www.threatminer.org Open in urlscan Pro
2606:4700:20::681a:eeb Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.threatminer.org/sample.php?q=4bc695cf6e9f1cd4a4d7dc118edfa9ed
Submission: On August 31 via api (August 31st 2022, 1:14:26 pm UTC) from DE — Scanned from DE

Summary HTTP 274 Redirects Links 10 Behaviour Indicators

Summary

This website contacted 43 IPs in 3 countries across 27 domains to perform 274 HTTP transactions. The main IP is 2606:4700:20::681a:eeb, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.threatminer.org.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on May 28th 2022. Valid for: a year.

This is the only time www.threatminer.org was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
27	2606:4700:20:... 2606:4700:20::681a:eeb	13335 (CLOUDFLAR...) (CLOUDFLARENET)
20	2a00:1450:400... 2a00:1450:4001:811::2002	15169 (GOOGLE) (GOOGLE)
17	2606:2800:234... 2606:2800:234:59:254c:406:2366:268c	15133 (EDGECAST) (EDGECAST)
1 1	2606:4700:10:... 2606:4700:10::6814:9710	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700:10:... 2606:4700:10::ac43:73f	13335 (CLOUDFLAR...) (CLOUDFLARENET)
10	172.66.41.9 172.66.41.9	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:4001:813::200e	15169 (GOOGLE) (GOOGLE)
4	199.232.192.134 199.232.192.134	54113 (FASTLY) (FASTLY)
5	2a00:1450:400... 2a00:1450:4001:82a::200e	15169 (GOOGLE) (GOOGLE)
23	2a00:1450:400... 2a00:1450:4001:803::2002	15169 (GOOGLE) (GOOGLE)
12	2600:9000:21f... 2600:9000:21f3:ca00:6:8656:f5c0:93a1	16509 (AMAZON-02) (AMAZON-02)
4	151.101.128.134 151.101.128.134	54113 (FASTLY) (FASTLY)
4	104.244.42.136 104.244.42.136	13414 (TWITTER) (TWITTER)
3 9	2a00:1450:400... 2a00:1450:4001:829::2004	15169 (GOOGLE) (GOOGLE)
4	199.232.192.64 199.232.192.64	54113 (FASTLY) (FASTLY)
2	142.250.186.98 142.250.186.98	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:808::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:82b::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:828::200a	15169 (GOOGLE) (GOOGLE)
1 2	2a00:1450:400... 2a00:1450:4001:801::200e	15169 (GOOGLE) (GOOGLE)
24	151.101.65.44 151.101.65.44	54113 (FASTLY) (FASTLY)
2	13.225.78.39 13.225.78.39	16509 (AMAZON-02) (AMAZON-02)
39	2a00:1450:400... 2a00:1450:4001:82a::2001	15169 (GOOGLE) (GOOGLE)
6	2a00:1450:400... 2a00:1450:4001:831::2002	15169 (GOOGLE) (GOOGLE)
7	2a00:1450:400... 2a00:1450:4001:82a::200a	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:801::200a	15169 (GOOGLE) (GOOGLE)
1	199.232.198.49 199.232.198.49	54113 (FASTLY) (FASTLY)
15	2a00:1450:400... 2a00:1450:4001:801::2003	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80e::2006	15169 (GOOGLE) (GOOGLE)
2	2606:4700::68... 2606:4700::6810:a40d	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2001:4860:480... 2001:4860:4802:32::3	15169 (GOOGLE) (GOOGLE)
1	74.125.71.154 74.125.71.154	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:11::8	15169 (GOOGLE) (GOOGLE)
1	70.42.32.191 70.42.32.191	13789 (INTERNAP-...) (INTERNAP-BLK3)
1	151.101.114.132 151.101.114.132	54113 (FASTLY) (FASTLY)
1	2606:2800:233... 2606:2800:233:8173:898f:63b3:95c3:79d2	15133 (EDGECAST) (EDGECAST)
3	104.244.43.131 104.244.43.131	54113 (FASTLY) (FASTLY)
2	2606:2800:134... 2606:2800:134:1a0d:1429:742:782:b6	15133 (EDGECAST) (EDGECAST)
1 2	35.227.248.159 35.227.248.159	15169 (GOOGLE) (GOOGLE)
7	141.226.228.48 141.226.228.48	200478 (TABOOLA-AS) (TABOOLA-AS)
3	2600:1f18:612... 2600:1f18:612b:4216:bf1f:4380:1bf2:c0ae	14618 (AMAZON-AES) (AMAZON-AES)
3	35.71.131.137 35.71.131.137	16509 (AMAZON-02) (AMAZON-02)
4 4	185.94.180.125 185.94.180.125	35220 (SPOTX-AMS) (SPOTX-AMS)
1	151.101.129.44 151.101.129.44	54113 (FASTLY) (FASTLY)
274	43

27 2606:4700:20::681a:eeb (United States)

ASN13335 (CLOUDFLARENET, US)

www.threatminer.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

20 2a00:1450:4001:811::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 2606:2800:234:59:254c:406:2366:268c (United States)

ASN15133 (EDGECAST, US)

platform.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:10::6814:9710 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

i.creativecommons.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:10::ac43:73f (United States)

ASN13335 (CLOUDFLARENET, US)

licensebuttons.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 172.66.41.9 (United States)

ASN13335 (CLOUDFLARENET, US)

resources.infolinks.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
router.infolinks.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
rt3047.infolinks.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:813::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 199.232.192.134 (United States)

ASN54113 (FASTLY, US)

threatminer.disqus.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
referrer.disqus.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:82a::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

cse.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

23 2a00:1450:4001:803::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2600:9000:21f3:ca00:6:8656:f5c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

c.disquscdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 151.101.128.134 (United States)

ASN54113 (FASTLY, US)

disqus.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 104.244.42.136 (United States)

ASN13414 (TWITTER, US)

syndication.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a00:1450:4001:829::2004 (Frankfurt am Main, Germany) 3 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 199.232.192.64 (United States)

ASN54113 (FASTLY, US)

tempest.services.disqus.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
links.services.disqus.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.186.98 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s06-in-f2.1e100.net

partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:808::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:828::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:801::200e (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

clients1.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
gcdn.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

24 151.101.65.44 (United States)

ASN54113 (FASTLY, US)

cdn.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
trc.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
vidstat.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
images.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
imprammp.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
wf.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
vidstatb.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.225.78.39 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-78-39.fra2.r.cloudfront.net

sb.scorecardresearch.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

39 2a00:1450:4001:82a::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:831::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:82a::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:801::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

imasdk.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 199.232.198.49 (United States)

ASN54113 (FASTLY, US)

a.disquscdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 2a00:1450:4001:801::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80e::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6810:a40d (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.viglink.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2001:4860:4802:32::3 (United States)

ASN15169 (GOOGLE, US)

csi.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 74.125.71.154 (United States)

