com/pid-c2ecd04f-0dca-4ffa-8761-d93b34717380/60764267-557e-410f-85cb-f102d92ee134/a68ca1a1-aa27-4dcc-9ed9-88f2fea28b34/6a7ad34f-0b4a-4b3d-a65d-c0631672856c_/0.mp4
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.66.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: fbcaa1021864cc0e13abab66c1fffe408dad6b29ecec54e44c16a87eb787691d

Request headers

Referer
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Range: bytes=670641-1275591

Response headers

date: Fri, 18 Feb 2022 11:23:31 GMT
last-modified: Wed, 17 Feb 2021 09:31:14 GMT
age: 84103
etag: "9b4bd981758ebb758de186da8db48106"
access-control-max-age: 86400
content-type: video/mp4
Content-Range: bytes 670641-1275591/5937558
cache-control: public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges: bytes
access-control-allow-origin: *
Content-Length: 604951

POST
H3 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
25 B 113ms
58ms XHR
text/plain 2a00:1450:400c:c0c::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-63997723-2&cid=810955728.1645183412&jid=1007150337&uid=03632348524271944892590416654143285768&gjid=1166364397&_gid=931004234.1645183412&_u=aEDAAEABAAAAAC~&z=1273695588

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400c:c0c::9b Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://threatpost.com/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Fri, 18 Feb 2022 11:23:31 GMT
content-type: text/plain
access-control-allow-origin: https://threatpost.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 173 KB
63 KB 72ms
72ms Script
application/javascript 2a00:1450:4001:813::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-YP1JLG57CH&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=DC-9582686

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

920de30611ab77e0d3da21e06a9f1c9b41f80d1bae5eb736a627fda70e133918

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 18 Feb 2022 11:23:31 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 64852
x-xss-protection: 0
expires: Fri, 18 Feb 2022 11:23:31 GMT

POST
H/1.1 200
OK mq Show response
capi.connatix.com/tr/ Frame 2762 0
315 B 129ms
128ms XHR
application/x-protobuf 18.191.54.29
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://capi.connatix.com/tr/mq?v=151003
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.191.54.29 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-191-54-29.us-east-2.compute.amazonaws.com
Software: Kestrel /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: multipart/form-data

Response headers

date: Fri, 18 Feb 2022 11:23:30 GMT
content-encoding: gzip
server: Kestrel
vary: Accept-Encoding
content-type: application/x-protobuf
access-control-allow-origin: https://threatpost.com
access-control-allow-credentials: true
Connection: keep-alive
Content-Length: 20

POST
H/1.1 200
OK ps Show response
capi.connatix.com/tr/ Frame 2762 0
315 B 257ms
128ms XHR
application/x-protobuf 18.191.54.29
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://capi.connatix.com/tr/ps?v=151003
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.191.54.29 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-191-54-29.us-east-2.compute.amazonaws.com
Software: Kestrel /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: multipart/form-data

Response headers

date: Fri, 18 Feb 2022 11:23:30 GMT
content-encoding: gzip
server: Kestrel
vary: Accept-Encoding
content-type: application/x-protobuf
access-control-allow-origin: https://threatpost.com
access-control-allow-credentials: true
Connection: keep-alive
Content-Length: 20

POST
H/1.1 200
OK g Show response
capi.connatix.com/rtb/ Frame 2762 0
315 B 129ms
129ms XHR
application/x-protobuf 18.191.54.29
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://capi.connatix.com/rtb/g?v=151003
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.191.54.29 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-191-54-29.us-east-2.compute.amazonaws.com
Software: Kestrel /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: multipart/form-data

Response headers

date: Fri, 18 Feb 2022 11:23:30 GMT
content-encoding: gzip
server: Kestrel
vary: Accept-Encoding
content-type: application/x-protobuf
access-control-allow-origin: https://threatpost.com
access-control-allow-credentials: true
Connection: keep-alive
Content-Length: 20

GET
H3 200 ga-audiences
www.google.com/ads/ 42 B
63 B 66ms
65ms Image
image/gif 2a00:1450:4001:82b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-63997723-2&cid=810955728.1645183412&jid=1007150337&_u=aEDAAEABAAAAAC~&z=1834470598

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 18 Feb 2022 11:23:31 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ga-audiences
www.google.de/ads/ 42 B
63 B 130ms
67ms Image
image/gif 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-63997723-2&cid=810955728.1645183412&jid=1007150337&_u=aEDAAEABAAAAAC~&z=1834470598

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 18 Feb 2022 11:23:31 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

activityi;dc_pre=CMuD0-aRifYCFSRDHQkdnIAFsA;src=9582686;type=globalc;cat=globa0;ord=5699076971420;gtm=2od2g0;auiddc=723368599.1645183413;u1=B2C;u2=no_locale;u4=threatpost.com;u5=%2Fandroid-malware-... Show response
9582686.fls.doubleclick.net/ Frame B85F
Redirect Chain

https://9582686.fls.doubleclick.net/activityi;src=9582686;type=globalc;cat=globa0;ord=5699076971420;gtm=2od2g0;auiddc=723368599.1645183413;u1=B2C;u2=no_locale;u4=threatpost.com;u5=%2Fandroid-malwar...
https://9582686.fls.doubleclick.net/activityi;dc_pre=CMuD0-aRifYCFSRDHQkdnIAFsA;src=9582686;type=globalc;cat=globa0;ord=5699076971420;gtm=2od2g0;auiddc=723368599.1645183413;u1=B2C;u2=no_locale;u4=t...

724 B
520 B

127ms
66ms

Document
text/html

142.250.186.134
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://9582686.fls.doubleclick.net/activityi;dc_pre=CMuD0-aRifYCFSRDHQkdnIAFsA;src=9582686;type=globalc;cat=globa0;ord=5699076971420;gtm=2od2g0;auiddc=723368599.1645183413;u1=B2C;u2=no_locale;u4=threatpost.com;u5=%2Fandroid-malware-flytrap-facebook%2F168463%2F;u6=;u7=03632348524271944892590416654143285768-810955728.1645183412;u9=_android-malware-flytrap-facebook_168463_;~oref=https%3A%2F%2Fthreatpost.com%2Fandroid-malware-flytrap-facebook%2F168463%2F?

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=DC-9582686

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.134 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f6.1e100.net

Software

cafe /

Resource Hash

791d0c0be3734eea808347aac97f11bc4578adf6f2cc1d6e96704f97410a0350

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: about:blank

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 18 Feb 2022 11:23:31 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
strict-transport-security: max-age=21600
content-type: text/html; charset=UTF-8
pragma: no-cache
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 495
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

Redirect headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 18 Feb 2022 11:23:31 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
follow-only-when-prerender-shown: 1
strict-transport-security: max-age=21600
location: https://9582686.fls.doubleclick.net/activityi;dc_pre=CMuD0-aRifYCFSRDHQkdnIAFsA;src=9582686;type=globalc;cat=globa0;ord=5699076971420;gtm=2od2g0;auiddc=723368599.1645183413;u1=B2C;u2=no_locale;u4=threatpost.com;u5=%2Fandroid-malware-flytrap-facebook%2F168463%2F;u6=;u7=03632348524271944892590416654143285768-810955728.1645183412;u9=_android-malware-flytrap-facebook_168463_;~oref=https%3A%2F%2Fthreatpost.com%2Fandroid-malware-flytrap-facebook%2F168463%2F?
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
792 B 186ms
63ms Script
application/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=threatpost.com

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 18 Feb 2022 11:23:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
549 B 179ms
63ms Script
application/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=threatpost.com

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 18 Feb 2022 11:23:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 286 KB
71 KB 615ms
615ms XHR
text/plain 142.250.74.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3166335603429057&correlator=640327994104716&output=ldjh&impl=fifs&eid=31064988%2C31064868&vrg=2022021602&ptt=17&gdpr=0&us_privacy=1---&tfua=0&tfcd=0&sc=1&sfv=1-0-38&ecs=20220218&iu_parts=22404337467%3A21707124336%2Cthreatpost-970x250-ATF%2Cthreatpost-300x250-ATF%2Cthreatpost-300x600-ATF%2Cthreatpost-2x2-Skin%2Cthreatpost-AdX-Interstitial&enc_prev_ius=%2F0%2F1%2C%2F0%2F2%2C%2F0%2F3%2C%2F0%2F4%2C%2F0%2F5&prev_iu_szs=728x90%7C970x250%7C970x90%2C300x250%7C336x280%2C300x250%7C300x600%2C2x2%2C1x1&ists=1&fas=0%2C0%2C0%2C0%2C8&prev_scp=amznbid%3D2%26amznp%3D2%7Camznbid%3D2%26amznp%3D2%7Camznbid%3D2%26amznp%3D2%7Camznbid%3D2%26amznp%3D2%7C&eri=1&cust_params=urlhost%3Dhttps%253A%252F%252Fthreatpost.com%252F%26urlpath%3D%252Fandroid-malware-flytrap-facebook%252F168463%252F%26urlquery%3Dgoogfc%26contentid%3D168463%26category%3Dfacebook%26contenttags%3D&cookie_enabled=1&bc=31&abxe=1&dt=1645183413159&lmt=1645183413&dlt=1645183409384&idt=2488&frm=20&biw=1600&bih=1200&oid=2&adxs=436%2C1082%2C1082%2C0%2C-9&adys=8%2C166%2C1185%2C8%2C-9&adks=4166723991%2C1414505084%2C1356251026%2C3771495681%2C2643643476&ucis=1%7C2%7C3%7C4%7C5&ifi=1&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&dmc=8&url=https%3A%2F%2Fthreatpost.com%2Fandroid-malware-flytrap-facebook%2F168463%2F&vis=1&scr_x=0&scr_y=0&psz=728x0%7C300x0%7C300x0%7C1600x0%7C0x-1&msz=728x0%7C300x0%7C300x0%7C1600x0%7C0x-1&ga_vid=810955728.1645183412&ga_sid=1645183413&ga_hid=1196432768&ga_fc=true&fws=0%2C0%2C0%2C0%2C2&ohw=0%2C0%2C0%2C0%2C0&btvi=0%7C0%7C0%7C0%7C-1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022021602.js?31064988

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.74.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s02-in-f2.1e100.net

Software

cafe /

Resource Hash

d03ffe1a8b8c09f53f2c29965b9a2101ef73f481a449f9bf7992d49368955a8e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 18 Feb 2022 11:23:31 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 72357
x-xss-protection: 0
google-lineitem-id: -1,-1,-1,-2,-1
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -1,-1,-1,-2,-1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://threatpost.com
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 13 KB
10 KB 130ms
68ms XHR
application/json 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022021602&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022021602.js?31064988

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5dfa305bee09222800ad4e865449d0443a8f8fcdda03a539e34f39a11c97073b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 18 Feb 2022 11:23:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9937
x-xss-protection: 0

GET
H2 200 container.html Show response
fddb3c9496fcaf8b8a980280780c51e3.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 8D00 6 KB
4 KB 223ms
62ms Document
text/html 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fddb3c9496fcaf8b8a980280780c51e3.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022021602.js?31064988

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://threatpost.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Fri, 18 Feb 2022 11:23:31 GMT
expires: Sat, 18 Feb 2023 11:23:31 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 pubads_impl_page_level_ads_2022021602.js Show response
securepubads.g.doubleclick.net/gpt/ 36 KB
13 KB 55ms
54ms Script
text/javascript 142.250.74.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_page_level_ads_2022021602.js?cb=31064988

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022021602.js?31064988

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.74.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s02-in-f2.1e100.net

Software

sffe /

Resource Hash

f6d7bf2066b27d0e65d670f2ea6ab9cf75a6aa61d401e41803ee80d5a1c0fab8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 17 Feb 2022 04:30:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 111156
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13455
x-xss-protection: 0
last-modified: Thu, 17 Feb 2022 02:36:01 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Fri, 17 Feb 2023 04:30:55 GMT

POST
H3 204 collect
www.google-analytics.com/g/ 0
17 B 62ms
61ms Ping
text/plain 2a00:1450:4001:811::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.google-analytics.com/g/collect?v=2&tid=G-YP1JLG57CH&gtm=2oe2g0&_p=1196432768&sr=1600x1200&ul=en-us&cid=810955728.1645183412&_s=1&dl=https%3A%2F%2Fthreatpost.com%2Fandroid-malware-flytrap-facebook%2F168463%2F&dt=Android%20Malware%20%E2%80%98FlyTrap%E2%80%99%20Hijacks%20Facebook%20Accounts%20%7C%20Threatpost&sid=1645183413&sct=1&seg=0&en=page_view&_fv=1&_ss=1&ep.pageType=other&ep.businessType=b2c&ep.siteType=Default&ep.siteClass=Websites&ep.siteLocale=%5BNULL%5D&ep.pageName=Home%20%3E%20android-malware-flytrap-facebook%2F168463&ep.campaign=&ep.acCampaignId=&ep.omnitureVisitorId=03632348524271944892590416654143285768
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-YP1JLG57CH&l=dataLayer&cx=c
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 18 Feb 2022 11:23:31 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://threatpost.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK insight.old.min.js Show response
snap.licdn.com/li.lms-analytics/ 5 KB
2 KB 57ms
56ms Script
application/x-javascript 2a02:26f0:fb::5f65:58e0
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://snap.licdn.com/li.lms-analytics/insight.old.min.js
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:fb::5f65:58e0 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: fed785a6a8ca96fb67230fec5d85f9c508db49f4075aa0ef284af56cd89813e3

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Fri, 18 Feb 2022 11:23:31 GMT
Content-Encoding: gzip
Last-Modified: Wed, 16 Feb 2022 23:50:54 GMT
X-CDN: AKAM
Vary: Accept-Encoding
Content-Type: application/x-javascript;charset=utf-8
Cache-Control: max-age=37470
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2036

GET
H/1.1

200
OK

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=39138&time=1645183413266&url=https%3A%2F%2Fthreatpost.com%2Fandroid-malware-flytrap-facebook%2F168463%2F
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D39138%26time%3D1645183413266%26url%3Dhttps%253A%252F%252Fthreatpost.com%252Fandro...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=39138&time=1645183413266&url=https%3A%2F%2Fthreatpost.com%2Fandroid-malware-flytrap-facebook%2F168463%2F&liSync=true
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=39138&time=1645183413266&url=https%3A%2F%2Fthreatpost.com%2Fandroid-malware-flytrap-facebook%2F168463%2F&liSync=true&e_ipv6=AQLR1pVPmBfEgQAAAX8Mk...

0
496 B

415ms
142ms

Image
application/javascript

108.174.10.24
LINKEDIN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=39138&time=1645183413266&url=https%3A%2F%2Fthreatpost.com%2Fandroid-malware-flytrap-facebook%2F168463%2F&liSync=true&e_ipv6=AQLR1pVPmBfEgQAAAX8Mkqgr-8TKTp0ComnIXUb8ZZDyKTbQJTCN7ffSRF83s_W1cg
Protocol: HTTP/1.1
Server: 108.174.10.24 , United States, ASN14413 (LINKEDIN, US),
Reverse DNS: 108-174-10-24.fwd.linkedin.com
Software: Play /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Fri, 18 Feb 2022 11:23:32 GMT
Server: Play
LinkedIn-Action: 1
Content-Type: application/javascript
X-LI-Proto: http/1.1
Connection: keep-alive
X-Li-Pop: prod-lva1-x
content-length: 0
X-LI-UUID: AAXYSRzrEc4mI1nO8aEITA==
X-Li-Fabric: prod-lva1

Redirect headers

date: Fri, 18 Feb 2022 11:23:32 GMT
x-li-pop: afd-prod-ltx1-x
x-msedge-ref: Ref A: ED28BEA5A3A74A66B5C893BC2796B017 Ref B: FRAEDGE1112 Ref C: 2022-02-18T11:23:32Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-ltx1
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=39138&time=1645183413266&url=https%3A%2F%2Fthreatpost.com%2Fandroid-malware-flytrap-facebook%2F168463%2F&liSync=true&e_ipv6=AQLR1pVPmBfEgQAAAX8Mkqgr-8TKTp0ComnIXUb8ZZDyKTbQJTCN7ffSRF83s_W1cg
x-li-proto: http/2
content-length: 0
x-li-uuid: AAXYSRzgsR/Nlyqo1MM5qw==

GET
H2 200 s16465187264560
kaspersky.d3.sc.omtrdc.net/b/ss/kaspersky-single-suite/1/JS-2.22.3/ 43 B
244 B 58ms
58ms Image
image/gif 13.36.218.177
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://kaspersky.d3.sc.omtrdc.net/b/ss/kaspersky-single-suite/1/JS-2.22.3/s16465187264560?AQB=1&ndh=1&pf=1&t=18%2F1%2F2022%2011%3A23%3A33%205%200&mid=03632348524271944892590416654143285768&aamlh=6&ce=UTF-8&ns=kaspersky&cdp=2&pageName=Home%20%3E%20android-malware-flytrap-facebook%2F168463&g=https%3A%2F%2Fthreatpost.com%2Fandroid-malware-flytrap-facebook%2F168463%2F&cc=USD&ch=Home&server=threatpost.com&aamb=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&c2=other&c3=b2c&v3=Home%20%3E%20android-malware-flytrap-facebook%2F168463&v9=https%3A%2F%2Fthreatpost.com%2Fandroid-malware-flytrap-facebook%2F168463%2F&c20=url&c29=v1%3As_code_single_suite.js%3AtrackPageView%20%3E%20sng.t%3Ap&c30=v1%3A20220125%3A285%3ANextGen%3A%5BNULL%5D&c31=https%3A%2F%2Fthreatpost.com%2Fandroid-malware-flytrap-facebook%2F168463%2F&v44=D%3Dv3&c47=Default&v47=D%3Dc47&c51=Websites&c57=%5BNULL%5D&v57=D%3Dc57&c58=Android%20Malware%20%E2%80%98FlyTrap%E2%80%99%20Hijacks%20Facebook%20Accounts%20%7C%20Threatpost&v71=v1%3APage%20View%3A%5BNULL%5D&v113=03632348524271944892590416654143285768&v116=810955728.1645183412&v125=0.21025337788300247_1645183411823&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&mcorgid=983502BE532960BE0A490D4C%40AdobeOrg&AQE=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.36.218.177 Paris, France, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-13-36-218-177.eu-west-3.compute.amazonaws.com

Software

jag /

Resource Hash

a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 18 Feb 2022 11:23:31 GMT
x-content-type-options: nosniff
x-c: main-1585.I7afc85.M0-540
p3p: CP="This is not a P3P policy"
content-length: 43
x-xss-protection: 1; mode=block
pragma: no-cache
last-modified: Sat, 19 Feb 2022 11:23:31 GMT
server: jag
xserver: anedge-cdfbd77b-2j5mz
etag: 3533004473513541632-4619574905546036039
vary: *
content-type: image/gif;charset=utf-8
access-control-allow-origin: *
cache-control: no-cache, no-store, max-age=0, no-transform, private
expires: Thu, 17 Feb 2022 11:23:31 GMT

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
7 KB 302ms
182ms Script
text/javascript 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 18 Feb 2022 11:23:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Fri, 18 Feb 2022 11:23:31 GMT

GET
H3 200 dc_pre=CMuD0-aRifYCFSRDHQkdnIAFsA;src=9582686;type=globalc;cat=globa0;ord=5699076971420;gtm=2od2g0;auiddc=723368599.1645183413;u1=B2C;u2=no_locale;u4=threatpost.com;u5=%2Fandroid-malware-flytrap-fa... Show response
adservice.google.com/ddm/fls/i/ Frame 2E7C 723 B
518 B 156ms
91ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/ddm/fls/i/dc_pre=CMuD0-aRifYCFSRDHQkdnIAFsA;src=9582686;type=globalc;cat=globa0;ord=5699076971420;gtm=2od2g0;auiddc=723368599.1645183413;u1=B2C;u2=no_locale;u4=threatpost.com;u5=%2Fandroid-malware-flytrap-facebook%2F168463%2F;u6=;u7=03632348524271944892590416654143285768-810955728.1645183412;u9=_android-malware-flytrap-facebook_168463_;~oref=https%3A%2F%2Fthreatpost.com%2Fandroid-malware-flytrap-facebook%2F168463%2F

Requested by

Host: 9582686.fls.doubleclick.net
URL: https://9582686.fls.doubleclick.net/activityi;dc_pre=CMuD0-aRifYCFSRDHQkdnIAFsA;src=9582686;type=globalc;cat=globa0;ord=5699076971420;gtm=2od2g0;auiddc=723368599.1645183413;u1=B2C;u2=no_locale;u4=threatpost.com;u5=%2Fandroid-malware-flytrap-facebook%2F168463%2F;u6=;u7=03632348524271944892590416654143285768-810955728.1645183412;u9=_android-malware-flytrap-facebook_168463_;~oref=https%3A%2F%2Fthreatpost.com%2Fandroid-malware-flytrap-facebook%2F168463%2F?

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0531cbff4ff713c5c6957d065e9fb792b1d4026709882b65a30db6e8924e3f27

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://9582686.fls.doubleclick.net/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 18 Feb 2022 11:23:31 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/html; charset=UTF-8
pragma: no-cache
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 495
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 5B8C 13 KB
5 KB 119ms
54ms Document
text/html 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://threatpost.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5046
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 18 Feb 2022 11:08:29 GMT
expires: Sat, 18 Feb 2023 11:08:29 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
content-type: text/html
age: 902
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 3E64 783 B
535 B 65ms
64ms Document
text/html 2a00:1450:4001:82b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

8df4991f8b97c1d03d5df55b10a0e18793bbca873202a0b2663daecfd9c6d024

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-3cq4F1WJkn6l/IdrLpXgWQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://threatpost.com/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Fri, 18 Feb 2022 11:23:31 GMT
date: Fri, 18 Feb 2022 11:23:31 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-3cq4F1WJkn6l/IdrLpXgWQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 513
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 dc_pre=CMuD0-aRifYCFSRDHQkdnIAFsA;src=9582686;type=globalc;cat=globa0;ord=5699076971420;gtm=2od2g0;auiddc=723368599.1645183413;u1=B2C;u2=no_locale;u4=threatpost.com;u5=%2Fandroid-malware-flytrap-fa... Show response
adservice.google.de/ddm/fls/i/ Frame CF92 194 B
199 B 160ms
91ms Document
text/html 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/ddm/fls/i/dc_pre=CMuD0-aRifYCFSRDHQkdnIAFsA;src=9582686;type=globalc;cat=globa0;ord=5699076971420;gtm=2od2g0;auiddc=723368599.1645183413;u1=B2C;u2=no_locale;u4=threatpost.com;u5=%2Fandroid-malware-flytrap-facebook%2F168463%2F;u6=;u7=03632348524271944892590416654143285768-810955728.1645183412;u9=_android-malware-flytrap-facebook_168463_;~oref=https%3A%2F%2Fthreatpost.com%2Fandroid-malware-flytrap-facebook%2F168463%2F

Requested by

Host: adservice.google.com
URL: https://adservice.google.com/ddm/fls/i/dc_pre=CMuD0-aRifYCFSRDHQkdnIAFsA;src=9582686;type=globalc;cat=globa0;ord=5699076971420;gtm=2od2g0;auiddc=723368599.1645183413;u1=B2C;u2=no_locale;u4=threatpost.com;u5=%2Fandroid-malware-flytrap-facebook%2F168463%2F;u6=;u7=03632348524271944892590416654143285768-810955728.1645183412;u9=_android-malware-flytrap-facebook_168463_;~oref=https%3A%2F%2Fthreatpost.com%2Fandroid-malware-flytrap-facebook%2F168463%2F

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

05978957c6c8b028f2785dc77271c286bfac76e30b7bcd7e835c2927fbe897cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://adservice.google.com/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 18 Feb 2022 11:23:31 GMT
expires: Fri, 18 Feb 2022 11:23:31 GMT
cache-control: private, max-age=0
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 177
x-xss-protection: 0
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 3E64 0
0 169ms
106ms Image
text/html 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022021602&jk=3166335603429057&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

GET
H3 200 Hujgl23SVzI3rZSj4hNxUITd7BayDnfI5D3l6J-e8FI.js Show response
pagead2.googlesyndication.com/bg/ Frame 5B8C 35 KB
13 KB 54ms
54ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Hujgl23SVzI3rZSj4hNxUITd7BayDnfI5D3l6J-e8FI.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1ee8e0976dd2573237ad94a3e213715084ddec16b20e77c8e43de5e89f9ef052

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 18 Feb 2022 06:36:07 GMT
content-encoding: br
x-content-type-options: nosniff
age: 17244
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13646
x-xss-protection: 0
last-modified: Mon, 14 Feb 2022 11:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 18 Feb 2023 06:36:07 GMT

GET
H2 200 bl-8f58e1d-bb67780e.js Show response
tagan.adlightning.com/math-aids-threatpost/ Frame 51D0 63 KB
25 KB 66ms
66ms Script
application/javascript 108.157.4.43
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/math-aids-threatpost/bl-8f58e1d-bb67780e.js
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.157.4.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-157-4-43.dus51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 028779a4efd8cea0e6e45d0cf991eda01e8411d4a4720e0b3af92a9e522c0862

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 18 Feb 2022 11:09:43 GMT
content-encoding: gzip
age: 830
x-cache: Hit from cloudfront
content-length: 25558
x-amz-meta-git_commit: 8f58e1d
last-modified: Fri, 18 Feb 2022 10:52:21 GMT
server: AmazonS3
etag: "ff0bc48f6f0ef9ee2a9f3b217841ba6c"
x-amz-version-id: LpahR3XCvBpx5ra8rddk0bzg3u9nPOOD
via: 1.1 ba922c695b86542cbfc03c782d8776d4.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: DUS51-P2
accept-ranges: bytes
content-type: application/javascript
x-amz-cf-id: rVe3wFsMdLsySfOionZJhDqm5izP06rtuRefRU_S9n2zOAOX7qlqmA==

GET
H2 200 b-7b120a5-9b871d4e.js Show response
tagan.adlightning.com/math-aids-threatpost/ Frame 51D0 73 KB
28 KB 56ms
56ms Script
application/javascript 108.157.4.43
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.157.4.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-157-4-43.dus51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 4658e1122a2190db712f6731d3e8c14b027f0a42bd7c1333b11d272f8e9ea3fd

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 01 Oct 2021 20:58:51 GMT
content-encoding: gzip
age: 12061482
x-cache: Hit from cloudfront
content-length: 28179
x-amz-meta-git_commit: 7b120a5
last-modified: Mon, 16 Aug 2021 17:49:31 GMT
server: AmazonS3
etag: "c42a7ac1ac405f3f0cad04305cad5553"
x-amz-version-id: HCJNSpgvHPkSF2.YDap.Qx6PnxOllH79
via: 1.1 ba922c695b86542cbfc03c782d8776d4.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: DUS51-P2
accept-ranges: bytes
content-type: application/javascript
x-amz-cf-id: mUKOhHzPyR3DhLUOtSdiL2w0fqTeDQw-IYTGjvZMKwl44npPo4ukfA==

POST
H/1.1 200
OK sv Show response
capi.connatix.com/tr/ Frame 2762 0
315 B 130ms
130ms XHR
application/x-protobuf 18.191.54.29
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://capi.connatix.com/tr/sv?v=151003
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.191.54.29 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-191-54-29.us-east-2.compute.amazonaws.com
Software: Kestrel /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: multipart/form-data

Response headers

date: Fri, 18 Feb 2022 11:23:31 GMT
content-encoding: gzip
server: Kestrel
vary: Accept-Encoding
content-type: application/x-protobuf
access-control-allow-origin: https://threatpost.com
access-control-allow-credentials: true
Connection: keep-alive
Content-Length: 20

POST
H/1.1 200
OK ao Show response
capi.connatix.com/tr/ Frame 2762 0
315 B 129ms
129ms XHR
application/x-protobuf 18.191.54.29
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://capi.connatix.com/tr/ao?v=151003
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.191.54.29 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-191-54-29.us-east-2.compute.amazonaws.com
Software: Kestrel /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: multipart/form-data

Response headers

date: Fri, 18 Feb 2022 11:23:31 GMT
content-encoding: gzip
server: Kestrel
vary: Accept-Encoding
content-type: application/x-protobuf
access-control-allow-origin: https://threatpost.com
access-control-allow-credentials: true
Connection: keep-alive
Content-Length: 20

GET
H2 200 bl-8f58e1d-bb67780e.js Show response
tagan.adlightning.com/math-aids-threatpost/ Frame BD0B 63 KB
25 KB 56ms
55ms Script
application/javascript 108.157.4.43
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/math-aids-threatpost/bl-8f58e1d-bb67780e.js
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.157.4.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-157-4-43.dus51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 028779a4efd8cea0e6e45d0cf991eda01e8411d4a4720e0b3af92a9e522c0862

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 18 Feb 2022 11:09:43 GMT
content-encoding: gzip
age: 830
x-cache: Hit from cloudfront
content-length: 25558
x-amz-meta-git_commit: 8f58e1d
last-modified: Fri, 18 Feb 2022 10:52:21 GMT
server: AmazonS3
etag: "ff0bc48f6f0ef9ee2a9f3b217841ba6c"
x-amz-version-id: LpahR3XCvBpx5ra8rddk0bzg3u9nPOOD
via: 1.1 ba922c695b86542cbfc03c782d8776d4.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: DUS51-P2
accept-ranges: bytes
content-type: application/javascript
x-amz-cf-id: Yw7x51KfWqz_vIRLA4DCac_WiswmHZCTRPEQLVeVtBiELgckKfEorA==

GET
H2 200 b-7b120a5-9b871d4e.js Show response
tagan.adlightning.com/math-aids-threatpost/ Frame BD0B 73 KB
28 KB 67ms
67ms Script
application/javascript 108.157.4.43
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.157.4.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-157-4-43.dus51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 4658e1122a2190db712f6731d3e8c14b027f0a42bd7c1333b11d272f8e9ea3fd

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 01 Oct 2021 20:58:51 GMT
content-encoding: gzip
age: 12061482
x-cache: Hit from cloudfront
content-length: 28179
x-amz-meta-git_commit: 7b120a5
last-modified: Mon, 16 Aug 2021 17:49:31 GMT
server: AmazonS3
etag: "c42a7ac1ac405f3f0cad04305cad5553"
x-amz-version-id: HCJNSpgvHPkSF2.YDap.Qx6PnxOllH79
via: 1.1 ba922c695b86542cbfc03c782d8776d4.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: DUS51-P2
accept-ranges: bytes
content-type: application/javascript
x-amz-cf-id: qqHkDSd0EcGvVqXidsFBoPEyWeqsHIBoN2t6Hzer8yg0mcql5J2TTA==

GET
H3 200 container.html Show response
fddb3c9496fcaf8b8a980280780c51e3.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 512E 6 KB
3 KB 115ms
54ms Document
text/html 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fddb3c9496fcaf8b8a980280780c51e3.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://threatpost.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 18 Feb 2022 11:23:31 GMT
expires: Sat, 18 Feb 2023 11:23:31 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
content-type: text/html
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 container.html Show response
fddb3c9496fcaf8b8a980280780c51e3.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 4F3B 6 KB
3 KB 54ms
53ms Document
text/html 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fddb3c9496fcaf8b8a980280780c51e3.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://threatpost.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 18 Feb 2022 11:23:31 GMT
expires: Sat, 18 Feb 2023 11:23:31 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
content-type: text/html
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/012202072236000/ Frame 51D0 220 KB
61 KB 171ms
54ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012202072236000/amp4ads-v0.mjs

Requested by

Host: threatpost.com
URL: https://threatpost.com/android-malware-flytrap-facebook/168463/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

332dd9d8872171a7ce122129c088ef587eb876ee04f178f5e62310dff3747514

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 119170
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 61519
x-xss-protection: 0
server: sffe
date: Thu, 17 Feb 2022 02:17:22 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "609f9f524fc23ab6"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Fri, 17 Feb 2023 02:17:22 GMT

GET
H2 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/012202072236000/v0/ Frame 51D0 16 KB
6 KB 291ms
181ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012202072236000/v0/amp-ad-exit-0.1.mjs

Requested by

Host: threatpost.com
URL: https://threatpost.com/android-malware-flytrap-facebook/168463/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

372ddb86deaa3e11e5a4b1eec16924bcd6e6232bc8bab79338426b2faff7e7dd

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 119170
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5708
x-xss-protection: 0
server: sffe
date: Thu, 17 Feb 2022 02:17:22 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "4c9170e21c83610c"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Fri, 17 Feb 2023 02:17:22 GMT

GET
H2 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/012202072236000/v0/ Frame 51D0 96 KB
29 KB 261ms
152ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012202072236000/v0/amp-analytics-0.1.mjs

Requested by

Host: threatpost.com
URL: https://threatpost.com/android-malware-flytrap-facebook/168463/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

af42f8a986eefec222a68474cc9c9591028b07b082157631d810ecbbf4a652fe

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 119170
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29623
x-xss-protection: 0
server: sffe
date: Thu, 17 Feb 2022 02:17:22 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "f660f99fdfd5d6c6"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Fri, 17 Feb 2023 02:17:22 GMT

GET
H2 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/012202072236000/v0/ Frame 51D0 5 KB
2 KB 305ms
195ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012202072236000/v0/amp-fit-text-0.1.mjs

Requested by

Host: threatpost.com
URL: https://threatpost.com/android-malware-flytrap-facebook/168463/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d3ef00ccf0d1329768a9546012c96ecb5ac031695b0418da9ae3297979ad60bb

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 119170
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1844
x-xss-protection: 0
server: sffe
date: Thu, 17 Feb 2022 02:17:22 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "b0f41eb8e6d0a727"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Fri, 17 Feb 2023 02:17:22 GMT

GET
H2 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/012202072236000/v0/ Frame 51D0 42 KB
13 KB 294ms
184ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012202072236000/v0/amp-form-0.1.mjs

Requested by

Host: threatpost.com
URL: https://threatpost.com/android-malware-flytrap-facebook/168463/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

93b1f78578f169d4f472ecda3c79d72e81fa9e199bdb979d13139f5ddbe5a06d

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 119170
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13623
x-xss-protection: 0
server: sffe
date: Thu, 17 Feb 2022 02:17:22 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "14164defe327400f"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Fri, 17 Feb 2023 02:17:22 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 51D0 6 KB
1 KB 180ms
64ms Stylesheet
text/css 2a00:1450:4001:82b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:300|Roboto:400,500&lang=en

Requested by

Host: threatpost.com
URL: https://threatpost.com/android-malware-flytrap-facebook/168463/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

2ddefcdc9f260c5ffeb93fed110fe9d929028226f9a2d8a4934ea52b546e9640

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Fri, 18 Feb 2022 11:17:23 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Fri, 18 Feb 2022 11:23:32 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 18 Feb 2022 11:23:32 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 51D0 4 KB
691 B 182ms
66ms Stylesheet
text/css 2a00:1450:4001:82b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:400,500&text=

Requested by

Host: threatpost.com
URL: https://threatpost.com/android-malware-flytrap-facebook/168463/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

2e8fa2037c41372ddc72ea1e08a477ba37998b54b5416b8cff0554fa5b865e27

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Fri, 18 Feb 2022 10:53:40 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Fri, 18 Feb 2022 11:23:32 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 18 Feb 2022 11:23:32 GMT

GET
H3 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/15022061320732829066/ Frame 51D0 15 KB
15 KB 155ms
155ms Image
image/jpeg 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/15022061320732829066/downsize_200k_v1?sqp=4sqPyQSWAUKTAQgAEhQNzczMPhUAAABAHQAAAAAlAAAAABgAIgoNAACAPxUAAIA_Kk8IWhABHQAAtEIgASgBMAY4A0CAwtcvSABQAFgAYFpwAngAgAEAiAEAkAEAnQEAAIA_oAEAqAEAsAGAreIEuAH___________8BxQEtsp0-MhoI2gMQ-AEYASABLQAAAD8w2gM4-AFFAACAPw&rs=AOga4qkVdUPysDepXY-CufIW9cigbktBIA

Requested by

Host: threatpost.com
URL: https://threatpost.com/android-malware-flytrap-facebook/168463/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7799a24b36df8ca458437017ec20e122865e15b53bd045f5ae13e29b6c979366

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 18 Feb 2022 11:23:32 GMT
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15335
x-xss-protection: 0
last-modified: Wed, 08 Dec 2021 11:51:13 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sat, 18 Feb 2023 11:23:32 GMT

GET
H3 200 40933678460698624
tpc.googlesyndication.com/simgad/ Frame 51D0 1 KB
757 B 56ms
55ms Image
image/svg+xml 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/40933678460698624

Requested by

Host: threatpost.com
URL: https://threatpost.com/android-malware-flytrap-facebook/168463/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

09fba596f1ba572cf4b3ceb9c1f3962d1b75bbb4a6d6d7707f1f93e2fe889aee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Tue, 15 Feb 2022 14:52:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 246652
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 728
x-xss-protection: 0
last-modified: Thu, 26 Oct 2017 18:18:20 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Wed, 15 Feb 2023 14:52:40 GMT

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 51D0 0
0 100ms
100ms Image
text/html 142.250.74.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CpLMGs4EPYv6TGYGJ9u8PuYOg-Anuo5ekaP6745GTD7iw-bjVCBABIPmb8YQBYJUCoAHv0bnaA8gBBqkCj5s4s183sj7gAgCoAwHIAwqqBJACT9A88Ep_QzmUYkHD1UC7S9y9iKKS3MaQtSbt4e-LwU9l2lR5f-lgtxOcx5ERPhJWaRR2dn5U-vZNlV6msiwQI_UAtZgbUkjQ1WoIkx4Iiyq37-oPy-grhai8zAi1SHci_LXpD80vuJNBtdDtb10eiioZ4-35VT2H9bdJ_BSKeCGTHyaEwCwPZ_mg9sm0uuvjH9oLinxPdtpQ_y_kRHB_2fotFd492x_Icup4RmJE8hKn2HQQHX-icpfHa3Movc77c2SAiTYsgF-uUxtJxyQbcipqfHxywV9w29QZxGzou0PLnYYzkg5ChLjlBezcxqp7pi25QLkFWXbUFKgK6f4PlbhO0shO5vQ81Vl6v6VXUfjABLjrzJnwA-AEAZIFBAgEGAGSBQQIBRgEoAY3gAf5rcYlqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhvYBwHyBwQQ2LBK0ggHCIhhEAEYHYAKA8gLAdgTDYgUAtAVAYAXAbIXHgocCAASFHB1Yi00MTEzNjgxODgyMzExNDU1GITbew&sigh=eyS1OI3uAng&uach_m=[UACH]&template_id=492
Requested by: Host: threatpost.com
URL: https://threatpost.com/android-malware-flytrap-facebook/168463/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.74.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra24s02-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

GET
H3 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 51D0 2 KB
2 KB 54ms
53ms Image
image/png 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: threatpost.com
URL: https://threatpost.com/android-malware-flytrap-facebook/168463/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 17 Feb 2022 18:59:48 GMT
x-content-type-options: nosniff
server: cafe
age: 59024
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
etag: 14819457070020093239
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Fri, 18 Feb 2022 18:59:48 GMT

GET
H3 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 51D0 295 B
319 B 54ms
54ms Image
image/png 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: threatpost.com
URL: https://threatpost.com/android-malware-flytrap-facebook/168463/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 18 Feb 2022 05:43:34 GMT
x-content-type-options: nosniff
server: cafe
age: 20398
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
etag: 426692510519060060
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Sat, 19 Feb 2022 05:43:34 GMT