ASN15169 (GOOGLE, US)
PTR: wn-in-f154.1e100.net

bid.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:11::8 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

r3---sn-4g5lznez.c.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 70.42.32.191 (United States)

ASN13789 (INTERNAP-BLK3, US)
PTR: ny.outbrain.com

b1t-nydc1.zemanta.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.114.132 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

zem.outbrainimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:2800:233:8173:898f:63b3:95c3:79d2 (United States)

ASN15133 (EDGECAST, US)

abs.twimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 104.244.43.131 (United States)

ASN54113 (FASTLY, US)

abs-0.twimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:2800:134:1a0d:1429:742:782:b6 (United States)

ASN15133 (EDGECAST, US)

pbs.twimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.227.248.159 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 159.248.227.35.bc.googleusercontent.com

pixel.tapad.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 141.226.228.48 (Netherlands)

ASN200478 (TABOOLA-AS, IL)

am-match.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
am-vid-events.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
sync-t1.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2600:1f18:612b:4216:bf1f:4380:1bf2:c0ae (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

taboola-supply-partners.tremorhub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 35.71.131.137 (United States)

ASN16509 (AMAZON-02, US)
PTR: a6370ebea231e0c9a.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 185.94.180.125 (Amsterdam, Netherlands) 4 redirects

ASN35220 (SPOTX-AMS, US)

sync.search.spotxchange.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.129.44 (United States)

ASN54113 (FASTLY, US)

vidstat.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
59	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 112 tpc.googlesyndication.com — Cisco Umbrella Rank: 145	767 KB
32	taboola.com cdn.taboola.com — Cisco Umbrella Rank: 971 trc.taboola.com — Cisco Umbrella Rank: 705 vidstat.taboola.com — Cisco Umbrella Rank: 2376 images.taboola.com — Cisco Umbrella Rank: 1704 imprammp.taboola.com — Cisco Umbrella Rank: 13248 am-match.taboola.com — Cisco Umbrella Rank: 13000 wf.taboola.com — Cisco Umbrella Rank: 2542 am-vid-events.taboola.com — Cisco Umbrella Rank: 12269 sync-t1.taboola.com — Cisco Umbrella Rank: 1253 vidstatb.taboola.com — Cisco Umbrella Rank: 4320	668 KB
27	threatminer.org www.threatminer.org	1 MB
23	doubleclick.net googleads.g.doubleclick.net — Cisco Umbrella Rank: 44 bid.g.doubleclick.net — Cisco Umbrella Rank: 478	257 KB
21	twitter.com platform.twitter.com — Cisco Umbrella Rank: 700 syndication.twitter.com — Cisco Umbrella Rank: 963	796 KB
17	gstatic.com www.gstatic.com csi.gstatic.com fonts.gstatic.com	196 KB
17	google.com 3 redirects cse.google.com — Cisco Umbrella Rank: 2360 www.google.com — Cisco Umbrella Rank: 2 adservice.google.com — Cisco Umbrella Rank: 78 clients1.google.com — Cisco Umbrella Rank: 399	225 KB
13	disquscdn.com c.disquscdn.com — Cisco Umbrella Rank: 4406 a.disquscdn.com — Cisco Umbrella Rank: 8534	542 KB
12	disqus.com threatminer.disqus.com disqus.com — Cisco Umbrella Rank: 1571 tempest.services.disqus.com — Cisco Umbrella Rank: 13876 referrer.disqus.com — Cisco Umbrella Rank: 6477 reporting.services.disqus.com Failed links.services.disqus.com — Cisco Umbrella Rank: 13185	77 KB
10	googleapis.com www.googleapis.com — Cisco Umbrella Rank: 36 fonts.googleapis.com — Cisco Umbrella Rank: 43 imasdk.googleapis.com — Cisco Umbrella Rank: 424	133 KB
10	infolinks.com resources.infolinks.com — Cisco Umbrella Rank: 7167 router.infolinks.com — Cisco Umbrella Rank: 2644 rt3047.infolinks.com — Cisco Umbrella Rank: 68249	150 KB
6	twimg.com abs.twimg.com — Cisco Umbrella Rank: 1791 abs-0.twimg.com — Cisco Umbrella Rank: 2150 pbs.twimg.com — Cisco Umbrella Rank: 703	23 KB
6	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 192	263 KB
4	spotxchange.com 4 redirects sync.search.spotxchange.com — Cisco Umbrella Rank: 526	3 KB
4	2mdn.net 1 redirects s0.2mdn.net — Cisco Umbrella Rank: 264 gcdn.2mdn.net — Cisco Umbrella Rank: 933 r3---sn-4g5lznez.c.2mdn.net — Cisco Umbrella Rank: 329447	38 KB
3	adsrvr.org match.adsrvr.org — Cisco Umbrella Rank: 336	793 B
3	tremorhub.com taboola-supply-partners.tremorhub.com — Cisco Umbrella Rank: 3196	547 B
2	tapad.com 1 redirects pixel.tapad.com — Cisco Umbrella Rank: 438	609 B
2	viglink.com cdn.viglink.com — Cisco Umbrella Rank: 7436	457 B
2	scorecardresearch.com sb.scorecardresearch.com — Cisco Umbrella Rank: 152	2 KB
2	google.de adservice.google.de — Cisco Umbrella Rank: 9270	914 B
2	googleadservices.com partner.googleadservices.com — Cisco Umbrella Rank: 872	852 B
2	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 37	20 KB
1	outbrainimg.com zem.outbrainimg.com — Cisco Umbrella Rank: 2426	7 KB
1	zemanta.com b1t-nydc1.zemanta.com — Cisco Umbrella Rank: 4199	127 B
1	licensebuttons.net licensebuttons.net — Cisco Umbrella Rank: 23150	739 B
1	creativecommons.org 1 redirects i.creativecommons.org — Cisco Umbrella Rank: 25172	241 B
274	27

	Domain	Requested by
39	tpc.googlesyndication.com	www.threatminer.org googleads.g.doubleclick.net tpc.googlesyndication.com imasdk.googleapis.com pagead2.googlesyndication.com
27	www.threatminer.org	www.threatminer.org
22	googleads.g.doubleclick.net	pagead2.googlesyndication.com www.threatminer.org googleads.g.doubleclick.net
20	pagead2.googlesyndication.com	www.threatminer.org pagead2.googlesyndication.com googleads.g.doubleclick.net tpc.googlesyndication.com www.googletagservices.com
17	platform.twitter.com	www.threatminer.org platform.twitter.com syndication.twitter.com
12	c.disquscdn.com	threatminer.disqus.com disqus.com c.disquscdn.com
11	images.taboola.com	www.threatminer.org
9	www.gstatic.com	googleads.g.doubleclick.net
9	www.google.com	3 redirects cse.google.com www.google.com www.threatminer.org tpc.googlesyndication.com
7	fonts.googleapis.com	googleads.g.doubleclick.net
6	fonts.gstatic.com	fonts.googleapis.com
6	www.googletagservices.com	googleads.g.doubleclick.net
5	cdn.taboola.com	www.threatminer.org cdn.taboola.com
5	cse.google.com	www.threatminer.org www.google.com cse.google.com
4	sync.search.spotxchange.com	4 redirects
4	vidstat.taboola.com	cdn.taboola.com vidstat.taboola.com
4	syndication.twitter.com	platform.twitter.com www.threatminer.org syndication.twitter.com
4	disqus.com	threatminer.disqus.com c.disquscdn.com
4	resources.infolinks.com	www.threatminer.org resources.infolinks.com
3	sync-t1.taboola.com	imprammp.taboola.com am-match.taboola.com
3	match.adsrvr.org	imprammp.taboola.com am-match.taboola.com
3	taboola-supply-partners.tremorhub.com	imprammp.taboola.com am-match.taboola.com
3	abs-0.twimg.com	syndication.twitter.com
3	links.services.disqus.com	c.disquscdn.com www.threatminer.org
3	rt3047.infolinks.com	resources.infolinks.com www.threatminer.org
3	referrer.disqus.com	www.threatminer.org
3	router.infolinks.com	resources.infolinks.com
2	am-vid-events.taboola.com
2	am-match.taboola.com	vidstat.taboola.com
2	pixel.tapad.com	1 redirects resources.infolinks.com
2	pbs.twimg.com	syndication.twitter.com
2	r3---sn-4g5lznez.c.2mdn.net	www.threatminer.org
2	csi.gstatic.com	imasdk.googleapis.com
2	cdn.viglink.com	www.threatminer.org
2	imasdk.googleapis.com	googleads.g.doubleclick.net
2	trc.taboola.com	cdn.taboola.com
2	sb.scorecardresearch.com	cdn.taboola.com www.threatminer.org
2	adservice.google.com	pagead2.googlesyndication.com
2	adservice.google.de	pagead2.googlesyndication.com
2	partner.googleadservices.com	pagead2.googlesyndication.com cse.google.com
2	www.google-analytics.com	www.threatminer.org www.google-analytics.com
1	vidstatb.taboola.com
1	wf.taboola.com	vidstat.taboola.com
1	imprammp.taboola.com	vidstat.taboola.com
1	abs.twimg.com	platform.twitter.com
1	zem.outbrainimg.com	www.threatminer.org
1	b1t-nydc1.zemanta.com	www.threatminer.org
1	gcdn.2mdn.net	1 redirects
1	bid.g.doubleclick.net	imasdk.googleapis.com
1	s0.2mdn.net	tpc.googlesyndication.com
1	a.disquscdn.com	www.threatminer.org
1	clients1.google.com	www.threatminer.org
1	www.googleapis.com	www.threatminer.org
1	tempest.services.disqus.com	threatminer.disqus.com
1	threatminer.disqus.com	www.threatminer.org
1	licensebuttons.net	www.threatminer.org
1	i.creativecommons.org	1 redirects
0	reporting.services.disqus.com Failed	www.threatminer.org
274	58

This site contains links to these domains. Also see Links.

Domain
medium.com
twitter.com
github.com
www.linkedin.com
www.google.com
cse.google.com
www.virustotal.com
www.hybrid-analysis.com
virusshare.com
creativecommons.org

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-05-28` - `2023-05-28`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-08-08` - `2022-10-31`	3 months	crt.sh
*.twimg.com DigiCert TLS RSA SHA256 2020 CA1	`2021-10-20` - `2022-10-19`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-08-08` - `2022-10-31`	3 months	crt.sh
*.disqus.com Sectigo RSA Domain Validation Secure Server CA	`2022-04-20` - `2023-04-20`	a year	crt.sh
*.google.com GTS CA 1C3	`2022-08-08` - `2022-10-31`	3 months	crt.sh
a.disquscdn.com Amazon	`2021-10-31` - `2022-11-28`	a year	crt.sh
syndication.twitter.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-03-07` - `2023-03-06`	a year	crt.sh
www.google.com GTS CA 1C3	`2022-08-08` - `2022-10-31`	3 months	crt.sh
*.services.disqus.com GlobalSign Atlas R3 DV TLS CA 2022 Q1	`2022-01-31` - `2023-03-04`	a year	crt.sh
*.googleadservices.com GTS CA 1C3	`2022-08-08` - `2022-10-31`	3 months	crt.sh
*.google.de GTS CA 1C3	`2022-08-08` - `2022-10-31`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2022-08-08` - `2022-10-31`	3 months	crt.sh
*.taboola.com DigiCert TLS RSA SHA256 2020 CA1	`2021-11-28` - `2022-12-29`	a year	crt.sh
*.scorecardresearch.com Amazon	`2022-01-29` - `2023-02-27`	a year	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2022-08-08` - `2022-10-31`	3 months	crt.sh
*.disquscdn.com GlobalSign Atlas R3 DV TLS CA H2 2021	`2022-01-03` - `2023-02-04`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2022-08-08` - `2022-10-31`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2022-08-15` - `2022-11-07`	3 months	crt.sh
ssl1029306.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2	`2022-06-01` - `2022-12-08`	6 months	crt.sh
*.zemanta.com DigiCert TLS RSA SHA256 2020 CA1	`2022-08-16` - `2023-09-06`	a year	crt.sh
*.outbrainimg.com R3	`2022-08-05` - `2022-11-03`	3 months	crt.sh
*.c.docs.google.com GTS CA 1C3	`2022-08-23` - `2022-11-01`	2 months	crt.sh
*.tremorhub.com Amazon	`2022-03-24` - `2023-04-22`	a year	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2022-03-31` - `2023-05-02`	a year	crt.sh

This page contains 36 frames:

Primary Page: https://www.threatminer.org/sample.php?q=4bc695cf6e9f1cd4a4d7dc118edfa9ed
Frame ID: AA1BB2F069B8D6E84D09C703505033E4
Requests: 81 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/widget_iframe.9d00f3a022654eb8edfbc3190e981f9d.html?origin=https%3A%2F%2Fwww.threatminer.org
Frame ID: 9E6B8D8A4D6CA60EC58C32183F727280
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20220829/r20190131/zrt_lookup.html
Frame ID: B8F3DE2BC507E3B896C72A7340CD9457
Requests: 1 HTTP requests in this frame

Frame: https://router.infolinks.com/usync/manage?pid=3241790&wsid=0&pdom=www.threatminer.org&purl=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D4bc695cf6e9f1cd4a4d7dc118edfa9ed
Frame ID: CE5915FD33B5D7CA2E4105939D574696
Requests: 1 HTTP requests in this frame