GET
H3 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/012202072236000/ Frame BD0B 220 KB
60 KB 166ms
55ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012202072236000/amp4ads-v0.mjs

Requested by

Host: threatpost.com
URL: https://threatpost.com/android-malware-flytrap-facebook/168463/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

332dd9d8872171a7ce122129c088ef587eb876ee04f178f5e62310dff3747514

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 119171
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 61519
x-xss-protection: 0
server: sffe
date: Thu, 17 Feb 2022 02:17:22 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "609f9f524fc23ab6"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Fri, 17 Feb 2023 02:17:22 GMT

GET
H3 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/012202072236000/v0/ Frame BD0B 16 KB
6 KB 259ms
149ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012202072236000/v0/amp-ad-exit-0.1.mjs

Requested by

Host: threatpost.com
URL: https://threatpost.com/android-malware-flytrap-facebook/168463/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

372ddb86deaa3e11e5a4b1eec16924bcd6e6232bc8bab79338426b2faff7e7dd

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 119171
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5708
x-xss-protection: 0
server: sffe
date: Thu, 17 Feb 2022 02:17:22 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "4c9170e21c83610c"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Fri, 17 Feb 2023 02:17:22 GMT

GET
H3 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/012202072236000/v0/ Frame BD0B 96 KB
29 KB 240ms
130ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012202072236000/v0/amp-analytics-0.1.mjs

Requested by

Host: threatpost.com
URL: https://threatpost.com/android-malware-flytrap-facebook/168463/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

af42f8a986eefec222a68474cc9c9591028b07b082157631d810ecbbf4a652fe

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 119171
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29623
x-xss-protection: 0
server: sffe
date: Thu, 17 Feb 2022 02:17:22 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "f660f99fdfd5d6c6"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Fri, 17 Feb 2023 02:17:22 GMT

GET
H3 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/012202072236000/v0/ Frame BD0B 5 KB
2 KB 258ms
148ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012202072236000/v0/amp-fit-text-0.1.mjs

Requested by

Host: threatpost.com
URL: https://threatpost.com/android-malware-flytrap-facebook/168463/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d3ef00ccf0d1329768a9546012c96ecb5ac031695b0418da9ae3297979ad60bb

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 119171
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1844
x-xss-protection: 0
server: sffe
date: Thu, 17 Feb 2022 02:17:22 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "b0f41eb8e6d0a727"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Fri, 17 Feb 2023 02:17:22 GMT

GET
H3 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/012202072236000/v0/ Frame BD0B 42 KB
13 KB 163ms
54ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012202072236000/v0/amp-form-0.1.mjs

Requested by

Host: threatpost.com
URL: https://threatpost.com/android-malware-flytrap-facebook/168463/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

93b1f78578f169d4f472ecda3c79d72e81fa9e199bdb979d13139f5ddbe5a06d

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 119171
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13623
x-xss-protection: 0
server: sffe
date: Thu, 17 Feb 2022 02:17:22 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "14164defe327400f"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Fri, 17 Feb 2023 02:17:22 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame BD0B 6 KB
766 B 64ms
64ms Stylesheet
text/css 2a00:1450:4001:82b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Requested by

Host: threatpost.com
URL: https://threatpost.com/android-malware-flytrap-facebook/168463/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

2cef3a9d0606aecfe2476867e61f76535b9bb5b8e9d31957cc9504cdd1e69396

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Fri, 18 Feb 2022 10:51:02 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Fri, 18 Feb 2022 11:23:33 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 18 Feb 2022 11:23:33 GMT

GET
H3 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame BD0B 2 KB
2 KB 54ms
53ms Image
image/png 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: threatpost.com
URL: https://threatpost.com/android-malware-flytrap-facebook/168463/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 17 Feb 2022 18:59:48 GMT
x-content-type-options: nosniff
server: cafe
age: 59025
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
etag: 14819457070020093239
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Fri, 18 Feb 2022 18:59:48 GMT

GET
H3 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame BD0B 295 B
319 B 55ms
54ms Image
image/png 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: threatpost.com
URL: https://threatpost.com/android-malware-flytrap-facebook/168463/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 18 Feb 2022 05:43:34 GMT
x-content-type-options: nosniff
server: cafe
age: 20399
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
etag: 426692510519060060
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Sat, 19 Feb 2022 05:43:34 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame BD0B 0
0 63ms
62ms Image
text/html 2a00:1450:4001:82b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaRL_o5RFzUP7os7_e2wsx-ajRyRMgHSFZ3SAz1zZgj8vGmWa1tgAazz3TpGZ5fdPtPXQe4vhmHytp6wj29hamjPrfgS2A
Requested by: Host: threatpost.com
URL: https://threatpost.com/android-malware-flytrap-facebook/168463/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame BD0B 0
0 97ms
96ms Image
text/html 142.250.74.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CuO6ms4EPYv-TGYGJ9u8PuYOg-AmH0LPAaJHkoejaDv_1kOPXAhABIPmb8YQBYJUCoAGr1bS7AsgBCeACAKgDAcgDCqoEmwJP0JbpNTCbwt-Nwj166AiHBKHK7ZxYmHudE6-0TcYLlH6QIQiUTK_3idBhA1wtk3c-a9FBINBPW_RXdGz4-Stsz9YpR9aACMnotg0HxOCdVNzOF9qvk6hTGilioQMJYuFhbc1-QbvfFTQcQVc1Uc9zqJ29xYh5q8lCr75FoeKJBmp4pGeW5R9BWQD8uyy9dRXHMhC5MooIHiQ5-8EbHJLR3j8LD3ihyV_Bd5CU7bLUncuNKO1ZWPbH77TLLSKFNdyF40MTngihev3iTi8LYQ8UVLyGVH5bkaaoTV8wZ-JdwAs_qiO66BsIdSvQHNr7AVbUybXdvI27RKWc_8_TpIWbEQsI5IK5YHDqi0_p179U-vHbJSeeyZqH5IEJwATttKeVtQPgBAGSBQQIBBgBkgUECAUYBKAGLoAHxbSTyQGoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G9gHAPIHBBCsiBTSCAcIiGEQARgdgAoDyAsB2BMM0BUBgBcBshceChwIABIUcHViLTQxMTM2ODE4ODIzMTE0NTUYhNt7&sigh=yE84dk2mJHw&uach_m=[UACH]&template_id=484
Requested by: Host: threatpost.com
URL: https://threatpost.com/android-malware-flytrap-facebook/168463/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.74.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra24s02-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

GET
H2 200 bl-8f58e1d-bb67780e.js Show response
tagan.adlightning.com/math-aids-threatpost/ Frame 512E 63 KB
25 KB 61ms
61ms Script
application/javascript 108.157.4.43
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/math-aids-threatpost/bl-8f58e1d-bb67780e.js
Requested by: Host: fddb3c9496fcaf8b8a980280780c51e3.safeframe.googlesyndication.com
URL: https://fddb3c9496fcaf8b8a980280780c51e3.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.157.4.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-157-4-43.dus51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 028779a4efd8cea0e6e45d0cf991eda01e8411d4a4720e0b3af92a9e522c0862

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://fddb3c9496fcaf8b8a980280780c51e3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 18 Feb 2022 11:09:43 GMT
content-encoding: gzip
age: 831
x-cache: Hit from cloudfront
content-length: 25558
x-amz-meta-git_commit: 8f58e1d
last-modified: Fri, 18 Feb 2022 10:52:21 GMT
server: AmazonS3
etag: "ff0bc48f6f0ef9ee2a9f3b217841ba6c"
x-amz-version-id: LpahR3XCvBpx5ra8rddk0bzg3u9nPOOD
via: 1.1 ba922c695b86542cbfc03c782d8776d4.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: DUS51-P2
accept-ranges: bytes
content-type: application/javascript
x-amz-cf-id: ZIaHM7-VpisyFEcGhp8LeuC1l8xAG4dKnsmyLUIHprQxgi9lOjrTDg==

GET
H2 200 b-7b120a5-9b871d4e.js Show response
tagan.adlightning.com/math-aids-threatpost/ Frame 512E 73 KB
28 KB 69ms
69ms Script
application/javascript 108.157.4.43
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js
Requested by: Host: fddb3c9496fcaf8b8a980280780c51e3.safeframe.googlesyndication.com
URL: https://fddb3c9496fcaf8b8a980280780c51e3.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.157.4.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-157-4-43.dus51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 4658e1122a2190db712f6731d3e8c14b027f0a42bd7c1333b11d272f8e9ea3fd

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://fddb3c9496fcaf8b8a980280780c51e3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 01 Oct 2021 20:58:51 GMT
content-encoding: gzip
age: 12061483
x-cache: Hit from cloudfront
content-length: 28179
x-amz-meta-git_commit: 7b120a5
last-modified: Mon, 16 Aug 2021 17:49:31 GMT
server: AmazonS3
etag: "c42a7ac1ac405f3f0cad04305cad5553"
x-amz-version-id: HCJNSpgvHPkSF2.YDap.Qx6PnxOllH79
via: 1.1 ba922c695b86542cbfc03c782d8776d4.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: DUS51-P2
accept-ranges: bytes
content-type: application/javascript
x-amz-cf-id: NS4b2WNquqTSk16uvzS45a06vRXjDlSN3QugPHrLMMSUZVjWluMCyg==

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 512E 42 B
63 B 87ms
87ms Image
image/gif 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-AcquxxNr3IFZqWoXAio32o3XuuUAmNPsh9-WSIXKeIUKTt_pcmK3wouQm2EVQH1lPJdVEFqeBZRt7Xi0dtnSFzHD3SWAxRL0GCe_bAFhw2-sfI9ak

Requested by

Host: fddb3c9496fcaf8b8a980280780c51e3.safeframe.googlesyndication.com
URL: https://fddb3c9496fcaf8b8a980280780c51e3.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://fddb3c9496fcaf8b8a980280780c51e3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 18 Feb 2022 11:23:33 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220216/r20110914/client/ Frame 512E 2 KB
1 KB 54ms
53ms Script
text/javascript 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220216/r20110914/client/window_focus_fy2019.js

Requested by

Host: fddb3c9496fcaf8b8a980280780c51e3.safeframe.googlesyndication.com
URL: https://fddb3c9496fcaf8b8a980280780c51e3.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

68026f99511fbc5c2275b7068b5fac19797d638977ffb9db12c5c1523614c18f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://fddb3c9496fcaf8b8a980280780c51e3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 18 Feb 2022 11:20:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 180
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1233
x-xss-protection: 0
server: cafe
etag: 16517525077337815633
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 04 Mar 2022 11:20:33 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 512E 124 KB
38 KB 127ms
65ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: fddb3c9496fcaf8b8a980280780c51e3.safeframe.googlesyndication.com
URL: https://fddb3c9496fcaf8b8a980280780c51e3.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5b9794842e89dcec3790d21b95acce36c08673d4162e745dc440e6766534ed53

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://fddb3c9496fcaf8b8a980280780c51e3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 18 Feb 2022 11:23:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38723
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1645015031201889"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Fri, 18 Feb 2022 11:23:33 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220216/r20110914/client/ Frame 512E 15 KB
6 KB 54ms
53ms Script
text/javascript 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220216/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: fddb3c9496fcaf8b8a980280780c51e3.safeframe.googlesyndication.com
URL: https://fddb3c9496fcaf8b8a980280780c51e3.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

78ea6d7806beda2d76bb7d9abb14b034ad476a897376c270aefcf40a2f49316c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://fddb3c9496fcaf8b8a980280780c51e3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 18 Feb 2022 11:23:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 19
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6438
x-xss-protection: 0
server: cafe
etag: 12093742715590823996
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 04 Mar 2022 11:23:14 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 512E 0
0 62ms
62ms Image
text/html 2a00:1450:4001:82b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSGstm3nHplHbXGFDhInjyXaZ8QQKbrc41jmt3MI9_S3DZkU6hNIzZrVc-iCRqlYKNHwXhUtQkskxCKF5l2ENGJuW285A
Requested by: Host: fddb3c9496fcaf8b8a980280780c51e3.safeframe.googlesyndication.com
URL: https://fddb3c9496fcaf8b8a980280780c51e3.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://fddb3c9496fcaf8b8a980280780c51e3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

GET
DATA 200
OK truncated
/ Frame 51D0 217 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 84e33f3644eb20f9e37274005911250ced9c5ef3c5751de8860ea5e0ce2b88f6

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v29/ Frame 51D0 15 KB
16 KB 172ms
54ms Font
font/woff2 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v29/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:300|Roboto:400,500&lang=en

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://threatpost.com
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 18 Feb 2022 09:48:03 GMT
x-content-type-options: nosniff
age: 5730
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15688
x-xss-protection: 0
last-modified: Wed, 22 Sep 2021 16:13:19 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Sat, 18 Feb 2023 09:48:03 GMT

GET
H2 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v29/ Frame 51D0 16 KB
16 KB 187ms
70ms Font
font/woff2 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:300|Roboto:400,500&lang=en

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bb46ed079c3dd3c39af5051b4ada48f29f49151dad4fa218117bad2fdb5e616f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://threatpost.com
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Tue, 15 Feb 2022 14:02:00 GMT
x-content-type-options: nosniff
age: 249693
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15920
x-xss-protection: 0
last-modified: Wed, 22 Sep 2021 16:13:21 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Wed, 15 Feb 2023 14:02:00 GMT

GET
H2 200 bl-8f58e1d-bb67780e.js Show response
tagan.adlightning.com/math-aids-threatpost/ Frame 4F3B 63 KB
25 KB 63ms
63ms Script
application/javascript 108.157.4.43
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/math-aids-threatpost/bl-8f58e1d-bb67780e.js
Requested by: Host: fddb3c9496fcaf8b8a980280780c51e3.safeframe.googlesyndication.com
URL: https://fddb3c9496fcaf8b8a980280780c51e3.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.157.4.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-157-4-43.dus51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 028779a4efd8cea0e6e45d0cf991eda01e8411d4a4720e0b3af92a9e522c0862

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://fddb3c9496fcaf8b8a980280780c51e3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 18 Feb 2022 11:09:43 GMT
content-encoding: gzip
age: 831
x-cache: Hit from cloudfront
content-length: 25558
x-amz-meta-git_commit: 8f58e1d
last-modified: Fri, 18 Feb 2022 10:52:21 GMT
server: AmazonS3
etag: "ff0bc48f6f0ef9ee2a9f3b217841ba6c"
x-amz-version-id: LpahR3XCvBpx5ra8rddk0bzg3u9nPOOD
via: 1.1 ba922c695b86542cbfc03c782d8776d4.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: DUS51-P2
accept-ranges: bytes
content-type: application/javascript
x-amz-cf-id: YcAH9BKeOSmWsQfF3xKtxA3v2ghZSDJ1kI8jAZhrwr35Z86CiEGNOA==

GET
H2 200 b-7b120a5-9b871d4e.js Show response
tagan.adlightning.com/math-aids-threatpost/ Frame 4F3B 73 KB
28 KB 70ms
70ms Script
application/javascript 108.157.4.43
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js
Requested by: Host: fddb3c9496fcaf8b8a980280780c51e3.safeframe.googlesyndication.com
URL: https://fddb3c9496fcaf8b8a980280780c51e3.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.157.4.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-157-4-43.dus51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 4658e1122a2190db712f6731d3e8c14b027f0a42bd7c1333b11d272f8e9ea3fd

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://fddb3c9496fcaf8b8a980280780c51e3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 01 Oct 2021 20:58:51 GMT
content-encoding: gzip
age: 12061483
x-cache: Hit from cloudfront
content-length: 28179
x-amz-meta-git_commit: 7b120a5
last-modified: Mon, 16 Aug 2021 17:49:31 GMT
server: AmazonS3
etag: "c42a7ac1ac405f3f0cad04305cad5553"
x-amz-version-id: HCJNSpgvHPkSF2.YDap.Qx6PnxOllH79
via: 1.1 ba922c695b86542cbfc03c782d8776d4.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: DUS51-P2
accept-ranges: bytes
content-type: application/javascript
x-amz-cf-id: 1DwLLdKOEtZXbDDgo_wE4dIeyfylRcmHpN-9KLijAe308_u-PyfcXA==

GET
H3 200 css2
fonts.googleapis.com/ Frame 4F3B 4 KB
634 B 125ms
62ms Stylesheet
text/css 2a00:1450:4001:82b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap

Requested by

Host: fddb3c9496fcaf8b8a980280780c51e3.safeframe.googlesyndication.com
URL: https://fddb3c9496fcaf8b8a980280780c51e3.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

ab7475d461d9f613ef90faa375ec3387987dd7536af23c13cacd6be9c0c0e370

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://fddb3c9496fcaf8b8a980280780c51e3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Fri, 18 Feb 2022 10:51:00 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Fri, 18 Feb 2022 11:23:33 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 18 Feb 2022 11:23:33 GMT

GET
H3 200 feedback_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame 4F3B 205 B
229 B 116ms
55ms Image
image/png 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/feedback_grey600_24dp.png

Requested by

Host: fddb3c9496fcaf8b8a980280780c51e3.safeframe.googlesyndication.com
URL: https://fddb3c9496fcaf8b8a980280780c51e3.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://fddb3c9496fcaf8b8a980280780c51e3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 18 Feb 2022 01:07:31 GMT
x-content-type-options: nosniff
age: 36962
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 205
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Sat, 18 Feb 2023 01:07:31 GMT

GET
H3 200 settings_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame 4F3B 604 B
628 B 55ms
55ms Image
image/png 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/settings_grey600_24dp.png

Requested by

Host: fddb3c9496fcaf8b8a980280780c51e3.safeframe.googlesyndication.com
URL: https://fddb3c9496fcaf8b8a980280780c51e3.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://fddb3c9496fcaf8b8a980280780c51e3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 18 Feb 2022 09:08:43 GMT
x-content-type-options: nosniff
age: 8091
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 604
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Sat, 18 Feb 2023 09:08:43 GMT

GET
H3 200 interstitial_ad_frame_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220216/r20110914/elements/html/ Frame 4F3B 19 KB
8 KB 56ms
55ms Script
text/javascript 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220216/r20110914/elements/html/interstitial_ad_frame_fy2019.js

Requested by

Host: fddb3c9496fcaf8b8a980280780c51e3.safeframe.googlesyndication.com
URL: https://fddb3c9496fcaf8b8a980280780c51e3.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

19d68d8c9b0afec111ca934d319c454fe9d57234d8915b2d837e36d54410ddf7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://fddb3c9496fcaf8b8a980280780c51e3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 18 Feb 2022 10:37:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2748
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8146
x-xss-protection: 0
server: cafe
etag: 10717154116364420598
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 04 Mar 2022 10:37:45 GMT

GET
H3 200 2076313506083323656
tpc.googlesyndication.com/simgad/6430283235806750525/ Frame BD0B 56 KB
56 KB 55ms
54ms Image
image/jpeg 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/6430283235806750525/2076313506083323656

Requested by

Host: threatpost.com
URL: https://threatpost.com/android-malware-flytrap-facebook/168463/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1532ef7bb6fb24671a019d2473dd3ce728b38424dce787d2b53df3ebf433348b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 16 Feb 2022 04:08:20 GMT
x-content-type-options: nosniff
age: 198913
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 57116
x-xss-protection: 0
last-modified: Mon, 20 Sep 2021 17:19:18 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Thu, 16 Feb 2023 04:08:20 GMT

GET
DATA 200
OK truncated
/ Frame BD0B 219 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 258ffeacbc4bcbdfc6667236a43d770a6236f18ff39700f37a4c64e92850d72a

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame BD0B 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8c7d88a033834364e0d4ffb7b16756d11c59d407bb7df56e52488d92dbc0f79c

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v29/ Frame BD0B 15 KB
16 KB 204ms
117ms Font
font/woff2 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://threatpost.com
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 16 Feb 2022 17:56:19 GMT
x-content-type-options: nosniff
age: 149234
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15828
x-xss-protection: 0
last-modified: Wed, 22 Sep 2021 16:13:28 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 16 Feb 2023 17:56:19 GMT

GET
H2 200 KFOlCnqEu92Fr1MmSU5fBBc4.woff2
fonts.gstatic.com/s/roboto/v29/ Frame BD0B 15 KB
15 KB 221ms
134ms Font
font/woff2 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmSU5fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

33530b007071281a97e79baab13ddf7cc4b9de942ebd3e212224857335f7cb97

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://threatpost.com
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 16 Feb 2022 17:58:32 GMT
x-content-type-options: nosniff
age: 149101
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15732
x-xss-protection: 0
last-modified: Wed, 22 Sep 2021 16:13:20 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 16 Feb 2023 17:58:32 GMT

GET
H2

200

si
googleads.g.doubleclick.net/pagead/drt/ Frame 51D0
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
0

236ms
120ms

Image
text/html

2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Requested by: Host: threatpost.com
URL: https://threatpost.com/android-malware-flytrap-facebook/168463/
Protocol: H2
Server: 2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Redirect headers

date: Fri, 18 Feb 2022 11:23:33 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
cache-control: private
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 5B8C 0
9 B 55ms
54ms Image
text/plain 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?ZGdxhg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 18 Feb 2022 11:23:33 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame C8F6 499 B
258 B 133ms
71ms Document
text/html 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CJb4yM4CEJ-0q4IDGK2HtLsBMAE&v=APEucNXwOvwvsNVjQjqG_cOPw8Xw2rUjvacPFo5eBzE6DsDFzU54xa7JqQ8pxfYcHqczO7bTcHzOLHDc4sRUTl6G6ZPXj4pbBC8dVFwVG41mLLTHTqvRS2c

Requested by

Host: fddb3c9496fcaf8b8a980280780c51e3.safeframe.googlesyndication.com
URL: https://fddb3c9496fcaf8b8a980280780c51e3.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5ee2a16d4f8f9629ae75e0f94473f8601a4e0bf9527ba4467a094926e0947505

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://fddb3c9496fcaf8b8a980280780c51e3.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Fri, 18 Feb 2022 11:23:33 GMT
server: cafe
cache-control: private
content-length: 237
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 abg_lite_fy2019.js Show response
pagead2.googlesyndication.com/pagead/js/r20220216/r20110914/ Frame 512E 19 KB
8 KB 54ms
54ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220216/r20110914/abg_lite_fy2019.js

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

cb0a1ac121b8aa9b8e2912768985ee6341cdd33d4c7b4db39052731d4b5248e2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://fddb3c9496fcaf8b8a980280780c51e3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 18 Feb 2022 11:12:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 644
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7876
x-xss-protection: 0
server: cafe
etag: 1930320615972901081
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 04 Mar 2022 11:12:49 GMT

GET
H3 200 omrhp_fy2019.js Show response
pagead2.googlesyndication.com/pagead/js/r20220216/r20110914/elements/html/ Frame 512E 6 KB
3 KB 53ms
53ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220216/r20110914/elements/html/omrhp_fy2019.js

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2d0744b54be7eab148245653f8fad2e4a0e8875b886bcacbb2c70741872eda55

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://fddb3c9496fcaf8b8a980280780c51e3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 18 Feb 2022 10:58:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1496
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2626
x-xss-protection: 0
server: cafe
etag: 8548655983161038638
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 04 Mar 2022 10:58:37 GMT

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 512E 0
571 B 219ms
97ms Ping
image/gif 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvTopHZZpDNp7BTYuu72JP7VAbpeKyWT-ySVrtxEns4f_5e1SkYIscsIkIcX4CcoUsLfROF0IPFqSlrc53wzlqmiEyWMea4LgOR-sy38KP4GiyL4DB8LvjoQYO3bjNhOMQIVx-jfEiIfhlgup-tAh8F1kCh2yGE1PqIeitu2ArR0dcyKs_lepgwbbZxHB5_3vMY3jIEA7jY_GwjMC1yF-6VklfAMpCw5dDi5pw3wkFim2kpBTlHMBV932uBrq_OLorAeyYZqWLnJJAraBOXgobpFRgmaHwQXwFqkAdeO89Vc35TdLnn1HHQ0Z77gxT0tgq9jseJxauLyVLaa_GMGpR10IVkxApkiYzajMHjqrVQt4eGJpzeDH0dJJMPvhctn1KuGelUcYbhWF2EdquZP4jSNoxW_1Kc1BEutrTXyBaA_Ky7hdHYEzHEy5njMxXGXM3KLuW97LqajC1iHL68Lbje7NqwnFqWwKzNJbYQVd5h3a532p9JB0ALS06hmuI_EU2aPl1Y8ZcovRKRMahtGQH9eVB5j9oD8n3fTH1FywXHFPo3HUY6iYKag549-BoEEmYp4Ch41Kul15CjpnMknMdT9gpgBz3dbuliIgepAVJ7RWkSGz1QWl1iZwQ3R8J3cAac-1P4Nh-GIqeqnNCmF5pci5dEy_hLSjVFhxUNJv--azJkXWx_nKKP_pp6jpqspBPtBjQdPH9_DHJ6f9dJbnDdd5u-BZIXvEh5WxOfJhG6hjvZUV0QHqe2_DpGv7aYbf1VrgKuLC_pKLy7375mwhKDgVM5i7Lh7XqunHfN2W4wwKMK9KDCbFCoSIkK2Mgw-K6kk9hMfSzJjQR4NXhsVXF5Q2mVPpEbUfp9EQQQbUs6_Ppvoa8YB5p97TxcFrHXidxXeeQ5Wv0MWwgp4AMouYLg9UZrZtr-nQq05nWmAMmAdIveXwvUBptG35Gf-EREZCG2qJ7nVEsC_Xac4GfjIVE8T3-c8O1dug8eWOSNqySRhzR31gvLjCNu0HMyrEItNBO5XgL79W8vDzjsRlluZFiIPHx9Gin-IeXXUs1tTmw0Tm7Gt1klH3IxDhNDLHe0cdvdEz-PHmEUh2WuNgeKsEHDHXNXouw-2HVTo3fG-CjaSNaXiiJSwQ2jWzca6pmeMA&sai=AMfl-YSv3zPSx6rN2Wyoc8k7DFxrSYVBmGLA4ITkmZzIFxMq0zkJo2LDzu7YdowYyBOqmosxR1lhDAArPEhzmffMWmaoUhqyHXiO3nsVmBMiJaAlh8dhgXQHKaNngZ4A2Km19ae6vYVQadHBhBa5qn3b_x-vdv1EgqvRSOwrrnV3KvYg6dE-6_xaV-mD8G4E6sj_tx-xID2IbElRtIYozAG_oKeTb_OukNU_gsE6fqhy-NAz2oVynpabW2ONA0NdOfU0h3tuXp6XLGhPo7dyfj3PFqQdpt8g6hY9XrUisT1ANXszOTADsRcOWnSFtklXBITEdWkTSDw-1CJu2MoMof8JbF7ATVo93gDadW7C5N1rOF2mz9Jk_Rm-U8Rf3v87YrUbKqlAxY6sfOzps-A5j2rw5A&sig=Cg0ArKJSzPkERzNoq73YEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1&cbvp=1&cstd=0&cisv=r20220216.39717&adurl=

Requested by

Host: fddb3c9496fcaf8b8a980280780c51e3.safeframe.googlesyndication.com
URL: https://fddb3c9496fcaf8b8a980280780c51e3.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://fddb3c9496fcaf8b8a980280780c51e3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
date: Fri, 18 Feb 2022 11:23:34 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 512E 41 KB
15 KB 54ms
53ms Script
text/javascript 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://fddb3c9496fcaf8b8a980280780c51e3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 17 Feb 2022 16:13:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 68992
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 17 Feb 2023 16:13:41 GMT

GET
H3 200 15084187536674905470
s0.2mdn.net/simgad/ Frame 512E 131 KB
131 KB 118ms
55ms Image
image/jpeg 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/15084187536674905470

Requested by

Host: fddb3c9496fcaf8b8a980280780c51e3.safeframe.googlesyndication.com
URL: https://fddb3c9496fcaf8b8a980280780c51e3.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d8f8d23dfc7907b2dca67d8fac62bbcd76e32af26ceb3fbaf5d8e0430b8b9ad4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://fddb3c9496fcaf8b8a980280780c51e3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 17 Feb 2022 19:06:16 GMT
x-content-type-options: nosniff
age: 58638
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 133883
x-xss-protection: 0
last-modified: Thu, 18 Nov 2021 11:58:01 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 17 Feb 2023 19:06:16 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame 6E3F 8 KB
888 B 63ms
63ms Stylesheet
text/css 2a00:1450:4001:82b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: fddb3c9496fcaf8b8a980280780c51e3.safeframe.googlesyndication.com
URL: https://fddb3c9496fcaf8b8a980280780c51e3.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

f93d0298dd39f7dff18566a5b2754067e26c0182b469fd6b24e5d63429fef88b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://fddb3c9496fcaf8b8a980280780c51e3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Fri, 18 Feb 2022 10:52:51 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Fri, 18 Feb 2022 11:23:34 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 18 Feb 2022 11:23:34 GMT

GET
H3 200 load_preloaded_resource_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220216/r20110914/client/ Frame 6E3F 2 KB
909 B 54ms
54ms Script
text/javascript 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220216/r20110914/client/load_preloaded_resource_fy2019.js

Requested by

Host: fddb3c9496fcaf8b8a980280780c51e3.safeframe.googlesyndication.com
URL: https://fddb3c9496fcaf8b8a980280780c51e3.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7a487d46a028c374c609924015d8c7ef6dd28b613a3739aa97ed2080984775bb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://fddb3c9496fcaf8b8a980280780c51e3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 18 Feb 2022 11:22:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 44
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 877
x-xss-protection: 0
server: cafe
etag: 13035868154101442325
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 04 Mar 2022 11:22:50 GMT

GET
H3 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220216/r20110914/ Frame 6E3F 19 KB
8 KB 54ms
54ms Script
text/javascript 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220216/r20110914/abg_lite_fy2019.js

Requested by

Host: fddb3c9496fcaf8b8a980280780c51e3.safeframe.googlesyndication.com
URL: https://fddb3c9496fcaf8b8a980280780c51e3.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

cb0a1ac121b8aa9b8e2912768985ee6341cdd33d4c7b4db39052731d4b5248e2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://fddb3c9496fcaf8b8a980280780c51e3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 18 Feb 2022 11:22:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 61
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7876
x-xss-protection: 0
server: cafe
etag: 1930320615972901081
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 04 Mar 2022 11:22:33 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220216/r20110914/client/ Frame 6E3F 2 KB
1 KB 55ms
55ms Script
text/javascript 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220216/r20110914/client/window_focus_fy2019.js

Requested by

Host: fddb3c9496fcaf8b8a980280780c51e3.safeframe.googlesyndication.com
URL: https://fddb3c9496fcaf8b8a980280780c51e3.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

68026f99511fbc5c2275b7068b5fac19797d638977ffb9db12c5c1523614c18f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://fddb3c9496fcaf8b8a980280780c51e3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 18 Feb 2022 11:20:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 181
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1233
x-xss-protection: 0
server: cafe
etag: 16517525077337815633
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 04 Mar 2022 11:20:33 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 6E3F 124 KB
38 KB 70ms
69ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: fddb3c9496fcaf8b8a980280780c51e3.safeframe.googlesyndication.com
URL: https://fddb3c9496fcaf8b8a980280780c51e3.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5b9794842e89dcec3790d21b95acce36c08673d4162e745dc440e6766534ed53

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://fddb3c9496fcaf8b8a980280780c51e3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 18 Feb 2022 11:23:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38723
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1645015031201889"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Fri, 18 Feb 2022 11:23:34 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220216/r20110914/client/ Frame 6E3F 15 KB
6 KB 55ms
55ms Script
text/javascript 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220216/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: fddb3c9496fcaf8b8a980280780c51e3.safeframe.googlesyndication.com
URL: https://fddb3c9496fcaf8b8a980280780c51e3.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

78ea6d7806beda2d76bb7d9abb14b034ad476a897376c270aefcf40a2f49316c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://fddb3c9496fcaf8b8a980280780c51e3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 18 Feb 2022 11:23:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 20
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6438
x-xss-protection: 0
server: cafe
etag: 12093742715590823996
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 04 Mar 2022 11:23:14 GMT

GET
H3 200 6db0573cb067ea4557d3af56fc7062b8.js Show response
www.gstatic.com/mysidia/ Frame 6E3F 28 KB
11 KB 56ms
55ms Script
text/javascript 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/6db0573cb067ea4557d3af56fc7062b8.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: fddb3c9496fcaf8b8a980280780c51e3.safeframe.googlesyndication.com
URL: https://fddb3c9496fcaf8b8a980280780c51e3.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a50761af47976acf2a9b1ed88cff6727c6c0fa4a18c2806a26f108c5268b4c1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://fddb3c9496fcaf8b8a980280780c51e3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Mon, 14 Feb 2022 18:13:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 321007
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11678
x-xss-protection: 0
last-modified: Thu, 10 Feb 2022 09:43:36 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Sun, 15 May 2022 18:13:27 GMT

OPTIONS
H2 200 json
gum.criteo.com/sid/ Frame 0
0 193ms
63ms Preflight
application/json 2a02:2638:1::13
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fthreatpost.com%2F&domain=threatpost.com&cw=1&lsw=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::13 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Origin: https://threatpost.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
content-type: application/json; charset=utf-8
expires: 0
access-control-allow-origin: https://threatpost.com
access-control-allow-headers: content-type
access-control-allow-credentials: true
access-control-allow-methods: GET
server-processing-duration-in-ticks: 1663
date: Fri, 18 Feb 2022 11:23:33 GMT
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding

GET
H2

200

sid Show response
mug.criteo.com/ Frame 68C5
Redirect Chain

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fthreatpost.com%2F&domain=threatpost.com&cw=1&lsw=1
https://mug.criteo.com/sid?cpp=eMLT5nxPOW1LM3hoTHBOeUkyOWRXQjNyL3k3Qm1OYVhwd05nT3h3MUxvUHRQcUk5Y1BVMTlPeXhuSzNxbFZuU0NtWDlMb3JaRnFycUg1RDFrQ0N2dEJRUFE3SFQwcjZyaW9vM1VZNVBzdWhwdngzaTF3WDRtc1ZsbHExNH...