Frame: https://disqus.com/embed/comments/?base=default&f=threatminer&t_i=4bc695cf6e9f1cd4a4d7dc118edfa9ed&t_u=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D4bc695cf6e9f1cd4a4d7dc118edfa9ed&t_d=4bc695cf6e9f1cd4a4d7dc118edfa9ed%20Malware%20Analysis%20Results%20%7C%20ThreatMiner.org&t_t=4bc695cf6e9f1cd4a4d7dc118edfa9ed%20Malware%20Analysis%20Results%20%7C%20ThreatMiner.org&s_o=default
Frame ID: 1BD7010133DF398AEBB60DF72127B9E9
Requests: 14 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5720763271532377&output=html&h=250&slotname=4491384285&adk=1382012186&adf=1527761000&pi=t.ma~as.4491384285&w=299&fwrn=4&fwrnh=100&lmt=1661951657&rafmt=3&psa=0&format=299x250&url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D4bc695cf6e9f1cd4a4d7dc118edfa9ed&fwr=0&fwrattr=true&rpe=1&resp_fmts=1&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1661951657581&bpp=5&bdt=441&idt=259&shv=r20220829&mjsv=m202208250101&ptt=9&saldr=aa&abxe=1&correlator=1586759193417&frm=20&pv=2&ga_vid=1684267297.1661951657&ga_sid=1661951658&ga_hid=1463385701&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=0&ady=229&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44770881&oid=2&pvsid=2067061859819734&tmod=1315424044&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CaeE%7C&abl=CA&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&fsb=1&xpc=gfdajWiWZm&p=https%3A//www.threatminer.org&dtd=283
Frame ID: C1BE0B9A3B65402C729D0FDDF90E51DD
Requests: 15 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5720763271532377&output=html&h=600&slotname=6407101181&adk=2989800909&adf=2245449527&pi=t.ma~as.6407101181&w=299&fwrn=4&fwrnh=100&lmt=1661951657&rafmt=1&psa=0&format=299x600&url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D4bc695cf6e9f1cd4a4d7dc118edfa9ed&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1661951657586&bpp=2&bdt=446&idt=288&shv=r20220829&mjsv=m202208250101&ptt=9&saldr=aa&abxe=1&prev_fmts=299x250&correlator=1586759193417&frm=20&pv=1&ga_vid=1684267297.1661951657&ga_sid=1661951658&ga_hid=1463385701&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=0&ady=507&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44770881&oid=2&pvsid=2067061859819734&tmod=1315424044&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CaeE%7C&abl=CA&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=3lIW2ZhTL0&p=https%3A//www.threatminer.org&dtd=297
Frame ID: 3E97844FD6BE8E64B5C3B2F973CBB0ED
Requests: 15 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5720763271532377&output=html&h=200&slotname=1381165906&adk=2644663765&adf=151644923&pi=t.ma~as.1381165906&w=1182&fwrn=4&lmt=1661951657&rafmt=11&psa=0&format=1182x200&url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D4bc695cf6e9f1cd4a4d7dc118edfa9ed&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1661951657588&bpp=2&bdt=448&idt=300&shv=r20220829&mjsv=m202208250101&ptt=9&saldr=aa&abxe=1&prev_fmts=299x250%2C299x600&correlator=1586759193417&frm=20&pv=1&ga_vid=1684267297.1661951657&ga_sid=1661951658&ga_hid=1463385701&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=359&ady=115&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44770881&oid=2&pvsid=2067061859819734&tmod=1315424044&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=rTcnpMJugi&p=https%3A//www.threatminer.org&dtd=304
Frame ID: A1C8AAE1D2DAD99D8D3DFE0F372E3E78
Requests: 14 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5720763271532377&output=html&h=200&slotname=6125219520&adk=3585176026&adf=3636535385&pi=t.ma~as.6125219520&w=1200&fwrn=4&lmt=1661951657&rafmt=11&psa=0&format=1200x200&url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D4bc695cf6e9f1cd4a4d7dc118edfa9ed&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1661951657590&bpp=1&bdt=449&idt=306&shv=r20220829&mjsv=m202208250101&ptt=9&saldr=aa&abxe=1&prev_fmts=299x250%2C299x600%2C1182x200&correlator=1586759193417&frm=20&pv=1&ga_vid=1684267297.1661951657&ga_sid=1661951658&ga_hid=1463385701&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=350&ady=1139&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44770881&oid=2&pvsid=2067061859819734&tmod=1315424044&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpEe%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&fsb=1&xpc=LozPu9Dnbs&p=https%3A//www.threatminer.org&dtd=312
Frame ID: 10EB5143C7D2A60EC290C105680A9451
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5720763271532377&output=html&h=200&slotname=8831273914&adk=3175788880&adf=3735847537&pi=t.ma~as.8831273914&w=1200&fwrn=4&lmt=1661951657&rafmt=11&psa=0&format=1200x200&url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D4bc695cf6e9f1cd4a4d7dc118edfa9ed&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1661951657591&bpp=2&bdt=451&idt=314&shv=r20220829&mjsv=m202208250101&ptt=9&saldr=aa&abxe=1&prev_fmts=299x250%2C299x600%2C1182x200%2C1200x200&correlator=1586759193417&frm=20&pv=1&ga_vid=1684267297.1661951657&ga_sid=1661951658&ga_hid=1463385701&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=350&ady=2523&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44770881&oid=2&pvsid=2067061859819734&tmod=1315424044&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpEebr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&btvi=1&fsb=1&xpc=elDDdbOemD&p=https%3A//www.threatminer.org&dtd=317
Frame ID: DF6AC505B8EF8F6CA8D98B5F151210A3
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5720763271532377&output=html&h=200&slotname=3926415687&adk=3167179422&adf=3170887745&pi=t.ma~as.3926415687&w=1200&fwrn=4&lmt=1661951657&rafmt=11&psa=0&format=1200x200&url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D4bc695cf6e9f1cd4a4d7dc118edfa9ed&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1661951657593&bpp=1&bdt=453&idt=319&shv=r20220829&mjsv=m202208250101&ptt=9&saldr=aa&abxe=1&prev_fmts=299x250%2C299x600%2C1182x200%2C1200x200%2C1200x200&correlator=1586759193417&frm=20&pv=1&ga_vid=1684267297.1661951657&ga_sid=1661951658&ga_hid=1463385701&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=350&ady=3963&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44770881&oid=2&pvsid=2067061859819734&tmod=1315424044&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpEebr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=6&uci=a!6&btvi=2&fsb=1&xpc=SniEnRQQlf&p=https%3A//www.threatminer.org&dtd=323
Frame ID: CB0375A5613C1AFE71D14DF600FA9C96
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5720763271532377&output=html&h=591&slotname=4336667154&adk=296923673&adf=1593494102&pi=t.ma~as.4336667154&w=1182&cr_col=4&cr_row=2&fwrn=2&lmt=1661951657&rafmt=9&psa=0&format=1182x591&url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D4bc695cf6e9f1cd4a4d7dc118edfa9ed&crui=image_stacked&fwr=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1661951657595&bpp=2&bdt=455&idt=323&shv=r20220829&mjsv=m202208250101&ptt=9&saldr=aa&abxe=1&prev_fmts=299x250%2C299x600%2C1182x200%2C1200x200%2C1200x200%2C1200x200&correlator=1586759193417&frm=20&pv=1&ga_vid=1684267297.1661951657&ga_sid=1661951658&ga_hid=1463385701&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=359&ady=4318&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44770881&oid=2&pvsid=2067061859819734&tmod=1315424044&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=7&uci=a!7&btvi=3&fsb=1&xpc=pguM8gqM7h&p=https%3A//www.threatminer.org&dtd=329
Frame ID: 156A3A21C25BFC5D986C8D3BA6AEFE2F
Requests: 17 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5720763271532377&output=html&adk=1812271804&adf=3025194257&lmt=1661951657&plat=1%3A16777216%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A34635776%2C32%3A32&format=0x0&url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D4bc695cf6e9f1cd4a4d7dc118edfa9ed&ea=0&pra=7&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1661951657617&bpp=2&bdt=477&idt=311&shv=r20220829&mjsv=m202208250101&ptt=9&saldr=aa&abxe=1&prev_fmts=299x250%2C299x600%2C1182x200%2C1200x200%2C1200x200%2C1200x200%2C1182x591&nras=1&correlator=1586759193417&frm=20&pv=1&ga_vid=1684267297.1661951657&ga_sid=1661951658&ga_hid=1463385701&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44770881&oid=2&pvsid=2067061859819734&tmod=1315424044&uas=0&nvt=1&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=8&uci=a!8&fsb=1&dtd=318
Frame ID: 783F0CB02EA555C2F1C07B785FA9FA85
Requests: 1 HTTP requests in this frame

Frame: https://reporting.services.disqus.com/_log/taboola?placement=%7B%22domain%22%3A%20%22https%3A%2F%2Fwww.threatminer.org%22%2C%20%22experiment%22%3A%20%22network_default%22%2C%20%22position%22%3A%20%22top%22%2C%20%22shortname%22%3A%20%22threatminer%22%2C%20%22variant%22%3A%20%22fallthrough%22%7D&is_taboola_named=false&language=en&colorscheme=light&typeface=sans-serif&variant=fallthrough&forum_id=5993718&source_url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D4bc695cf6e9f1cd4a4d7dc118edfa9ed&organization_id=4448595&taboola_publisher_name=disqus-widget-safetylevel20longtail09&experiment=network_default&mode=thumbnails-a&position=top&shortname=threatminer&referrer_url=https%3A%2F%2Fwww.threatminer.org%2F&canonical_url&q=4bc695cf6e9f1cd4a4d7dc118edfa9ed&1661951658013
Frame ID: ABF86F2C2ECE738A47FC382A76CA4874
Requests: 29 HTTP requests in this frame

Frame: https://syndication.twitter.com/srv/timeline-profile/screen-name/ThreatMiner?dnt=true&embedId=twitter-widget-0&frame=false&lang=en&maxHeight=500&origin=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D4bc695cf6e9f1cd4a4d7dc118edfa9ed&sessionId=c940bcf3d2e43cd9574b4a07d331b27eaddcac1c&showHeader=true&showReplies=false&theme=light&widgetsVersion=31f0cdc1eaa0f%3A1660602114609
Frame ID: 85D00CF923279A90D39645149C2EECBA
Requests: 22 HTTP requests in this frame

Frame: https://cse.google.com/cse_v2/ads?adsafe=high&pcsa=true&cx=414385693720d4156&client=google-coop&q=4bc695cf6e9f1cd4a4d7dc118edfa9ed&r=m&hl=de&type=0&oe=UTF-8&ie=UTF-8&fexp=20606%2C17300953%2C17300955%2C17301015%2C17301017%2C17301094%2C17301096&format=p4&ad=p4&nocache=4531661951658091&num=0&output=uds_ads_only&source=gcsc&v=3&bsl=10&pac=0&u_his=2&u_tz=0&dt=1661951658093&u_w=1600&u_h=1200&biw=1600&bih=1200&psw=1600&psh=5185&frm=0&uio=-&qup=1&jsid=csa&jsv=469225491&rurl=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D4bc695cf6e9f1cd4a4d7dc118edfa9ed&adbw=master-1%3A271
Frame ID: 800527C724868EA629E9D27E1F9496BD
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/3028943097652992417/index.html
Frame ID: 6162E7CA5604476BA1B372B28D5D35AD
Requests: 9 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/adview?ai=CH_tEqV4PY5H8PO_K0_wPp-OukAvH-ez5avSE57-7DrLmwZCuKhABINWzrm1gldqIgpgHoAHdrtvqAsgBCakCpo5-uJ80eT6oAwHIA0iqBOkBT9C0Ux4O7MDyDosM9v1mYCk_sCGrUhiz-fuqH4gd8QYbriYVnMRSsBu476b14fFsa5tCjG2QJxwwvcLsmYNQyteTSpUShyfOYIwg6psfDqNxWHtpDnON838gC6Li2O-mWbnGLn6uu3-FycUdJIHcWA3O8mjTvfCj1T9G3nD_ahMrHy_rA70H4nJmBSRMWkmLp_CWhAOhH-azqTRk8iCckxkhz9NBsquaGGGJwR4wG-m4-iF2EqJtdAaAzMPUZXOv0lHv4xerbzeXwCtA7z-X1tSdPPnFbBnm7IXxBaGhUieD-d8kHD-5jsDABPq9jIXOA5IFBAgEGAGSBQQIBRgEoAYugAeL0aSVAagHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4b2AcA8gcEEJOjA9IIEQiA4YAQEAEYHzICqgI6AoBAgAoByAsBogwIKgYKBM-nsQLYEw3QFQGAFwGyFxwKGggAEhRwdWItNTcyMDc2MzI3MTUzMjM3NxgA&sigh=xPSxTFTBH_k&uach_m=[UACH]&template_id=419
Frame ID: 5A3D7F7FAB540FF6B0F6C8FB3455BFA0
Requests: 6 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 78F336EEB8966C2681C825B7C96ABB82
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: F6649C9D5AF7C2A75B41E761638DCA1D
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/kgODt4LT3wRHpfZf-cCV6tHK-CEpZ0phJKiXjce9MW0.js
Frame ID: 26F74D0125D0873B27EF1C22C48ADC4F
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/kgODt4LT3wRHpfZf-cCV6tHK-CEpZ0phJKiXjce9MW0.js
Frame ID: 1CC97C6A96AAFE0AFC15C31278DDDD6D
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/H0ZEmIz7.html
Frame ID: 120C36B43A1F4760D6DFB35CFBF547F2
Requests: 3 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/kgODt4LT3wRHpfZf-cCV6tHK-CEpZ0phJKiXjce9MW0.js
Frame ID: 410EEA1D14BAEFB06B88D9AC60B97FA5
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20220829/r20110914/zrt_lookup.html?fsb=1
Frame ID: E7FD7B2260637D82EAC4E6BA382C7860
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20220829/r20110914/zrt_lookup.html?fsb=1
Frame ID: 1BF283EB07F4DF05371D1C3754B07A6D
Requests: 8 HTTP requests in this frame