353 B
616 B

149ms
51ms

XHR
application/json

178.250.2.146
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://mug.criteo.com/sid?cpp=eMLT5nxPOW1LM3hoTHBOeUkyOWRXQjNyL3k3Qm1OYVhwd05nT3h3MUxvUHRQcUk5Y1BVMTlPeXhuSzNxbFZuU0NtWDlMb3JaRnFycUg1RDFrQ0N2dEJRUFE3SFQwcjZyaW9vM1VZNVBzdWhwdngzaTF3WDRtc1ZsbHExNHV3d1BNZjFMTFJGQWt3Z2YrNk9RV1VqMnp3a0d0dkxPUWhLdHpyWnRLNGFTanczNEtMUEg3QWdEdm4xU3BpNFA4aDQzRlkrU1pHVVJyU0YweXpPbW54L3BKQjN4VktJbERoWDQwTkcxYVA0VHhZRFppOW1rPXw&cppv=2

Protocol

Server

178.250.2.146 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

79bea26931ecbecfd662db5498c3b7e24998fd978eeb49dfa9afe9c23afba020

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 18 Feb 2022 11:23:34 GMT
content-encoding: gzip
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: null
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 3150
strict-transport-security: max-age=31536000; preload;
expires: 0

Redirect headers

pragma: no-cache
date: Fri, 18 Feb 2022 11:23:33 GMT
location: https://mug.criteo.com/sid?cpp=eMLT5nxPOW1LM3hoTHBOeUkyOWRXQjNyL3k3Qm1OYVhwd05nT3h3MUxvUHRQcUk5Y1BVMTlPeXhuSzNxbFZuU0NtWDlMb3JaRnFycUg1RDFrQ0N2dEJRUFE3SFQwcjZyaW9vM1VZNVBzdWhwdngzaTF3WDRtc1ZsbHExNHV3d1BNZjFMTFJGQWt3Z2YrNk9RV1VqMnp3a0d0dkxPUWhLdHpyWnRLNGFTanczNEtMUEg3QWdEdm4xU3BpNFA4aDQzRlkrU1pHVVJyU0YweXpPbW54L3BKQjN4VktJbERoWDQwTkcxYVA0VHhZRFppOW1rPXw&cppv=2
strict-transport-security: max-age=31536000; preload;
access-control-allow-methods: GET
content-type: text/html; charset=utf-8
access-control-allow-origin: https://threatpost.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 1644
content-length: 482
expires: 0

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame C615 15 KB
6 KB 184ms
56ms Document
text/html 2.21.141.175
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156858&gdpr=0&gdpr_consent=
Requested by: Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.7.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.21.141.175 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-21-141-175.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://threatpost.com/

Response headers

last-modified: Tue, 01 Feb 2022 06:38:00 GMT
etag: "1300708-3de4-5d6ef246ef4cf"
server: Apache/2.2.15 (CentOS)
accept-ranges: bytes
content-encoding: gzip
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 5549
content-type: text/html; charset=UTF-8
cache-control: max-age=86799
expires: Sat, 19 Feb 2022 11:30:13 GMT
date: Fri, 18 Feb 2022 11:23:34 GMT
vary: Accept-Encoding

GET
H2 200 pd Show response
u.openx.net/w/1.0/ Frame 0A80 668 B
716 B 140ms
94ms Document
text/html 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://u.openx.net/w/1.0/pd?gdpr=0&gdpr_consent=
Requested by: Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.7.0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/17.1.0 /
Resource Hash: 953594081f1e67543303a535e9cbe693b6002519dae3fb5e6baf0a9ac2b1350a

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://threatpost.com/

Response headers

vary: Accept, Accept-Encoding
server: OXGW/17.1.0
p3p: CP="CUR ADM OUR NOR STA NID"
date: Fri, 18 Feb 2022 11:23:34 GMT
content-type: text/html
content-length: 416
content-encoding: gzip
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H/1.1 200
OK async_usersync.html Show response
acdn.adnxs.com/dmp/ Frame B9F2 52 KB
17 KB 245ms
54ms Document
text/html 151.101.193.108
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html
Requested by: Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.7.0.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.193.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://threatpost.com/

Response headers

Connection: keep-alive
Content-Length: 17053
Server: nginx/1.18.0 (Ubuntu)
Content-Type: text/html
Last-Modified: Wed, 02 Dec 2020 20:56:47 GMT
ETag: W/"5fc7ff8f-cf34"
Expires: Thu, 17 Feb 2022 04:03:24 GMT
Cache-Control: max-age=86402
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Via: 1.1 varnish, 1.1 varnish
Accept-Ranges: bytes
Date: Fri, 18 Feb 2022 11:23:34 GMT
Age: 26408
X-Served-By: cache-lga21975-LGA, cache-hhn4073-HHN
X-Cache: HIT, HIT
X-Cache-Hits: 1, 435280
X-Timer: S1645183415.510569,VS0,VE0
Vary: Accept-Encoding

GET
H/1.1 200
OK ixmatch.html Show response
js-sec.indexww.com/um/ Frame ED44 2 KB
1 KB 232ms
56ms Document
text/html 2.21.141.232
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://js-sec.indexww.com/um/ixmatch.html
Requested by: Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.7.0.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.21.141.232 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-21-141-232.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 7eca7977c6ade416c20775a7fd7cfa2291c5752cd1225d5c4342b057c37a000c

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://threatpost.com/

Response headers

Server: Apache
Last-Modified: Thu, 11 Feb 2021 16:12:45 GMT
ETag: "e20015-90b-5bb11ca420f07"
Accept-Ranges: bytes
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1151
Date: Fri, 18 Feb 2022 11:23:34 GMT
Connection: keep-alive

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame 61B0 15 KB
6 KB 183ms
59ms Document
text/html 2.21.141.175
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156858&gdpr=0&gdpr_consent=
Requested by: Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.7.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.21.141.175 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-21-141-175.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://threatpost.com/

Response headers

last-modified: Tue, 01 Feb 2022 06:38:00 GMT
etag: "1300708-3de4-5d6ef246ef4cf"
server: Apache/2.2.15 (CentOS)
accept-ranges: bytes
content-encoding: gzip
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 5549
content-type: text/html; charset=UTF-8
cache-control: max-age=86799
expires: Sat, 19 Feb 2022 11:30:13 GMT
date: Fri, 18 Feb 2022 11:23:34 GMT
vary: Accept-Encoding

GET
H/1.1 200
OK async_usersync.html Show response
acdn.adnxs.com/dmp/ Frame E40C 52 KB
17 KB 242ms
53ms Document
text/html 151.101.193.108
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html
Requested by: Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.7.0.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.193.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://threatpost.com/

Response headers

Connection: keep-alive
Content-Length: 17053
Server: nginx/1.18.0 (Ubuntu)
Content-Type: text/html
Last-Modified: Wed, 02 Dec 2020 20:56:47 GMT
ETag: W/"5fc7ff8f-cf34"
Expires: Thu, 17 Feb 2022 04:03:24 GMT
Cache-Control: max-age=86402
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Via: 1.1 varnish, 1.1 varnish
Accept-Ranges: bytes
Date: Fri, 18 Feb 2022 11:23:34 GMT
Age: 26408
X-Served-By: cache-lga21975-LGA, cache-hhn4073-HHN
X-Cache: HIT, HIT
X-Cache-Hits: 1, 435281
X-Timer: S1645183415.510770,VS0,VE0
Vary: Accept-Encoding

GET
H/1.1 200
OK ixmatch.html Show response
js-sec.indexww.com/um/ Frame 79E5 2 KB
1 KB 230ms
56ms Document
text/html 2.21.141.232
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://js-sec.indexww.com/um/ixmatch.html
Requested by: Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.7.0.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.21.141.232 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-21-141-232.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 7eca7977c6ade416c20775a7fd7cfa2291c5752cd1225d5c4342b057c37a000c

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://threatpost.com/

Response headers

Server: Apache
Last-Modified: Thu, 11 Feb 2021 16:12:45 GMT
ETag: "e20015-90b-5bb11ca420f07"
Accept-Ranges: bytes
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1151
Date: Fri, 18 Feb 2022 11:23:34 GMT
Connection: keep-alive

GET
H2 200 pd Show response
u.openx.net/w/1.0/ Frame B384 668 B
728 B 107ms
67ms Document
text/html 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://u.openx.net/w/1.0/pd?gdpr=0&gdpr_consent=
Requested by: Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.7.0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/17.1.0 /
Resource Hash: 953594081f1e67543303a535e9cbe693b6002519dae3fb5e6baf0a9ac2b1350a

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://threatpost.com/

Response headers

vary: Accept, Accept-Encoding
server: OXGW/17.1.0
p3p: CP="CUR ADM OUR NOR STA NID"
date: Fri, 18 Feb 2022 11:23:34 GMT
content-type: text/html
content-length: 416
content-encoding: gzip
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H2

204

sync
ups.analytics.yahoo.com/ups/57304/ Frame 68C5
Redirect Chain

https://pixel.advertising.com/ups/57304/sync?gdpr=&gdpr_consent=&_origin=0&redir=true
https://pixel.advertising.com/ups/57304/sync?gdpr=&gdpr_consent=&_origin=0&redir=true&verify=true
https://ups.analytics.yahoo.com/ups/57304/sync?gdpr=&gdpr_consent=&_origin=0&redir=true&apid=UP359805b7-90ad-11ec-ae57-0654adbd93ae
https://ups.analytics.yahoo.com/ups/57304/sync?gdpr=&gdpr_consent=&_origin=0&redir=true&apid=UP359805b7-90ad-11ec-ae57-0654adbd93ae&verify=true
https://cm.g.doubleclick.net/pixel?google_nid=adaptv_dbm&google_cm&google_hm=VVAzNTk4MDViNy05MGFkLTExZWMtYWU1Ny0wNjU0YWRiZDkzYWU%3D
https://pixel.advertising.com/ups/57304/sync?uid=CAESEHXuVm9xQaDGBXIlkhvTC5s&google_cver=1
https://ups.analytics.yahoo.com/ups/57304/sync?uid=CAESEHXuVm9xQaDGBXIlkhvTC5s&google_cver=1&apid=UP359805b7-90ad-11ec-ae57-0654adbd93ae

0
383 B

64ms
63ms

Image
text/plain

3.126.56.137
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ups.analytics.yahoo.com/ups/57304/sync?uid=CAESEHXuVm9xQaDGBXIlkhvTC5s&google_cver=1&apid=UP359805b7-90ad-11ec-ae57-0654adbd93ae

Protocol

Server

3.126.56.137 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-126-56-137.eu-central-1.compute.amazonaws.com

Software

ATS/9.1.0.33 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 18 Feb 2022 11:23:35 GMT
server: ATS/9.1.0.33
age: 0
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

Redirect headers

location: https://ups.analytics.yahoo.com/ups/57304/sync?uid=CAESEHXuVm9xQaDGBXIlkhvTC5s&google_cver=1&apid=UP359805b7-90ad-11ec-ae57-0654adbd93ae
date: Fri, 18 Feb 2022 11:23:35 GMT
content-length: 0
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H2

204

sync
ups.analytics.yahoo.com/ups/55986/ Frame 68C5
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/m7y5t93k?gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fpixel.advertising.com%2Fups%2F55986%2Fsync%3Fuid%3D%24%7BUSER_ID%7D%26_origin%3D0&gdpr=0&gdpr_consent=
https://pixel.advertising.com/ups/55986/sync?uid=Yg_BsgAAAIGs2QQz&_origin=0&gdpr=0&gdpr_consent=
https://ups.analytics.yahoo.com/ups/55986/sync?uid=Yg_BsgAAAIGs2QQz&_origin=0&gdpr=0&gdpr_consent=&apid=UP359805b7-90ad-11ec-ae57-0654adbd93ae
https://ups.analytics.yahoo.com/ups/55986/sync?uid=Yg_BsgAAAIGs2QQz&_origin=0&gdpr=0&gdpr_consent=&apid=UP359805b7-90ad-11ec-ae57-0654adbd93ae&verify=true

0
122 B

63ms
63ms

Image
text/plain

3.126.56.137
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ups.analytics.yahoo.com/ups/55986/sync?uid=Yg_BsgAAAIGs2QQz&_origin=0&gdpr=0&gdpr_consent=&apid=UP359805b7-90ad-11ec-ae57-0654adbd93ae&verify=true

Protocol

Server

3.126.56.137 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-126-56-137.eu-central-1.compute.amazonaws.com

Software

ATS/9.1.0.33 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 18 Feb 2022 11:23:34 GMT
server: ATS/9.1.0.33
age: 0
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

Redirect headers

location: https://ups.analytics.yahoo.com/ups/55986/sync?uid=Yg_BsgAAAIGs2QQz&_origin=0&gdpr=0&gdpr_consent=&apid=UP359805b7-90ad-11ec-ae57-0654adbd93ae&verify=true
date: Fri, 18 Feb 2022 11:23:34 GMT
server: ATS/9.1.0.33
age: 0
content-length: 0
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H2

204

sync
ups.analytics.yahoo.com/ups/55953/ Frame 68C5
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=adaptv&ttd_tpi=1
https://match.adsrvr.org/track/cmb/generic?ttd_pid=adaptv&ttd_tpi=1
https://ups.analytics.yahoo.com/ups/55953/sync?uid=5237a546-8536-4403-b4ff-984b6912ae90&_origin=1&gdpr=1&gdpr_consent=

0
124 B

208ms
64ms

Image
text/plain

3.126.56.137
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ups.analytics.yahoo.com/ups/55953/sync?uid=5237a546-8536-4403-b4ff-984b6912ae90&_origin=1&gdpr=1&gdpr_consent=

Protocol

Server

3.126.56.137 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-126-56-137.eu-central-1.compute.amazonaws.com

Software

ATS/9.1.0.33 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 18 Feb 2022 11:23:34 GMT
server: ATS/9.1.0.33
age: 0
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

Redirect headers

pragma: no-cache
date: Fri, 18 Feb 2022 11:23:34 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://ups.analytics.yahoo.com/ups/55953/sync?uid=5237a546-8536-4403-b4ff-984b6912ae90&_origin=1&gdpr=1&gdpr_consent=
cache-control: private,no-cache, must-revalidate
content-type: text/html
content-length: 267

GET
H3 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame BD0B 2 KB
2 KB 54ms
54ms Image
image/png 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012202072236000/amp4ads-v0.mjs

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 17 Feb 2022 18:59:48 GMT
x-content-type-options: nosniff
server: cafe
age: 59026
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
etag: 14819457070020093239
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Fri, 18 Feb 2022 18:59:48 GMT

GET
H3 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame BD0B 295 B
328 B 55ms
55ms Image
image/png 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012202072236000/amp4ads-v0.mjs

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 18 Feb 2022 05:43:34 GMT
x-content-type-options: nosniff
server: cafe
age: 20400
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
etag: 426692510519060060
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Sat, 19 Feb 2022 05:43:34 GMT

GET
H2 200 pixel
cm.g.doubleclick.net/ Frame C8F6 170 B
243 B 189ms
65ms Image
image/png 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=adscale&google_cm&google_dbm&gdpr=0

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJb4yM4CEJ-0q4IDGK2HtLsBMAE&v=APEucNXwOvwvsNVjQjqG_cOPw8Xw2rUjvacPFo5eBzE6DsDFzU54xa7JqQ8pxfYcHqczO7bTcHzOLHDc4sRUTl6G6ZPXj4pbBC8dVFwVG41mLLTHTqvRS2c

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 18 Feb 2022 11:23:34 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame C8F6
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm&gdpr=0
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDYmpHoJatiZ7wWXOyZrN8g&google_cver=1&gdpr=0
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDYmpHoJatiZ7wWXOyZrN8g&google_cver=1&gdpr=0&C=1

43 B
1013 B

69ms
69ms

Image
image/gif

2.21.141.232
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDYmpHoJatiZ7wWXOyZrN8g&google_cver=1&gdpr=0&C=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJb4yM4CEJ-0q4IDGK2HtLsBMAE&v=APEucNXwOvwvsNVjQjqG_cOPw8Xw2rUjvacPFo5eBzE6DsDFzU54xa7JqQ8pxfYcHqczO7bTcHzOLHDc4sRUTl6G6ZPXj4pbBC8dVFwVG41mLLTHTqvRS2c
Protocol: HTTP/1.1
Server: 2.21.141.232 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-21-141-232.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 18 Feb 2022 11:23:34 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 18 Feb 2022 11:23:34 GMT

Redirect headers

Pragma: no-cache
Date: Fri, 18 Feb 2022 11:23:34 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDYmpHoJatiZ7wWXOyZrN8g&google_cver=1&gdpr=0&C=1
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: text/html; charset=iso-8859-1
Content-Length: 319
Expires: Fri, 18 Feb 2022 11:23:34 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame C8F6
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&gdpr=0&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgdpr%3D0%26google_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&gdpr=0&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?gdpr=0&google_nid=casale_media2_dsp_secure&google_cm&google_hm=Yg.BtthjTwNlHGMUg.e2YwAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDYmpHoJatiZ7wWXOyZrN8g&google_cver=1&gdpr=0&google_hm=2

43 B
1 KB

69ms
68ms

Image
image/gif

2.21.141.232
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDYmpHoJatiZ7wWXOyZrN8g&google_cver=1&gdpr=0&google_hm=2
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJb4yM4CEJ-0q4IDGK2HtLsBMAE&v=APEucNXwOvwvsNVjQjqG_cOPw8Xw2rUjvacPFo5eBzE6DsDFzU54xa7JqQ8pxfYcHqczO7bTcHzOLHDc4sRUTl6G6ZPXj4pbBC8dVFwVG41mLLTHTqvRS2c
Protocol: HTTP/1.1
Server: 2.21.141.232 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-21-141-232.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 18 Feb 2022 11:23:35 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 18 Feb 2022 11:23:35 GMT

Redirect headers

pragma: no-cache
date: Fri, 18 Feb 2022 11:23:34 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDYmpHoJatiZ7wWXOyZrN8g&google_cver=1&gdpr=0&google_hm=2
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 340
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 512E 0
23 B 152ms
90ms Ping
image/gif 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: fddb3c9496fcaf8b8a980280780c51e3.safeframe.googlesyndication.com
URL: https://fddb3c9496fcaf8b8a980280780c51e3.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://fddb3c9496fcaf8b8a980280780c51e3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 18 Feb 2022 11:23:34 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 8A62 143 B
163 B 54ms
54ms Document
text/html 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: fddb3c9496fcaf8b8a980280780c51e3.safeframe.googlesyndication.com
URL: https://fddb3c9496fcaf8b8a980280780c51e3.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://fddb3c9496fcaf8b8a980280780c51e3.safeframe.googlesyndication.com/

Response headers

x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 145
x-xss-protection: 0
date: Fri, 18 Feb 2022 11:04:53 GMT
cache-control: public, max-age=3600
content-type: text/html; charset=UTF-8
age: 1121
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 89ms
89ms Image
image/gif 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=225&t=2&li=gpt_2022021602&jk=3166335603429057&bg=!AAOlA0fNAAbf-5Dq3_s7ACkAdvg8WtXOXZ-scEW2VurcjZCRptllfIFrXsiTLIYQ3SPsshYwotQbXQIAAAajUgAAAAJoAQcKAAlYxU-G6l3k-gqZAsH8b7tkD8cLDTr6n0YBsJrAHijvR4at3damLOfmrMTrnOxbB71yqYar1x_rqjvYJQTU6Yq94ZpNim2M_ImJ38jecsvhRLfSu4T8zRhumZaM7YiUXCi5mY1916tpHKvMT-pSkKRsjNaVrJkU_GRSdyunz0qj_txHlEjF95VGrugtuC9UsbBcM3TWasQ9-JnEECN0IWFoIq-2s7Droo-DB9cQ6_rbxT1g4X0pJ68jJhJmfp4ounz1mvOOcQSgKImG7-UzSFETCrDEawh_G0lRxsM1qszPu3731ore9L5Bevri6wqp1ZXmYPyyWvsBQzRvgCjMmyg47XqUUEfCxKCzRxSfURIIIBHV2-WbgqbfVaqZ2nONnC4TGGGLcur6kkmclW3xU8BCHsB9wq1YAIG43bWfI7Mdi4nuuNl_-wKEtPkI99BlTLCsaQsj1TfJJZg1jALNJkYyTq5jNHC47Xitofaqg-OJgB_uHeDuhkemDgM0zKkWM0MPIo9hyWvkYAsgdlyjGZ0p6pqkr8MFzAnTeAlDuXkF78vaFrv_j8Vagv3Z6cEl8pJpmNiK6iJCqKr6Fvl9a5_ofXNehTylpb_jt6TUSHUl1Nc4MvSL6io4Zep0gaZMYcUIp0jWkt2VoF_FPDOGPsP-I3y7ImV8p2f9MoseWQSRMb_tUnb-FI2IN9Oz-zicV6ZnfuZkJTBQyadlbcKeaO3Bj-lmFEa_QQrhpzlW02VYSZdj_eKkRA7jd0WTMWjFsBmURFoytQT3Fma9Oo36YCkEj-5cl0fOfbJ4dLNwEQBAa7XjeorM2qc0wUz3Nf_Id2k-LQykwaavMTL6u3YeMb_EVRtH6pzAukt19CLDAzhEmOkEX-5rml82EiVEveagBdFOWaISC8zu0CgDsNS0PRUyKZ-WetmYexC0kLZ2OMyeYfGFq-2DWgChQstNFsA

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 18 Feb 2022 11:23:34 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

sd
eu-u.openx.net/w/1.0/ Frame B384
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=5&redir=https%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D536872786%26val%3D%5BMM_UUID%5D
https://eu-u.openx.net/w/1.0/sd?id=536872786&val=4913620f-81b6-4700-989d-2aa87d99eb45

43 B
61 B

119ms
63ms

Image
image/gif

34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eu-u.openx.net/w/1.0/sd?id=536872786&val=4913620f-81b6-4700-989d-2aa87d99eb45
Requested by: Host: u.openx.net
URL: https://u.openx.net/w/1.0/pd?gdpr=0&gdpr_consent=
Protocol: H3
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/17.1.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 18 Feb 2022 11:23:35 GMT
via: 1.1 google
server: OXGW/17.1.0
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

Date: Fri, 18 Feb 2022 11:23:34 GMT
Server: MT3 4133 baa842e master zrh-pixel-x15 config:1.0.0
Access-Control-Allow-Origin: *
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://eu-u.openx.net/w/1.0/sd?id=536872786&val=4913620f-81b6-4700-989d-2aa87d99eb45
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Fri, 18 Feb 2022 11:23:33 GMT

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame B384
Redirect Chain

https://pixel.quantserve.com/pixel/p-25CIknq_eSg16.gif?idmatch=0&gdpr=0
https://us-u.openx.net/w/1.0/sd?id=537072956&&val=EsPz9hzAoaIJkvf2HJDu9RbJ9KkJwaH1F8SCYmSc

43 B
122 B

89ms
64ms

Image
image/gif

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072956&&val=EsPz9hzAoaIJkvf2HJDu9RbJ9KkJwaH1F8SCYmSc
Requested by: Host: u.openx.net
URL: https://u.openx.net/w/1.0/pd?gdpr=0&gdpr_consent=
Protocol: H2
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/17.1.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 18 Feb 2022 11:23:34 GMT
via: 1.1 google
server: OXGW/17.1.0
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 18 Feb 2022 11:23:34 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
location: https://us-u.openx.net/w/1.0/sd?id=537072956&&val=EsPz9hzAoaIJkvf2HJDu9RbJ9KkJwaH1F8SCYmSc
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 0
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2

200

sd
eu-u.openx.net/w/1.0/ Frame B384
Redirect Chain

https://c1.adform.net/serving/cookie/match?party=22
https://c1.adform.net/serving/cookie/match?CC=1&party=22
https://eu-u.openx.net/w/1.0/sd?id=537113484&val=3214093212461078255

43 B
106 B

87ms
66ms

Image
image/gif

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eu-u.openx.net/w/1.0/sd?id=537113484&val=3214093212461078255
Requested by: Host: u.openx.net
URL: https://u.openx.net/w/1.0/pd?gdpr=0&gdpr_consent=
Protocol: H2
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/17.1.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 18 Feb 2022 11:23:34 GMT
via: 1.1 google
server: OXGW/17.1.0
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 18 Feb 2022 11:23:34 GMT
server: nginx
location: https://eu-u.openx.net/w/1.0/sd?id=537113484&val=3214093212461078255
access-control-max-age: 86400
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H2 200 openx
match.adsrvr.org/track/cmf/ Frame B384 70 B
264 B 57ms
56ms Image
image/gif 15.197.193.217
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/openx?oxid=42f12d78-6d21-71ad-e5e6-0d170ca090d1&gdpr=0
Requested by: Host: u.openx.net
URL: https://u.openx.net/w/1.0/pd?gdpr=0&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 15.197.193.217 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a12b7a488abeaa9e4.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 18 Feb 2022 11:23:34 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H2 200 pixel
cm.g.doubleclick.net/ Frame B384 170 B
232 B 73ms
66ms Image
image/png 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=NmU5ZWZlYjItYTQ1Ni0yZjA5LWYwMDYtNTdhZWM2NDI1ZWIx

Requested by

Host: u.openx.net
URL: https://u.openx.net/w/1.0/pd?gdpr=0&gdpr_consent=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 18 Feb 2022 11:23:34 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame B384
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEBMKcsuLEneHaCpq0g0cEGs&google_cver=1

43 B
106 B

66ms
66ms

Image
image/gif

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEBMKcsuLEneHaCpq0g0cEGs&google_cver=1
Requested by: Host: u.openx.net
URL: https://u.openx.net/w/1.0/pd?gdpr=0&gdpr_consent=
Protocol: H2
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/17.1.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 18 Feb 2022 11:23:34 GMT
via: 1.1 google
server: OXGW/17.1.0
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 18 Feb 2022 11:23:34 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEBMKcsuLEneHaCpq0g0cEGs&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

sd
eu-u.openx.net/w/1.0/ Frame 0A80
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=5&redir=https%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D536872786%26val%3D%5BMM_UUID%5D
https://eu-u.openx.net/w/1.0/sd?id=536872786&val=d89e620f-81b6-4800-98f1-89cc01062d5d

43 B
61 B

122ms
65ms

Image
image/gif

34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eu-u.openx.net/w/1.0/sd?id=536872786&val=d89e620f-81b6-4800-98f1-89cc01062d5d
Requested by: Host: u.openx.net
URL: https://u.openx.net/w/1.0/pd?gdpr=0&gdpr_consent=
Protocol: H3
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/17.1.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 18 Feb 2022 11:23:35 GMT
via: 1.1 google
server: OXGW/17.1.0
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

Date: Fri, 18 Feb 2022 11:23:34 GMT
Server: MT3 4133 baa842e master zrh-pixel-x24 config:1.0.0
Access-Control-Allow-Origin: *
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://eu-u.openx.net/w/1.0/sd?id=536872786&val=d89e620f-81b6-4800-98f1-89cc01062d5d
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Fri, 18 Feb 2022 11:23:33 GMT

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame 0A80
Redirect Chain

https://pixel.quantserve.com/pixel/p-25CIknq_eSg16.gif?idmatch=0&gdpr=0
https://us-u.openx.net/w/1.0/sd?id=537072956&&val=EsPz9hzAoaIJkvf2HJDu9RbJ9KkJwaH1F8SCYmSc

43 B
106 B

65ms
64ms

Image
image/gif

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072956&&val=EsPz9hzAoaIJkvf2HJDu9RbJ9KkJwaH1F8SCYmSc
Requested by: Host: u.openx.net
URL: https://u.openx.net/w/1.0/pd?gdpr=0&gdpr_consent=
Protocol: H2
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/17.1.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 18 Feb 2022 11:23:34 GMT
via: 1.1 google
server: OXGW/17.1.0
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

location: https://us-u.openx.net/w/1.0/sd?id=537072956&&val=EsPz9hzAoaIJkvf2HJDu9RbJ9KkJwaH1F8SCYmSc
pragma: no-cache
date: Fri, 18 Feb 2022 11:23:34 GMT
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 0
strict-transport-security: max-age=86400
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2

200

sd
eu-u.openx.net/w/1.0/ Frame 0A80
Redirect Chain

https://c1.adform.net/serving/cookie/match?party=22
https://c1.adform.net/serving/cookie/match?CC=1&party=22
https://eu-u.openx.net/w/1.0/sd?id=537113484&val=2071559945432283229

43 B
106 B

88ms
67ms

Image
image/gif

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eu-u.openx.net/w/1.0/sd?id=537113484&val=2071559945432283229
Requested by: Host: u.openx.net
URL: https://u.openx.net/w/1.0/pd?gdpr=0&gdpr_consent=
Protocol: H2
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/17.1.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 18 Feb 2022 11:23:34 GMT
via: 1.1 google
server: OXGW/17.1.0
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 18 Feb 2022 11:23:34 GMT
server: nginx
location: https://eu-u.openx.net/w/1.0/sd?id=537113484&val=2071559945432283229
access-control-max-age: 86400
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H2 200 openx
match.adsrvr.org/track/cmf/ Frame 0A80 70 B
264 B 56ms
55ms Image
image/gif 15.197.193.217
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/openx?oxid=42f12d78-6d21-71ad-e5e6-0d170ca090d1&gdpr=0
Requested by: Host: u.openx.net
URL: https://u.openx.net/w/1.0/pd?gdpr=0&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 15.197.193.217 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a12b7a488abeaa9e4.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 18 Feb 2022 11:23:34 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H2 200 pixel
cm.g.doubleclick.net/ Frame 0A80 170 B
232 B 70ms
69ms Image
image/png 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=NmU5ZWZlYjItYTQ1Ni0yZjA5LWYwMDYtNTdhZWM2NDI1ZWIx

Requested by

Host: u.openx.net
URL: https://u.openx.net/w/1.0/pd?gdpr=0&gdpr_consent=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 18 Feb 2022 11:23:34 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame 0A80
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEBMKcsuLEneHaCpq0g0cEGs&google_cver=1

43 B
106 B

65ms
65ms

Image
image/gif

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEBMKcsuLEneHaCpq0g0cEGs&google_cver=1
Requested by: Host: u.openx.net
URL: https://u.openx.net/w/1.0/pd?gdpr=0&gdpr_consent=
Protocol: H2
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/17.1.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 18 Feb 2022 11:23:34 GMT
via: 1.1 google
server: OXGW/17.1.0
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 18 Feb 2022 11:23:34 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEBMKcsuLEneHaCpq0g0cEGs&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 3133 22 KB
8 KB 54ms
54ms Document
text/html 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://fddb3c9496fcaf8b8a980280780c51e3.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
timing-allow-origin: *
content-length: 8395
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 17 Feb 2022 16:14:25 GMT
expires: Fri, 17 Feb 2023 16:14:25 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
content-type: text/html
age: 68949
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 512E 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a72a21b9538813d5fe0ebcef104db4dc64c86abab90142e42b58a74dda2a01c8

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Content-Type: image/png

GET
H/1.1

200
OK

usermatch Show response
ssum-sec.casalemedia.com/ Frame 3031
Redirect Chain

https://ssum-sec.casalemedia.com/usermatch?d=https://threatpost.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
https://ssum-sec.casalemedia.com/usermatch?d=https://threatpost.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1

2 KB
3 KB

74ms
74ms

Document
text/html

2.21.141.232
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ssum-sec.casalemedia.com/usermatch?d=https://threatpost.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Requested by: Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/um/ixmatch.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.21.141.232 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-21-141-232.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 5ba94c61118a70077951bde27fcede0bbe1823dde00b3ad1a762d6524c76561d

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://js-sec.indexww.com/

Response headers

Server: Apache
Content-Type: text/html
Dropped-Udsids: 230|39|241|73|47|3|81|90
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Vary: Is-Traffic-Usersync
Expires: Fri, 18 Feb 2022 11:23:34 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Fri, 18 Feb 2022 11:23:34 GMT
Content-Length: 1698
Connection: keep-alive

Redirect headers

Server: Apache
Content-Length: 337
Content-Type: text/html; charset=iso-8859-1
Location: https://ssum-sec.casalemedia.com/usermatch?d=https://threatpost.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Expires: Fri, 18 Feb 2022 11:23:34 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Fri, 18 Feb 2022 11:23:34 GMT
Connection: keep-alive

GET
H/1.1

200
OK

usermatch Show response
ssum-sec.casalemedia.com/ Frame 2FF9
Redirect Chain

https://ssum-sec.casalemedia.com/usermatch?d=https://threatpost.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
https://ssum-sec.casalemedia.com/usermatch?d=https://threatpost.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1

2 KB
2 KB

97ms
97ms

Document
text/html

2.21.141.232
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ssum-sec.casalemedia.com/usermatch?d=https://threatpost.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Requested by: Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/um/ixmatch.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.21.141.232 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-21-141-232.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 76ea450db2099f1a3ab0b0da7dd79986e261fbcf2d28f793481435c0ba1995b8

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://js-sec.indexww.com/

Response headers

Server: Apache
Content-Type: text/html
Dropped-Udsids: 230|39|241|46|206|57|40|188
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Vary: Is-Traffic-Usersync
Expires: Fri, 18 Feb 2022 11:23:35 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Fri, 18 Feb 2022 11:23:35 GMT
Content-Length: 1536
Connection: keep-alive

Redirect headers

Server: Apache
Content-Length: 337
Content-Type: text/html; charset=iso-8859-1
Location: https://ssum-sec.casalemedia.com/usermatch?d=https://threatpost.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Expires: Fri, 18 Feb 2022 11:23:34 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Fri, 18 Feb 2022 11:23:34 GMT
Connection: keep-alive

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame E40C 0
731 B 131ms
130ms Script
text/html 185.33.221.53
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.53 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

718.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 18 Feb 2022 11:23:34 GMT
X-Proxy-Origin: 82.199.130.39; 82.199.130.39; 718.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 3cbfa0b6-2f59-421f-9310-99812357d78d
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame B9F2 0
731 B 63ms
62ms Script
text/html 185.33.221.53
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.53 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

718.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 18 Feb 2022 11:23:34 GMT
X-Proxy-Origin: 82.199.130.39; 82.199.130.39; 718.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 9e6ef801-d23f-49bf-95ef-4bb986cc0ba0
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

OPTIONS
H2 200 sid
mug.criteo.com/ Frame 0
0 419ms
57ms Preflight
application/json 178.250.2.146
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.146 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Origin: null
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
content-type: application/json; charset=utf-8
expires: 0
access-control-allow-origin: null
access-control-allow-headers: content-type
access-control-allow-credentials: true
access-control-allow-methods: GET
server-processing-duration-in-ticks: 1009
date: Fri, 18 Feb 2022 11:23:34 GMT
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 8A62
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
16 B

104ms
104ms

Document
text/html

2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Host: fddb3c9496fcaf8b8a980280780c51e3.safeframe.googlesyndication.com
URL: https://fddb3c9496fcaf8b8a980280780c51e3.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Fri, 18 Feb 2022 11:23:34 GMT
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Fri, 18 Feb 2022 11:23:34 GMT
cache-control: private

Redirect headers

location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
cache-control: private
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Fri, 18 Feb 2022 11:23:34 GMT
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 RTAFWjK1oaY5MR175eart5uncqyuFBD5-f7_3Cl3Idw.js Show response
pagead2.googlesyndication.com/bg/ Frame 3133 35 KB
13 KB 54ms
54ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/RTAFWjK1oaY5MR175eart5uncqyuFBD5-f7_3Cl3Idw.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4530055a32b5a1a639311d7be5e6abb79ba772acae1410f9f9feffdc297721dc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 18 Feb 2022 11:08:43 GMT
content-encoding: br
x-content-type-options: nosniff
age: 891
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13529
x-xss-protection: 0
last-modified: Mon, 14 Feb 2022 11:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 18 Feb 2023 11:08:43 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 3133 0
20 B 89ms
89ms Image
image/gif 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BbMM0s4EPYoCUGYGJ9u8PuYOg-AkAAAAAOAHgBAI&bg=!Y2ClYCTNAAbf-5Dq3_s7ACkAdvg8WkcWOQzrSdr3-kj_YXRnSrh_4o9uDtYJbhTRyeSBkWWNw8vtFgIAAABXUgAAAAFoAQcKABsbfkN3KlcrJCqaBqWIo6enbL963XKOLDzY6PyZAxvdxHSuYvaTHVqTWoRH_FEcm2tS7Fx5mDkB_37op2HLNM6V_jiT22PLkPxomaAVcP85aJODJ9Flw_lJt2Y9lbf49nITWnbVoQTOzSZ9hpd2PWiaqdC57RIpl-syGLnNgYxHcJ58krum4NZ2gIW1dbCJqxrvWiciZExxE6aBRIJjYNro-Sy6ZMXMaapcxXWswxavZDzbKD8vzxve1bbKlGdWpyQh45NREDndp-aq0kre6k2u23nBvN10Zxkn01iNwT5n9qbzDtQ9JOTN3No2PzmkAGrk-97ehcs-fg47tvIdRHlIq6d3XcM6hR_hhBKJylxAa7qp_zWAh0wIQoF13HgCSYri__lG9BQ8GZC6FOIC3iXJsDB6_NoJRxG0c8i1To-fHvB-1XI9IKYYvXqn3evqamJcIonCyVkOttb25kF-YzO9HPsvmMXFTDkB9YiN6tbk1enKO68cfHdE3OV1pTauRCY4n1jawqa9YjW8qYPsC_BppSzDsNQWbRDl-8a2f65Vb2r4LkEvv9Cu4cvY8gF49IcODUN699LvRY5KO0v07BEop4gAgvk8XjwuG7gWU6dZWHPFFubZGOMIFRIxnbq2sWGuL1qwgQbZ7zrHtwLWl17Tch4kuNo8E4fPJ3R1Bw9O5f4ZrTZbWvbKiFLaCDm9Br7_KD8j5fk952-lRY0zDEN1G8ErXppMn1C8G-P-tdCD45E1S2-eHFhPtZ5Mp78j53rcahXnmi9hCzxaGepFWlAFFBHB_f7geOkTbHpK5suuV1wmmC14yqYUAfFD2lghj1CEKeMOWGPS_QoB1Q0frO7vBYoxVUniVYK-ETKCMmEl9aaQ7aSViWWhnF5d07GlsdBFxz78n8GYLZ3rvVar1AkQEtPQiecg40PNyjsnGj_F1ub9Jpg2zl6rQQWcZpSWVxkeoXZWz0BwXcVw7mumFTPKBdGNILLMmrabF9hKr6IHeG53iucPR136pvpmxEFVEGzzsyX0AIWe7sgzOjG7OVTcaeMI7h9FQn1l3XV7SASrJB2Iaa6_QCAT7g6k2cbfw4cSjwz_wW6t8lA

Requested by

Host: fddb3c9496fcaf8b8a980280780c51e3.safeframe.googlesyndication.com
URL: https://fddb3c9496fcaf8b8a980280780c51e3.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 18 Feb 2022 11:23:34 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H/1.1 200
OK abt Show response
capi.connatix.com/tr/ Frame 2762 0
315 B 129ms
128ms XHR
application/x-protobuf 18.191.54.29
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://capi.connatix.com/tr/abt?v=151003
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.191.54.29 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-191-54-29.us-east-2.compute.amazonaws.com
Software: Kestrel /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: multipart/form-data

Response headers

date: Fri, 18 Feb 2022 11:23:34 GMT
content-encoding: gzip
server: Kestrel
vary: Accept-Encoding
content-type: application/x-protobuf
access-control-allow-origin: https://threatpost.com
access-control-allow-credentials: true
Connection: keep-alive
Content-Length: 20

GET
H3 200 pixel
cm.g.doubleclick.net/ Frame 3031 170 B
188 B 66ms
65ms Image
image/png 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=Yg-Btm2geTWNEjXPGDdxGQAAANMAAAAB&gdpr_consent=&us_privacy=&gdpr=1

Requested by

Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https://threatpost.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 18 Feb 2022 11:23:35 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 casale
match.adsrvr.org/track/cmf/ Frame 3031 70 B
264 B 56ms
55ms Image
image/gif 15.197.193.217
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/casale?gdpr=1
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https://threatpost.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 15.197.193.217 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a12b7a488abeaa9e4.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 18 Feb 2022 11:23:35 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H/1.1

200
OK

dcm
s.amazon-adsystem.com/ Frame 3031
Redirect Chain

https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=Yg-Btm2geTWNEjXPGDdxGQAAANMAAAAB
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=Yg-Btm2geTWNEjXPGDdxGQAAANMAAAAB&dcc=t

43 B
645 B

142ms
141ms

Image
image/gif

52.46.154.242
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=Yg-Btm2geTWNEjXPGDdxGQAAANMAAAAB&dcc=t

Requested by

Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https://threatpost.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1

Protocol

HTTP/1.1

Server

52.46.154.242 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 18 Feb 2022 11:23:35 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: Q8WAT7F7YS16NY6CMXFP
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Fri, 18 Feb 2022 11:23:35 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: A8T8Y1PN8CC9Q7A2B287
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location: https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=Yg-Btm2geTWNEjXPGDdxGQAAANMAAAAB&dcc=t
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 Yg-Btm2geTWNEjXPGDdxGQAAANMAAAAB
pr-bh.ybp.yahoo.com/sync/casale/ Frame 3031 43 B
996 B 218ms
58ms Image
image/gif 2a05:d018:d29:3601:48c:2850:f91f:4df0
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pr-bh.ybp.yahoo.com/sync/casale/Yg-Btm2geTWNEjXPGDdxGQAAANMAAAAB?gdpr_consent=&us_privacy=&gdpr=1

Requested by

Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https://threatpost.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a05:d018:d29:3601:48c:2850:f91f:4df0 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

ATS /

Resource Hash

48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 18 Feb 2022 11:23:35 GMT
referrer-policy: strict-origin-when-cross-origin
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=31536000
content-type: image/gif
x-xss-protection: 1; mode=block
content-length: 43
x-content-type-options: nosniff

GET
H/1.1

200
OK

crum
dsum-sec.casalemedia.com/ Frame 3031
Redirect Chain

https://pm.w55c.net/ping_match.gif?ei=CASALE&rurl=https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=_wfivefivec_&gdpr=1
https://pm.w55c.net/ping_match.gif?scc=1&ei=CASALE&rurl=https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=_wfivefivec_&gdpr=1
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=ljuiJqpp1Nl1mn5&gdpr=1

43 B
1 KB

70ms
69ms

Image
image/gif

2.21.141.232
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=ljuiJqpp1Nl1mn5&gdpr=1
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https://threatpost.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol: HTTP/1.1
Server: 2.21.141.232 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-21-141-232.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 18 Feb 2022 11:23:35 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 18 Feb 2022 11:23:35 GMT

Redirect headers

Pragma: no-cache
Date: Fri, 18 Feb 2022 11:23:35 GMT
Server: PingMatch/v2.0.30-706-g7d26040#rel-ec2-master i-010c684b28e5a5876@eu-central-1a@dxedge-app-eu-central-1-prod-asg
Strict-Transport-Security: max-age=2592000; includeSubDomains
Location: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=ljuiJqpp1Nl1mn5&gdpr=1
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

crum
dsum-sec.casalemedia.com/ Frame 3031
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=15&redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Fcrum%3Fcm_dsp_id%3D3%26external_user_id%3D%5BMM_UUID%5D&gdpr=1
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=3&external_user_id=d89e620f-81b6-4800-98f1-89cc01062d5d&gdpr=1&gdpr_consent=

43 B
1 KB

69ms
68ms

Image
image/gif

2.21.141.232
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=3&external_user_id=d89e620f-81b6-4800-98f1-89cc01062d5d&gdpr=1&gdpr_consent=
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https://threatpost.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol: HTTP/1.1
Server: 2.21.141.232 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-21-141-232.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 18 Feb 2022 11:23:35 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 18 Feb 2022 11:23:35 GMT

Redirect headers

Date: Fri, 18 Feb 2022 11:23:35 GMT
Server: MT3 4133 baa842e master zrh-pixel-x1 config:1.0.0
Access-Control-Allow-Origin: *
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=3&external_user_id=d89e620f-81b6-4800-98f1-89cc01062d5d&gdpr=1&gdpr_consent=
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Fri, 18 Feb 2022 11:23:34 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 3031
Redirect Chain

https://pixel.quantserve.com/pixel/p-Z8PuJEk6U7Hyq.gif?idmatch=0&gdpr=1
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=81&&external_user_id=D60-QwGubBcU_DpDAf4jQAunORwUr2xACqoU5OeV