Frame: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
Frame ID: DA65CD06FB636F026DD07FAFF8D5E1BA
Requests: 7 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 088E2BDE1380D9D765AD2E14DE735E50
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/kgODt4LT3wRHpfZf-cCV6tHK-CEpZ0phJKiXjce9MW0.js
Frame ID: 94ED07BFAF9550FF6008B668BDDC4881
Requests: 1 HTTP requests in this frame

Frame: https://resources.infolinks.com/static/container-1.0.html
Frame ID: 1FD5BD266DD0680DA90D040D03A8A084
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/kgODt4LT3wRHpfZf-cCV6tHK-CEpZ0phJKiXjce9MW0.js
Frame ID: 638C96E8FB81BE4B2CE96C0241583698
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 281FE9289F0A4C5B44B6F06D74DB16A8
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 91B8F167D0785975505206BE3CEFA574
Requests: 2 HTTP requests in this frame

Frame: https://imprammp.taboola.com/st?cijs=convusmp&ttype=0&cisd=convusmp&cipid=66361655&crid=-1&dast=V7RkMCFgMdofPxc55SfAQdofPxc55SfAUAAAAGBuIHJGWYGBaW3Wqt8SxXa9FqM1srN47dWjccjCYu3243M5mGQFKGiWFh2a3WGs9ytRatNrO1cuPYrXXDwWji8u12M5NpDUloOh0-171e9_vdRUfLy2F6O-0uy11v-fk1D7fh7LILjob_4j2aeGzL1cZmWzlnjo3JtDCNfCOPYzFcmWwO58pkBwAAAICH____fwgAAACACAAAAAAJAAAAAIqAin8LgQsAAAAAjP___38NACiOBnGYDLqn2eS6-1x2fwAAAACAAAAAAJAADJBWlwBQuJyc_P_________HDNBn3sj8____3xj0ADz4ADwIAQAAfAwVq16bP60ZhhMVzBYxAgAAAMiW0544mtQJlUXV__9_vxXAFQBAgCB9QnRNlu6gxFsYAABAgNhwiGqKr2iGxtgCPSx-v9lh1_jdLvv_________N_s_-0cTYtILTwuCqB9W-wUEAFj7BQQAYFM3AIA3AbiQ40DT6fC57vW63-8uOlpeDtPbaXdZ7nrLzy86glYMBqszoN1wNZrMDgAAAODu____H284RDXFVzRDQw-ELBOXw2Uabhwex8K0WS6Gs43J5FwOVxPjZDZcbu_RJj5JYvX3z2_CFqPVZLJZDmfLxWQwHA1Ho_0NxGA1wIkYLJeTyWKyW41Wo81wN5oNFigQgwlStGgwWY1Gk8VkuBpNVrPlYrfbIEWrVrPRZjBczSaz3W41HAyXoxFO2GK0mkw2y-FsuZgMhqPhaDREmFyYJsOZc-QWzRaGtWg2Mq2Vy8HGLVsYlwuTYznyzFZu0etjehiGK9Nk40XBAJm9SJ4W6USyGA43LsfMZlitbIvRxuIY7BbOkcU2WxknppFtIpZoThbpRHbZlywTl8NlGm4cHsfCtFkuhrONyeRcDlcT42Q2XO6bC9NkOHOO3KLZwrAWzUamtXI52LhlC-NyYXIsR57Zyi16fUwPw3Blmmz8jdlssVwtZrPBvjGbLZarxWw22HeYTM_U52x0TY9-j8rhFG4b2pvDoHAZLN6fxLSYdmcH0cl3dOqkKmVRZ_TdukevQeE5eFTD63IZnh4X3-bPoHAcDIpYIrhIJyKn5_H6vHVPk89lemseNpfpeXbZXmbLYOy3-0wPp9mwnIglStNFOtFrHm7D2WUXHA0XsURwukgnopfxdFH_0UEWu7liMZpLFsO5YrlKAAAAAAAAAABLmDNvAgAAAHAayGY4HKzWeRCbyWS1WS0X4EFdQhcYBAAAAAAAYJfDcJl3ZwdCrLjx4xJyeh6vz1v3NPlcprfmYXOZnmeX7WW2DMZ-u8_0cJoNyykDPDgtMm_-TBBrtVrWAAAAAtgAAAAB3Lp5CyCL4v_____jAAAAZOToAQAAxPeBQCj1wo9cKfgJcDUYDg!&cmcv=&pix=undefined&cb=1661951661149&uv=3221&tms=1661951661149&abt=adh5c-1_vA!adh5c_vA!inc_all_video_vA!Noappq22_vC!t45!ufm&ru=https://www.threatminer.org/sample.php?q=4bc695cf6e9f1cd4a4d7dc118edfa9ed&ft=1&unm=WIDGET_ITEM&aure=false&agl=1&cirid=e0b0a275-c395-4536-9c17-7804be777fd4&excid=e22lLINE_ITEM_ID_WILL_BE_HERE_ON_SERVINGc&tst=1&docw=0&cs=true&cias=1
Frame ID: CAAE360088EA07DDED5853819DB9D809
Requests: 4 HTTP requests in this frame

Frame: https://am-match.taboola.com/sync?dast=V7RkMCFgMdofPxc55SfAQdofPxc55SfAUAAAAGBuIHJGWYGBaW3Wqt8SxXa9FqM1srN47dWjccjCYu3243M5mGQFKGiWFh2a3WGs9ytRatNrO1cuPYrXXDwWji8u12M5NpDUloOh0-171e9_vdRUfLy2F6O-0uy11v-fk1D7fh7LILjob_4j2aeGzL1cZmWzlnjo3JtDCNfCOPYzFcmWwO58pkBwAAAICH____fwgAAACACAAAAAAJAAAAAIqAin8LgQsAAAAAjP___38NACiOBnGYDLqn2eS6-1x2fwAAAACAAAAAAJAADJBWlwBQuJyc_P_________HDNBn3sj8____3xj0ADz4ADwIAQAAfAwVq16bP60ZhhMVzBYxAgAAAMiW0544mtQJlUXV__9_vxXAFQBAgCB9QnRNlu6gxFsYAABAgNhwiGqKr2iGxtgCPSx-v9lh1_jdLvv_________N_s_-0cTYtILTwuCqB9W-wUEAFj7BQQAYFM3AIA3AbiQ40DT6fC57vW63-8uOlpeDtPbaXdZ7nrLzy86glYMBqszoN1wNZrMDgAAAODu____H284RDXFVzRDQw-ELBOXw2Uabhwex8K0WS6Gs43J5FwOVxPjZDZcbu_RJj5JYvX3z2_CFqPVZLJZDmfLxWQwHA1Ho_0NxGA1wIkYLJeTyWKyW41Wo81wN5oNFigQgwlStGgwWY1Gk8VkuBpNVrPlYrfbIEWrVrPRZjBczSaz3W41HAyXoxFO2GK0mkw2y-FsuZgMhqPhaDREmFyYJsOZc-QWzRaGtWg2Mq2Vy8HGLVsYlwuTYznyzFZu0etjehiGK9Nk40XBAJm9SJ4W6USyGA43LsfMZlitbIvRxuIY7BbOkcU2WxknppFtIpZoThbpRHbZlywTl8NlGm4cHsfCtFkuhrONyeRcDlcT42Q2XO6bC9NkOHOO3KLZwrAWzUamtXI52LhlC-NyYXIsR57Zyi16fUwPw3Blmmz8jdlssVwtZrPBvjGbLZarxWw22HeYTM_U52x0TY9-j8rhFG4b2pvDoHAZLN6fxLSYdmcH0cl3dOqkKmVRZ_TdukevQeE5eFTD63IZnh4X3-bPoHAcDIpYIrhIJyKn5_H6vHVPk89lemseNpfpeXbZXmbLYOy3-0wPp9mwnIglStNFOtFrHm7D2WUXHA0XsURwukgnopfxdFH_0UEWu7liMZpLFsO5YrlKAAAAAAAAAABLmDNvAgAAAHAayGY4HKzWeRCbyWS1WS0X4EFdQhcYBAAAAAAAYJfDcJl3ZwdCrLjx4xJyeh6vz1v3NPlcprfmYXOZnmeX7WW2DMZ-u8_0cJoNyykDPDgtMm_-TBBrtVrWAAAAAtgAAAAB3Lp5CyCL4v_____jAAAAZOToAQAAxPeBQCj1wo9cKfgJcDUYDg!&excid=22&docw=0&cijs=1&nlb=false
Frame ID: 141ED58194BF4D38E556CB9E0C113F12
Requests: 4 HTTP requests in this frame