43 B
1 KB

70ms
69ms

Image
image/gif

2.21.141.232
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=81&&external_user_id=D60-QwGubBcU_DpDAf4jQAunORwUr2xACqoU5OeV
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https://threatpost.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol: HTTP/1.1
Server: 2.21.141.232 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-21-141-232.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 18 Feb 2022 11:23:35 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 18 Feb 2022 11:23:35 GMT

Redirect headers

pragma: no-cache
date: Fri, 18 Feb 2022 11:23:35 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=81&&external_user_id=D60-QwGubBcU_DpDAf4jQAunORwUr2xACqoU5OeV
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 0
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2

204

no_match_opted_out
um.simpli.fi/ Frame 3031
Redirect Chain

https://um.simpli.fi/pm_match?https://dsum-sec.casalemedia.com/crum?cm_dsp_id=90&external_user_id=$UID&gdpr=1
https://um.simpli.fi/no_match_opted_out

0
272 B

51ms
51ms

Image
text/plain

169.50.137.184
SOFTLAYER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://um.simpli.fi/no_match_opted_out

Requested by

Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https://threatpost.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1

Protocol

Server

169.50.137.184 , United States, ASN36351 (SOFTLAYER, US),

Reverse DNS

b8.89.32a9.ip4.static.sl-reverse.com

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

access-control-allow-origin: *
date: Fri, 18 Feb 2022 11:23:35 GMT
x-content-type-options: nosniff
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
strict-transport-security: max-age=63072000; includeSubdomains; preload
access-control-allow-methods: GET, POST, OPTIONS

Redirect headers

date: Fri, 18 Feb 2022 11:23:35 GMT
x-content-type-options: nosniff
server: nginx
location: /no_match_opted_out
strict-transport-security: max-age=63072000; includeSubdomains; preload
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 138
expires: Thu, 17 Feb 2022 11:23:35 GMT

GET
H/1.1 200
OK htw-pixel.gif
js-sec.indexww.com/ht/ Frame 3031 43 B
425 B 57ms
55ms Image
image/gif 2.21.141.232
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://js-sec.indexww.com/ht/htw-pixel.gif?Yg.Btm2geTWNEjXPGDdxGQAA%26211
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https://threatpost.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.21.141.232 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-21-141-232.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Fri, 18 Feb 2022 11:23:35 GMT
Last-Modified: Tue, 24 Jan 2017 19:36:04 GMT
Server: Apache
ETag: "da1f1d-2b-546dc3a097100"
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=2798
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 18 Feb 2022 12:10:13 GMT

GET
H3 200 pixel
cm.g.doubleclick.net/ Frame 2FF9 170 B
188 B 65ms
65ms Image
image/png 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=Yg-Btm2geTWNEjXPGDdxGwAAANMAAAIB&gdpr_consent=&us_privacy=&gdpr=1

Requested by

Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https://threatpost.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 18 Feb 2022 11:23:35 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 casale
match.adsrvr.org/track/cmf/ Frame 2FF9 70 B
264 B 56ms
56ms Image
image/gif 15.197.193.217
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/casale?gdpr=1
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https://threatpost.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 15.197.193.217 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a12b7a488abeaa9e4.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 18 Feb 2022 11:23:35 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H/1.1

200
OK

dcm
s.amazon-adsystem.com/ Frame 2FF9
Redirect Chain

https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=Yg-Btm2geTWNEjXPGDdxGwAAANMAAAIB
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=Yg-Btm2geTWNEjXPGDdxGwAAANMAAAIB&dcc=t

43 B
645 B

141ms
141ms

Image
image/gif

52.46.154.242
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=Yg-Btm2geTWNEjXPGDdxGwAAANMAAAIB&dcc=t

Requested by

Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https://threatpost.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1

Protocol

HTTP/1.1

Server

52.46.154.242 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 18 Feb 2022 11:23:35 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: CC4V0KV9K7V2W07TTF0Z
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Fri, 18 Feb 2022 11:23:35 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: 535K22E2XS0N2T6ZA45P
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location: https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=Yg-Btm2geTWNEjXPGDdxGwAAANMAAAIB&dcc=t
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 400
Request failed due to privacy signals getuid
secure.adnxs.com/ Frame 2FF9 0
0 165ms
56ms Image
text/html 37.252.172.36
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure.adnxs.com/getuid?https://dsum-sec.casalemedia.com/crum?cm_dsp_id=46&external_user_id=$UID&gdpr=1
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https://threatpost.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 37.252.172.36 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS: 692.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

GET
H2 204 sync
ups.analytics.yahoo.com/ups/55940/ Frame 2FF9 0
38 B 63ms
62ms Image
text/plain 3.126.56.137
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ups.analytics.yahoo.com/ups/55940/sync?_origin=1&redir2=true&uid=Yg-Btm2geTWNEjXPGDdxGwAAANMAAAIB&gdpr_consent=&us_privacy=&gdpr=1

Requested by

Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https://threatpost.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

3.126.56.137 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-126-56-137.eu-central-1.compute.amazonaws.com

Software

ATS/9.1.0.33 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 18 Feb 2022 11:23:35 GMT
server: ATS/9.1.0.33
age: 0
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H/1.1

200
OK

crum
dsum-sec.casalemedia.com/ Frame 2FF9
Redirect Chain

https://p.rfihub.com/cm?in=1&pub=2079&gdpr=1
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=57&external_user_id=5134455420404798272

43 B
1 KB

87ms
87ms

Image
image/gif

2.21.141.232
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=57&external_user_id=5134455420404798272
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https://threatpost.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol: HTTP/1.1
Server: 2.21.141.232 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-21-141-232.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 18 Feb 2022 11:23:35 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 18 Feb 2022 11:23:35 GMT

Redirect headers

Location: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=57&external_user_id=5134455420404798272
Date: Fri, 18 Feb 2022 11:23:35 GMT
Server: Jetty(9.3.29.v20201019)
Content-Length: 0
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H/1.1 200
OK CookieIndex
rtb.adentifi.com/ Frame 2FF9 0
88 B 664ms
131ms Image
text/plain 52.87.64.174
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.adentifi.com/CookieIndex
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https://threatpost.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.87.64.174 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-87-64-174.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Connection: keep-alive
Content-Length: 0
Content-Type: text/plain

GET
H/1.1 200
OK htw-pixel.gif
js-sec.indexww.com/ht/ Frame 2FF9 43 B
425 B 56ms
55ms Image
image/gif 2.21.141.232
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://js-sec.indexww.com/ht/htw-pixel.gif?Yg.Btm2geTWNEjXPGDdxGwAA%26211
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https://threatpost.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.21.141.232 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-21-141-232.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Fri, 18 Feb 2022 11:23:35 GMT
Last-Modified: Tue, 24 Jan 2017 19:36:04 GMT
Server: Apache
ETag: "da1f1d-2b-546dc3a097100"
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=2798
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 18 Feb 2022 12:10:13 GMT

GET
H2

200

cs&eq_cc=1 Show response
um2.eqads.com/um/ Frame 56D3
Redirect Chain

https://um2.eqads.com/um/cs
https://um2.eqads.com/um/cs&eq_cc=1

186 B
370 B

132ms
132ms

Document
text/html

52.204.231.109
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://um2.eqads.com/um/cs&eq_cc=1
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https://threatpost.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.204.231.109 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-204-231-109.compute-1.amazonaws.com
Software: /
Resource Hash: d9d82efa1ccb8bb290386e6f2e3da0add4b65373e20c08f3d1b3da6ffe661037

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://ssum-sec.casalemedia.com/

Response headers

date: Fri, 18 Feb 2022 11:23:35 GMT
content-type: text/html; charset=utf-8
content-length: 186
cache-control: no-cache, must-revalidate
expires: Sat, 6 May 1995 12:00:00 GMT
last-modified: Fri, 18 Feb 2022 11:23:35 GMT
pragma: no-cache

Redirect headers

date: Fri, 18 Feb 2022 11:23:35 GMT
content-type: text/html; charset=utf-8
content-length: 41
location: /um/cs&eq_cc=1

POST
H2 204 avw.gif Show response
c.4dex.io/ 0
254 B 196ms
73ms XHR
text/plain 34.95.81.22
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://c.4dex.io/avw.gif?adu_code=div-gpt-ad-6794670-2&evt=vsbl&pv_id=79e71219-5e1e-483e-a965-6cd359b6ca85&adu_el_id=div-gpt-ad-6794670-2&v=0&tz_off=0&js_late=1&js_ts=1645183412539&size=970x250&pbjs_sizes=728x90%2C970x250%2C970x90&is_pbjs_size=1&is_iab_size=1&msrbl=1&adu_exp=2496&pg_durat=4878&pg_paused=0&pg_exp=4878&vsbl=1&adsrv_vsbl=0&adsrv_att_delta=0&clk_time=&reset=0&adsrv_adu_exp=493&navs_ts=1645183408725&trgr_ts=1645183413981&init_ts=1645183413982&start_ts=1645183413983&reset_ts=&vsbl_ts=1645183416202&adsrv_vsbl_ts=&auct_id=d5023f56-c9e0-4ead-b23c-62a7e2adad09&featv=_&pg_dims=1600x7512&vp_dims=1600x1200&u_ts=1645183412&dom_l=659&pn=1&adu_pos=800x8&dvc=2&os=windows&brwsr=chrome&url=https%3A%2F%2Fthreatpost.com%2Fandroid-malware-flytrap-facebook%2F168463%2F&sess_lngth=1&avg_sess_lngth=1&sess_cnt=1&rfr_fqdn=&prv_pgtyp=null&cat=&env=desktop&org_id=1094&pgtyp=&plcmt=ThreatPost-970x250-ATF&site=threatpost&subcat=&adsrv=dfp&adsrv_advrt_id=5024569374&adsrv_cmpgn_id=2910902386&adsrv_crea_id=&adsrv_empty=0&adsrv_lnitem_id=&adsrv_size=970x250&adgjsv=1.13.16
Requested by: Host: threatpost.com
URL: https://threatpost.com/android-malware-flytrap-facebook/168463/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.95.81.22 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 22.81.95.34.bc.googleusercontent.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 18 Feb 2022 11:23:35 GMT
via: 1.1 google
server: nginx
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: -1

GET
H3 200 activeview
pagead2.googlesyndication.com/pcs/ Frame 51D0 42 B
64 B 95ms
94ms Image
image/gif 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsu1-rNyy_IOhFCIUIja8RIai8egZ04jM075nuxYl6i2RzelQCPHNtp1FVcnb0iC14SXhj4r73KzH6_UzbhDFhOiJ3cdBUwGRFMqwi3G0t8pTwovjxk&sai=AMfl-YReKLSU8Zvc0XP_POXxGeXmWDcDBkGdM-FWoqYCGzRDjwpUlc3rszH1A4LxdlHs7NBpmAbYQqDqKVY49mhGPZWQCSclkc7iQa2jWAktGLno66IKqgS5Ehrd3p-Vl2yN&sig=Cg0ArKJSzDjTOk6oKvjtEAE&id=ampim&o=315,8&d=970,250&ss=1600,1200&bs=1600,1200&mcvt=1000&mtos=0,0,0,1000,1000&tos=0,0,0,1000,0&tfs=2483&tls=3483&g=100&h=100&tt=3484&r=v&avms=ampa&uap=&uapv=&uaa=&uam=&uafv=&uab=&adk=4166723991

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 18 Feb 2022 11:23:35 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 avw.gif Show response
c.4dex.io/ 0
16 B 119ms
62ms XHR
text/plain 34.95.81.22
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://c.4dex.io/avw.gif?adu_code=div-gpt-ad-6794670-3&evt=vsbl_actvw&pv_id=79e71219-5e1e-483e-a965-6cd359b6ca85&adu_el_id=div-gpt-ad-6794670-3&v=0&tz_off=0&js_late=1&js_ts=1645183412539&size=300x250&pbjs_sizes=300x250%2C336x280&is_pbjs_size=1&is_iab_size=1&msrbl=1&adu_exp=2623&pg_durat=5297&pg_paused=0&pg_exp=5297&vsbl=1&adsrv_vsbl=1&adsrv_att_delta=1523&clk_time=&reset=0&adsrv_adu_exp=1034&navs_ts=1645183408725&trgr_ts=1645183414402&init_ts=1645183414402&start_ts=1645183414402&reset_ts=&vsbl_ts=1645183416272&adsrv_vsbl_ts=1645183417288&auct_id=d5023f56-c9e0-4ead-b23c-62a7e2adad09&featv=_&pg_dims=1600x7512&vp_dims=1600x1200&u_ts=1645183412&dom_l=659&pn=1&adu_pos=1232x166&dvc=2&os=windows&brwsr=chrome&url=https%3A%2F%2Fthreatpost.com%2Fandroid-malware-flytrap-facebook%2F168463%2F&sess_lngth=1&avg_sess_lngth=1&sess_cnt=1&rfr_fqdn=&prv_pgtyp=null&cat=&env=desktop&org_id=1094&pgtyp=&plcmt=ThreatPost-300x250-ATF&site=threatpost&subcat=&adsrv=dfp&adsrv_advrt_id=5024569374&adsrv_cmpgn_id=2910902386&adsrv_crea_id=&adsrv_empty=0&adsrv_lnitem_id=&adsrv_size=300x250&adgjsv=1.13.16
Requested by: Host: threatpost.com
URL: https://threatpost.com/android-malware-flytrap-facebook/168463/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.95.81.22 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 22.81.95.34.bc.googleusercontent.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 18 Feb 2022 11:23:35 GMT
via: 1.1 google
server: nginx
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: -1

POST
H3 204 avw.gif Show response
c.4dex.io/ 0
16 B 116ms
61ms XHR
text/plain 34.95.81.22
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://c.4dex.io/avw.gif?adu_code=div-gpt-ad-6794670-5&evt=start&pv_id=79e71219-5e1e-483e-a965-6cd359b6ca85&adu_el_id=div-gpt-ad-6794670-5&v=0&tz_off=0&js_late=1&js_ts=1645183412539&size=300x600&pbjs_sizes=300x250%2C300x600&is_pbjs_size=1&is_iab_size=1&msrbl=1&adu_exp=0&pg_durat=5299&pg_paused=0&pg_exp=5299&vsbl=0&adsrv_vsbl=0&adsrv_att_delta=0&clk_time=&reset=0&adsrv_adu_exp=0&navs_ts=1645183408725&trgr_ts=1645183414403&init_ts=1645183414403&start_ts=1645183414403&reset_ts=&vsbl_ts=&adsrv_vsbl_ts=&auct_id=d5023f56-c9e0-4ead-b23c-62a7e2adad09&featv=_&pg_dims=1600x7512&vp_dims=1600x1200&u_ts=1645183412&dom_l=659&pn=1&adu_pos=1232x1185&dvc=2&os=windows&brwsr=chrome&url=https%3A%2F%2Fthreatpost.com%2Fandroid-malware-flytrap-facebook%2F168463%2F&sess_lngth=1&avg_sess_lngth=1&sess_cnt=1&rfr_fqdn=&prv_pgtyp=null&cat=&env=desktop&org_id=1094&pgtyp=&plcmt=ThreatPost-300x600-ATF&site=threatpost&subcat=&adsrv=dfp&adsrv_advrt_id=5024569374&adsrv_cmpgn_id=2910902386&adsrv_crea_id=&adsrv_empty=0&adsrv_lnitem_id=&adsrv_size=300x600&adgjsv=1.13.16
Requested by: Host: threatpost.com
URL: https://threatpost.com/android-malware-flytrap-facebook/168463/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.95.81.22 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 22.81.95.34.bc.googleusercontent.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 18 Feb 2022 11:23:35 GMT
via: 1.1 google
server: nginx
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: -1

GET
H3 200 activeview
pagead2.googlesyndication.com/pcs/ Frame BD0B 42 B
64 B 89ms
88ms Image
image/gif 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstZzHSfhIFGx9cEnoYydpiATdLYa908B2DtMvBSYqYFSxrfKSePBECPRG3QqukUAAUROy-gm8Su6MEmrW-YkkTTUsZYTyceflZa57eIhQDm4WgMqrg&sai=AMfl-YTzq0MHD8I4i04ALux7lFz3PQ-kE-ZYmbsJU5Kmf4NS86dLd17OQynKdy3rkp3F2wvgUpPZgY4f9CV-OqMwc_xvDkuXNxVBN4GwvMoI681icXn96qXgLS9plR-gcu9E&sig=Cg0ArKJSzJ9e5wv6_KdIEAE&id=ampim&o=1082,416&d=300,250&ss=1600,1200&bs=1600,1200&mcvt=1013&mtos=0,0,1013,1013,1013&tos=0,0,1013,0,0&tfs=2475&tls=3488&g=100&h=100&tt=3488&r=v&avms=ampa&uap=&uapv=&uaa=&uam=&uafv=&uab=&adk=1414505084

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 18 Feb 2022 11:23:35 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK crum
dsum-sec.casalemedia.com/ Frame 56D3 43 B
1 KB 70ms
70ms Image
image/gif 2.21.141.232
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=40&external_user_id=0784961f-155b-4613-a490-0fddf48b3f81&expiration=1652873015
Requested by: Host: um2.eqads.com
URL: https://um2.eqads.com/um/cs&eq_cc=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.21.141.232 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-21-141-232.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://um2.eqads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 18 Feb 2022 11:23:35 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 18 Feb 2022 11:23:35 GMT

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame E40C 0
731 B 59ms
59ms Script
text/html 185.33.221.53
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.53 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

718.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 18 Feb 2022 11:23:35 GMT
X-Proxy-Origin: 82.199.130.39; 82.199.130.39; 718.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 47e0076b-2c4b-48b0-a145-52173c9b046e
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame B9F2 0
731 B 64ms
64ms Script
text/html 185.33.221.53
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.53 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

718.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 18 Feb 2022 11:23:35 GMT
X-Proxy-Origin: 82.199.130.39; 82.199.130.39; 718.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: b8445e1a-7f7e-4607-b66d-5b07c235a92c
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK usync.html Show response
eus.rubiconproject.com/ Frame C72C 281 B
554 B 191ms
56ms Document
text/html 104.92.74.8
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.92.74.8 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-92-74-8.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://threatpost.com/

Response headers

Server: Apache/2.2.15 (CentOS)
Last-Modified: Tue, 14 Dec 2021 23:07:59 GMT
ETag: "402b2-119-5d32342a551c0"
Accept-Ranges: bytes
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Fri, 18 Feb 2022 11:23:36 GMT
Connection: keep-alive
Vary: Accept-Encoding

GET
H2

200

sync Show response
eb2.3lift.com/ Frame B4C0
Redirect Chain

https://eb2.3lift.com/sync?
https://eb2.3lift.com/sync?&ld=1

1 KB
1 KB

59ms
58ms

Document
text/html

76.223.111.18
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://eb2.3lift.com/sync?&ld=1
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 76.223.111.18 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a0f671730127a0812.awsglobalaccelerator.com
Software: /
Resource Hash: 902b402dbc78046ab83bd270acae784ec3bb3cf4867fd01eff09c7b434002f3f

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://threatpost.com/

Response headers

date: Fri, 18 Feb 2022 11:23:36 GMT
content-type: text/html; charset=utf-8
content-length: 460
content-encoding: gzip
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
cache-control: no-cache, no-store, must-revalidate

Redirect headers

date: Fri, 18 Feb 2022 11:23:36 GMT
content-length: 0
location: /sync?&ld=1
cache-control: no-cache, no-store, must-revalidate
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame 3CC1 15 KB
6 KB 58ms
58ms Document
text/html 2.21.141.175
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156858&gdpr=0&gdpr_consent=
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.21.141.175 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-21-141-175.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://threatpost.com/

Response headers

last-modified: Tue, 01 Feb 2022 06:38:00 GMT
etag: "1300708-3de4-5d6ef246ef4cf"
server: Apache/2.2.15 (CentOS)
accept-ranges: bytes
content-encoding: gzip
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 5549
content-type: text/html; charset=UTF-8
cache-control: max-age=86797
expires: Sat, 19 Feb 2022 11:30:13 GMT
date: Fri, 18 Feb 2022 11:23:36 GMT
vary: Accept-Encoding

GET
H/1.1 200
OK async_usersync.html Show response
acdn.adnxs.com/dmp/ Frame 58FB 52 KB
17 KB 55ms
54ms Document
text/html 151.101.193.108
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.193.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://threatpost.com/

Response headers

Connection: keep-alive
Content-Length: 17053
Server: nginx/1.18.0 (Ubuntu)
Content-Type: text/html
Last-Modified: Wed, 02 Dec 2020 20:56:47 GMT
ETag: W/"5fc7ff8f-cf34"
Expires: Thu, 17 Feb 2022 04:03:24 GMT
Cache-Control: max-age=86402
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Via: 1.1 varnish, 1.1 varnish
Accept-Ranges: bytes
Date: Fri, 18 Feb 2022 11:23:36 GMT
Age: 26409
X-Served-By: cache-lga21975-LGA, cache-hhn4073-HHN
X-Cache: HIT, HIT
X-Cache-Hits: 1, 435325
X-Timer: S1645183416.385784,VS0,VE0
Vary: Accept-Encoding

GET
H/1.1 204
No Content beacon
ap.lijit.com/ Frame 19D8 0
0 59ms
58ms Document
text/plain 72.251.249.13
VOXEL-DOT-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://ap.lijit.com/beacon?informer=13394437
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 72.251.249.13 Amsterdam, Netherlands, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software: nginx / raptor
Resource Hash

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://threatpost.com/

Response headers

Server: nginx
Date: Fri, 18 Feb 2022 11:23:36 GMT
Expires: Fri, 20 Mar 2009 00:00:00 GMT
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
Pragma: no-cache
P3P: CP="CUR ADM OUR NOR STA NID"
X-Powered-By: raptor
X-Sovrn-Pod: ad_ap2ams1

GET
H3 200 pd Show response
eu-u.openx.net/w/1.0/ Frame 259F 542 B
358 B 65ms
64ms Document
text/html 34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=e1b1f5e1-3c2c-4287-9806-317cfbf3bd12&gdpr=0
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/17.1.0 /
Resource Hash: 46bae92b50647e11665bd7d647cb80f5e3e6f35c9f594240a3dd2875c6323aac

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://threatpost.com/

Response headers

vary: Accept, Accept-Encoding
server: OXGW/17.1.0
p3p: CP="CUR ADM OUR NOR STA NID"
date: Fri, 18 Feb 2022 11:23:36 GMT
content-type: text/html
content-length: 339
content-encoding: gzip
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H/1.1

200
OK

2000891.html Show response
serverbid-sync.nyc3.cdn.digitaloceanspaces.com/ss/ Frame 1C11
Redirect Chain

https://sync.serverbid.com/ss/2000891.html
https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/ss/2000891.html

5 KB
5 KB

221ms
53ms

Document
text/html

205.185.216.42
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL

https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/ss/2000891.html

Requested by

Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

205.185.216.42 , United States, ASN20446 (HIGHWINDS3, US),

Reverse DNS

map2.hwcdn.net

Software

Resource Hash

f3d66b78ca0c93adf48dec8533da3c4db538cc648dc60e383d5fd0b666859206

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://threatpost.com/

Response headers

Date: Fri, 18 Feb 2022 11:23:36 GMT
Connection: Keep-Alive
Cache-Control: max-age=26041
Content-Length: 4947
Content-Type: text/html
Last-Modified: Wed, 20 Nov 2019 20:29:05 GMT
Accept-Ranges: bytes
etag: "1b0ebac83fe30af80513039edbdf566f"
x-amz-request-id: tx00000000000001f1e8810-00620e95f1-ef451db-nyc3a
strict-transport-security: max-age=15552000; includeSubDomains; preload
age: 435
x-rgw-object-type: Normal
Vary: Access-Control-Request-Headers,Access-Control-Request-Method,Origin
X-HW: 1645183416.dop142.am5.t,1645183416.cds129.am5.shn,1645183416.dop142.am5.t,1645183416.cds277.am5.c

Redirect headers

content-length: 0
location: https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/ss/2000891.html
cache-control: no-cache

GET
H2 200 sync.html Show response
public.servenobid.com/ Frame C9BB 8 KB
4 KB 412ms
58ms Document
text/html 2620:1ec:bdf::69
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://public.servenobid.com/sync.html
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:bdf::69 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: bbfd30e5fd2bd475d319b5b55ab61469966d1517b703f9bd830a6f3207387c27

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://threatpost.com/

Response headers

cache-control: max-age=86400
content-type: text/html
content-encoding: br
last-modified: Wed, 15 Dec 2021 19:31:35 GMT
accept-ranges: bytes
etag: "32347ab14bd5257f1f3d2e210ba82276"
server: AmazonS3
x-cache: TCP_HIT
x-amz-id-2: 5JIOJTEVVOZDB9pdq4nd7pEtvkrH7ND3EYstsZKJBkMTagNi/Y9VFHT0UhrO9xe/wEG9TbSQevQ=
x-amz-request-id: HGRVBVDBK4PVDGPN
x-amz-meta-codebuild-content-sha256: 8644b4f52d5a37b8f0b84f0bbcfa66f9e0f7f97407e4d25c13a055f86b22baed
x-amz-meta-codebuild-buildarn: arn:aws:codebuild:us-east-1:559734745816:build/adserver-public-prod:0897103a-6355-4b89-92f6-53a82b1da700
x-amz-meta-codebuild-content-md5: 276cf0a41034befc9a603617ae1a1731
x-azure-ref-originshield: 0ti4PYgAAAAAusrGCEv/DRIsITB9rPgFPQU1TMDRFREdFMTkyMAA4NGU3ZGZhMi0xNDQyLTQzMzQtYjM0Zi1lNDJkM2Y3ZGRhZDk=
x-azure-ref: 0uIEPYgAAAABJ8DBkr/H1Q7Ga08TuR+feRlJBMzFFREdFMDMwOQA4NGU3ZGZhMi0xNDQyLTQzMzQtYjM0Zi1lNDJkM2Y3ZGRhZDk=
date: Fri, 18 Feb 2022 11:23:35 GMT

GET
H/1.1 200
OK ixmatch.html Show response
js-sec.indexww.com/um/ Frame DE62 2 KB
1 KB 56ms
56ms Document
text/html 2.21.141.232
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://js-sec.indexww.com/um/ixmatch.html
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.21.141.232 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-21-141-232.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 7eca7977c6ade416c20775a7fd7cfa2291c5752cd1225d5c4342b057c37a000c

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://threatpost.com/

Response headers

Server: Apache
Last-Modified: Thu, 11 Feb 2021 16:12:45 GMT
ETag: "e20015-90b-5bb11ca420f07"
Accept-Ranges: bytes
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1151
Date: Fri, 18 Feb 2022 11:23:36 GMT
Connection: keep-alive

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame 58FB 0
731 B 116ms
116ms Script
text/html 185.33.221.53
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.53 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

718.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 18 Feb 2022 11:23:36 GMT
X-Proxy-Origin: 82.199.130.39; 82.199.130.39; 718.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: d5cdbddf-07ea-4c9c-b833-5e6a040d3985
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 dds
rtb.openx.net/sync/ Frame 259F 43 B
351 B 187ms
66ms Image
image/gif 35.186.253.211
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.openx.net/sync/dds
Requested by: Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=e1b1f5e1-3c2c-4287-9806-317cfbf3bd12&gdpr=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.186.253.211 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 211.253.186.35.bc.googleusercontent.com
Software: Cowboy /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://eu-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 18 Feb 2022 11:23:36 GMT
via: 1.1 google
server: Cowboy
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: null
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
x-request-id: a7flrbic7vhhhdim84i72j0tverk6i24

GET
H2 200 d6364b3c-fd8d-e3e4-d431-1be2f3f75d98
pr-bh.ybp.yahoo.com/sync/openx/ Frame 259F 43 B
995 B 59ms
59ms Image
image/gif 2a05:d018:d29:3601:48c:2850:f91f:4df0
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pr-bh.ybp.yahoo.com/sync/openx/d6364b3c-fd8d-e3e4-d431-1be2f3f75d98?gdpr=0

Requested by

Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=e1b1f5e1-3c2c-4287-9806-317cfbf3bd12&gdpr=0

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a05:d018:d29:3601:48c:2850:f91f:4df0 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

ATS /

Resource Hash

48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://eu-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 18 Feb 2022 11:23:36 GMT
referrer-policy: strict-origin-when-cross-origin
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=31536000
content-type: image/gif
x-xss-protection: 1; mode=block
content-length: 43
x-content-type-options: nosniff

GET
H3

200

sd
eu-u.openx.net/w/1.0/ Frame 259F
Redirect Chain

https://pm.w55c.net/ping_match.gif?ei=OPENX&rurl=https%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537072979%26val%3D_wfivefivec_
https://eu-u.openx.net/w/1.0/sd?id=537072979&val=ljuiJqpp1Nl1mn5

43 B
61 B

66ms
65ms

Image
image/gif

34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eu-u.openx.net/w/1.0/sd?id=537072979&val=ljuiJqpp1Nl1mn5
Requested by: Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=e1b1f5e1-3c2c-4287-9806-317cfbf3bd12&gdpr=0
Protocol: H3
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/17.1.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://eu-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 18 Feb 2022 11:23:36 GMT
via: 1.1 google
server: OXGW/17.1.0
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Fri, 18 Feb 2022 11:23:35 GMT
Server: PingMatch/v2.0.30-706-g7d26040#rel-ec2-master i-040f9919795ded990@eu-central-1b@dxedge-app-eu-central-1-prod-asg
Strict-Transport-Security: max-age=2592000; includeSubDomains
Location: https://eu-u.openx.net/w/1.0/sd?id=537072979&val=ljuiJqpp1Nl1mn5
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

sd
us-u.openx.net/w/1.0/ Frame 259F
Redirect Chain

https://x.bidswitch.net/sync?ssp=openx
https://x.bidswitch.net/ul_cb/sync?ssp=openx
https://ads.creative-serving.com/bsw_sync?bidswitch_ssp_id=openx&bsw_custom_parameter=d4e8f76e-a84d-46fd-9470-9fe19a023459
https://ads.creative-serving.com/ul_cb/bsw_sync?bidswitch_ssp_id=openx&bsw_custom_parameter=d4e8f76e-a84d-46fd-9470-9fe19a023459
https://x.bidswitch.net/sync?dsp_id=4&user_id=4b34a6c7-fbab-4492-968f-470d650e9ff7&ssp=openx&expires=30&user_group=5&bsw_param=d4e8f76e-a84d-46fd-9470-9fe19a023459
https://us-u.openx.net/w/1.0/sd?id=537072968&val=d4e8f76e-a84d-46fd-9470-9fe19a023459

43 B
61 B

64ms
64ms

Image
image/gif

34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072968&val=d4e8f76e-a84d-46fd-9470-9fe19a023459
Requested by: Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=e1b1f5e1-3c2c-4287-9806-317cfbf3bd12&gdpr=0
Protocol: H3
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/17.1.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://eu-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 18 Feb 2022 11:23:37 GMT
via: 1.1 google
server: OXGW/17.1.0
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

Location: //us-u.openx.net/w/1.0/sd?id=537072968&val=d4e8f76e-a84d-46fd-9470-9fe19a023459
Date: Fri, 18 Feb 2022 11:23:37 GMT
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 0

GET
H3

200

sd
eu-u.openx.net/w/1.0/ Frame 259F
Redirect Chain

https://ib.adnxs.com/getuid?https://eu-u.openx.net/w/1.0/sd?id=537072399&val=$UID
https://eu-u.openx.net/w/1.0/sd?id=537072399&val=1909263020753827595

43 B
61 B

65ms
64ms

Image
image/gif

34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eu-u.openx.net/w/1.0/sd?id=537072399&val=1909263020753827595
Requested by: Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=e1b1f5e1-3c2c-4287-9806-317cfbf3bd12&gdpr=0
Protocol: H3
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/17.1.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://eu-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 18 Feb 2022 11:23:36 GMT
via: 1.1 google
server: OXGW/17.1.0
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Fri, 18 Feb 2022 11:23:36 GMT
X-Proxy-Origin: 82.199.130.39; 82.199.130.39; 718.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 1968e54b-e711-46be-9e6a-780229f19cb7
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://eu-u.openx.net/w/1.0/sd?id=537072399&val=1909263020753827595
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200
OK

adx
match.prod.bidr.io/cookie-sync/ Frame 259F
Redirect Chain

https://match.prod.bidr.io/cookie-sync/ox
https://match.prod.bidr.io/cookie-sync/ox?_bee_ppp=1
https://cm.g.doubleclick.net/pixel?google_nid=beeswaxio&google_sc=&google_hm=QUFFYk1VN0VId01BQUhZMG1LR0JSZw&bee_sync_partners=pm%2Cpp%2Csas%2Cox&bee_sync_current_partner=adx&bee_sync_initiator=ox&b...
https://match.prod.bidr.io/cookie-sync/adx?bee_sync_partners=pm%2Cpp%2Csas%2Cox&bee_sync_current_partner=adx&bee_sync_initiator=ox&bee_sync_hop_count=1

43 B
430 B

56ms
55ms

Image
image/gif

52.30.16.91
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://match.prod.bidr.io/cookie-sync/adx?bee_sync_partners=pm%2Cpp%2Csas%2Cox&bee_sync_current_partner=adx&bee_sync_initiator=ox&bee_sync_hop_count=1

Requested by

Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=e1b1f5e1-3c2c-4287-9806-317cfbf3bd12&gdpr=0

Protocol

HTTP/1.1

Server

52.30.16.91 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-30-16-91.eu-west-1.compute.amazonaws.com

Software

nginx /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://eu-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
Date: Fri, 18 Feb 2022 11:23:36 GMT
Server: nginx
strict-transport-security: max-age=2592000; includeSubDomains
p3p: CP="This is not a P3P policy! See https://beeswax.com/privacy for more info."
cache-control: no-cache, must-revalidate
Connection: keep-alive
content-type: image/gif
Content-Length: 43
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 18 Feb 2022 11:23:36 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://match.prod.bidr.io/cookie-sync/adx?bee_sync_partners=pm%2Cpp%2Csas%2Cox&bee_sync_current_partner=adx&bee_sync_initiator=ox&bee_sync_hop_count=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 360
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK usermatch Show response
ssum-sec.casalemedia.com/ Frame D503 2 KB
3 KB 73ms
73ms Document
text/html 2.21.141.232
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ssum-sec.casalemedia.com/usermatch?d=https://threatpost.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Requested by: Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/um/ixmatch.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.21.141.232 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-21-141-232.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 1fd881c2cb205556cf1c8618e6211fd29c73c6079b19a2f394010b636a6afbd7

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://js-sec.indexww.com/

Response headers

Server: Apache
Content-Type: text/html
Dropped-Udsids: 46|206|4|88|8|81|13|190
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Vary: Is-Traffic-Usersync
Expires: Fri, 18 Feb 2022 11:23:36 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Fri, 18 Feb 2022 11:23:36 GMT
Content-Length: 1652
Connection: keep-alive

GET
H/1.1 400
Request failed due to privacy signals getuid
secure.adnxs.com/ Frame D503 0
0 170ms
63ms Image
text/html 37.252.172.36
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure.adnxs.com/getuid?https://dsum-sec.casalemedia.com/crum?cm_dsp_id=46&external_user_id=$UID&gdpr=1
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https://threatpost.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 37.252.172.36 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS: 692.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

GET
H2 204 sync
ups.analytics.yahoo.com/ups/55940/ Frame D503 0
38 B 65ms
65ms Image
text/plain 3.126.56.137
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ups.analytics.yahoo.com/ups/55940/sync?_origin=1&redir2=true&uid=Yg-Btm2geTWNEjXPGDdxGQAAANMAAAAB&gdpr_consent=&us_privacy=&gdpr=1

Requested by

Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https://threatpost.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

3.126.56.137 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-126-56-137.eu-central-1.compute.amazonaws.com

Software

ATS/9.1.0.33 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 18 Feb 2022 11:23:36 GMT
server: ATS/9.1.0.33
age: 0
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame D503
Redirect Chain

https://ad.turn.com/r/cs?pid=21&gdpr=1
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=4&external_user_id=4083493531649227031

43 B
1 KB

72ms
72ms

Image
image/gif

2.21.141.232
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=4&external_user_id=4083493531649227031
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https://threatpost.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol: HTTP/1.1
Server: 2.21.141.232 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-21-141-232.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 18 Feb 2022 11:23:36 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 18 Feb 2022 11:23:36 GMT

Redirect headers

location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=4&external_user_id=4083493531649227031
pragma: no-cache
date: Fri, 18 Feb 2022 11:23:36 GMT
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length: 0
p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

GET
H2 200 ZMAwryCI
sync-tm.everesttech.net/upi/pid/ Frame D503 85 B
337 B 149ms
147ms Image
image/png 151.101.66.49
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync-tm.everesttech.net/upi/pid/ZMAwryCI?redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Frum%3Fcm_dsp_id%3D88%26external_user_id%3D%24%7BTM_USER_ID%7D&gdpr=1
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https://threatpost.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.66.49 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: Jetty(9.4.35.v20201120) /
Resource Hash: acccc501aa6afa3cfac15e8ddccf1561deed2ed08c2f7d652abbdbe9aa71609a

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 18 Feb 2022 11:23:36 GMT
via: 1.1 varnish
server: Jetty(9.4.35.v20201120)
x-timer: S1645183417.606534,VS0,VE92
x-served-by: cache-hhn4036-HHN
x-cache: MISS
p3p: CP="NOI DSP COR LAW PSAo PSDo IVAo IVDo OUR BUS UNI DEM"
access-control-allow-origin: *
cache-control: no-cache
accept-ranges: bytes
content-type: image/png
content-length: 85
x-cache-hits: 0

GET
H/1.1

200
OK

crum
dsum-sec.casalemedia.com/ Frame D503
Redirect Chain

https://beacon.lynx.cognitivlabs.com/ix.gif
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=8&external_user_id=da89cb42-7be6-4e21-810d-373f8d3b745a&expiration=1676719416

43 B
1 KB

93ms
87ms

Image
image/gif

2.21.141.232
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=8&external_user_id=da89cb42-7be6-4e21-810d-373f8d3b745a&expiration=1676719416
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https://threatpost.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol: HTTP/1.1
Server: 2.21.141.232 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-21-141-232.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 18 Feb 2022 11:23:37 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 18 Feb 2022 11:23:37 GMT

Redirect headers

location: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=8&external_user_id=da89cb42-7be6-4e21-810d-373f8d3b745a&expiration=1676719416
date: Fri, 18 Feb 2022 11:23:36 GMT
server: Kestrel
content-length: 0

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame D503
Redirect Chain

https://pixel.quantserve.com/pixel/p-Z8PuJEk6U7Hyq.gif?idmatch=0&gdpr=1
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=81&&external_user_id=D60-QwGubBcU_DpDAf4jQAunORwUr2xACqoU5OeV

43 B
1 KB

74ms
73ms

Image
image/gif

2.21.141.232
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=81&&external_user_id=D60-QwGubBcU_DpDAf4jQAunORwUr2xACqoU5OeV
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https://threatpost.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol: HTTP/1.1
Server: 2.21.141.232 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-21-141-232.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 18 Feb 2022 11:23:36 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 18 Feb 2022 11:23:36 GMT

Redirect headers

location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=81&&external_user_id=D60-QwGubBcU_DpDAf4jQAunORwUr2xACqoU5OeV
pragma: no-cache
date: Fri, 18 Feb 2022 11:23:36 GMT
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 0
strict-transport-security: max-age=86400
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H/1.1