Frame: https://am-match.taboola.com/sync?dast=V7RkMCFgMdofPxc55SfAQdofPxc55SfAUAAAAGBuIHJGWYGBaW3Wqt8SxXa9FqM1srN47dWjccjCYu3243M5mGQFKGiWFh2a3WGs9ytRatNrO1cuPYrXXDwWji8u12M5NpDUloOh0-171e9_vdRUfLy2F6O-0uy11v-fk1D7fh7LILjob_4j2aeGzL1cZmWzlnjo3JtDCNfCOPYzFcmWwO58pkBwAAAICH____fwgAAACACAAAAAAJAAAAAIqAin8LgQsAAAAAjP___38NACiOBnGYDLqn2eS6-1x2fwAAAACAAAAAAJAADJBWlwBQuJyc_P_________HDNBn3sj8____3xj0ADz4ADwIAQAAfAwVq16bP60ZhhMVzBYxAgAAAMiW0544mtQJlUXV__9_vxXAFQBAgCB9QnRNlu6gxFsYAABAgNhwiGqKr2iGxtgCPSx-v9lh1_jdLvv_________N_s_-0cTYtILTwuCqB9W-wUEAFj7BQQAYFM3AIA3AbiQ40DT6fC57vW63-8uOlpeDtPbaXdZ7nrLzy86glYMBqszoN1wNZrMDgAAAODu____H284RDXFVzRDQw-ELBOXw2Uabhwex8K0WS6Gs43J5FwOVxPjZDZcbu_RJj5JYvX3z2_CFqPVZLJZDmfLxWQwHA1Ho_0NxGA1wIkYLJeTyWKyW41Wo81wN5oNFigQgwlStGgwWY1Gk8VkuBpNVrPlYrfbIEWrVrPRZjBczSaz3W41HAyXoxFO2GK0mkw2y-FsuZgMhqPhaDREmFyYJsOZc-QWzRaGtWg2Mq2Vy8HGLVsYlwuTYznyzFZu0etjehiGK9Nk40XBAJm9SJ4W6USyGA43LsfMZlitbIvRxuIY7BbOkcU2WxknppFtIpZoThbpRHbZlywTl8NlGm4cHsfCtFkuhrONyeRcDlcT42Q2XO6bC9NkOHOO3KLZwrAWzUamtXI52LhlC-NyYXIsR57Zyi16fUwPw3Blmmz8jdlssVwtZrPBvjGbLZarxWw22HeYTM_U52x0TY9-j8rhFG4b2pvDoHAZLN6fxLSYdmcH0cl3dOqkKmVRZ_TdukevQeE5eFTD63IZnh4X3-bPoHAcDIpYIrhIJyKn5_H6vHVPk89lemseNpfpeXbZXmbLYOy3-0wPp9mwnIglStNFOtFrHm7D2WUXHA0XsURwukgnopfxdFH_0UEWu7liMZpLFsO5YrlKAAAAAAAAAABLmDNvAgAAAHAayGY4HKzWeRCbyWS1WS0X4EFdQhcYBAAAAAAAYJfDcJl3ZwdCrLjx4xJyeh6vz1v3NPlcprfmYXOZnmeX7WW2DMZ-u8_0cJoNyykDPDgtMm_-TBBrtVrWAAAAAtgAAAAB3Lp5CyCL4v_____jAAAAZOToAQAAxPeBQCj1wo9cKfgJcDUYDg!&excid=22&docw=0&cijs=1&nlb=false
Frame ID: E18A55367315308B5FC72687F0FD45C3
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

4bc695cf6e9f1cd4a4d7dc118edfa9ed Malware Analysis Results | ThreatMiner.orgsuchensuchen

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

DataTables (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

dataTables.*\.js

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Twitter (Widgets) Expand

Overall confidence: 100%
Detected patterns

//platform\.twitter\.com/widgets\.js

comScore (Analytics) Expand

Overall confidence: 100%
Detected patterns

\.scorecardresearch\.com/beacon\.js|COMSCORE\.beacon

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

274
Requests

97 %
HTTPS

59 %
IPv6

27
Domains

58
Subdomains

43
IPs

3
Countries

5261 kB
Transfer

15336 kB
Size

15
Cookies

10 Outgoing links

These are links going to different origins than the main page.