200
OK

crum
dsum-sec.casalemedia.com/ Frame D503
Redirect Chain

https://sync.adotmob.com/cookie/indexexchange?r=https%3A%2F%2Fdsum-sec.casalemedia.com%2Fcrum%3Fcm_dsp_id%3D13%26external_user_id%3D%7bamob_user_id%7d%26expiration%3D%5bEXPIRATION%5d&gdpr=1
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=13&external_user_id=%7Bamob_user_id%7D&expiration=[EXPIRATION]&gdpr=1

43 B
1 KB

68ms
68ms

Image
image/gif

2.21.141.232
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=13&external_user_id=%7Bamob_user_id%7D&expiration=[EXPIRATION]&gdpr=1
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https://threatpost.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol: HTTP/1.1
Server: 2.21.141.232 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-21-141-232.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 18 Feb 2022 11:23:36 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 18 Feb 2022 11:23:36 GMT

Redirect headers

location: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=13&external_user_id=%7Bamob_user_id%7D&expiration=[EXPIRATION]&gdpr=1
date: Fri, 18 Feb 2022 11:23:36 GMT
access-control-allow-credentials: true
x-powered-by: Express
content-length: 0
vary: Origin
keep-alive: timeout=5

GET
H/1.1 400
Request failed due to privacy signals getuid
ib.adnxs.com/ Frame D503 0
0 78ms
77ms Image
text/html 185.33.221.53
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ib.adnxs.com/getuid?https://dsum.casalemedia.com/crum?cm_dsp_id=190&external_user_id=$UID&gdpr=1
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https://threatpost.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 185.33.221.53 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS: 718.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

GET
H/1.1 200
OK htw-pixel.gif
js-sec.indexww.com/ht/ Frame D503 43 B
425 B 67ms
65ms Image
image/gif 2.21.141.232
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://js-sec.indexww.com/ht/htw-pixel.gif?Yg.Btm2geTWNEjXPGDdxGQAA%26211
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https://threatpost.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.21.141.232 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-21-141-232.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Fri, 18 Feb 2022 11:23:36 GMT
Last-Modified: Tue, 24 Jan 2017 19:36:04 GMT
Server: Apache
ETag: "da1f1d-2b-546dc3a097100"
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=2797
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 18 Feb 2022 12:10:13 GMT

GET
H/1.1 200
OK usync.js Show response
eus.rubiconproject.com/ Frame C72C 33 KB
10 KB 56ms
56ms Script
text/html 104.92.74.8
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.92.74.8 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-92-74-8.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: 6f1424816e4caaa13b40a557235e6793eb119f067176f610c048b564e2cf80ed

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://eus.rubiconproject.com/usync.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Fri, 18 Feb 2022 11:23:36 GMT
Content-Encoding: gzip
Last-Modified: Wed, 16 Feb 2022 22:21:11 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control: max-age=9059
Connection: keep-alive
Content-Type: text/html; charset=UTF-8
Content-Length: 9757
Expires: Fri, 18 Feb 2022 13:54:35 GMT

GET
H2 200 generic
match.adsrvr.org/track/cmf/ Frame B4C0 70 B
264 B 57ms
57ms Image
image/gif 15.197.193.217
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/generic?ttd_pid=svx9t50&ttd_tpi=1&gdpr=1&gdpr_consent=
Requested by: Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?&ld=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 15.197.193.217 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a12b7a488abeaa9e4.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://eb2.3lift.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 18 Feb 2022 11:23:36 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H2

404

xuidmid=7976&xuid=s3eipnqfM&dongle=u6nf
eb2.3lift.com/ Frame B4C0
Redirect Chain

https://ad.mrtnsvr.com/sync/triplelift
https://eb2.3lift.com/xuidmid=7976&xuid=s3eipnqfM&dongle=u6nf

37 B
155 B

64ms
58ms

Image
image/gif

76.223.111.18
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eb2.3lift.com/xuidmid=7976&xuid=s3eipnqfM&dongle=u6nf
Requested by: Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?&ld=1
Protocol: H2
Server: 76.223.111.18 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a0f671730127a0812.awsglobalaccelerator.com
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://eb2.3lift.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 18 Feb 2022 11:23:36 GMT
cache-control: no-cache, no-store, must-revalidate
x-error: Not Found
content-length: 37
content-type: image/gif

Redirect headers

location: https://eb2.3lift.com/xuidmid=7976&xuid=s3eipnqfM&dongle=u6nf
date: Fri, 18 Feb 2022 11:23:36 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 92
vary: Origin
content-type: text/html; charset=utf-8

GET
H3 200 pixel
cm.g.doubleclick.net/ Frame B4C0 170 B
188 B 65ms
64ms Image
image/png 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=triplelift&google_cm&google_sc&gdpr=1&gdpr_consent=

Requested by

Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?&ld=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://eb2.3lift.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 18 Feb 2022 11:23:36 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame B4C0
Redirect Chain

https://eb2.3lift.com/sync/google/demand?sync=1&gdpr=1&gdpr_consent=
https://cm.g.doubleclick.net/pixel?google_nid=triplelift&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MTQ3ODE0NDY2Mjg3NzYxNDY0NTQ4NQ%3D%3D

170 B
188 B

67ms
66ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=triplelift&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MTQ3ODE0NDY2Mjg3NzYxNDY0NTQ4NQ%3D%3D

Requested by

Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?&ld=1

Protocol

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://eb2.3lift.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 18 Feb 2022 11:23:36 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=triplelift&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MTQ3ODE0NDY2Mjg3NzYxNDY0NTQ4NQ%3D%3D
date: Fri, 18 Feb 2022 11:23:36 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H2 200 setuid
px.ads.linkedin.com/ Frame B4C0 0
163 B 173ms
171ms Image
text/plain 2620:1ec:21::14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.ads.linkedin.com/setuid?partner=tripleliftdbredirect&tlUid=1478144662877614645485&dbredirect=true&gdpr=1&consent=
Requested by: Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?&ld=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://eb2.3lift.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 18 Feb 2022 11:23:36 GMT
x-li-pop: afd-prod-lva1-x
x-msedge-ref: Ref A: 1E280C001EB64BCD9CE6FB424CA17B76 Ref B: FRAEDGE1112 Ref C: 2022-02-18T11:23:36Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-lva1
x-li-proto: http/2
content-length: 0
x-li-uuid: AAXYSR0kFVV+83zaX7mWeg==

GET
H2

200

xuid
eb2.3lift.com/ Frame B4C0
Redirect Chain

https://pr-bh.ybp.yahoo.com/sync/triplelift/1478144662877614645485?gdpr=1&gdpr_consent=
https://eb2.3lift.com/xuid?mid=2662&xuid=y-w9IwM0pE2oRpD5uO73SpAHGbfOECf8ShXaQfu29csw--~A&dongle=0883

37 B
355 B

62ms
60ms

Image
image/gif

76.223.111.18
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eb2.3lift.com/xuid?mid=2662&xuid=y-w9IwM0pE2oRpD5uO73SpAHGbfOECf8ShXaQfu29csw--~A&dongle=0883
Requested by: Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?&ld=1
Protocol: H2
Server: 76.223.111.18 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a0f671730127a0812.awsglobalaccelerator.com
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://eb2.3lift.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 18 Feb 2022 11:23:36 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-length: 37
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

date: Fri, 18 Feb 2022 11:23:36 GMT
referrer-policy: strict-origin-when-cross-origin
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=31536000
location: https://eb2.3lift.com/xuid?mid=2662&xuid=y-w9IwM0pE2oRpD5uO73SpAHGbfOECf8ShXaQfu29csw--~A&dongle=0883
x-xss-protection: 1; mode=block
content-length: 0
x-content-type-options: nosniff

GET
H2 200 c.gif
c.bing.com/ Frame B4C0 42 B
594 B 213ms
78ms Image
image/gif 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.bing.com/c.gif?xid=1478144662877614645485&Red3=TLMS_pd
Requested by: Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?&ld=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: / ASP.NET
Resource Hash: 99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://eb2.3lift.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 18 Feb 2022 11:23:36 GMT
etag: "9ea1ae3587d81:0"
last-modified: Wed, 12 Jan 2022 02:05:35 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 87379C48B1C74A7EAA08835E4898DBDE Ref B: FRA31EDGE0508 Ref C: 2022-02-18T11:23:36Z
x-powered-by: ASP.NET
x-cache: CONFIG_NOCACHE
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control: private, no-cache, proxy-revalidate, no-store
accept-ranges: bytes
content-type: image/gif
content-length: 42

GET
H/1.1

200
OK

iu3
s.amazon-adsystem.com/ Frame B4C0
Redirect Chain

https://s.amazon-adsystem.com/x/757c0557066e95cfd4c7?gdpr=1&gdpr_consent=&uid=1478144662877614645485
https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&dl=3lift&gdpr=1&gdpr_consent=&uid=1478144662877614645485&dcc=t

0
0

141ms
141ms

Image
text/html

52.46.154.242
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&dl=3lift&gdpr=1&gdpr_consent=&uid=1478144662877614645485&dcc=t
Requested by: Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?&ld=1
Protocol: HTTP/1.1
Server: 52.46.154.242 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://eb2.3lift.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Redirect headers

Pragma: no-cache
Date: Fri, 18 Feb 2022 11:23:36 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: YSK4QRWC7DJZA2BS7A27
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location: https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&dl=3lift&gdpr=1&gdpr_consent=&uid=1478144662877614645485&dcc=t
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK sync
x.bidswitch.net/ Frame B4C0 43 B
220 B 375ms
60ms Image
image/gif 18.193.253.133
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://x.bidswitch.net/sync?ssp=triplelift&user_id=1478144662877614645485&gdpr=1&gdpr_consent=
Requested by: Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?&ld=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.193.253.133 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-193-253-133.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://eb2.3lift.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Fri, 18 Feb 2022 11:23:36 GMT
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif

GET
H2

200

xuid
eb2.3lift.com/ Frame B4C0
Redirect Chain

https://b1sync.zemanta.com/usersync/triplelift?gdpr=1&gdpr_consent=
https://eb2.3lift.com/xuid?mid=2460&dongle=dba8&xuid=&gdpr=1

37 B
139 B

62ms
62ms

Image
image/gif

76.223.111.18
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eb2.3lift.com/xuid?mid=2460&dongle=dba8&xuid=&gdpr=1
Requested by: Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?&ld=1
Protocol: H2
Server: 76.223.111.18 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a0f671730127a0812.awsglobalaccelerator.com
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://eb2.3lift.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 18 Feb 2022 11:23:37 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 37
content-type: image/gif

Redirect headers

Location: https://eb2.3lift.com/xuid?mid=2460&dongle=dba8&xuid=&gdpr=1
Pragma: no-cache
Date: Fri, 18 Feb 2022 11:23:37 GMT
Cache-Control: no-cache, no-store, must-revalidate
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Content-Length: 95
Content-Type: text/html; charset=utf-8

GET
H2 200 13926 Show response
g2.gumgum.com/usync/ Frame 45D6 4 KB
2 KB 241ms
73ms Document
text/html 54.77.66.11
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.77.66.11 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-77-66-11.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 83cb00efb28dae0d48d424f3e49dcbb55838bc27a22c861f2c6bcb8e5ca99f73

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://public.servenobid.com/

Response headers

date: Fri, 18 Feb 2022 11:23:36 GMT
content-type: text/html;charset=UTF-8
server: nginx
etag: W/"03a7cec9c359fb5f19311ad805567a6ec"
timing-allow-origin: *
content-encoding: gzip

GET
H2 204 ps
pixel.33across.com/ Frame C7C2 0
0 576ms
243ms Document
text/plain 67.202.105.24
STEADFAST

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel.33across.com/ps?m=xch&rt=html&id=0010b00002Mq2FYAAZ&ru=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D304%26uid%3D33XUSERID33X
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.202.105.24 , United States, ASN32748 (STEADFAST, US),
Reverse DNS: ip24.67-202-105.static.steadfastdns.net
Software: 33XP004 /
Resource Hash

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://public.servenobid.com/

Response headers

x-33x-status: 2000208
server: 33XP004
date: Fri, 18 Feb 2022 11:23:36 GMT

GET
H2 200 / Show response
onetag-sys.com/usync/ Frame E2F8 2 KB
814 B 203ms
62ms Document
text/html 51.89.9.252
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://onetag-sys.com/usync/?pubId=694e68b73971b58&gdpr=0&gdpr_consent=&us_privacy=1YN-&https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D318%26uid%3D

Requested by

Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.89.9.252 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip252.ip-51-89-9.eu

Software

Resource Hash

37a31642af0a7fe695ed0fd68a06a55af44e854d083dc7f5d0e70535f0189ae0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://public.servenobid.com/

Response headers

content-type: text/html
cache-control: no-transform, no-cache
content-encoding: gzip
content-length: 731
strict-transport-security: max-age=15552000

GET
H/1.1 200
OK sync Show response
ssbsync.smartadserver.com/api/ Frame BAEB 737 B
987 B 523ms
50ms Document
text/html 185.86.138.120
SMARTADSERVER

General

Check archive.org

Show headers Download Go to

Full URL: https://ssbsync.smartadserver.com/api/sync?callerId=9&gdpr=0&gdpr_consent=&us_privacy=1YN-&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D317%26uid%3D%24UID
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.138.120 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: ea9d18772f81b64d864444c5172af8f0c435ad6b13065fcb64a6740c617e95a8

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://public.servenobid.com/

Response headers

content-length: 737
content-type: text/html
date: Fri, 18 Feb 2022 11:23:37 GMT

GET
H/1.1 200
OK usermatch Show response
ssum-sec.casalemedia.com/ Frame 8D5E 1 KB
3 KB 80ms
79ms Document
text/html 2.21.141.232
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ssum-sec.casalemedia.com/usermatch?s=195491&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.21.141.232 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-21-141-232.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: a81d6ceec73e5d12e7f2dd8dd4af902586810c5f05b0a1e2555be927c64ed36e

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://public.servenobid.com/

Response headers

Server: Apache
Content-Type: text/html
Dropped-Udsids: 130|65|64|111|188|39|51|191
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Vary: Is-Traffic-Usersync
Expires: Fri, 18 Feb 2022 11:23:36 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Fri, 18 Feb 2022 11:23:36 GMT
Content-Length: 1266
Connection: keep-alive

GET
H2

200

sync
ads.servenobid.com/ Frame C9BB
Redirect Chain

https://ib.adnxs.com/getuid?https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D312%26uid%3D%24UID
https://ads.servenobid.com/sync?pid=312&uid=1909263020753827595

0
344 B

57ms
57ms

Image
image/avif

34.253.111.207
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.servenobid.com/sync?pid=312&uid=1909263020753827595
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: H2
Server: 34.253.111.207 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-253-111-207.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://public.servenobid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 18 Feb 2022 11:23:36 GMT
amp-access-control-allow-source-origin: *
content-type: image/avif;charset=ISO-8859-1
access-control-allow-origin: *
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 0

Redirect headers

Pragma: no-cache
Date: Fri, 18 Feb 2022 11:23:36 GMT
X-Proxy-Origin: 82.199.130.39; 82.199.130.39; 718.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: e124593d-a4e8-4e21-a7b8-be2f5b6ca6a4
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://ads.servenobid.com/sync?pid=312&uid=1909263020753827595
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

sync
ads.servenobid.com/ Frame C9BB
Redirect Chain

https://ce.lijit.com/merge?pid=273657&3pid=273657&gdpr=0&gdpr_consent=&us_privacy=1YN-&&location=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D310%26uid%3D%5BSOVRNID%5D
https://ads.servenobid.com/sync?pid=310&uid=574b49d7cf97c21c0479308a

0
347 B

57ms
56ms

Image
image/avif

34.253.111.207
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.servenobid.com/sync?pid=310&uid=574b49d7cf97c21c0479308a
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: H2
Server: 34.253.111.207 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-253-111-207.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://public.servenobid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 18 Feb 2022 11:23:37 GMT
amp-access-control-allow-source-origin: *
content-type: image/avif;charset=ISO-8859-1
access-control-allow-origin: *
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 0

Redirect headers

Pragma: no-cache
Date: Fri, 18 Feb 2022 11:23:36 GMT
Server: nginx
X-Powered-By: raptor
P3P: CP="CUR ADM OUR NOR STA NID"
Location: https://ads.servenobid.com/sync?pid=310&uid=574b49d7cf97c21c0479308a
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod: ad_ap4ams1
Content-Length: 0
Expires: Fri, 20 Mar 2009 00:00:00 GMT

GET
H2

200

sync
ads.servenobid.com/ Frame C9BB
Redirect Chain

https://sync.1rx.io/usersync2/rmpssp?sub=duration&redir=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D321%26uid%3D%5BRX_UUID%5D
https://sync.1rx.io/usersync2/rmpssp?sub=duration&zcc=1&redir=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D321%26uid%3D%5BRX_UUID%5D&cb=1645183416965
https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=435633217
https://sync.1rx.io/usersync/tradedesk/5237a546-8536-4403-b4ff-984b6912ae90
https://sync.targeting.unrulymedia.com/csync/RX-0e137beb-11ac-4db2-afe2-840f62072fba-003?redir=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D321%26uid%3DRX-0e137beb-11ac-4db2-afe2-840f62072fba-003
https://ads.servenobid.com/sync?pid=321&uid=RX-0e137beb-11ac-4db2-afe2-840f62072fba-003

0
361 B

59ms
58ms

Image
image/avif

34.253.111.207
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.servenobid.com/sync?pid=321&uid=RX-0e137beb-11ac-4db2-afe2-840f62072fba-003
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: H2
Server: 34.253.111.207 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-253-111-207.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://public.servenobid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 18 Feb 2022 11:23:37 GMT
amp-access-control-allow-source-origin: *
content-type: image/avif;charset=ISO-8859-1
access-control-allow-origin: *
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 0

Redirect headers

location: https://ads.servenobid.com/sync?pid=321&uid=RX-0e137beb-11ac-4db2-afe2-840f62072fba-003
date: Fri, 18 Feb 2022 11:23:37 GMT
server: Tengine
p3p: CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
etag: RX0e137beb11ac4db2afe2840f62072fba003
content-type: text/html

GET
H2 200 101954
jadserve.postrelease.com/suid/ Frame C9BB 43 B
427 B 439ms
153ms Image
image/gif 3.230.28.223
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://jadserve.postrelease.com/suid/101954?ntv_r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D322%26uid%3DNTV_USER_ID
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.230.28.223 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-230-28-223.compute-1.amazonaws.com
Software: nginx/1.12.1 /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://public.servenobid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 18 Feb 2022 11:23:37 GMT
server: nginx/1.12.1
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-type: image/gif
content-length: 43
expires: Mon, 1 Jan 1990 12:00:00 GMT

GET
H2

200

sync
ads.servenobid.com/ Frame C9BB
Redirect Chain

https://p.rfihub.com/cm?pub=44007&in=1
https://ads.servenobid.com/sync?pid=324&uid=5134455420404798272

0
344 B

57ms
55ms

Image
image/avif

34.253.111.207
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.servenobid.com/sync?pid=324&uid=5134455420404798272
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: H2
Server: 34.253.111.207 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-253-111-207.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://public.servenobid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 18 Feb 2022 11:23:36 GMT
amp-access-control-allow-source-origin: *
content-type: image/avif;charset=ISO-8859-1
access-control-allow-origin: *
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 0

Redirect headers

Location: https://ads.servenobid.com/sync?pid=324&uid=5134455420404798272
Date: Fri, 18 Feb 2022 11:23:36 GMT
Server: Jetty(9.3.29.v20201019)
Content-Length: 0
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET usa
sync.go.sonobi.com/ Frame C9BB 0
0

GET
H2

200

sync
ads.servenobid.com/ Frame C9BB
Redirect Chain

https://prebid.a-mo.net/cchain/0?gdpr=0&gdpr_consent=&us_privacy=1YN-&&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D327%26uid%3D
https://ads.servenobid.com/sync?pid=327&uid=a6e9f0dd-4f14-45d7-87e2-c8ad66c5c361&gdpr=0&gdpr_consent=&us_privacy=1YN-

0
356 B

56ms
55ms

Image
image/avif

34.253.111.207
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.servenobid.com/sync?pid=327&uid=a6e9f0dd-4f14-45d7-87e2-c8ad66c5c361&gdpr=0&gdpr_consent=&us_privacy=1YN-
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: H2
Server: 34.253.111.207 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-253-111-207.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://public.servenobid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 18 Feb 2022 11:23:36 GMT
amp-access-control-allow-source-origin: *
content-type: image/avif;charset=ISO-8859-1
access-control-allow-origin: *
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 0

Redirect headers

location: https://ads.servenobid.com/sync?pid=327&uid=a6e9f0dd-4f14-45d7-87e2-c8ad66c5c361&gdpr=0&gdpr_consent=&us_privacy=1YN-
date: Fri, 18 Feb 2022 11:23:36 GMT
cache-control: max-age=0, private, must-revalidate
x-envoy-upstream-service-time: 1
server: envoy
content-length: 0

GET
H2

200

sync
ads.servenobid.com/ Frame C9BB
Redirect Chain

https://ups.analytics.yahoo.com/ups/58559/occ
https://ads.servenobid.com/sync?pid=337&uid=y-STBQWuJE2uH2L9J_BiiSONFeGJH4eREv18lrxtc-~A

0
366 B

56ms
55ms

Image
image/avif

34.253.111.207
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.servenobid.com/sync?pid=337&uid=y-STBQWuJE2uH2L9J_BiiSONFeGJH4eREv18lrxtc-~A
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: H2
Server: 34.253.111.207 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-253-111-207.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://public.servenobid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 18 Feb 2022 11:23:36 GMT
amp-access-control-allow-source-origin: *
content-type: image/avif;charset=ISO-8859-1
access-control-allow-origin: *
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 0

Redirect headers

location: https://ads.servenobid.com/sync?pid=337&uid=y-STBQWuJE2uH2L9J_BiiSONFeGJH4eREv18lrxtc-~A
date: Fri, 18 Feb 2022 11:23:36 GMT
server: ATS/9.1.0.33
age: 0
content-length: 0
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame C72C
Redirect Chain

https://token.rubiconproject.com/token?pid=25470
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1pTQlEzVFMtTC1ISk81

170 B
188 B

71ms
71ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1pTQlEzVFMtTC1ISk81

Protocol

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 18 Feb 2022 11:23:37 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1pTQlEzVFMtTC1ISk81
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 78e3bdce5107450057bade54d54a0a7e
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H/1.1

204
No Content

tap.php
pixel.rubiconproject.com/ Frame C72C
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=9&redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D4222%26nid%3D1512%26put%3D%5BMM_UUID%5D
https://pixel.rubiconproject.com/tap.php?v=4222&nid=1512&put=4913620f-81b6-4700-989d-2aa87d99eb45&expires=28

0
239 B

247ms
55ms

Image
image/gif

69.173.144.138
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=4222&nid=1512&put=4913620f-81b6-4700-989d-2aa87d99eb45&expires=28
Protocol: HTTP/1.1
Server: 69.173.144.138 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: de8527bfa1ccfd6c1590da0d3b6cff52
Content-Type: image/gif

Redirect headers

Date: Fri, 18 Feb 2022 11:23:36 GMT
Server: MT3 4133 baa842e master zrh-pixel-x27 config:1.0.0
Access-Control-Allow-Origin: *
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://pixel.rubiconproject.com/tap.php?v=4222&nid=1512&put=4913620f-81b6-4700-989d-2aa87d99eb45&expires=28
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Fri, 18 Feb 2022 11:23:35 GMT

GET
H2

204

v1
ads.yahoo.com/cms/ Frame C72C
Redirect Chain

https://token.rubiconproject.com/token?pid=26594
https://ads.yahoo.com/cms/v1?nwid=10000010181&eid=KZSBQ3TS-L-HJO5&sigv=1&esig=2~956c03b2b6ab6faf60a9fa192cbda9b6adb9de0a

0
194 B

375ms
60ms

Image
text/plain

2a00:1288:80:807::2
YAHOO-DEB

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ads.yahoo.com/cms/v1?nwid=10000010181&eid=KZSBQ3TS-L-HJO5&sigv=1&esig=2~956c03b2b6ab6faf60a9fa192cbda9b6adb9de0a

Protocol

Server

2a00:1288:80:807::2 , United Kingdom, ASN203220 (YAHOO-DEB, GB),

Reverse DNS

Software

ATS /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 18 Feb 2022 11:23:37 GMT
cache-control: no-store
x-content-type-options: nosniff
server: ATS
strict-transport-security: max-age=15552000
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-xss-protection: 1; mode=block

Redirect headers

Location: https://ads.yahoo.com/cms/v1?nwid=10000010181&eid=KZSBQ3TS-L-HJO5&sigv=1&esig=2~956c03b2b6ab6faf60a9fa192cbda9b6adb9de0a
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 78e3bdce5107450057bade54d54a0a7e
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H2 200 rubicon
match.adsrvr.org/track/cmf/ Frame C72C 70 B
264 B 70ms
54ms Image
image/gif 15.197.193.217
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/rubicon
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 15.197.193.217 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a12b7a488abeaa9e4.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 18 Feb 2022 11:23:36 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H/1.1

204
No Content

tap.php
pixel.rubiconproject.com/ Frame C72C
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/btu4jd3a?redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D191940%26nid%3D3778%26put%3D%24%7BUSER_ID%7D
https://pixel.rubiconproject.com/tap.php?v=191940&nid=3778&put=Yg_BsgAAAIGs2QQz

0
239 B

254ms
57ms

Image
image/gif

69.173.144.138
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=191940&nid=3778&put=Yg_BsgAAAIGs2QQz
Protocol: HTTP/1.1
Server: 69.173.144.138 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: de8527bfa1ccfd6c1590da0d3b6cff52
Content-Type: image/gif

Redirect headers

pragma: no-cache
date: Fri, 18 Feb 2022 11:23:36 GMT
via: 1.1 varnish
server: Varnish
x-timer: S1645183417.900927,VS0,VE0
x-served-by: cache-hhn4036-HHN
x-cache: HIT
location: https://pixel.rubiconproject.com/tap.php?v=191940&nid=3778&put=Yg_BsgAAAIGs2QQz
cache-control: no-cache
accept-ranges: bytes
content-length: 0
retry-after: 0
x-cache-hits: 0

GET
H/1.1

204
No Content

tap.php
pixel.rubiconproject.com/ Frame C72C
Redirect Chain

https://token.rubiconproject.com/token?pid=2974&pt=n&a=1
https://pr-bh.ybp.yahoo.com/sync/rubicon/9RNKdRzhmSIUeWVewpnRhA?csrc=
https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=3141890380068579190

0
239 B

107ms
58ms

Image
image/gif

69.173.144.138
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=3141890380068579190
Protocol: HTTP/1.1
Server: 69.173.144.138 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: de8527bfa1ccfd6c1590da0d3b6cff52
Content-Type: image/gif

Redirect headers

date: Fri, 18 Feb 2022 11:23:37 GMT
referrer-policy: strict-origin-when-cross-origin
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=31536000
location: https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=3141890380068579190
x-xss-protection: 1; mode=block
content-length: 0
x-content-type-options: nosniff

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame C72C
Redirect Chain

https://token.rubiconproject.com/token?pid=2249&pt=n
https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=OWY3ZDNlMjZmYzQyMDcwZTBkMjY3NzMzOWY4OWVmYjk2OGIzYjNlOA

170 B
188 B

88ms
87ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=OWY3ZDNlMjZmYzQyMDcwZTBkMjY3NzMzOWY4OWVmYjk2OGIzYjNlOA

Protocol

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 18 Feb 2022 11:23:37 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=OWY3ZDNlMjZmYzQyMDcwZTBkMjY3NzMzOWY4OWVmYjk2OGIzYjNlOA
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 78e3bdce5107450057bade54d54a0a7e
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H/1.1

204
No Content

tap.php
pixel.rubiconproject.com/ Frame C72C
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm&google_sc
https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESELQ8L2BiKKEhmkjhL7O3bUE&google_cver=1

0
239 B

245ms
57ms

Image
image/gif

69.173.144.138
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESELQ8L2BiKKEhmkjhL7O3bUE&google_cver=1
Protocol: HTTP/1.1
Server: 69.173.144.138 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: de8527bfa1ccfd6c1590da0d3b6cff52
Content-Type: image/gif

Redirect headers

pragma: no-cache
date: Fri, 18 Feb 2022 11:23:36 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESELQ8L2BiKKEhmkjhL7O3bUE&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 326
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK ie
match.prod.bidr.io/cookie-sync/ Frame 8D5E 43 B
430 B 96ms
55ms Image
image/gif 52.30.16.91
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://match.prod.bidr.io/cookie-sync/ie?gdpr=1

Requested by

Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=195491&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.30.16.91 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-30-16-91.eu-west-1.compute.amazonaws.com

Software

nginx /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
Date: Fri, 18 Feb 2022 11:23:36 GMT
Server: nginx
strict-transport-security: max-age=2592000; includeSubDomains
p3p: CP="This is not a P3P policy! See https://beeswax.com/privacy for more info."
cache-control: no-cache, must-revalidate
Connection: keep-alive
content-type: image/gif
Content-Length: 43
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum.casalemedia.com/ Frame 8D5E
Redirect Chain

https://casale-match.dotomi.com/match/bounce/current?networkId=19998&version=1&gdpr=1
https://dsum.casalemedia.com/rum?cm_dsp_id=65&external_user_id=&expiration=1645269817&gdpr=1

43 B
315 B

354ms
67ms

Image
image/gif

2.21.141.232
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum.casalemedia.com/rum?cm_dsp_id=65&external_user_id=&expiration=1645269817&gdpr=1
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=195491&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D
Protocol: HTTP/1.1
Server: 2.21.141.232 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-21-141-232.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 18 Feb 2022 11:23:37 GMT
Server: Apache
Vary: Is-Traffic-Usersync
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 43
Expires: Fri, 18 Feb 2022 11:23:37 GMT

Redirect headers

location: https://dsum.casalemedia.com/rum?cm_dsp_id=65&external_user_id=&expiration=1645269817&gdpr=1
pragma: no-cache
date: Fri, 18 Feb 2022 11:23:37 GMT
cache-control: no-cache, private, max-age=0, no-store
server: nginx
content-length: 0
expires: 0

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 8D5E
Redirect Chain

https://pixel-sync.sitescout.com/dmp/pixelSync?nid=48&gdpr=1
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=64&external_user_id=no-consent&expiration=1647775417

43 B
1 KB

70ms
69ms

Image
image/gif

2.21.141.232
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=64&external_user_id=no-consent&expiration=1647775417
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=195491&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D
Protocol: HTTP/1.1
Server: 2.21.141.232 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-21-141-232.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 18 Feb 2022 11:23:37 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 18 Feb 2022 11:23:37 GMT

Redirect headers

pragma: no-cache
date: Fri, 18 Feb 2022 11:23:36 GMT
server: AC1.1
p3p: CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=64&external_user_id=no-consent&expiration=1647775417
cache-control: max-age=0,no-cache,no-store
content-length: 0
expires: Tue, 11 Oct 1977 12:34:56 GMT

GET
H2 403 match
c1.adform.net/serving/cookie/ Frame 8D5E 0
330 B 72ms
70ms Image
text/plain 37.157.6.245
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c1.adform.net/serving/cookie/match?party=29&gdpr=1

Requested by

Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=195491&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.245 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 18 Feb 2022 11:23:36 GMT
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H/1.1 200
OK CookieIndex
rtb.adentifi.com/ Frame 8D5E 0
88 B 133ms
132ms Image
text/plain 52.87.64.174
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.adentifi.com/CookieIndex
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=195491&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.87.64.174 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-87-64-174.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Connection: keep-alive
Content-Length: 0
Content-Type: text/plain

GET
H2 200 casale
match.adsrvr.org/track/cmf/ Frame 8D5E 70 B
264 B 58ms
56ms Image
image/gif 15.197.193.217
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/casale?gdpr=1
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=195491&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 15.197.193.217 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a12b7a488abeaa9e4.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 18 Feb 2022 11:23:36 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H/1.1 200
OK sync
x.bidswitch.net/ Frame 8D5E 43 B
220 B 135ms
60ms Image
image/gif 18.193.253.133
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://x.bidswitch.net/sync?ssp=index&gdpr=1
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=195491&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.193.253.133 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-193-253-133.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Fri, 18 Feb 2022 11:23:37 GMT
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif

GET
H/1.1

200
OK

crum
dsum.casalemedia.com/ Frame 8D5E
Redirect Chain

https://dmp.brand-display.com/cm/api/index?cm_dsp_id=191&cm_user_id=%3CIndex_user_id%3E&gdpr=1
https://dsum.casalemedia.com/crum?cm_dsp_id=191&external_user_id=246dbb63-14f5-4810-26af8e97

43 B
1 KB

344ms
89ms

Image
image/gif

2.21.141.232
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum.casalemedia.com/crum?cm_dsp_id=191&external_user_id=246dbb63-14f5-4810-26af8e97
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=195491&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D
Protocol: HTTP/1.1
Server: 2.21.141.232 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-21-141-232.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 18 Feb 2022 11:23:37 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 18 Feb 2022 11:23:37 GMT

Redirect headers

date: Fri, 18 Feb 2022 11:23:37 GMT
via: 1.1 google
server: nginx/1.20.2
access-control-allow-origin: *
p3p: CP='This is not a P3P policy!'
location: https://dsum.casalemedia.com/crum?cm_dsp_id=191&external_user_id=246dbb63-14f5-4810-26af8e97
cache-control: max-age=3600
content-type: text/html; charset=utf-8
alt-svc: clear
content-length: 119

GET
H2 200 sync
ads.servenobid.com/ Frame 8D5E 0
357 B 58ms
56ms Image
image/avif 34.253.111.207
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.servenobid.com/sync?pid=333&uid=Yg-Btm2geTWNEjXPGDdxGQAAANMAAAAB
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=195491&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.253.111.207 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-253-111-207.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 18 Feb 2022 11:23:36 GMT
amp-access-control-allow-source-origin: *
content-type: image/avif;charset=ISO-8859-1
access-control-allow-origin: *
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 0

POST
H/1.1 200
OK st Show response
capi.connatix.com/tr/ Frame 2762 0
315 B 131ms
131ms XHR
application/x-protobuf 18.191.54.29
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://capi.connatix.com/tr/st?v=151003
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.191.54.29 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-191-54-29.us-east-2.compute.amazonaws.com
Software: Kestrel /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: multipart/form-data

Response headers

date: Fri, 18 Feb 2022 11:23:36 GMT
content-encoding: gzip
server: Kestrel
vary: Accept-Encoding
content-type: application/x-protobuf
access-control-allow-origin: https://threatpost.com
access-control-allow-credentials: true
Connection: keep-alive
Content-Length: 20

GET
H2 204 um
cs.emxdgt.com/ Frame 2F55 0
0 425ms
61ms Document
text/html 18.195.155.181
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cs.emxdgt.com/um?ssp=pbs&redirect=https%3A%2F%2Fe.serverbid.com%2Fudb%2F9969%2Fsync%2Fi.gif%3FpartnerId%3D44%26userId%3D%24UID
Requested by: Host: serverbid-sync.nyc3.cdn.digitaloceanspaces.com
URL: https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/ss/2000891.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.195.155.181 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-155-181.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/

Response headers

content-type: text/html
date: Fri, 18 Feb 2022 11:23:37 GMT
content-length: 0

GET
H/1.1

200
OK

usync.html Show response
eus.rubiconproject.com/ Frame 2A06
Redirect Chain

https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=17632&endpoint=us-east
https://eus.rubiconproject.com/usync.html?p=17632&endpoint=us-east

281 B
554 B

59ms
59ms

Document
text/html

104.92.74.8
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html?p=17632&endpoint=us-east
Requested by: Host: serverbid-sync.nyc3.cdn.digitaloceanspaces.com
URL: https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/ss/2000891.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.92.74.8 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-92-74-8.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/

Response headers

Server: Apache/2.2.15 (CentOS)
Last-Modified: Tue, 14 Dec 2021 23:07:59 GMT
ETag: "402b2-119-5d32342a551c0"
Accept-Ranges: bytes
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Fri, 18 Feb 2022 11:23:37 GMT
Connection: keep-alive
Vary: Accept-Encoding

Redirect headers

server: AkamaiGHost
content-length: 0
location: https://eus.rubiconproject.com/usync.html?p=17632&endpoint=us-east
date: Fri, 18 Feb 2022 11:23:37 GMT
access-control-allow-credentials: true
access-control-allow-origin: *

GET
H/1.1 200
OK uc.html Show response
go.sonobi.com/ Frame CE82 43 B
573 B 221ms
50ms Document
text/html 178.162.133.148
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL

https://go.sonobi.com/uc.html?pubid=e55fb5d7c2

Requested by

Host: serverbid-sync.nyc3.cdn.digitaloceanspaces.com
URL: https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/ss/2000891.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.148 Rijswijk, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

ams-1.go.sonobi.com

Software

sonobi-go /

Resource Hash

bcdf010ba3dc61605c33de9b33e7e76dbc3bb4326dcec49f33970345e517fb25

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/

Response headers

Date: Fri, 18 Feb 2022 11:23:37 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Expires: Sat, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache, no-store, private
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Pragma: no-cache
Tcn: Choice
Vary: negotiate,Accept-Encoding
X-Go-Server: go-ams-1-7-8
X-Xss-Protection: 0
Content-Encoding: gzip
Server: sonobi-go

GET
H2 200 cm Show response
gift-connect-d.openx.net/w/1.0/ Frame 91E9 0
83 B 88ms
70ms Document
text/html 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://gift-connect-d.openx.net/w/1.0/cm?id=fd531c74-f5ed-4e60-8874-939fb2acafa1&r=https%3A%2F%2Fe.serverbid.com%2Fudb%2F9969%2Fsync%2Fi.gif%3FpartnerId%3D19%26userId%3D
Requested by: Host: serverbid-sync.nyc3.cdn.digitaloceanspaces.com
URL: https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/ss/2000891.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/17.1.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/

Response headers

vary: Accept, Accept-Encoding
server: OXGW/17.1.0
date: Fri, 18 Feb 2022 11:23:37 GMT
content-type: text/html
content-length: 20
content-encoding: gzip
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame 89C6 15 KB
6 KB 64ms
61ms Document
text/html 2.21.141.175
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156319&userIdMacro=PM_UID&predirect=https%3A%2F%2Fe.serverbid.com%2Fudb%2F9969%2Fsync%2Fi.gif%3FpartnerId%3D4%26userId%3DPM_UID
Requested by: Host: serverbid-sync.nyc3.cdn.digitaloceanspaces.com
URL: https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/ss/2000891.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.21.141.175 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-21-141-175.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/

Response headers

last-modified: Tue, 01 Feb 2022 06:38:00 GMT
etag: "1300708-3de4-5d6ef246ef4cf"
server: Apache/2.2.15 (CentOS)
accept-ranges: bytes
content-encoding: gzip
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 5549
content-type: text/html; charset=UTF-8
cache-control: max-age=86797
expires: Sat, 19 Feb 2022 11:30:13 GMT
date: Fri, 18 Feb 2022 11:23:36 GMT
vary: Accept-Encoding

GET
H2

200

i.gif
e.serverbid.com/udb/9969/sync/ Frame 1C11
Redirect Chain

https://ib.adnxs.com/getuid?https%3A%2F%2Fe.serverbid.com%2Fudb%2F9969%2Fsync%2Fi.gif%3FpartnerId%3D28%26userId%3D%24UID
https://e.serverbid.com/udb/9969/sync/i.gif?partnerId=28&userId=1909263020753827595

0
44 B

312ms
107ms

Image
text/plain

178.128.135.80
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://e.serverbid.com/udb/9969/sync/i.gif?partnerId=28&userId=1909263020753827595
Requested by: Host: serverbid-sync.nyc3.cdn.digitaloceanspaces.com
URL: https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/ss/2000891.html
Protocol: H2
Server: 178.128.135.80 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 18 Feb 2022 11:23:37 GMT
content-length: 0

Redirect headers

Pragma: no-cache
Date: Fri, 18 Feb 2022 11:23:36 GMT
X-Proxy-Origin: 82.199.130.39; 82.199.130.39; 718.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 443542c0-c665-4227-bda1-09dfeb4b14d0
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://e.serverbid.com/udb/9969/sync/i.gif?partnerId=28&userId=1909263020753827595
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

i.gif
e.serverbid.com/udb/9969/sync/ Frame 1C11
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=185073&cb=https%3A%2F%2Fe.serverbid.com%2Fudb%2F9969%2Fsync%2Fi.gif%3FpartnerId%3D1%26userId%3D
https://e.serverbid.com/udb/9969/sync/i.gif?partnerId=1&userId=Yg.Btm2geTWNEjXPGDdxGQAA%26211

0
44 B

292ms
108ms

Image
text/plain

178.128.135.80
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://e.serverbid.com/udb/9969/sync/i.gif?partnerId=1&userId=Yg.Btm2geTWNEjXPGDdxGQAA%26211
Requested by: Host: serverbid-sync.nyc3.cdn.digitaloceanspaces.com
URL: https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/ss/2000891.html
Protocol: H2
Server: 178.128.135.80 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 18 Feb 2022 11:23:36 GMT
content-length: 0

Redirect headers

Pragma: no-cache
Date: Fri, 18 Feb 2022 11:23:37 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: https://e.serverbid.com/udb/9969/sync/i.gif?partnerId=1&userId=Yg.Btm2geTWNEjXPGDdxGQAA%26211
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: text/html; charset=iso-8859-1
Content-Length: 281
Expires: Fri, 18 Feb 2022 11:23:37 GMT

GET
H2

200

i.gif
e.serverbid.com/udb/9969/sync/ Frame 1C11
Redirect Chain

https://ap.lijit.com/pixel?redir=https%3A%2F%2Fe.serverbid.com%2Fudb%2F9969%2Fsync%2Fi.gif%3FpartnerId%3D24%26userId%3D%24UID
https://e.serverbid.com/udb/9969/sync/i.gif?partnerId=24&userId=574b49d7cf97c21c0479308a

0
44 B

311ms
109ms

Image
text/plain

178.128.135.80
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://e.serverbid.com/udb/9969/sync/i.gif?partnerId=24&userId=574b49d7cf97c21c0479308a
Requested by: Host: serverbid-sync.nyc3.cdn.digitaloceanspaces.com
URL: https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/ss/2000891.html
Protocol: H2
Server: 178.128.135.80 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 18 Feb 2022 11:23:36 GMT
content-length: 0

Redirect headers

Date: Fri, 18 Feb 2022 11:23:37 GMT
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Location: https://e.serverbid.com/udb/9969/sync/i.gif?partnerId=24&userId=574b49d7cf97c21c0479308a
Access-Control-Allow-Credentials: true
Connection: close
X-Sovrn-Pod: ad_ap2ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type

GET usa
sync.go.sonobi.com/ Frame 1C11 0
0

GET
H2

200

i.gif
e.serverbid.com/udb/9969/sync/ Frame 1C11
Redirect Chain

https://pixel.advertising.com/ups/56621/occ
https://ups.analytics.yahoo.com/ups/56621/occ?apid=UP359805b7-90ad-11ec-ae57-0654adbd93ae
https://e.serverbid.com/udb/9969/sync/i.gif?partnerId=29&userId=UP359805b7-90ad-11ec-ae57-0654adbd93ae

0
44 B

224ms
107ms

Image
text/plain

178.128.135.80
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://e.serverbid.com/udb/9969/sync/i.gif?partnerId=29&userId=UP359805b7-90ad-11ec-ae57-0654adbd93ae
Requested by: Host: serverbid-sync.nyc3.cdn.digitaloceanspaces.com
URL: https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/ss/2000891.html
Protocol: H2
Server: 178.128.135.80 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 18 Feb 2022 11:23:36 GMT
content-length: 0

Redirect headers

location: https://e.serverbid.com/udb/9969/sync/i.gif?partnerId=29&userId=UP359805b7-90ad-11ec-ae57-0654adbd93ae
date: Fri, 18 Feb 2022 11:23:37 GMT
server: ATS/9.1.0.33
age: 0
content-length: 0
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET

us.gif
sync.go.sonobi.com/ Frame 1C11
Redirect Chain

https://e.serverbid.com/udb/9969/match?redir=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Dco%26nuid%3D
https://sync.go.sonobi.com/us.gif?nw=co&nuid=ue1-sb1-f64f7a7c-8db9-47f5-bd76-fa89c84799f0

0
0

GET
H/1.1

200
OK

56939
i6.liadm.com/s/ Frame 1C11
Redirect Chain

https://e.serverbid.com/udb/9969/match?redir=https%3A%2F%2Fi.liadm.com%2Fs%2F56939%3Fbidder_id%3D203802%26bidder_uuid%3D
https://i.liadm.com/s/56939?bidder_id=203802&bidder_uuid=ue1-sb1-f64f7a7c-8db9-47f5-bd76-fa89c84799f0
https://i.liadm.com/s/56939?bidder_id=203802&bidder_uuid=ue1-sb1-f64f7a7c-8db9-47f5-bd76-fa89c84799f0&_li_chk=true&previous_uuid=50f6434c7fa54b77990cba94bd9149eb
https://i6.liadm.com/s/56939?bidder_id=203802&bidder_uuid=ue1-sb1-f64f7a7c-8db9-47f5-bd76-fa89c84799f0

43 B
419 B

406ms
131ms

Image
image/gif

2600:1f18:444a:4602:2c20:3113:5c28:1366
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i6.liadm.com/s/56939?bidder_id=203802&bidder_uuid=ue1-sb1-f64f7a7c-8db9-47f5-bd76-fa89c84799f0

Requested by

Host: serverbid-sync.nyc3.cdn.digitaloceanspaces.com
URL: https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/ss/2000891.html

Protocol

HTTP/1.1

Server

2600:1f18:444a:4602:2c20:3113:5c28:1366 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

Resource Hash

caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Fri, 18 Feb 2022 11:23:38 GMT
Cache-Control: no-store
Connection: keep-alive
Content-Length: 43
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: image/gif

Redirect headers

Location: https://i6.liadm.com/s/56939?bidder_id=203802&bidder_uuid=ue1-sb1-f64f7a7c-8db9-47f5-bd76-fa89c84799f0
Date: Fri, 18 Feb 2022 11:23:38 GMT
Connection: keep-alive
Content-Length: 0
Strict-Transport-Security: max-age=31536000; includeSubDomains

GET
H2

200

usersync
rtb.gumgum.com/ Frame 45D6
Redirect Chain

https://secure.adnxs.com/getuid?https://rtb.gumgum.com/usersync?b=apn&i=$UID
https://rtb.gumgum.com/usersync?b=apn&i=1909263020753827595

35 B
208 B

77ms
77ms

Image
image/gif

54.77.66.11
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.gumgum.com/usersync?b=apn&i=1909263020753827595
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: H2
Server: 54.77.66.11 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-77-66-11.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://g2.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 18 Feb 2022 11:23:37 GMT
server: nginx
content-type: image/gif;charset=UTF-8
cache-control: private, no-store, must-revalidate, max-age=0
timing-allow-origin: *
content-length: 35
expires: 0

Redirect headers

Pragma: no-cache
Date: Fri, 18 Feb 2022 11:23:37 GMT
X-Proxy-Origin: 82.199.130.39; 82.199.130.39; 692.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid: e69f8629-706d-4e4a-85d9-0038ed076f96
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://rtb.gumgum.com/usersync?b=apn&i=1909263020753827595
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

usersync
rtb.gumgum.com/ Frame 45D6
Redirect Chain

https://x.bidswitch.net/sync?ssp=gumgum2&user_id=e_28da2368-5d0f-4bb6-a3e6-e06424e1efbd&gdpr=0&gdpr_consent=&us_privacy=1---
https://bidswitch-eu.splicky.com/cm?bidswitch_ssp_id=gumgum2&bsw_custom_parameter=d4e8f76e-a84d-46fd-9470-9fe19a023459
https://x.bidswitch.net/sync?dsp_id=311&user_id=&user_group=2&ssp=gumgum2&expires=10&bsw_param=d4e8f76e-a84d-46fd-9470-9fe19a023459
https://rtb.gumgum.com/usersync?b=bsw&i=d4e8f76e-a84d-46fd-9470-9fe19a023459

35 B
208 B

76ms
75ms

Image
image/gif

54.77.66.11
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.gumgum.com/usersync?b=bsw&i=d4e8f76e-a84d-46fd-9470-9fe19a023459
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: H2
Server: 54.77.66.11 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-77-66-11.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://g2.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 18 Feb 2022 11:23:37 GMT
server: nginx
content-type: image/gif;charset=UTF-8
cache-control: private, no-store, must-revalidate, max-age=0
timing-allow-origin: *
content-length: 35
expires: 0

Redirect headers

Location: //rtb.gumgum.com/usersync?b=bsw&i=d4e8f76e-a84d-46fd-9470-9fe19a023459
Date: Fri, 18 Feb 2022 11:23:37 GMT
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 0

GET
H/1.1

200
OK

cookie-sync
sync.outbrain.com/ Frame 45D6
Redirect Chain

https://sync.outbrain.com/redirectObuid?platformId=GUMGU18H7EL9NI653I7DPEH51&gdpr=0&gdprConsent=&platformRdUrl=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dobn%26i%3D%7BOB_UID%7D%26r%3D%7BobRdUrl%7D
https://rtb.gumgum.com/usersync?b=obn&i=ENC%28tG9URrU6QpgKkGeNm3e4OFolnLKEwz_GZFN1sIVJTjTiUoaKgfJQVb2DXEPwAvj5%29&r=https%3A%2F%2Fsync.outbrain.com%2FsyncUser%3FplatformId%3D%7Bplatform_id%7D%26pla...
https://sync.outbrain.com/syncUser?platformId=GUMGU18H7EL9NI653I7DPEH51&platformUid=e_28da2368-5d0f-4bb6-a3e6-e06424e1efbd&obuid=ENC(tG9URrU6QpgKkGeNm3e4OFolnLKEwz_GZFN1sIVJTjTiUoaKgfJQVb2DXEPwAvj5)
https://sync.outbrain.com/syncPartner?platformId=GUMGU18H7EL9NI653I7DPEH51
https://creativecdn.com/cm-notify?pi=outbrain
https://sync.outbrain.com/cookie-sync?p=rtbhouse&uid=d0ni14mX7zVrowXRBqJJ&pi=outbrain

0
292 B

124ms
123ms

Image
text/plain

64.202.112.31
AS-OUTBRAIN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.outbrain.com/cookie-sync?p=rtbhouse&uid=d0ni14mX7zVrowXRBqJJ&pi=outbrain
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: HTTP/1.1
Server: 64.202.112.31 , United States, ASN22075 (AS-OUTBRAIN, US),
Reverse DNS: ny.outbrain.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://g2.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Fri, 18 Feb 2022 11:23:38 GMT
Cache-Control: no-cache
X-TraceId: e33f9523b8df393977f0bb24f5e519e2
Content-Length: 0

Redirect headers

location: https://sync.outbrain.com/cookie-sync?p=rtbhouse&uid=d0ni14mX7zVrowXRBqJJ&pi=outbrain
pragma: no-cache
date: Fri, 18 Feb 2022 11:23:38 GMT, Fri, 18 Feb 2022 11:23:38 GMT
cache-control: no-cache, no-store, must-revalidate, private, max-age=0
content-length: 0
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2

200

usersync
rtb.gumgum.com/ Frame 45D6
Redirect Chain

https://us-u.openx.net/w/1.0/cm?_={CACHEBUSTER}&id=47f31213-389c-4904-aaa6-9b11aab9c211&gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dopx%26i%3D
https://rtb.gumgum.com/usersync?b=opx&i=b5cc8908-4534-49fb-829d-1dfac4f09197

35 B
208 B

90ms
77ms

Image
image/gif

54.77.66.11
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.gumgum.com/usersync?b=opx&i=b5cc8908-4534-49fb-829d-1dfac4f09197
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: H2
Server: 54.77.66.11 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-77-66-11.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://g2.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 18 Feb 2022 11:23:37 GMT
server: nginx
content-type: image/gif;charset=UTF-8
cache-control: private, no-store, must-revalidate, max-age=0
timing-allow-origin: *
content-length: 35
expires: 0

Redirect headers

date: Fri, 18 Feb 2022 11:23:37 GMT
content-encoding: gzip
server: OXGW/17.1.0
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://rtb.gumgum.com/usersync?b=opx&i=b5cc8908-4534-49fb-829d-1dfac4f09197
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
via: 1.1 google

GET
H2

200

usersync
rtb.gumgum.com/ Frame 45D6
Redirect Chain

https://sync.srv.stackadapt.com/sync?nid=1&gdpr=0&gdpr_consent=
https://rtb.gumgum.com/usersync?b=sta&i=0-67657e12-2de9-4a1b-40da-fd12ed63c16b$ip$82.199.130.39

35 B
208 B

76ms
75ms

Image
image/gif

54.77.66.11
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.gumgum.com/usersync?b=sta&i=0-67657e12-2de9-4a1b-40da-fd12ed63c16b$ip$82.199.130.39
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: H2
Server: 54.77.66.11 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-77-66-11.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://g2.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 18 Feb 2022 11:23:37 GMT
server: nginx
content-type: image/gif;charset=UTF-8
cache-control: private, no-store, must-revalidate, max-age=0
timing-allow-origin: *
content-length: 35
expires: 0

Redirect headers

Location: https://rtb.gumgum.com/usersync?b=sta&i=0-67657e12-2de9-4a1b-40da-fd12ed63c16b$ip$82.199.130.39
Date: Fri, 18 Feb 2022 11:23:37 GMT
Connection: keep-alive
Content-Length: 122
Content-Type: text/html; charset=utf-8

GET
H2

200

usersync
rtb.gumgum.com/ Frame 45D6
Redirect Chain

https://pr-bh.ybp.yahoo.com/sync/gumgum?gdpr=0&gdpr_consent=
https://rtb.gumgum.com/usersync?b=oth&i=y-i27WuJ9E2pfVsstqZLm5K542cJaVvPXYQplN~A

35 B
208 B

116ms
79ms

Image
image/gif

54.77.66.11
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.gumgum.com/usersync?b=oth&i=y-i27WuJ9E2pfVsstqZLm5K542cJaVvPXYQplN~A
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: H2
Server: 54.77.66.11 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-77-66-11.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://g2.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 18 Feb 2022 11:23:37 GMT
server: nginx
content-type: image/gif;charset=UTF-8
cache-control: private, no-store, must-revalidate, max-age=0
timing-allow-origin: *
content-length: 35
expires: 0

Redirect headers

date: Fri, 18 Feb 2022 11:23:37 GMT
referrer-policy: strict-origin-when-cross-origin
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=31536000
location: https://rtb.gumgum.com/usersync?b=oth&i=y-i27WuJ9E2pfVsstqZLm5K542cJaVvPXYQplN~A
x-xss-protection: 1; mode=block
content-length: 0
x-content-type-options: nosniff

GET
H2

200

usersync
rtb.gumgum.com/ Frame 45D6
Redirect Chain

https://sync.ipredictive.com/d/sync/cookie/generic?partner=gumgum&cspid=9&append=1&cb=${ADELPHIC_CACHE_BUSTER}&gdpr=0&gdpr_consent=&us_privacy=1---&redirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%...
https://rtb.gumgum.com/usersync?b=vnt&i=378bbfa7-90ad-11ec-bbd0-abe8a0c4b996

35 B
208 B

77ms
76ms

Image
image/gif

54.77.66.11
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.gumgum.com/usersync?b=vnt&i=378bbfa7-90ad-11ec-bbd0-abe8a0c4b996
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: H2
Server: 54.77.66.11 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-77-66-11.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://g2.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 18 Feb 2022 11:23:37 GMT
server: nginx
content-type: image/gif;charset=UTF-8
cache-control: private, no-store, must-revalidate, max-age=0
timing-allow-origin: *
content-length: 35
expires: 0

Redirect headers

Location: https://rtb.gumgum.com/usersync?b=vnt&i=378bbfa7-90ad-11ec-bbd0-abe8a0c4b996
Date: Fri, 18 Feb 2022 11:23:37 GMT
Server: Apache-Coyote/1.1
Connection: keep-alive
Content-Length: 0
X-CI-RTID: 378bbfa8-90ad-11ec-bbd0-abe8a0c4b996

GET
H2 204 services
sync.technoratimedia.com/ Frame 45D6 0
293 B 438ms
128ms Image
text/plain 150.136.156.92
ORACLE-BMC-31898

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.technoratimedia.com/services?srv=cs&pid=65&us_privacy=1---&cb=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dsnc%26i%3D%5BUSER_ID%5D
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 150.136.156.92 Ashburn, United States, ASN31898 (ORACLE-BMC-31898, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://g2.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 18 Feb 2022 11:23:37 GMT
via: 1.1 varnish
server: nginx
age: 0
access-control-allow-methods: POST,GET,HEAD,OPTIONS
x-varnish: 845704339
access-control-allow-origin: https://g2.gumgum.com/
access-control-allow-credentials: true

GET
H2 200 142
match.deepintent.com/usersync/ Frame 45D6 0
44 B 400ms
117ms Image
text/plain 169.197.150.8
DEEPINTENT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.deepintent.com/usersync/142
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 169.197.150.8 , United States, ASN398989 (DEEPINTENT, US),
Reverse DNS: g.deepintent.com
Software: b /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://g2.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 18 Feb 2022 11:23:36 GMT
content-length: 0
server: b

GET
H2

200

usersync
rtb.gumgum.com/ Frame 45D6
Redirect Chain

https://b1sync.zemanta.com/usersync/gumgum/?puid=e_28da2368-5d0f-4bb6-a3e6-e06424e1efbd&gdpr=0&gdpr_consent=&us_privacy=1---
https://stags.bluekai.com/site/23178?id=xxsjDtX6LtV9ha5UvKgj&redir=https%3A%2F%2Fb1sync.zemanta.com%2Fusersync%2Fbluekai%2Fcallback%2F%3Fd%3DNB2HI4DTHIXS64TUMIXGO5LNM52W2LTDN5WS65LTMVZHG6LOMM7WEPL2...
https://b1sync.zemanta.com/usersync/bluekai/callback/?d=NB2HI4DTHIXS64TUMIXGO5LNM52W2LTDN5WS65LTMVZHG6LOMM7WEPL2MVWSMZLYMNUGC3THMU6WO5LNM52W2JTHMRYHEPJQEZUT26DYONVEI5CYGZGHIVRZNBQTKVLWJNTWUJTVONPXA...
https://rtb.gumgum.com/usersync?b=zem&gdpr=0&i=xxsjDtX6LtV9ha5UvKgj&us_privacy=1---

35 B
208 B

79ms
78ms

Image
image/gif

54.77.66.11
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.gumgum.com/usersync?b=zem&gdpr=0&i=xxsjDtX6LtV9ha5UvKgj&us_privacy=1---
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: H2
Server: 54.77.66.11 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-77-66-11.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://g2.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 18 Feb 2022 11:23:37 GMT
server: nginx
content-type: image/gif;charset=UTF-8
cache-control: private, no-store, must-revalidate, max-age=0
timing-allow-origin: *
content-length: 35
expires: 0

Redirect headers

Pragma: no-cache
Date: Fri, 18 Feb 2022 11:23:37 GMT
P3p: CP="We do not support P3P header."
Location: https://rtb.gumgum.com/usersync?b=zem&gdpr=0&i=xxsjDtX6LtV9ha5UvKgj&us_privacy=1---
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=utf-8
Content-Length: 118
Expires: Thu, 01 Dec 1994 16:00:00 GMT

GET
H2

200

usersync
rtb.gumgum.com/ Frame 45D6
Redirect Chain

https://ad.360yield.com/server_match?partner_id=N&r=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Didi%26i%3D%7BPUB_USER_ID%7D
https://ad.360yield.com/ul_cb/server_match?partner_id=N&r=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Didi%26i%3D%7BPUB_USER_ID%7D
https://rtb.gumgum.com/usersync?b=idi&i=fe3ba700-583c-4ee9-9916-91caa5e8f51c

35 B
208 B

76ms
76ms

Image
image/gif

54.77.66.11
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.gumgum.com/usersync?b=idi&i=fe3ba700-583c-4ee9-9916-91caa5e8f51c
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: H2
Server: 54.77.66.11 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-77-66-11.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://g2.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 18 Feb 2022 11:23:37 GMT
server: nginx
content-type: image/gif;charset=UTF-8
cache-control: private, no-store, must-revalidate, max-age=0
timing-allow-origin: *
content-length: 35
expires: 0

Redirect headers

location: https://rtb.gumgum.com/usersync?b=idi&i=fe3ba700-583c-4ee9-9916-91caa5e8f51c
date: Fri, 18 Feb 2022 11:23:37 GMT
access-control-allow-origin: *
content-type: text/plain
content-length: 0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

GET
H2

200

RX-0e137beb-11ac-4db2-afe2-840f62072fba-003
sync.targeting.unrulymedia.com/csync/ Frame 45D6
Redirect Chain

https://sync.1rx.io/usersync2/floor6&gdpr=0&gdpr_consent=
https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=5881651182
https://sync.1rx.io/usersync/tradedesk/5237a546-8536-4403-b4ff-984b6912ae90
https://sync.targeting.unrulymedia.com/csync/RX-0e137beb-11ac-4db2-afe2-840f62072fba-003

43 B
395 B

62ms
62ms

Image
image/gif

213.19.147.44
RHYTHMONE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.targeting.unrulymedia.com/csync/RX-0e137beb-11ac-4db2-afe2-840f62072fba-003
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: H2
Server: 213.19.147.44 , United Kingdom, ASN26120 (RHYTHMONE, US),
Reverse DNS
Software: Tengine /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://g2.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 18 Feb 2022 11:23:37 GMT
server: Tengine
content-length: 43
p3p: CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"

Redirect headers

location: https://sync.targeting.unrulymedia.com/csync/RX-0e137beb-11ac-4db2-afe2-840f62072fba-003
pragma: no-cache
date: Fri, 18 Feb 2022 11:23:37 GMT
cache-control: no-store, no-cache, must-revalidate
server: Tengine
content-type: text/html
expires: 0

GET
H2

200

usersync
rtb.gumgum.com/ Frame 45D6
Redirect Chain

https://bh.contextweb.com/bh/rtset?pid=558355&ev=1&rurl=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dpln%26i%3D%25%25VGUID%25%25
https://rtb.gumgum.com/usersync?b=pln&i=Yx40W4TasdrK&ev=1&pid=558355

35 B
208 B

77ms
76ms

Image
image/gif

54.77.66.11
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.gumgum.com/usersync?b=pln&i=Yx40W4TasdrK&ev=1&pid=558355
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: H2
Server: 54.77.66.11 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-77-66-11.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://g2.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 18 Feb 2022 11:23:37 GMT
server: nginx
content-type: image/gif;charset=UTF-8
cache-control: private, no-store, must-revalidate, max-age=0
timing-allow-origin: *
content-length: 35
expires: 0

Redirect headers

strict-transport-security: max-age=15768000
server: Jetty(9.4.14.v20181114)
p3p: policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
content-language: en-GB
location: https://rtb.gumgum.com/usersync?b=pln&i=Yx40W4TasdrK&ev=1&pid=558355
cache-control: private, max-age=0, no-cache, no-store
cw-server: bh-deployment-56659f45bd-25ttk
expires: -1

GET
H/1.1 200
OK sync
ssbsync.smartadserver.com/api/ Frame 45D6 0
75 B 59ms
51ms Image
text/plain 185.86.138.120
SMARTADSERVER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ssbsync.smartadserver.com/api/sync?callerId=15
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.138.120 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://g2.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 18 Feb 2022 11:23:37 GMT
content-length: 0

GET
H2 200 sync
ads.servenobid.com/ Frame 45D6 0
357 B 63ms
56ms Image
image/avif 34.253.111.207
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.servenobid.com/sync?pid=309&uid=e_28da2368-5d0f-4bb6-a3e6-e06424e1efbd
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.253.111.207 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-253-111-207.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://g2.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 18 Feb 2022 11:23:37 GMT
amp-access-control-allow-source-origin: *
content-type: image/avif;charset=ISO-8859-1
access-control-allow-origin: *
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 0

GET
H2

200

usersync Show response
rtb.gumgum.com/ Frame 86AB
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=71&gdpr=0&gdpr_consent=&redir=https%3a%2f%2frtb.gumgum.com%2fusersync%3fb%3dmmh%26i%3d%5bMM_UUID%5d
https://rtb.gumgum.com/usersync?b=mmh&i=4913620f-81b6-4700-989d-2aa87d99eb45&gdpr=0&gdpr_consent=

35 B
208 B

95ms
76ms

Document
image/gif

54.77.66.11
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb.gumgum.com/usersync?b=mmh&i=4913620f-81b6-4700-989d-2aa87d99eb45&gdpr=0&gdpr_consent=
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.77.66.11 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-77-66-11.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://g2.gumgum.com/

Response headers

date: Fri, 18 Feb 2022 11:23:37 GMT
content-type: image/gif;charset=UTF-8
content-length: 35
server: nginx
cache-control: private, no-store, must-revalidate, max-age=0
expires: 0
pragma: no-cache
timing-allow-origin: *

Redirect headers

Date: Fri, 18 Feb 2022 11:23:37 GMT
Content-Type: image/gif
Content-Length: 0
Connection: keep-alive
Keep-Alive: timeout=360
Access-Control-Allow-Origin: *
Server: MT3 4133 baa842e master zrh-pixel-x15 config:1.0.0
Cache-Control: no-cache
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://rtb.gumgum.com/usersync?b=mmh&i=4913620f-81b6-4700-989d-2aa87d99eb45&gdpr=0&gdpr_consent=
Expires: Fri, 18 Feb 2022 11:23:36 GMT

GET
H2

200

usersync Show response
rtb.gumgum.com/ Frame 77BA
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/URnmbSKM?redir=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Datm%26i%3D%24%7BTM_USER_ID%7D&gdpr=0&gdpr_consent=
https://rtb.gumgum.com/usersync?b=atm&i=Yg_BsgAAAIGs2QQz&gdpr=0&gdpr_consent=

35 B
208 B

115ms
78ms

Document
image/gif

54.77.66.11
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb.gumgum.com/usersync?b=atm&i=Yg_BsgAAAIGs2QQz&gdpr=0&gdpr_consent=
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.77.66.11 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-77-66-11.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://g2.gumgum.com/

Response headers

date: Fri, 18 Feb 2022 11:23:37 GMT
content-type: image/gif;charset=UTF-8
content-length: 35
server: nginx
cache-control: private, no-store, must-revalidate, max-age=0
expires: 0
pragma: no-cache
timing-allow-origin: *

Redirect headers

server: Varnish
retry-after: 0
location: https://rtb.gumgum.com/usersync?b=atm&i=Yg_BsgAAAIGs2QQz&gdpr=0&gdpr_consent=
accept-ranges: bytes
date: Fri, 18 Feb 2022 11:23:37 GMT
via: 1.1 varnish
x-served-by: cache-hhn4036-HHN
x-cache: HIT
x-cache-hits: 0
x-timer: S1645183417.155414,VS0,VE0
cache-control: no-cache
pragma: no-cache
content-length: 0

GET
H3 200 pixel Show response
cm.g.doubleclick.net/ Frame D5F1 170 B
188 B 85ms
82ms Document
image/png 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=gumgum_dbm&google_hm=ZV8yOGRhMjM2OC01ZDBmLTRiYjYtYTNlNi1lMDY0MjRlMWVmYmQ=&gdpr=0&gdpr_consent=

Requested by

Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://g2.gumgum.com/

Response headers

content-type: image/png
date: Fri, 18 Feb 2022 11:23:37 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
server: HTTP server (unknown)
content-length: 170
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame 0217 15 KB
6 KB 65ms
63ms Document
text/html 2.21.141.175
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=0&gdprConsent=
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.21.141.175 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-21-141-175.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://g2.gumgum.com/

Response headers

last-modified: Tue, 01 Feb 2022 06:38:00 GMT
etag: "1300708-3de4-5d6ef246ef4cf"
server: Apache/2.2.15 (CentOS)
accept-ranges: bytes
content-encoding: gzip
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 5549
content-type: text/html; charset=UTF-8
cache-control: max-age=86796
expires: Sat, 19 Feb 2022 11:30:13 GMT
date: Fri, 18 Feb 2022 11:23:37 GMT
vary: Accept-Encoding

GET
H2 204 /
ssc-cms.33across.com/ps/ Frame F567 0
0 257ms
128ms Document
text/plain 67.202.105.24
STEADFAST

General

Check archive.org

Show headers Download Go to

Full URL: https://ssc-cms.33across.com/ps/?m=xch&rt=html&id=0013300001r0t9mAAA&ru=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dtta%26i%3D33XUSERID33X
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.202.105.24 , United States, ASN32748 (STEADFAST, US),
Reverse DNS: ip24.67-202-105.static.steadfastdns.net
Software: 33XP004 /
Resource Hash

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://g2.gumgum.com/

Response headers

x-33x-status: 2000208
server: 33XP004
date: Fri, 18 Feb 2022 11:23:36 GMT

GET
H2

200

usersync Show response
rtb.gumgum.com/ Frame 7095
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=gumgum&ttd_tpi=1&gdpr=0&gdpr_consent=
https://rtb.gumgum.com/usersync?b=ttd&i=5237a546-8536-4403-b4ff-984b6912ae90&t=1647775417

35 B
208 B

111ms
74ms

Document
image/gif

54.77.66.11
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb.gumgum.com/usersync?b=ttd&i=5237a546-8536-4403-b4ff-984b6912ae90&t=1647775417
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.77.66.11 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-77-66-11.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://g2.gumgum.com/

Response headers

date: Fri, 18 Feb 2022 11:23:37 GMT
content-type: image/gif;charset=UTF-8
content-length: 35
server: nginx
cache-control: private, no-store, must-revalidate, max-age=0
expires: 0
pragma: no-cache
timing-allow-origin: *

Redirect headers

date: Fri, 18 Feb 2022 11:23:37 GMT
content-type: text/html
content-length: 209
location: https://rtb.gumgum.com/usersync?b=ttd&i=5237a546-8536-4403-b4ff-984b6912ae90&t=1647775417
cache-control: private,no-cache, must-revalidate
pragma: no-cache
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H/1.1

200
OK

usync.html Show response
eus.rubiconproject.com/ Frame F1D8
Redirect Chain

https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=gumgum
https://eus.rubiconproject.com/usync.html?p=gumgum

281 B
554 B

76ms
61ms

Document
text/html

104.92.74.8
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html?p=gumgum
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.92.74.8 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-92-74-8.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://g2.gumgum.com/

Response headers

Server: Apache/2.2.15 (CentOS)
Last-Modified: Tue, 14 Dec 2021 23:07:59 GMT
ETag: "402b2-119-5d32342a551c0"
Accept-Ranges: bytes
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Fri, 18 Feb 2022 11:23:37 GMT
Connection: keep-alive
Vary: Accept-Encoding

Redirect headers

server: AkamaiGHost
content-length: 0
location: https://eus.rubiconproject.com/usync.html?p=gumgum
date: Fri, 18 Feb 2022 11:23:37 GMT
access-control-allow-credentials: true
access-control-allow-origin: *

GET
H2 204 um
cs.emxdgt.com/ Frame 4586 0
0 247ms
62ms Document
text/html 18.195.155.181
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cs.emxdgt.com/um?redirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Demx%26i%3D%24UID
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.195.155.181 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-155-181.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://g2.gumgum.com/

Response headers

content-type: text/html
date: Fri, 18 Feb 2022 11:23:37 GMT
content-length: 0

GET
H2

200

usersync Show response
rtb.gumgum.com/ Frame 36B9
Redirect Chain

https://tg.socdm.com/aux/idsync?proto=gumgum
https://rtb.gumgum.com/usersync?b=sus&i=Yg.BucCo5ssAADv9ebUAAAAA

35 B
208 B

76ms
75ms

Document
image/gif

54.77.66.11
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb.gumgum.com/usersync?b=sus&i=Yg.BucCo5ssAADv9ebUAAAAA
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.77.66.11 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-77-66-11.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://g2.gumgum.com/

Response headers

date: Fri, 18 Feb 2022 11:23:38 GMT
content-type: image/gif;charset=UTF-8
content-length: 35
server: nginx
cache-control: private, no-store, must-revalidate, max-age=0
expires: 0
pragma: no-cache
timing-allow-origin: *

Redirect headers

Server: nginx
Date: Fri, 18 Feb 2022 11:23:37 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: private
Location: https://rtb.gumgum.com/usersync?b=sus&i=Yg.BucCo5ssAADv9ebUAAAAA
P3P: CP="See also http://www.scaleout.jp/privacy/"
X-SO-Ads-Time: 1
X-SO-HostName: a-ad40355.dc2p.scaleout.jp
X-SO-LB-Hostname: a-tgng40007.dc2p.scaleout.jp
X-SO-LB-Data: {"ban":false,"clean_query":"\/aux\/idsync?proto=gumgum","cluster_id":39,"gdpr":true,"ipv4":"0.0.0.0","key":"Yg.BucCo5ssAADv9ebUAAAAA","privacy_sensitive":true,"uid":"","upstream_id":"a-ad40355"}
X-SO-Key: Yg.BucCo5ssAADv9ebUAAAAA
X-SO-IP: 82.199.130.39
X-SO-Cluster-ID: 39
X-SO-Upstream-ID: a-ad40355

GET
H2

200

usersync Show response
rtb.gumgum.com/ Frame 6414
Redirect Chain

https://creativecdn.com/cm-notify?pi=gumgum
https://creativecdn.com/cm-notify?pi=gumgum&tc=1
https://rtb.gumgum.com/usersync?b=rth&i=d0ni14mX7zVrowXRBqJJ&pi=gumgum&tc=1

35 B
208 B

82ms
76ms

Document
image/gif

54.77.66.11
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb.gumgum.com/usersync?b=rth&i=d0ni14mX7zVrowXRBqJJ&pi=gumgum&tc=1
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.77.66.11 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-77-66-11.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://g2.gumgum.com/

Response headers

date: Fri, 18 Feb 2022 11:23:37 GMT
content-type: image/gif;charset=UTF-8
content-length: 35
server: nginx
cache-control: private, no-store, must-revalidate, max-age=0
expires: 0
pragma: no-cache
timing-allow-origin: *

Redirect headers

date: Fri, 18 Feb 2022 11:23:37 GMT Fri, 18 Feb 2022 11:23:37 GMT
location: https://rtb.gumgum.com/usersync?b=rth&i=d0ni14mX7zVrowXRBqJJ&pi=gumgum&tc=1
cache-control: no-cache, no-store, must-revalidate, private, max-age=0
pragma: no-cache
expires: Thu, 01 Jan 1970 00:00:00 GMT
content-length: 0

GET
H2 200 usync.js Show response
eus.rubiconproject.com/ Frame 2A06 33 KB
10 KB 57ms
56ms Script
text/html 104.92.74.8
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=17632&endpoint=us-east
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.92.74.8 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-92-74-8.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: 6f1424816e4caaa13b40a557235e6793eb119f067176f610c048b564e2cf80ed

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://eus.rubiconproject.com/usync.html?p=17632&endpoint=us-east
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 18 Feb 2022 11:23:37 GMT
content-encoding: gzip
last-modified: Wed, 16 Feb 2022 22:21:11 GMT
server: Apache/2.2.15 (CentOS)
x-powered-by: PHP/5.3.3
vary: Accept-Encoding
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
cache-control: max-age=9058
content-type: text/html; charset=UTF-8
content-length: 9757
expires: Fri, 18 Feb 2022 13:54:35 GMT

GET
H2 200 usync.js Show response
eus.rubiconproject.com/ Frame F1D8 33 KB
10 KB 57ms
57ms Script
text/html 104.92.74.8
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=gumgum
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.92.74.8 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-92-74-8.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: 6f1424816e4caaa13b40a557235e6793eb119f067176f610c048b564e2cf80ed

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://eus.rubiconproject.com/usync.html?p=gumgum
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 18 Feb 2022 11:23:37 GMT
content-encoding: gzip
last-modified: Wed, 16 Feb 2022 22:21:11 GMT
server: Apache/2.2.15 (CentOS)
x-powered-by: PHP/5.3.3
vary: Accept-Encoding
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
cache-control: max-age=9058
content-type: text/html; charset=UTF-8
content-length: 9757
expires: Fri, 18 Feb 2022 13:54:35 GMT

GET
H2 200 sync
ads.servenobid.com/ Frame BAEB 0
344 B 56ms
55ms Image
image/avif 34.253.111.207
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.servenobid.com/sync?pid=317&uid=3013619419057261512&gdpr=0&gdpr_consent=
Requested by: Host: ssbsync.smartadserver.com
URL: https://ssbsync.smartadserver.com/api/sync?callerId=9&gdpr=0&gdpr_consent=&us_privacy=1YN-&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D317%26uid%3D%24UID
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.253.111.207 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-253-111-207.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://ssbsync.smartadserver.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 18 Feb 2022 11:23:37 GMT
amp-access-control-allow-source-origin: *
content-type: image/avif;charset=ISO-8859-1
access-control-allow-origin: *
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 0

GET
H/1.1

200
OK

/
rtb-csync.smartadserver.com/redir/ Frame BAEB
Redirect Chain

https://dsp.adfarm1.adition.com/cookie/?ssp=5&gdpr=0&gdpr_consent=
https://rtb-csync.smartadserver.com/redir/?partnerid=49&partneruserid=7066008971948259475&gdpr=0&gdpr_consent=

43 B
428 B

78ms
51ms

Image
image/gif

185.86.137.131
SMARTADSERVER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb-csync.smartadserver.com/redir/?partnerid=49&partneruserid=7066008971948259475&gdpr=0&gdpr_consent=
Requested by: Host: ssbsync.smartadserver.com
URL: https://ssbsync.smartadserver.com/api/sync?callerId=9&gdpr=0&gdpr_consent=&us_privacy=1YN-&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D317%26uid%3D%24UID
Protocol: HTTP/1.1
Server: 185.86.137.131 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: 89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://ssbsync.smartadserver.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 18 Feb 2022 11:23:37 GMT
cache-control: no-cache,no-store
content-type: image/gif
transfer-encoding: chunked
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"

Redirect headers

Location: https://rtb-csync.smartadserver.com/redir/?partnerid=49&partneruserid=7066008971948259475&gdpr=0&gdpr_consent=
Date: Fri, 18 Feb 2022 11:23:37 GMT
Server: nginx
Connection: keep-alive
Transfer-Encoding: chunked
p3p: policyref="http://imagesrv.adition.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"

GET
H/1.1

200
OK

/
rtb-csync.smartadserver.com/redir/ Frame BAEB
Redirect Chain

https://b1sync.zemanta.com/usersync/smart/?cb=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D116%26partneruserid%3D__ZUID__&gdpr=0&gdpr_consent=
https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=116&partneruserid=xxsjDtX6LtV9ha5UvKgj&gdpr=0

43 B
410 B

85ms
49ms

Image
image/gif

185.86.137.131
SMARTADSERVER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=116&partneruserid=xxsjDtX6LtV9ha5UvKgj&gdpr=0
Requested by: Host: ssbsync.smartadserver.com
URL: https://ssbsync.smartadserver.com/api/sync?callerId=9&gdpr=0&gdpr_consent=&us_privacy=1YN-&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D317%26uid%3D%24UID
Protocol: HTTP/1.1
Server: 185.86.137.131 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: 89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://ssbsync.smartadserver.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 18 Feb 2022 11:23:37 GMT
cache-control: no-cache,no-store
content-type: image/gif
transfer-encoding: chunked
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"

Redirect headers

Location: https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=116&partneruserid=xxsjDtX6LtV9ha5UvKgj&gdpr=0
Pragma: no-cache
Date: Fri, 18 Feb 2022 11:23:37 GMT
Cache-Control: no-cache, no-store, must-revalidate
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Content-Length: 140
Content-Type: text/html; charset=utf-8

GET
H/1.1

200
OK

/
rtb-csync.smartadserver.com/redir/ Frame BAEB
Redirect Chain

https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=76&partneruserid=GOOGLE_HOSTED_SI&redirurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dsmartrtb_dbm%26google_cm%26google_sc...
https://cm.g.doubleclick.net/pixel?google_nid=smartrtb_dbm&google_cm&google_sc&google_hm=MzAxMzYxOTQxOTA1NzI2MTUxMg==&gdpr=0&gdpr_consent=
https://rtb-csync.smartadserver.com/redir/?partnerid=76&partneruserid=CAESEH-tlXcVYL5QJGzucF2aAYI&gdpr=0&gdpr_consent=&google_cver=1

43 B
441 B

50ms
49ms

Image
image/gif

185.86.137.131
SMARTADSERVER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb-csync.smartadserver.com/redir/?partnerid=76&partneruserid=CAESEH-tlXcVYL5QJGzucF2aAYI&gdpr=0&gdpr_consent=&google_cver=1
Requested by: Host: ssbsync.smartadserver.com
URL: https://ssbsync.smartadserver.com/api/sync?callerId=9&gdpr=0&gdpr_consent=&us_privacy=1YN-&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D317%26uid%3D%24UID
Protocol: HTTP/1.1
Server: 185.86.137.131 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: 89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://ssbsync.smartadserver.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 18 Feb 2022 11:23:36 GMT
cache-control: no-cache,no-store
content-type: image/gif
transfer-encoding: chunked
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"

Redirect headers

pragma: no-cache
date: Fri, 18 Feb 2022 11:23:37 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://rtb-csync.smartadserver.com/redir/?partnerid=76&partneruserid=CAESEH-tlXcVYL5QJGzucF2aAYI&gdpr=0&gdpr_consent=&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 345
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200 9.gif
id5-sync.com/i/102/ Frame BAEB 43 B
1009 B 197ms
71ms Image
image/gif 141.95.3.10
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://id5-sync.com/i/102/9.gif?gdpr=0&gdpr_consent=

Requested by

Host: ssbsync.smartadserver.com
URL: https://ssbsync.smartadserver.com/api/sync?callerId=9&gdpr=0&gdpr_consent=&us_privacy=1YN-&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D317%26uid%3D%24UID

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

141.95.3.10 , France, ASN16276 (OVH, FR),

Reverse DNS

p31.id5-sync.com

Software

Resource Hash

a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://ssbsync.smartadserver.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Fri, 18 Feb 2022 11:23:37 GMT
Transfer-Encoding: chunked
Content-Type: image/gif;charset=UTF-8
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
P3P: CP="CAO PSA OUR"

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame 58FB 0
731 B 83ms
82ms Script
text/html 185.33.221.53
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.53 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

718.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 18 Feb 2022 11:23:37 GMT
X-Proxy-Origin: 82.199.130.39; 82.199.130.39; 718.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 40309661-678e-4b8f-a72e-3db2e5694ef2
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 204
No Content sync.php
pixel-us-east.rubiconproject.com/exchange/ Frame 2A06 0
239 B 564ms
129ms Image
image/gif 69.173.151.100
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel-us-east.rubiconproject.com/exchange/sync.php?p=17632&khaos=KZSBQ3TS-L-HJO5
Requested by: Host: serverbid-sync.nyc3.cdn.digitaloceanspaces.com
URL: https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/ss/2000891.html
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 69.173.151.100 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: 19ea072139d67f7022c6e463249c998e
Content-Type: image/gif

GET
H/1.1 204
No Content sync.php
pixel.rubiconproject.com/exchange/ Frame F1D8 0
239 B 57ms
56ms Image
image/gif 69.173.144.138
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/exchange/sync.php?p=gumgum&khaos=KZSBQ3TS-L-HJO5
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 69.173.144.138 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: de8527bfa1ccfd6c1590da0d3b6cff52
Content-Type: image/gif

POST
H3 204 avw.gif Show response
c.4dex.io/ 0
16 B 62ms
61ms XHR
text/plain 34.95.81.22
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://c.4dex.io/avw.gif?adu_code=div-gpt-ad-6794670-2&evt=vsbl_actvw&pv_id=79e71219-5e1e-483e-a965-6cd359b6ca85&adu_el_id=div-gpt-ad-6794670-2&v=1&tz_off=0&js_late=1&js_ts=1645183412539&size=970x250&pbjs_sizes=728x90%2C970x250%2C970x90&is_pbjs_size=1&is_iab_size=1&msrbl=1&adu_exp=5846&pg_durat=8212&pg_paused=0&pg_exp=8212&vsbl=1&adsrv_vsbl=1&adsrv_att_delta=1846&clk_time=&reset=0&adsrv_adu_exp=3843&navs_ts=1645183408725&trgr_ts=1645183413981&init_ts=1645183413982&start_ts=1645183413983&reset_ts=&vsbl_ts=1645183416202&adsrv_vsbl_ts=1645183417318&auct_id=d5023f56-c9e0-4ead-b23c-62a7e2adad09&featv=_&pg_dims=1600x7512&vp_dims=1600x1200&u_ts=1645183412&dom_l=659&pn=1&adu_pos=800x8&dvc=2&os=windows&brwsr=chrome&url=https%3A%2F%2Fthreatpost.com%2Fandroid-malware-flytrap-facebook%2F168463%2F&sess_lngth=1&avg_sess_lngth=1&sess_cnt=1&rfr_fqdn=&prv_pgtyp=null&cat=&env=desktop&org_id=1094&pgtyp=&plcmt=ThreatPost-970x250-ATF&site=threatpost&subcat=&adsrv=dfp&adsrv_advrt_id=5024569374&adsrv_cmpgn_id=2910902386&adsrv_crea_id=&adsrv_empty=0&adsrv_lnitem_id=&adsrv_size=970x250&adgjsv=1.13.16
Requested by: Host: threatpost.com
URL: https://threatpost.com/android-malware-flytrap-facebook/168463/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.95.81.22 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 22.81.95.34.bc.googleusercontent.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 18 Feb 2022 11:23:38 GMT
via: 1.1 google
server: nginx
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: -1

POST
H3 204 avw.gif Show response
c.4dex.io/ 0
16 B 62ms
62ms XHR
text/plain 34.95.81.22
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://c.4dex.io/avw.gif?adu_code=div-gpt-ad-6794670-2&evt=exp_chg&pv_id=79e71219-5e1e-483e-a965-6cd359b6ca85&adu_el_id=div-gpt-ad-6794670-2&v=2&tz_off=0&js_late=1&js_ts=1645183412539&size=970x250&pbjs_sizes=728x90%2C970x250%2C970x90&is_pbjs_size=1&is_iab_size=1&msrbl=1&adu_exp=6746&pg_durat=9096&pg_paused=0&pg_exp=9096&vsbl=1&adsrv_vsbl=1&adsrv_att_delta=1846&clk_time=&reset=0&adsrv_adu_exp=4743&navs_ts=1645183408725&trgr_ts=1645183413981&init_ts=1645183413982&start_ts=1645183413983&reset_ts=&vsbl_ts=1645183416202&adsrv_vsbl_ts=1645183417318&auct_id=d5023f56-c9e0-4ead-b23c-62a7e2adad09&featv=_&pg_dims=1600x7512&vp_dims=1600x1200&u_ts=1645183412&dom_l=659&pn=1&adu_pos=800x8&dvc=2&os=windows&brwsr=chrome&url=https%3A%2F%2Fthreatpost.com%2Fandroid-malware-flytrap-facebook%2F168463%2F&sess_lngth=1&avg_sess_lngth=1&sess_cnt=1&rfr_fqdn=&prv_pgtyp=null&cat=&env=desktop&org_id=1094&pgtyp=&plcmt=ThreatPost-970x250-ATF&site=threatpost&subcat=&adsrv=dfp&adsrv_advrt_id=5024569374&adsrv_cmpgn_id=2910902386&adsrv_crea_id=&adsrv_empty=0&adsrv_lnitem_id=&adsrv_size=970x250&adgjsv=1.13.16
Requested by: Host: threatpost.com
URL: https://threatpost.com/android-malware-flytrap-facebook/168463/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.95.81.22 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 22.81.95.34.bc.googleusercontent.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 18 Feb 2022 11:23:39 GMT
via: 1.1 google
server: nginx
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: -1

POST
H3 204 avw.gif Show response
c.4dex.io/ 0
16 B 66ms
66ms XHR
text/plain 34.95.81.22
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://c.4dex.io/avw.gif?adu_code=div-gpt-ad-6794670-3&evt=exp_chg&pv_id=79e71219-5e1e-483e-a965-6cd359b6ca85&adu_el_id=div-gpt-ad-6794670-3&v=1&tz_off=0&js_late=1&js_ts=1645183412539&size=300x250&pbjs_sizes=300x250%2C336x280&is_pbjs_size=1&is_iab_size=1&msrbl=1&adu_exp=6523&pg_durat=9166&pg_paused=0&pg_exp=9166&vsbl=1&adsrv_vsbl=1&adsrv_att_delta=1523&clk_time=&reset=0&adsrv_adu_exp=4934&navs_ts=1645183408725&trgr_ts=1645183414402&init_ts=1645183414402&start_ts=1645183414402&reset_ts=&vsbl_ts=1645183416272&adsrv_vsbl_ts=1645183417288&auct_id=d5023f56-c9e0-4ead-b23c-62a7e2adad09&featv=_&pg_dims=1600x7512&vp_dims=1600x1200&u_ts=1645183412&dom_l=659&pn=1&adu_pos=1232x166&dvc=2&os=windows&brwsr=chrome&url=https%3A%2F%2Fthreatpost.com%2Fandroid-malware-flytrap-facebook%2F168463%2F&sess_lngth=1&avg_sess_lngth=1&sess_cnt=1&rfr_fqdn=&prv_pgtyp=null&cat=&env=desktop&org_id=1094&pgtyp=&plcmt=ThreatPost-300x250-ATF&site=threatpost&subcat=&adsrv=dfp&adsrv_advrt_id=5024569374&adsrv_cmpgn_id=2910902386&adsrv_crea_id=&adsrv_empty=0&adsrv_lnitem_id=&adsrv_size=300x250&adgjsv=1.13.16
Requested by: Host: threatpost.com
URL: https://threatpost.com/android-malware-flytrap-facebook/168463/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.95.81.22 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 22.81.95.34.bc.googleusercontent.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 18 Feb 2022 11:23:39 GMT
via: 1.1 google
server: nginx
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: -1

GET
H2 200 bid Show response
c.amazon-adsystem.com/e/dtb/ 23 B
493 B 95ms
95ms XHR
text/javascript 108.156.255.177
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fthreatpost.com%2Fandroid-malware-flytrap-facebook%2F168463%2F&pid=FEIuJx6RvqmwN&cb=2&ws=1600x1200&v=7.73.0&t=2000&slots=%5B%7B%22id%22%3A%22Amazon_400x225%22%2C%22mt%22%3A%22v%22%7D%5D&cfgv=1&pubid=cb8cfc89-e83e-44aa-a3a2-ff78eda781ef&gdpre=0&gdprl=%7B%22status%22%3A%22tcfv2-success%22%7D

Requested by

Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.156.255.177 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-156-255-177.dus51.r.cloudfront.net

Software

Server /

Resource Hash

5d7c7d25a0da74c0dd466120c3c09bd94cb982fc66ebc4a78675339f37323bf5

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 18 Feb 2022 11:23:40 GMT
via: 1.1 7ef588f1ad9c3a185cdaf4119943040e.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: DUS51-P2
x-amz-rid: ZJ447AZN8XD8E8DTXVNX
vary: Accept-Encoding,User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://threatpost.com
access-control-allow-credentials: true
permissions-policy: interest-cohort=()
strict-transport-security: max-age=47474747; includeSubDomains; preload
timing-allow-origin: *
content-length: 23
x-amz-cf-id: OJnDPgUNjCCARSoIHc3pPvVWXEAe0ndyvE3fvmi3NHRVP0TiaiRfZQ==

GET
H3 200 avjp Show response
teachingaids-d.openx.net/v/1.0/ Frame 68C5 106 B
127 B 74ms
72ms XHR
application/json 34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://teachingaids-d.openx.net/v/1.0/avjp?ju=https%3A%2F%2Fthreatpost.com%2Fandroid-malware-flytrap-facebook%2F168463%2F&ch=UTF-8&res=1600x1200x24&ifr=true&tz=0&tws=1600x1200&be=1&bc=hb_pb_3.0.3&dddid=2a2d8910-6a62-4d3a-a0cd-8b72c92e3e14&nocache=1645183423347&gdpr=0&criteoid=VGNUtV92WDhSVDhmZWlORTNFTmxXdkM4U2lQMExqQzBETGM5b3o2d0VJRzhkNWhPdnZ4MklmWWtYelBDQXJ6ZGhPa2ljQVo2Q2hud1dMUHJuJTJGbSUyRjNIVm1TYWclM0QlM0Q&pubcid=915d1221-c4a6-4e5a-bf30-c5ff6887a32c&schain=1.0%2C1!admetricspro.com%2C1005%2C1%2Ce1a2e0c2-3482-43b3-8411-2b63a494060a%2C%2C&openrtb=%7B%22imp%22%3A%5B%7B%22video%22%3A%7B%22w%22%3A400%2C%22h%22%3A225%2C%22skippable%22%3Atrue%2C%22mimes%22%3A%5B%22video%2Fmp4%22%2C%22video%2Fwebm%22%2C%22application%2Fjavascript%22%2C%22video%2Fogg%22%2C%22video%2Fmpeg%22%5D%2C%22protocols%22%3A%5B5%2C2%2C3%2C6%5D%2C%22linearity%22%3A1%2C%22api%22%3A%5B1%2C2%5D%2C%22maxduration%22%3A180%7D%7D%5D%7D&auid=540882778&vwd=400&vht=225&aumfs=250
Requested by: Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.7.0.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/17.1.0 /
Resource Hash: 730fa1f3e8b3c4a223c4e69f4a27e690a4552f96ab97dba05b943dff44967658

Request headers

Referer: https://threatpost.com/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 18 Feb 2022 11:23:41 GMT
via: 1.1 google
server: OXGW/17.1.0
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: https://threatpost.com
cache-control: private, max-age=0, no-cache
access-control-allow-credentials: true
content-type: application/json
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 106
expires: Mon, 26 Jul 1997 05:00:00 GMT

POST
H2 204 mvo Show response
tag.1rx.io/rmp/233148/0/ Frame 68C5 0
170 B 188ms
65ms XHR
text/plain 213.19.147.42
RHYTHMONE

General

Check archive.org

Show headers Download Go to

Full URL: https://tag.1rx.io/rmp/233148/0/mvo?z=1r&hbv=6.7,2.1
Requested by: Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.7.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 213.19.147.42 , United Kingdom, ASN26120 (RHYTHMONE, US),
Reverse DNS
Software: Tengine /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://threatpost.com/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://threatpost.com
pragma: no-cache
date: Fri, 18 Feb 2022 11:23:41 GMT
cache-control: private, max-age=0, no-cache, no-store
access-control-allow-credentials: true
server: Tengine

POST
H2 204 mvo Show response
tag.1rx.io/rmp/216475/0/ Frame 68C5 0
170 B 180ms
63ms XHR
text/plain 213.19.147.42
RHYTHMONE

General

Check archive.org

Show headers Download Go to

Full URL: https://tag.1rx.io/rmp/216475/0/mvo?z=1r&hbv=6.7,2.1
Requested by: Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.7.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 213.19.147.42 , United Kingdom, ASN26120 (RHYTHMONE, US),
Reverse DNS
Software: Tengine /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://threatpost.com/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://threatpost.com
pragma: no-cache
date: Fri, 18 Feb 2022 11:23:41 GMT
cache-control: private, max-age=0, no-cache, no-store
access-control-allow-credentials: true
server: Tengine

POST
H2 204 mvo Show response
tag.1rx.io/rmp/233098/0/ Frame 68C5 0
170 B 190ms
76ms XHR
text/plain 213.19.147.42
RHYTHMONE

General

Check archive.org

Show headers Download Go to

Full URL: https://tag.1rx.io/rmp/233098/0/mvo?z=1r&hbv=6.7,2.1
Requested by: Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.7.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 213.19.147.42 , United Kingdom, ASN26120 (RHYTHMONE, US),
Reverse DNS
Software: Tengine /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://threatpost.com/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://threatpost.com
pragma: no-cache
date: Fri, 18 Feb 2022 11:23:41 GMT
cache-control: private, max-age=0, no-cache, no-store
access-control-allow-credentials: true
server: Tengine

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ Frame 68C5 0
59 B 274ms
274ms XHR
text/plain 204.237.133.116
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.7.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 204.237.133.116 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://threatpost.com/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://threatpost.com
date: Fri, 18 Feb 2022 11:23:40 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true

POST
H2 204 mvo Show response
tag.1rx.io/rmp/216476/0/ Frame 68C5 0
170 B 169ms
64ms XHR
text/plain 213.19.147.42
RHYTHMONE

General

Check archive.org

Show headers Download Go to

Full URL: https://tag.1rx.io/rmp/216476/0/mvo?z=1r&hbv=6.7,2.1
Requested by: Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.7.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 213.19.147.42 , United Kingdom, ASN26120 (RHYTHMONE, US),
Reverse DNS
Software: Tengine /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://threatpost.com/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://threatpost.com
pragma: no-cache
date: Fri, 18 Feb 2022 11:23:41 GMT
cache-control: private, max-age=0, no-cache, no-store
access-control-allow-credentials: true
server: Tengine

GET
H2 206 0.mp4 Show response
vid.connatix.com/pid-c2ecd04f-0dca-4ffa-8761-d93b34717380/60764267-557e-410f-85cb-f102d92ee134/a68ca1a1-aa27-4dcc-9ed9-88f2fea28b34/6a7ad34f-0b4a-4b3d-a65d-c0631672856c_/ Frame 2762 591 KB
591 KB 57ms
56ms XHR
video/mp4 151.101.66.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://vid.connatix.com/pid-c2ecd04f-0dca-4ffa-8761-d93b34717380/60764267-557e-410f-85cb-f102d92ee134/a68ca1a1-aa27-4dcc-9ed9-88f2fea28b34/6a7ad34f-0b4a-4b3d-a65d-c0631672856c_/0.mp4
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.66.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: f6f0900eef565283696a8c6218c9f798cced7463c5712a25a7bbabb9fd047c65

Request headers

Referer
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Range: bytes=1275592-1880335

Response headers

date: Fri, 18 Feb 2022 11:23:41 GMT
last-modified: Wed, 17 Feb 2021 09:31:14 GMT
age: 84112
etag: "9b4bd981758ebb758de186da8db48106"
access-control-max-age: 86400
content-type: video/mp4
Content-Range: bytes 1275592-1880335/5937558
cache-control: public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges: bytes
access-control-allow-origin: *
Content-Length: 604744

POST
H3 204 avw.gif Show response
c.4dex.io/ 0
16 B 68ms
68ms XHR
text/plain 34.95.81.22
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://c.4dex.io/avw.gif?adu_code=div-gpt-ad-6794670-2&evt=exp_chg&pv_id=79e71219-5e1e-483e-a965-6cd359b6ca85&adu_el_id=div-gpt-ad-6794670-2&v=3&tz_off=0&js_late=1&js_ts=1645183412539&size=970x250&pbjs_sizes=728x90%2C970x250%2C970x90&is_pbjs_size=1&is_iab_size=1&msrbl=1&adu_exp=11796&pg_durat=14128&pg_paused=0&pg_exp=14128&vsbl=1&adsrv_vsbl=1&adsrv_att_delta=1846&clk_time=&reset=0&adsrv_adu_exp=9793&navs_ts=1645183408725&trgr_ts=1645183413981&init_ts=1645183413982&start_ts=1645183413983&reset_ts=&vsbl_ts=1645183416202&adsrv_vsbl_ts=1645183417318&auct_id=d5023f56-c9e0-4ead-b23c-62a7e2adad09&featv=_&pg_dims=1600x7512&vp_dims=1600x1200&u_ts=1645183412&dom_l=659&pn=1&adu_pos=800x8&dvc=2&os=windows&brwsr=chrome&url=https%3A%2F%2Fthreatpost.com%2Fandroid-malware-flytrap-facebook%2F168463%2F&sess_lngth=1&avg_sess_lngth=1&sess_cnt=1&rfr_fqdn=&prv_pgtyp=null&cat=&env=desktop&org_id=1094&pgtyp=&plcmt=ThreatPost-970x250-ATF&site=threatpost&subcat=&adsrv=dfp&adsrv_advrt_id=5024569374&adsrv_cmpgn_id=2910902386&adsrv_crea_id=&adsrv_empty=0&adsrv_lnitem_id=&adsrv_size=970x250&adgjsv=1.13.16
Requested by: Host: threatpost.com
URL: https://threatpost.com/android-malware-flytrap-facebook/168463/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.95.81.22 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 22.81.95.34.bc.googleusercontent.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 18 Feb 2022 11:23:44 GMT
via: 1.1 google
server: nginx
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: -1

POST
H3 204 avw.gif Show response
c.4dex.io/ 0
16 B 73ms
72ms XHR
text/plain 34.95.81.22
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://c.4dex.io/avw.gif?adu_code=div-gpt-ad-6794670-3&evt=exp_chg&pv_id=79e71219-5e1e-483e-a965-6cd359b6ca85&adu_el_id=div-gpt-ad-6794670-3&v=2&tz_off=0&js_late=1&js_ts=1645183412539&size=300x250&pbjs_sizes=300x250%2C336x280&is_pbjs_size=1&is_iab_size=1&msrbl=1&adu_exp=11573&pg_durat=14197&pg_paused=0&pg_exp=14197&vsbl=1&adsrv_vsbl=1&adsrv_att_delta=1523&clk_time=&reset=0&adsrv_adu_exp=9984&navs_ts=1645183408725&trgr_ts=1645183414402&init_ts=1645183414402&start_ts=1645183414402&reset_ts=&vsbl_ts=1645183416272&adsrv_vsbl_ts=1645183417288&auct_id=d5023f56-c9e0-4ead-b23c-62a7e2adad09&featv=_&pg_dims=1600x7512&vp_dims=1600x1200&u_ts=1645183412&dom_l=659&pn=1&adu_pos=1232x166&dvc=2&os=windows&brwsr=chrome&url=https%3A%2F%2Fthreatpost.com%2Fandroid-malware-flytrap-facebook%2F168463%2F&sess_lngth=1&avg_sess_lngth=1&sess_cnt=1&rfr_fqdn=&prv_pgtyp=null&cat=&env=desktop&org_id=1094&pgtyp=&plcmt=ThreatPost-300x250-ATF&site=threatpost&subcat=&adsrv=dfp&adsrv_advrt_id=5024569374&adsrv_cmpgn_id=2910902386&adsrv_crea_id=&adsrv_empty=0&adsrv_lnitem_id=&adsrv_size=300x250&adgjsv=1.13.16
Requested by: Host: threatpost.com
URL: https://threatpost.com/android-malware-flytrap-facebook/168463/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.95.81.22 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 22.81.95.34.bc.googleusercontent.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 18 Feb 2022 11:23:44 GMT
via: 1.1 google
server: nginx
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: -1

POST
H/1.1 200
OK st Show response
capi.connatix.com/tr/ Frame 2762 0
315 B 130ms
129ms XHR
application/x-protobuf 18.191.54.29
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://capi.connatix.com/tr/st?v=151003
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.191.54.29 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-191-54-29.us-east-2.compute.amazonaws.com
Software: Kestrel /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: multipart/form-data

Response headers

date: Fri, 18 Feb 2022 11:23:44 GMT
content-encoding: gzip
server: Kestrel
vary: Accept-Encoding
content-type: application/x-protobuf
access-control-allow-origin: https://threatpost.com
access-control-allow-credentials: true
Connection: keep-alive
Content-Length: 20

POST
H/1.1 200
OK abt Show response
capi.connatix.com/tr/ Frame 2762 0
315 B 130ms
129ms XHR
application/x-protobuf 18.191.54.29
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://capi.connatix.com/tr/abt?v=151003
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.191.54.29 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-191-54-29.us-east-2.compute.amazonaws.com
Software: Kestrel /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: multipart/form-data

Response headers

date: Fri, 18 Feb 2022 11:23:44 GMT
content-encoding: gzip
server: Kestrel
vary: Accept-Encoding
content-type: application/x-protobuf
access-control-allow-origin: https://threatpost.com
access-control-allow-credentials: true
Connection: keep-alive
Content-Length: 20

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 56ms
55ms Image
image/gif 2a00:1450:4001:811::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j96&a=1196432768&t=event&ni=0&_s=1&dl=https%3A%2F%2Fthreatpost.com%2Fandroid-malware-flytrap-facebook%2F168463%2F&dp=%2Fandroid-malware-flytrap-facebook%2F168463%2F&ul=en-us&de=UTF-8&dt=Android%20Malware%20%E2%80%98FlyTrap%E2%80%99%20Hijacks%20Facebook%20Accounts%20%7C%20Threatpost&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=Timer&ea=15sec&_u=aHDAAEABAAAAAC~&jid=&gjid=&cid=810955728.1645183412&uid=03632348524271944892590416654143285768&tid=UA-63997723-2&_gid=931004234.1645183412&gtm=2wg2g0WZ7LJ3&z=553159939

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 18 Feb 2022 00:25:36 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 39489
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: sync.go.sonobi.com
URL: https://sync.go.sonobi.com/usa?loc=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D332%26uid%3D

Domain: sync.go.sonobi.com
URL: https://sync.go.sonobi.com/usa?https://e.serverbid.com/udb/9969/sync/i.gif?partnerId=38&userId=

Domain: sync.go.sonobi.com
URL: https://sync.go.sonobi.com/us.gif?nw=co&nuid=ue1-sb1-f64f7a7c-8db9-47f5-bd76-fa89c84799f0

Verdicts & Comments Add Verdict or Comment

414 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

122 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.3lift.com/sync	1970-01-20 03:09:19	Name: sync Value: CgoIgQIQ7PHK5PAvCgoI4gEQ7PHK5PAvCgoI5gEQ7PHK5PAvCgoIhwIQ7PHK5PAvCgkICRDs8crk8C8KCQg6EOzxyuTwLwoJCAsQ7PHK5PAvCgoIjAIQ7PHK5PAvCgoIngIQ7PHK5PAvCgkIXxDs8crk8C8=
.mrtnsvr.com/sync	1970-01-20 09:46:45	Name: userId Value: s3eipnqfM
i.liadm.com/s	1970-01-20 01:42:55	Name: _li_ss Value: MgkI_____wcQzxE
.threatpost.com/	1970-01-20 00:59:45	Name: _cs_mk Value: 0.21025337788300247_1645183411823
threatpost.com/	1970-01-20 01:42:55	Name: _pbjs_userid_consent_data Value: 6683316680106290
.demdex.net/	1970-01-20 05:18:55	Name: demdex Value: 08153247148641684833290415637164377170
.threatpost.com/	1969-12-31 23:59:59	Name: AMCVS_983502BE532960BE0A490D4C%40AdobeOrg Value: 1
.threatpost.com/	1970-01-20 01:01:09	Name: _gid Value: GA1.2.931004234.1645183412
.threatpost.com/	1970-01-20 00:59:43	Name: _gat_UA-35676203-21 Value: 1
.lijit.com/	1970-01-20 09:45:19	Name: ljtrtb Value: eJyrrgUAAXUA%2BQ%3D%3D
.lijit.com/	1970-01-20 09:45:19	Name: ljt_reader Value: 574b49d7cf97c21c0479308a
.everesttech.net/	1970-01-20 09:45:19	Name: everest_g_v2 Value: g_surferid~Yg_BsgAAAIGs2QQz
e.serverbid.com/	1970-01-20 09:45:19	Name: azk Value: ue1-sb1-f64f7a7c-8db9-47f5-bd76-fa89c84799f0
.rubiconproject.com/	1970-01-20 09:45:19	Name: khaos Value: KZSBQ3TS-L-HJO5
.rubiconproject.com/	1970-01-20 09:45:19	Name: audit Value: 1\|naVuGyos1qqAA/PrpKGdsa2qEsFCZ0ctSdOhPT1GMTlgQkuuSU/3aNBPPUSnkQKSazGDAnZkjgciW6Q58jarRAvAG15loFpV9ffqWu8FjBY=
.threatpost.com/	1970-01-20 05:18:55	Name: _pubcid Value: 915d1221-c4a6-4e5a-bf30-c5ff6887a32c
.adnxs.com/	1970-01-20 03:09:19	Name: icu Value: ChgIzLJhEAoYASABKAEwsoO-kAY4AUABSAEQsoO-kAYYAA..
.adnxs.com/	1970-01-20 03:09:19	Name: uuid2 Value: 1909263020753827595
.openx.net/	1970-01-20 09:45:19	Name: i Value: 915d1221-c4a6-4e5a-bf30-c5ff6887a32c\|1645183410
.dpm.demdex.net/	1970-01-20 05:18:55	Name: dpm Value: 08153247148641684833290415637164377170
prebid.a-mo.net/	1970-01-20 09:45:19	Name: __amc Value: 1_1645183410_1645183410
.threatpost.com/	1970-01-20 18:30:55	Name: AMCV_983502BE532960BE0A490D4C%40AdobeOrg Value: 1585540135%7CMCIDTS%7C19042%7CMCMID%7C03632348524271944892590416654143285768%7CMCAAMLH-1645788212%7C6%7CMCAAMB-1645788212%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1645190612s%7CNONE%7CMCAID%7CNONE%7CMCSYNCSOP%7C411-19049%7CvVersion%7C4.4.0
.t.co/	1970-01-20 18:30:55	Name: muc_ads Value: e4ede020-47d8-4ced-8cbe-de9ffaa6b085
.quantserve.com/	1970-01-20 10:29:57	Name: mc Value: 620f81b2-c4f8a-e2879-0be35
.twitter.com/	1970-01-20 18:30:55	Name: personalization_id Value: "v1_JuY8ps53w45v2zryOwDZPQ=="
.threatpost.com/	1970-01-20 10:24:12	Name: __qca Value: P0-865686960-1645183412607
threatpost.com/	1970-01-20 09:45:19	Name: usprivacy Value: 1---
.threatpost.com/	1970-01-20 00:59:43	Name: _gat_UA-63997723-2 Value: 1
threatpost.com/	1970-01-21 00:59:43	Name: CookieConsent Value: {stamp:1938129066=='\|Cnecessary:true\|Cpreferences:true\|Cstatistics:true\|Cmarketing:true\|Cver:1\|Cutc:858623835\|Cregion:'not_gdpr'}
.threatpost.com/	1970-01-20 03:09:19	Name: _gcl_au Value: 1.1.723368599.1645183413
.threatpost.com/	1970-01-20 18:30:55	Name: _ga_YP1JLG57CH Value: GS1.1.1645183413.1.0.1645183413.0
.threatpost.com/	1970-01-20 18:30:55	Name: _ga Value: GA1.1.810955728.1645183412
.threatpost.com/	1969-12-31 23:59:59	Name: s_cc Value: true
.linkedin.com/	1970-01-20 01:42:55	Name: UserMatchHistory Value: AQIo-t1ZlcZXZQAAAX8MkqYRSm3ZT7IdaRnzFRmIFJIX6oxmYOOx7WaRkqVeg1pWHPh_67WaVQKRJg
.linkedin.com/	1970-01-20 01:42:55	Name: AnalyticsSyncHistory Value: AQJ6DmyPLe0D7wAAAX8MkqYRKH-MazLjGlMkL59Wm4pXA-8NhvvwqGmxBJ4v11HQeCFQ3_0QSLi9qrB8B9Yasg
.ads.linkedin.com/	1969-12-31 23:59:59	Name: lang Value: v=2&lang=en-us
.linkedin.com/	1970-01-20 18:31:37	Name: bcookie Value: "v=2&506d9cfb-1aa4-4431-84f1-cd6a993483ef"
.threatpost.com/	1970-01-20 10:21:19	Name: __gads Value: ID=94ea9399d2055ccb-22eb660747cd006f:T=1645183411:S=ALNI_MYopUCIyvKLez8FWbp-b3FOyB7sTw
.linkedin.com/	1969-12-31 23:59:59	Name: lang Value: v=2&lang=en-us
.www.linkedin.com/	1970-01-20 18:31:37	Name: bscookie Value: "v=1&20220218112331c0f4055c-ac02-4fc3-8897-49d801212e4eAQHGFCOPw_ftEwP_ntk5ROjqzVk3FMaq"
.linkedin.com/	1970-01-20 18:17:03	Name: li_gc Value: MTswOzE2NDUxODM0MTE7MjswMjHBmOSaGERCK9OcGgmUk6sSxg+bUH9ln/egKSyCattaJw==
.doubleclick.net/	1970-01-20 18:30:55	Name: IDE Value: AHWqTUlVloi54Oqf3wdflbZKq04gyTMzz-OaHskB2Rmjb1A-oaKiTTUSxjjdktXMoPI
.linkedin.com/	1970-01-20 01:01:09	Name: lidc Value: "b=VGST04:s=V:r=V:a=V:p=V:g=2548:u=1:x=1:i=1645183412:t=1645269812:v=2:sig=AQHsRAvmkAAUdqeky8Z30w3eTTzD0H9d"
.doubleclick.net/	1970-01-20 00:59:47	Name: DSID Value: NO_DATA
.adsrvr.org/	1970-01-20 09:45:19	Name: TDID Value: 5237a546-8536-4403-b4ff-984b6912ae90
.advertising.com/	1970-01-20 09:46:45	Name: APID Value: UP359805b7-90ad-11ec-ae57-0654adbd93ae
.casalemedia.com/	1970-01-20 03:09:19	Name: CMPS Value: 1840
.adform.net/	1970-01-20 01:40:02	Name: C Value: 1
.casalemedia.com/	1970-01-20 03:09:19	Name: CMPRO Value: 211
.adform.net/	1970-01-20 02:26:07	Name: uid Value: 3214093212461078255
.yahoo.com/	1970-01-20 09:45:41	Name: A3 Value: d=AQABBLaBD2ICEBUXBuGcYVM_ulJZSAWYJBUFEgEBAQHTEGIZYgAAAAAA_eMAAA&S=AQAAAvaNZWsx7DEEGIZOLoHaA8E
.mathtag.com/	1970-01-20 10:25:38	Name: uuid Value: 4913620f-81b6-4700-989d-2aa87d99eb45
.quantserve.com/	1970-01-20 03:09:19	Name: d Value: EBgBEwG8JYqsMK67gQA
.casalemedia.com/	1970-01-20 09:45:19	Name: CMID Value: Yg.Btm2geTWNEjXPGDdxGQAA
.simpli.fi/	1970-01-20 09:46:45	Name: suid Value: 4462E57145164A1B8ED79F5C093B4DC7
.threatpost.com/	1970-01-20 10:21:19	Name: cto_bundle Value: m0yv2F9vNndlNk1vS1JqSVJSaU8lMkI5ZHpHMzIlMkJucFROSld0QkJxSmhaSUlwckRqVHRhJTJGNEpMNzJackJoeEFEeHNRYndDRFllWmZRNXFJOFc0eUpFVDcyVmFjNllxJTJGNTFIUnlxSyUyRlp0YkZMMzdlZEdvcm1nMWVzd3VUJTJGbjJoZU5lUmdzaQ
.threatpost.com/	1970-01-20 10:21:19	Name: cto_bidid Value: VGNUtV92WDhSVDhmZWlORTNFTmxXdkM4U2lQMExqQzBETGM5b3o2d0VJRzhkNWhPdnZ4MklmWWtYelBDQXJ6ZGhPa2ljQVo2Q2hud1dMUHJuJTJGbSUyRjNIVm1TYWclM0QlM0Q
.w55c.net/	1970-01-20 10:25:38	Name: wfivefivec Value: ljuiJqpp1Nl1mn5
.rfihub.com/	1970-01-20 10:21:19	Name: rud Value: H4sIAAAAAAAAAOMSNjU0NjExNTUxMjAxMDG3tDAyNxLiM9R1d3KNMMsud4p3LEmX4jU0MzE1tDA2MTQ1MjEDAPjStMo0AAAA
.rfihub.com/	1969-12-31 23:59:59	Name: ruds Value: H4sIAAAAAAAAAOMSNjU0NjExNTUxMjAxMDG3tDAyNxLiM9R1d3KNMMsud4p3LEkHAK1mXUYlAAAA
.w55c.net/	1970-01-20 01:42:55	Name: matchcasale Value: 5
.eqads.com/	1970-01-20 03:07:53	Name: EQUser Value: UID=0784961f-155b-4613-a490-0fddf48b3f81
.openx.net/	1970-01-20 01:21:19	Name: pd Value: v2\|1645183414.2\|kiiygevNgun0.gqsLommOnsgi
.w55c.net/	1970-01-20 01:42:55	Name: matchopenx Value: 5
.3lift.com/	1970-01-20 03:09:19	Name: tluid Value: 1478144662877614645485
.turn.com/	1970-01-20 05:18:55	Name: uid Value: 4083493531649227031
.bidr.io/	1970-01-20 10:28:13	Name: bito Value: AAEbMU7EHwMAAHY0mKGBRg
.bidr.io/	1970-01-20 10:28:13	Name: bitoIsSecure Value: ok
.bing.com/	1970-01-20 10:21:19	Name: MUID Value: 3A6B6ED7CB7C6AEE1C377F98CAF76B16
.rfihub.com/	1970-01-20 10:21:19	Name: eud Value: H4sIAAAAAAAAAPvFyGtoZmJqaGFsYmhqZGJ2ShzBN7MwsgQA4Rt-syAAAAA
.a-mo.net/	1970-01-20 09:45:19	Name: amuid2 Value: a6e9f0dd-4f14-45d7-87e2-c8ad66c5c361
.mathtag.com/	1970-01-20 01:42:55	Name: mt_mop Value: 9:1645183416
.servenobid.com/	1970-01-20 01:09:48	Name: pid_324 Value: 5134455420404798272
.servenobid.com/	1970-01-20 01:09:48	Name: pid_337 Value: y-STBQWuJE2uH2L9J_BiiSONFeGJH4eREv18lrxtc-~A
.servenobid.com/	1970-01-20 01:09:48	Name: pid_312 Value: 1909263020753827595
.servenobid.com/	1970-01-20 01:09:48	Name: pid_333 Value: Yg-Btm2geTWNEjXPGDdxGQAAANMAAAAB
.bidswitch.net/	1970-01-20 09:45:19	Name: tuuid Value: d4e8f76e-a84d-46fd-9470-9fe19a023459
.bidswitch.net/	1970-01-20 09:45:19	Name: c Value: 1645183416
.lijit.com/	1970-01-20 09:45:19	Name: _ljtrtb_273657 Value: 273657
.servenobid.com/	1970-01-20 01:09:48	Name: pid_327 Value: a6e9f0dd-4f14-45d7-87e2-c8ad66c5c361
beacon.lynx.cognitivlabs.com/	1970-01-20 09:45:19	Name: UID Value: da89cb42-7be6-4e21-810d-373f8d3b745a
beacon.lynx.cognitivlabs.com/	1970-01-20 09:45:19	Name: ss Value: E4ypG5xdIuqlsTB08FnFxsOIxJoJ1s0KqXpklPfIeroT6hAXxBM%2BrNZLkCk%2FH4vLdyX2Z0IJFBhyUaBAMtuxTQ%3D%3D
.gumgum.com/	1970-01-20 09:45:19	Name: vst Value: e_28da2368-5d0f-4bb6-a3e6-e06424e1efbd
.bidswitch.net/	1970-01-20 09:45:19	Name: tuuid_lu Value: 1645183417
.servenobid.com/	1970-01-20 01:09:48	Name: pid_310 Value: 574b49d7cf97c21c0479308a
.analytics.yahoo.com/	1970-01-20 09:45:19	Name: IDSYNC Value: "1776~23az:187s~23az:196n~23az:17ot~23az"
.casalemedia.com/	1970-01-20 01:01:09	Name: CMST Value: Yg+BtmIPgbkA
.go.sonobi.com/	1969-12-31 23:59:59	Name: HAPLB5G Value: s578\|Yg+Bv
.servenobid.com/	1970-01-20 01:09:48	Name: pid_309 Value: e_28da2368-5d0f-4bb6-a3e6-e06424e1efbd
.brand-display.com/	1970-01-20 18:30:55	Name: _knxq_ Value: 246dbb63-14f5-4810-26af8e97.1645183417.0.1645183417.1645183417
.postrelease.com/	1970-01-20 09:45:19	Name: opt_out Value: 1
.1rx.io/	1970-01-20 09:45:19	Name: _rxuuid Value: %7B%22rx_uuid%22%3A%22RX-0e137beb-11ac-4db2-afe2-840f62072fba-003%22%7D
.zemanta.com/	1970-01-20 09:45:19	Name: zuid Value: xxsjDtX6LtV9ha5UvKgj
.adsrvr.org/	1970-01-20 09:45:19	Name: TDCPM Value: CAEYASABKAIyCwiq9cTp-ra5OhAFOAFaC2FkY29uZHVjdG9yYAI.
.smartadserver.com/	1970-01-20 10:29:57	Name: pid Value: 3013619419057261512
.creativecdn.com/	1970-01-20 09:45:19	Name: u Value: d0ni14mX7zVrowXRBqJJ
.creativecdn.com/	1970-01-20 09:45:19	Name: ts Value: 1645183417
.servenobid.com/	1970-01-20 01:09:48	Name: pid_317 Value: 3013619419057261512
.creative-serving.com/	1970-01-20 10:21:19	Name: tuuid Value: 4b34a6c7-fbab-4492-968f-470d650e9ff7
.creative-serving.com/	1970-01-20 10:21:19	Name: c Value: 1645183417
.creative-serving.com/	1970-01-20 10:21:19	Name: tuuid_lu Value: 1645183417
.360yield.com/	1970-01-20 03:09:19	Name: tuuid Value: fe3ba700-583c-4ee9-9916-91caa5e8f51c
.360yield.com/	1970-01-20 03:09:19	Name: tuuid_lu Value: 1645183417
.targeting.unrulymedia.com/	1970-01-20 09:45:19	Name: _rxuuid Value: %7B%22rx_uuid%22%3A%22RX-0e137beb-11ac-4db2-afe2-840f62072fba-003%22%7D
.adfarm1.adition.com/	1970-01-20 03:09:19	Name: UserID1 Value: 7066008971948259475
.id5-sync.com/	1970-01-20 00:59:43	Name: cf Value:
.id5-sync.com/	1970-01-20 00:59:43	Name: cip Value:
.id5-sync.com/	1970-01-20 00:59:43	Name: cnac Value:
.id5-sync.com/	1970-01-20 00:59:43	Name: car Value:
.id5-sync.com/	1970-01-20 00:59:43	Name: gdpr Value:
.id5-sync.com/	1970-01-20 00:59:43	Name: callback Value:
bh.contextweb.com/	1969-12-31 23:59:59	Name: INGRESSCOOKIE Value: 4e037e36e59a0641
.technoratimedia.com/	1970-01-21 20:47:43	Name: tads_uid Value: GDPR
.servenobid.com/	1970-01-20 01:09:48	Name: pid_321 Value: RX-0e137beb-11ac-4db2-afe2-840f62072fba-003
.smartadserver.com/	1970-01-20 10:25:38	Name: csync Value: 76:CAESEH-tlXcVYL5QJGzucF2aAYI\|116:xxsjDtX6LtV9ha5UvKgj
.casalemedia.com/	1970-01-20 09:45:19	Name: CMRUM3 Value: e6620f81b62760&40620f81b92760no-consent&2e620f81b805a0&2f620f81b72760ljuiJqpp1Nl1mn5&bf620f81b92760246dbb63-14f5-4810-26af8e97&5a620f81b605a0&49620f81b605a0&08620f81b805a00&28620f81b727600784961f-155b-4613-a490-0fddf48b3f81&be620f81b805a0&27620f81b80b40&6f620f81b805a0&33620f81b805a0&0d620f81b805a0&51620f81b82760D60-QwGubBcU_DpDAf4jQAunORwUr2xACqoU5OeV&f1620f81b605a0&ce620f81b805a0&41620f81b805a0&2d620f81b72760CAESEDYmpHoJatiZ7wWXOyZrN8g&82620f81b8a8c0&58620f81b805a0&04620f81b805a0&03620f81b72760d89e620f-81b6-4800-98f1-89cc01062d5d&bc620f81b805a00
.outbrain.com/	1970-01-20 03:09:19	Name: obuid Value: 46620c08-474f-4656-8431-490e0ccdb834
.ipredictive.com/	1970-01-20 09:45:19	Name: cu Value: 378bbfa7-90ad-11ec-bbd0-abe8a0c4b996\|1645183417729
sync.srv.stackadapt.com/	1970-01-20 09:45:19	Name: sa-user-id Value: s%3A0-67657e12-2de9-4a1b-40da-fd12ed63c16b.viS8EvYdiwT8XReK53RMht7AiJX8P%2Bb2SE5pA7MTHSY
.srv.stackadapt.com/	1970-01-20 09:45:19	Name: sa-user-id-v2 Value: s%3AZ2V-Ei3pShtA2v0S7WPBa1LHgic.1Rcf7lUFjzxoYlO1a2e%2BIhfgEctMkugrEiJHYfX6r9o
.liadm.com/	1970-01-20 18:30:55	Name: lidid Value: 50f6434c-7fa5-4b77-990c-ba94bd9149eb
.outbrain.com/	1970-01-20 01:42:55	Name: rtbhs Value: d0ni14mX7zVrowXRBqJJ

26 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	warning	URL: https://www.googletagmanager.com/gtag/js?id=DC-9582686(Line 40) Message: Unrecognized feature: 'attribution-reporting'.
other	warning	URL: https://cdn.ampproject.org/rtv/012202072236000/v0/amp-ad-exit-0.1.mjs Message: Unrecognized feature: 'attribution-reporting'.
javascript	warning	URL: https://threatpost.com/android-malware-flytrap-facebook/168463/ Message: The resource https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-500italic-webfont.woff2 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript	warning	URL: https://threatpost.com/android-malware-flytrap-facebook/168463/ Message: The resource https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-900-webfont.woff2 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript	warning	URL: https://threatpost.com/android-malware-flytrap-facebook/168463/ Message: The resource https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-100italic-webfont.woff2 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript	warning	URL: https://threatpost.com/android-malware-flytrap-facebook/168463/ Message: The resource https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-700-webfont.woff2 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript	warning	URL: https://threatpost.com/android-malware-flytrap-facebook/168463/ Message: The resource https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-700italic-webfont.woff2 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript	warning	URL: https://threatpost.com/android-malware-flytrap-facebook/168463/ Message: The resource https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-500-webfont.woff2 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript	warning	URL: https://threatpost.com/android-malware-flytrap-facebook/168463/ Message: The resource https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-100-webfont.woff2 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript	warning	URL: https://threatpost.com/android-malware-flytrap-facebook/168463/ Message: The resource https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-900italic-webfont.woff2 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript	warning	URL: https://threatpost.com/android-malware-flytrap-facebook/168463/ Message: The resource https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-300italic-webfont.woff2 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript	warning	URL: https://threatpost.com/android-malware-flytrap-facebook/168463/ Message: The resource https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-300-webfont.woff2 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
other	warning	URL: https://cdn.ampproject.org/rtv/012202072236000/v0/amp-ad-exit-0.1.mjs Message: Unrecognized feature: 'attribution-reporting'.
security	error	URL: https://qd.admetricspro.com/js/threatpost/uspcmp.js(Line 7) Message: Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://threatpost.com') does not match the recipient window's origin ('https://ads.pubmatic.com').
security	error	URL: https://qd.admetricspro.com/js/threatpost/uspcmp.js(Line 7) Message: Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://threatpost.com') does not match the recipient window's origin ('https://ads.pubmatic.com').
network	error	URL: https://secure.adnxs.com/getuid?https://dsum-sec.casalemedia.com/crum?cm_dsp_id=46&external_user_id=$UID&gdpr=1 Message: Failed to load resource: the server responded with a status of 400 (Request failed due to privacy signals)
security	error	URL: https://qd.admetricspro.com/js/threatpost/uspcmp.js(Line 7) Message: Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://threatpost.com') does not match the recipient window's origin ('https://ads.pubmatic.com').
security	error	URL: https://qd.admetricspro.com/js/threatpost/uspcmp.js(Line 7) Message: Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://threatpost.com') does not match the recipient window's origin ('https://eus.rubiconproject.com').
network	error	URL: https://ib.adnxs.com/getuid?https://dsum.casalemedia.com/crum?cm_dsp_id=190&external_user_id=$UID&gdpr=1 Message: Failed to load resource: the server responded with a status of 400 (Request failed due to privacy signals)
network	error	URL: https://secure.adnxs.com/getuid?https://dsum-sec.casalemedia.com/crum?cm_dsp_id=46&external_user_id=$UID&gdpr=1 Message: Failed to load resource: the server responded with a status of 400 (Request failed due to privacy signals)
network	error	URL: https://eb2.3lift.com/xuidmid=7976&xuid=s3eipnqfM&dongle=u6nf Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://c1.adform.net/serving/cookie/match?party=29&gdpr=1 Message: Failed to load resource: the server responded with a status of 403 ()
security	error	URL: https://qd.admetricspro.com/js/threatpost/uspcmp.js(Line 7) Message: Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://threatpost.com') does not match the recipient window's origin ('https://ads.pubmatic.com').
security	error	URL: https://qd.admetricspro.com/js/threatpost/uspcmp.js(Line 7) Message: Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://threatpost.com') does not match the recipient window's origin ('https://ads.pubmatic.com').
security	error	URL: https://qd.admetricspro.com/js/threatpost/uspcmp.js(Line 7) Message: Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://threatpost.com') does not match the recipient window's origin ('https://eus.rubiconproject.com').
security	error	URL: https://qd.admetricspro.com/js/threatpost/uspcmp.js(Line 7) Message: Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://threatpost.com') does not match the recipient window's origin ('https://eus.rubiconproject.com').

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

9582686.fls.doubleclick.net
acdn.adnxs.com
ad.360yield.com
ad.mrtnsvr.com
ad.turn.com
ads.adaptv.advertising.com
ads.creative-serving.com
ads.pubmatic.com
ads.servenobid.com
ads.yahoo.com
adservice.google.com
adservice.google.de
analytics.twitter.com
ap.lijit.com
assets.threatpost.com
b1sync.zemanta.com
beacon.lynx.cognitivlabs.com
bh.contextweb.com
bidswitch-eu.splicky.com
btlr.sharethrough.com
c.4dex.io
c.amazon-adsystem.com
c.bing.com
c1.adform.net
c2shb.ssp.yahoo.com
capi.connatix.com
casale-match.dotomi.com
cd.connatix.com
cdn.ampproject.org
cdn.id5-sync.com
cds.connatix.com
ce.lijit.com
cm.everesttech.net
cm.g.doubleclick.net
creativecdn.com
cs.emxdgt.com
dmp.brand-display.com
dpm.demdex.net
dsp.adfarm1.adition.com
dsum-sec.casalemedia.com
dsum.casalemedia.com
e.serverbid.com
eb2.3lift.com
eu-u.openx.net
eus.rubiconproject.com
fastlane.rubiconproject.com
fddb3c9496fcaf8b8a980280780c51e3.safeframe.googlesyndication.com
fonts.googleapis.com
fonts.gstatic.com
g2.gumgum.com
geo.ipify.org
gift-connect-d.openx.net
go.sonobi.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
gum.criteo.com
hbopenbid.pubmatic.com
htlb.casalemedia.com
i.liadm.com
i6.liadm.com
ib.adnxs.com
id5-sync.com
imasdk.googleapis.com
img.connatix.com
jadserve.postrelease.com
js-sec.indexww.com
kaspersky.d3.sc.omtrdc.net
kaspersky.demdex.net
kasperskycontenthub.com
lit.connatix.com
match.adsrvr.org
match.deepintent.com
match.prod.bidr.io
media.kaspersky.com
media.threatpost.com
mp.4dex.io
mug.criteo.com
onetag-sys.com
p.rfihub.com
pagead2.googlesyndication.com
pixel-sync.sitescout.com
pixel-us-east.rubiconproject.com
pixel.33across.com
pixel.advertising.com
pixel.quantserve.com
pixel.rubiconproject.com
pm.w55c.net
pr-bh.ybp.yahoo.com
prebid.a-mo.net
public.servenobid.com
px.ads.linkedin.com
px4.ads.linkedin.com
qd.admetricspro.com
rtb-csync.smartadserver.com
rtb.adentifi.com
rtb.gumgum.com
rtb.openx.net
rules.quantcount.com
s.amazon-adsystem.com
s0.2mdn.net
script.4dex.io
secure-assets.rubiconproject.com
secure.adnxs.com
secure.cdn.fastclick.net
secure.quantserve.com
securepubads.g.doubleclick.net
serverbid-sync.nyc3.cdn.digitaloceanspaces.com
snap.licdn.com
ssbsync.smartadserver.com
ssc-cms.33across.com
ssum-sec.casalemedia.com
stags.bluekai.com
static.ads-twitter.com
stats.g.doubleclick.net
sync-tm.everesttech.net
sync.1rx.io
sync.adotmob.com
sync.go.sonobi.com
sync.ipredictive.com
sync.mathtag.com
sync.outbrain.com
sync.serverbid.com
sync.srv.stackadapt.com
sync.targeting.unrulymedia.com
sync.technoratimedia.com
t.co
tag.1rx.io
tagan.adlightning.com
teachingaids-d.openx.net
tg.socdm.com
threatpost.com
tlx.3lift.com
token.rubiconproject.com
tpc.googlesyndication.com
u.openx.net
um.simpli.fi
um2.eqads.com
ups.analytics.yahoo.com
us-u.openx.net
vid.connatix.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
www.linkedin.com
x.bidswitch.net
sync.go.sonobi.com
104.244.42.195
104.244.42.5
104.89.31.187
104.90.192.27
104.92.74.8
108.156.255.177
108.157.4.43
108.174.10.24
13.36.218.177
141.95.3.10
142.250.185.162
142.250.185.66
142.250.186.134
142.250.74.194
147.75.38.124
15.197.193.217
150.136.156.92
151.101.12.157
151.101.193.108
151.101.194.137
151.101.66.137
151.101.66.49
157.90.167.185
169.197.150.8
169.50.137.184
178.128.135.80
178.162.133.148
178.250.2.146
18.157.232.7
18.191.54.29
18.192.161.141
18.192.29.118
18.193.253.133
18.195.155.181
18.196.175.109
184.31.84.150
185.183.112.148
185.184.8.65
185.29.132.245
185.33.221.53
185.86.137.131
185.86.138.120
193.0.160.129
198.148.27.140
2.21.141.175
2.21.141.232
2001:678:cb4:bbbb::11
202.241.208.56
204.237.133.116
205.185.216.42
213.19.147.42
213.19.147.44
216.52.2.19
2600:1f18:444a:4602:2c20:3113:5c28:1366
2600:9000:2204:8e00:0:5c46:4f40:93a1
2600:9000:2315:3a00:2:9275:3d40:93a1
2600:9000:2315:be00:6:44e3:f8c0:93a1
2602:803:c003:200::61
2606:4700:20::681a:9a9
2606:4700:3031::6815:456d
2606:4700::6812:272
2620:116:800d:21:f916:5049:f87f:108e
2620:1ec:21::14
2620:1ec:bdf::69
2620:1ec:c11::200
2a00:1288:80:807::2
2a00:1450:4001:800::2003
2a00:1450:4001:802::2001
2a00:1450:4001:803::2002
2a00:1450:4001:809::2001
2a00:1450:4001:809::2002
2a00:1450:4001:80e::2001
2a00:1450:4001:80f::2006
2a00:1450:4001:810::2002
2a00:1450:4001:810::2003
2a00:1450:4001:810::200a
2a00:1450:4001:811::200e
2a00:1450:4001:813::2008
2a00:1450:4001:828::2002
2a00:1450:4001:82b::2004
2a00:1450:4001:82b::200a
2a00:1450:4001:830::2003
2a00:1450:4001:831::2002
2a00:1450:400c:c0c::9b
2a02:2638:1::13
2a02:26f0:fb::5f65:58e0
2a02:fa8:8806:13::1400
2a05:d018:d29:3601:48c:2850:f91f:4df0
3.126.56.137
3.230.28.223
34.102.163.6
34.111.151.213
34.249.135.188
34.253.111.207
34.95.81.22
34.98.64.218
35.157.246.167
35.158.233.132
35.172.159.73
35.173.160.135
35.186.253.211
35.244.159.8
37.157.6.245
37.252.172.36
46.105.202.126
51.89.9.252
52.200.181.105
52.204.231.109
52.214.183.42
52.29.1.115
52.30.16.91
52.46.154.242
52.51.88.158
52.72.71.171
52.87.64.174
54.226.209.67
54.77.66.11
64.140.160.2
64.202.112.31
66.155.71.150
67.202.105.24
69.173.144.138
69.173.144.139
69.173.151.100
70.42.32.255
72.251.249.13
76.223.111.18
77.74.178.23
85.114.159.93
0055b9d0429e9c194b4aa6b5f49cbc2ec31a7220ee7c8c186a9ee951feabd482
01cbde0b7af9d24846e432af7a367d43542f5907c9fbd633c4abc7b2abc6b6f9
028779a4efd8cea0e6e45d0cf991eda01e8411d4a4720e0b3af92a9e522c0862
028d72fa8235aee5441587e7caeabfe643e910177332b5c1dc4017df6c38d899
038fc4d49a9191d416d49841f371b6e0b06bb40f719124099d40fe8f393b9e2c
03cc687f0c8a2d1694e509b91fcd6c62c0fbdbdbdb850b8007b8052f649c7f77
04e6fb814fccce3a0aecb83be0bc24665cf3e6a5e993f296471a63708f63e138
0531cbff4ff713c5c6957d065e9fb792b1d4026709882b65a30db6e8924e3f27
05978957c6c8b028f2785dc77271c286bfac76e30b7bcd7e835c2927fbe897cf
05a58707d25ec9885faf81f026410f37d3757c0689d56b7ec1fc8b2f9cffb9d1
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844
06fc565587b8b700936a1677218cb269a6cc31ca5f701eb45461e86a3d54d5c7
09f665e99087637ce66b927fa72f6035c3014a1e72fec17af988ecebd27424da
09fba596f1ba572cf4b3ceb9c1f3962d1b75bbb4a6d6d7707f1f93e2fe889aee
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0dd28e2ba4df409b619643afbbb1c6e8976aa1ddef9904f8570a8cf8b911f05e
0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9
105c4847c1ee303eb1bc8a23772f3dac937de5640893b05064fa11ef32a5d4d0
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
1532ef7bb6fb24671a019d2473dd3ce728b38424dce787d2b53df3ebf433348b
1791bf831c158912a11ca40bcf5f3573fc54ec8f8343c37780dab679c0203d63
17aee1fe3d7d16e647b97f568230c2ff36c1855ce35ce930c26aec5d2c58eaf4
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
19d68d8c9b0afec111ca934d319c454fe9d57234d8915b2d837e36d54410ddf7
1ae61ed61290f9bf2619f52667aafa622c805072c75765025f0b61a23862005f
1aeb3ee07f4b462935c5d8047ff038c8e279d75f9be1dcd0b848ba68223a3ee2
1d5a65e5129df0b4c89e73f205c6cb89cba0cd1d8e21a1512ca76b769634052d
1e5604302ed0aba3f3c3236428f33dea20764365b2b577876d5beb3bf1ed5a38
1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4
1ee8e0976dd2573237ad94a3e213715084ddec16b20e77c8e43de5e89f9ef052
1fd881c2cb205556cf1c8618e6211fd29c73c6079b19a2f394010b636a6afbd7
258ffeacbc4bcbdfc6667236a43d770a6236f18ff39700f37a4c64e92850d72a
293913879d30bab7499013e935009f5183facbddd63bfc9656a859622590b80b
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
2cef3a9d0606aecfe2476867e61f76535b9bb5b8e9d31957cc9504cdd1e69396
2d0744b54be7eab148245653f8fad2e4a0e8875b886bcacbb2c70741872eda55
2daa3e6def3ddccfe12952bab41eb6808d13f0a654e150e055a3ecd57d5f0d1a
2ddefcdc9f260c5ffeb93fed110fe9d929028226f9a2d8a4934ea52b546e9640
2de77164bb9924542e1dea4ee4a0ff27d40b51a3d7939dac7db11a95045c9b7d
2e8fa2037c41372ddc72ea1e08a477ba37998b54b5416b8cff0554fa5b865e27
332dd9d8872171a7ce122129c088ef587eb876ee04f178f5e62310dff3747514
33530b007071281a97e79baab13ddf7cc4b9de942ebd3e212224857335f7cb97
33d3d10db1f802de01a8c723eccd47d30168dc35dc2c2f83df435f7fd02515ac
34a08f0a216666bb9324df858aa864002949be3947ac98eac0178ba5cb456624
34ddb17fa5ce3277bc2c28f8baf901a219c50a7808feee12fe23f2a2a69961e4
36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1
36ad3fdc65f000a564433c6f57cb1ed99c93e3ba1c9868e3a6b157cb9ba12015
36cb220dfd5dd69df08aa26e8b90a191e9129581fb2f2794a9c6b491f18097da
372ddb86deaa3e11e5a4b1eec16924bcd6e6232bc8bab79338426b2faff7e7dd
37a31642af0a7fe695ed0fd68a06a55af44e854d083dc7f5d0e70535f0189ae0
39af7c1116fb967a330e8770f775e6b5ee871add01ed45c98a1634911cebfb0a
3bb2621a4c0c710f6e78404473aebff8e115a28f8d53f44339b867c63ad93b26
3ce7a0096e3d516c753805cd71be3c8fb9b71e412e88436f1711aeaf1ee09a52
3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd
3dcc69c89f8421a30c4e63cf2c31dfac51d3bd83531a65bb69dd1ab337985187
3f7f1965d582fc469657ef5c1b6b4b03641de6d2b173c9a922889afd99eb8c69
3fbd12ca4b018ce72483eb536b1bb4f8cd60375d0615ceca59aeab7733660557
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390
41f047950d4db7e04d250ebe65613aaaf482546a855d9321d1536ecb8ab6cccf
420508fc523520f35de5c851905543294123d7676b5a5668744691f2abe9e730
4333cdc0f2778c7b75c6aed9e4395bb5ae66fd6877116200b696c6a127a535a0
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
4530055a32b5a1a639311d7be5e6abb79ba772acae1410f9f9feffdc297721dc
45dbe6ed06e67c681b9030a9a31ae3adfe8eb0b908b560275176c0385a21a1b5
45ddc09b0ad6ab916bd9a0282070b161045e186fc025303f4aa1aa821fc45ac7
4617037532b91c9cd3964a0034cf78db1227aa55418843428218d5520542f468
4658e1122a2190db712f6731d3e8c14b027f0a42bd7c1333b11d272f8e9ea3fd
46bae92b50647e11665bd7d647cb80f5e3e6f35c9f594240a3dd2875c6323aac
4823c011e4b4cb4b7f35ced3ab09d57215ee243676d9bfcc24d10ec77d3db398
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
4c2b689d8c9ab22ad93bcac186be8995ed48b2c44843b3dacd8122c7ff58f70a
4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840
4d52f37b83f70c5035632548c652508d793eec55e17f2ac19552f4fa19d323be
4da3e3aa30b5b06390d7e7e3fcfb16d648909eb429d161c2748bd6d79a7ec5fb
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4e0b5563ff1fc5175d65e11e1546bee1945486d65d76c9248bdd77487532dadf
4fddec1cb13ee6848cce386a733d405fff2be9ab4d904f55a1d15c7cc84f410d
500288356853c7199a27a6a2cdcd14b217d18dd9c8103272d8e6def6acbe2580
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
506d565f94cecbb486394c545a96e8459217f8d045496b511e8c815142abfc70
519815bc4a3dd9a571cb56f57c7c6abfbda2b4e2de8c4b884a7535a1705438f2
546be401414bcb20cdea07cdbcd806409b9629e4895737e214401948c40409f3
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
54cc8fe392a032ef560b174b35be3b13b7666d3c6fa2c040cc69c2a696cfb5f6
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
5a7ed822968963e31d88424c96387ad9f4fd4f4b5a5b581a33f65e3784d162cf
5b9794842e89dcec3790d21b95acce36c08673d4162e745dc440e6766534ed53
5ba94c61118a70077951bde27fcede0bbe1823dde00b3ad1a762d6524c76561d
5be614bce53f767993a5f5f14a6badd6aae6bf3af7cbdbf4d31520de49e27991
5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b
5d7c7d25a0da74c0dd466120c3c09bd94cb982fc66ebc4a78675339f37323bf5
5dfa305bee09222800ad4e865449d0443a8f8fcdda03a539e34f39a11c97073b
5e1131c4691e17e8091087441f3c3628221f88fad26e9afbf2eaec92bcab90f3
5ee2a16d4f8f9629ae75e0f94473f8601a4e0bf9527ba4467a094926e0947505
60c82cc49189d9e954bbe81489de19e7709945e1e39dba368b7dda3c65f8157d
60d76e5d3d47c3f67063f6ad8c4c19906031164734d901e60a8842d0a292a1cd
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
62cbf085d014439b719c84c3d2f3222fde66e299c2da1b41dfc4dbb315db0456
63994fd10900d2ffe18742b1effd509a48f610f086c4676bb974256c1aca256f
6493fe707262fb8d9bc0e4d487e319fc9ebe7de26ebe7e3b4f58a5d17f03a9ea
652931d254f2c9179dc76bf35e289f397d9be597683abb1c2bd7e3afc81d3802
65d70424eb7b0fe1d3fefe328ee059a245e27b6c3529f3e06d55e5cdb6c0e6b1
68026f99511fbc5c2275b7068b5fac19797d638977ffb9db12c5c1523614c18f
682dbab9b4fd239f3ea86adf3a719d2c12d1e91b3177e2b29a46011421bbcb32
68cdaaeccd079ab33df06d3e5fb47594a4458a6491d48a8ae2f394defb419eb5
693c8b61667ac94847264924178702a190c5113b41b82085dad0641f89e3f864
69f0ade8cca67112ef495f707fb73c68fd5099a6cd9c51d9ba9ceda8dcca16f7
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6c8e343da3b15a6a26e0367b83d1c97813863ea6e6a905bd9e69870bb0a0ebd0
6e6377776a1104aed9b11142115b22dcaad3cf78ae76d255e454b04b7189af32
6f1424816e4caaa13b40a557235e6793eb119f067176f610c048b564e2cf80ed
7104f88840a420f1702717d900db98910deb6141ad639bb7338b88993e989c72
730fa1f3e8b3c4a223c4e69f4a27e690a4552f96ab97dba05b943dff44967658
739ab1cbd5fc795c806cfbc012e937834a1d566f02ed72ff02af2700c0629eb4
75d00d9deffe5417131ea0a704064a1e7abdfbf4a3f9bd0199db30e2b583b378
76ea450db2099f1a3ab0b0da7dd79986e261fbcf2d28f793481435c0ba1995b8
7799a24b36df8ca458437017ec20e122865e15b53bd045f5ae13e29b6c979366
784acd540b5fcfb87c47dfe12e5311084ce692366a2ac196fd5cc8eb28ff4c23
78ea6d7806beda2d76bb7d9abb14b034ad476a897376c270aefcf40a2f49316c
791d0c0be3734eea808347aac97f11bc4578adf6f2cc1d6e96704f97410a0350
79bea26931ecbecfd662db5498c3b7e24998fd978eeb49dfa9afe9c23afba020
7a487d46a028c374c609924015d8c7ef6dd28b613a3739aa97ed2080984775bb
7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8
7eca7977c6ade416c20775a7fd7cfa2291c5752cd1225d5c4342b057c37a000c
7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b
80ec9a168d8a9b22d56319fe00eb3751f41c3e30ae7e7aa8517d725f9d8bb648
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
83cb00efb28dae0d48d424f3e49dcbb55838bc27a22c861f2c6bcb8e5ca99f73
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
84e33f3644eb20f9e37274005911250ced9c5ef3c5751de8860ea5e0ce2b88f6
859faa9b9ed0990288b2f393a102b1fe2668ac79088b113b6f0beaee521221eb
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7
8a4e9deb8631be1ea8979f663a384020292660091154296740b96b3e4b049ef9
8c7d88a033834364e0d4ffb7b16756d11c59d407bb7df56e52488d92dbc0f79c
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8db22950b3f47f686f4bad6b6d21386f03a4b0b24320c6715436424e41dcda09
8df4991f8b97c1d03d5df55b10a0e18793bbca873202a0b2663daecfd9c6d024
8edaef698e025c37ba9e8d632a895d7252c62251df3f095d5cff17b6f3304854
8f86626ac89367faab639e291a1d576d01946aae72c561333d0355db2c38cb99
902b402dbc78046ab83bd270acae784ec3bb3cf4867fd01eff09c7b434002f3f
920de30611ab77e0d3da21e06a9f1c9b41f80d1bae5eb736a627fda70e133918
931dc539e87db7f509be9c77dfcc9b2baee0b91e5236aa04580ab14ed81e2cc0
936077d9065d9288f1173f7ee01b38e296ee7e73ec36f014d0ee536c6334d568
93b1f78578f169d4f472ecda3c79d72e81fa9e199bdb979d13139f5ddbe5a06d
953594081f1e67543303a535e9cbe693b6002519dae3fb5e6baf0a9ac2b1350a
97f5070aadd9475bb56a49a7bc1114e9fe1b992b55f2b227502f35f8bba71d74
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
9a4ca833d7091b5cd12c2d96cc42db6bc8697137bdae501ec97d209b2cab28bc
9cfeab3fd93c5848f2e9bd2a7cef3fb03c911e0fcf85ee4adf2f0d8e5b37ee85
9e07972576092aeba94d2dbd48c39a726bb83ebd0a367c599ae573c36d987387
9eefc4df7a8039f027e36034251662824c66af32cd42470fb332eb92a5051d91
a034073242b63a4bf8f20744f8cb4b4bb74e17464ecf7da2c2a001b082d5d3e8
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
a4350fed8ed92bbf4f462fc245028928ac33afa25d2231b28c334b91cd0d3952
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a50761af47976acf2a9b1ed88cff6727c6c0fa4a18c2806a26f108c5268b4c1f
a72a21b9538813d5fe0ebcef104db4dc64c86abab90142e42b58a74dda2a01c8
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
a81d6ceec73e5d12e7f2dd8dd4af902586810c5f05b0a1e2555be927c64ed36e
a9d2b2df99c1a115d5394c70a898d8801092208dc582f8bd6fb01b35c30d6b22
aa64fa30a3263fa3105736228a6feaaa4f7d32d8ef96b12e56f6fb95511b66a7
ab7475d461d9f613ef90faa375ec3387987dd7536af23c13cacd6be9c0c0e370
ac63716a755cb58f9930d686c3e7fe419c1e6edbb8a50e4d6c9c4fda57ef6ce6
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
acccc501aa6afa3cfac15e8ddccf1561deed2ed08c2f7d652abbdbe9aa71609a
ae00ae9c862bc8b8923efd1d9a18befa912678a869d4dd01179a59ed3de731be
af42f8a986eefec222a68474cc9c9591028b07b082157631d810ecbbf4a652fe
afd5cc9a76644dae1f7c9fd64675c4b970aafeff1601ee5cfa7eb541c9afa955
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b1f863d13dbad7d5240f577a73b47b06227d218909259042da95301e2eb8be55
b236dccee1a0d5280842bdff52b4005e2b0c9ee5d74a15db3e939c53306576d3
b2be504ec244c4ed1e10f612915e61df53588b37c019eaba4b61b39902b20d87
b5a539f5fce43c8db39077c775a305cb9d7ec9957bc47163aa99304f4b97cff6
b77a51d96d3c04bffbe48e73edd813c0edde1cf5dd4c69369bef16ea85d2c723
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bb46ed079c3dd3c39af5051b4ada48f29f49151dad4fa218117bad2fdb5e616f
bbf0f22dc22a14a6f5c34e3831a0a3c50fc831e581193649087ce2e45f597b21
bbfd30e5fd2bd475d319b5b55ab61469966d1517b703f9bd830a6f3207387c27
bcdf010ba3dc61605c33de9b33e7e76dbc3bb4326dcec49f33970345e517fb25
bf92c33733f79c7bdbbdb4f7124333ad107d19dae52c9192dd6b82fecaae1df3
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
c8c03fd4dea0f2c83fa05b10dfd913bfcff51d05e0c6e84b7f340b857fdda517
caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c
cb0a1ac121b8aa9b8e2912768985ee6341cdd33d4c7b4db39052731d4b5248e2
cb622a397487e9ad48b8c2510c760b7d397bc1ad32ea789a67cc0553a37ff5ee
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca
cd01ea3cd56c3f77b2d294910bbe09a139ee76ffe85a9d00f7d512606987d865
cf161bca2c3145fc59078afbd1cd4ebc269a74ed8c84ab5fbe4507ead463570b
cfe17dac729d86766edbf39989aa71d80b5785df98fd78260d731126ced90867
d03ffe1a8b8c09f53f2c29965b9a2101ef73f481a449f9bf7992d49368955a8e
d0bffc7261df1454c5e05475cda7d9e6647318dc6c3936767e1252bfe8849c54
d278491b1de51ad826d16be5ab27b1746999c02d45200f107218427e34eed798
d3ef00ccf0d1329768a9546012c96ecb5ac031695b0418da9ae3297979ad60bb
d62a7b7ec5313469ebff5c006b9068dc44d6d1c122cf787ffa29a10113b34060
d8f8d23dfc7907b2dca67d8fac62bbcd76e32af26ceb3fbaf5d8e0430b8b9ad4
d9d82efa1ccb8bb290386e6f2e3da0add4b65373e20c08f3d1b3da6ffe661037
da9eff01d8b269dd36dc5ca6bac19dda13d08374c2c5a3de463ba6f09012d7c2
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
dceda745a0fb58233a95eff6d10796026df6792cb960cdf675eb7b8a6750a2d2
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf
e0b1b548d94a8015d0a9089f0b23d81dcdafbecb80676b517d3149eefe6b023e
e0f1df7af81fd8eb920863093c426fdafd241b8d9aeb6126fb2fd24f36c061b3
e127aead57cd6625f795f8c41d8b7c463c2c50158e3a3dc398424db2b16bd5db
e2511b147f3cf95f742758d3e2062eac98f5265a859dc07959eb8a32f0a2f528
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4058d4ee9da1ceaddfa91ddb63650ba67285f1bbfee487d9dfe648bced669a0
e87a1c5e24f9a7c7dcb437417f0b05b0a3c12947ce32d65c990c988a8b5ed4d7
e8fe64429e5900c16c7f8dd7861704e2f4d38e00cbb16bc18820b46d92461389
ea9d18772f81b64d864444c5172af8f0c435ad6b13065fcb64a6740c617e95a8
eaab7ac52e61000702f11b9c93e0119bc833defca22e21bc39f98d9e405e6a13
ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152
ed3a21237e42a2314bb0acd2fea8c013d634d7f55bfdba4867776b88bce4da4a
edc988f9162131dfa6d20d122013987468254662e7cdbc7565c39a5789edb6ca
ee5a08bd131cbf0d71690591146c68b28eb4ec0c71393aceb61cb0d6c86b5eca
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f3d66b78ca0c93adf48dec8533da3c4db538cc648dc60e383d5fd0b666859206
f417395bfa081a6a430827301cffda77f939f95be5f69ac1e58e04080f7684a3
f4b064d961dd5c30917481f9cf22f400d352737e7dac10d70e574877eef1e8ea
f6d7bf2066b27d0e65d670f2ea6ab9cf75a6aa61d401e41803ee80d5a1c0fab8
f6f0900eef565283696a8c6218c9f798cced7463c5712a25a7bbabb9fd047c65
f8a2b5b62eb722c3379b30cf0cc58d3176ee6be48036d6ad2aa838d2029c4189
f8d1cad2cb8a75bb0d0cc7cbf0c7d0f229baaec7a2051f25e9e537e95867f0b6
f93d0298dd39f7dff18566a5b2754067e26c0182b469fd6b24e5d63429fef88b
fbcaa1021864cc0e13abab66c1fffe408dad6b29ecec54e44c16a87eb787691d
fdcb43edde19e9c27b72b5cd1cd912e10e313b7fff62fc4cd609c48ba3b4ef23
fed785a6a8ca96fb67230fec5d85f9c508db49f4075aa0ef284af56cd89813e3
ffc2331ab7409258033256434bd0b89a133c98edd6a5da42b6c2d318743792de

threatpost.com Open in urlscan Pro 35.173.160.135 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

458 Requests

83 %HTTPS

28 %IPv6

90 Domains

148 Subdomains

104 IPs

11 Countries

6331 kBTransfer

14086 kBSize

122 Cookies

15 Outgoing links

Redirected requests

458 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 4 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

threatpost.com Open in urlscan Pro
35.173.160.135 Public Scan

Screenshot
Live screenshot

Full Image

458
Requests

83 %
HTTPS

28 %
IPv6

90
Domains

148
Subdomains

104
IPs

11
Countries

6331 kB
Transfer

14086 kB
Size

122
Cookies

458 HTTP transactions
4 data transactions