URL: https://medium.com/@threatminer
Title: Blog

Search URL Search Domain Scan URL

URL: https://twitter.com/ThreatMiner
Title: Tweets by ThreatMiner

Search URL Search Domain Scan URL

URL: http://github.com/threatminer
Title: ThreatMiner Github Github.com/threatminer

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/threatminer/
Title: Follow Threatminer on LinkedIn Linkedin.com/company/threatminer/

Search URL Search Domain Scan URL

URL: https://www.google.com/search?client=ms-google-coop&q=4bc695cf6e9f1cd4a4d7dc118edfa9ed&cx=414385693720d4156
Title: suchenAuf Google nach "4bc695cf6e9f1cd4a4d7dc118edfa9ed" suchen

Search URL Search Domain Scan URL

URL: https://cse.google.com/?ref=b&hl=de

Search URL Search Domain Scan URL

URL: https://www.virustotal.com/en/file/bfcee1554decc264a2cf4a614f01880fb662c3f255f3821263dbda84e71fccc6/analysis/
Title: VirusTotal

Search URL Search Domain Scan URL

URL: https://www.hybrid-analysis.com/sample/bfcee1554decc264a2cf4a614f01880fb662c3f255f3821263dbda84e71fccc6
Title: Hybrid-Analysis

Search URL Search Domain Scan URL

URL: https://virusshare.com/
Title: VirusShare

Search URL Search Domain Scan URL

URL: http://creativecommons.org/licenses/by/4.0/

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 25

https://i.creativecommons.org/l/by/4.0/80x15.png HTTP 301
https://licensebuttons.net/l/by/4.0/80x15.png

Request Chain 172

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 176

https://gcdn.2mdn.net/videoplayback/id/7a19311de55a1d60/itag/343/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1693487659/sparams/ip,ipbits,expire,id,itag,source,ctier,acao/signature/21099E9815B2E8FB8C7DD0B6D26BA373DA6036CB.6BCE90ADDE372B70C6A2E505ED7E0B33518BD20C/key/ck2/file/file.mp4 HTTP 302
https://r3---sn-4g5lznez.c.2mdn.net/videoplayback/id/7a19311de55a1d60/itag/343/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1693487659/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/08E80288A8C2ED6FE41FBF7673BD51BE1CB65B5F.10A1A963B2E26D6112EA1A93D73CA8B99E466141/key/cms1/cms_redirect/yes/mh/3l/mip/2001:1b60:2:240:3247::10/mm/42/mn/sn-4g5lznez/ms/onc/mt/1661950229/mv/u/mvi/3/pl/29/file/file.mp4

Request Chain 189

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 251

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 255

https://pixel.tapad.com/idsync/ex/receive?partner_device_id=85767262-e13f-4614-a7e9-fcc88de9a818=&partner_id=3337 HTTP 302
https://pixel.tapad.com/idsync/ex/receive/check?partner_device_id=85767262-e13f-4614-a7e9-fcc88de9a818=&partner_id=3337

Request Chain 267

https://sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26 HTTP 302
https://sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=d38e061a-292e-11ed-8650-1348667f0106 HTTP 302
https://sync-t1.taboola.com/sg/spotx-rtb-network/1/rtb-h?taboola_hm=d38e05e2-292e-11ed-8650-1348667f0106&orig=video&us_privacy=1---gdpr=1&

Request Chain 277

https://sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26 HTTP 302
https://sync-t1.taboola.com/sg/spotx-rtb-network/1/rtb-h?taboola_hm=d38e05e2-292e-11ed-8650-1348667f0106&orig=video&us_privacy=1---gdpr=1&

Request Chain 280

https://sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26 HTTP 302
https://sync-t1.taboola.com/sg/spotx-rtb-network/1/rtb-h?taboola_hm=d38e05e2-292e-11ed-8650-1348667f0106&orig=video&us_privacy=1---gdpr=1&

274 HTTP transactions
11 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request sample.php Show response
www.threatminer.org/ 30 KB
8 KB 133ms
69ms Document
text/html 2606:4700:20::681a:eeb
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.threatminer.org/sample.php?q=4bc695cf6e9f1cd4a4d7dc118edfa9ed
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:eeb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aa26c8bbb26abb9718c7ca1c13f3929589012b8dc67d817e51ed9ff53f8453d7

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cf-cache-status: DYNAMIC
cf-ray: 74360740bd288fe8-FRA
content-encoding: br
content-type: text/html; charset=UTF-8
date: Wed, 31 Aug 2022 13:14:17 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4oTU4dI9Hx3n%2F2xFVZ9aMWWuUn7PY%2FUmpzUOQjHvkSnarIXa90%2FfOqTS%2FKKBRNtIHdLyQtIki2OhUP8a%2BpqdqeG2leQHy8mTTg9MFUSVq%2FBb0OufWglUOuOJeGPEyRTpXDQ7UQBYV3RDZe89KGRf1FA%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding

GET
H2 200 bootstrap.min.css
www.threatminer.org/bower_components/bootstrap/dist/css/ 115 KB
20 KB 34ms
31ms Stylesheet
text/css 2606:4700:20::681a:eeb
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.threatminer.org/bower_components/bootstrap/dist/css/bootstrap.min.css
Requested by: Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=4bc695cf6e9f1cd4a4d7dc118edfa9ed
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:eeb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f04b517ba5d6a0510485689a3e42dac000f51640fd71b986804cba178eae42a5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/sample.php?q=4bc695cf6e9f1cd4a4d7dc118edfa9ed
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 13:14:17 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 21 Apr 2015 05:02:54 GMT
server: cloudflare
age: 4382
etag: W/"1ca39-51434f58bfb80-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YabGRNr1cgCI%2F0keV1TMS2tQVX74zKNp168iUNLmtaaZVHitE%2BcUECXjgJ5CqakrM8rWTfrS3wATp7gMpAhwNyqLUKpbNhZUg7v6j2D486V6eGOEmxOSlJn%2F%2BVdi9x4mLNbTIBb5%2FEgpIFBqavO82jo%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=86400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 743607413dd88fe8-FRA

GET
H2 200 metisMenu.min.css
www.threatminer.org/bower_components/metisMenu/dist/ 781 B
710 B 39ms
35ms Stylesheet
text/css 2606:4700:20::681a:eeb
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.threatminer.org/bower_components/metisMenu/dist/metisMenu.min.css
Requested by: Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=4bc695cf6e9f1cd4a4d7dc118edfa9ed
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:eeb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e0dc574fb2b266dba913861d60b0c69d1e41f0fd095a3341a45f26401cd8b6b3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/sample.php?q=4bc695cf6e9f1cd4a4d7dc118edfa9ed
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 13:14:17 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 21 Apr 2015 05:02:54 GMT
server: cloudflare
age: 4381
etag: W/"30d-51434f58bfb80-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tJ1s8trNemqVoq%2Bcr%2BB60ez%2BbNcuhfBrJAmeVQ8DP60vzy%2B82IB%2FnN1KPG5KI1mA2DhZXSTM9%2B9OorljzNyR5KmDdgDvpX32hSVJoRO9k2mCL8mLgq7PY0v9VlbffDfQfmPBnnaMKhGTe6%2F8HqWCm04%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=86400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 743607413ddb8fe8-FRA

GET
H2 200 dataTables.bootstrap.css
www.threatminer.org/bower_components/datatables-plugins/integration/bootstrap/3/ 6 KB
2 KB 31ms
28ms Stylesheet
text/css 2606:4700:20::681a:eeb
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.threatminer.org/bower_components/datatables-plugins/integration/bootstrap/3/dataTables.bootstrap.css
Requested by: Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=4bc695cf6e9f1cd4a4d7dc118edfa9ed
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:eeb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fac55d188233bffb66023997fcdf69c38df2f62ee4654ad62c61a85b6e81d705

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/sample.php?q=4bc695cf6e9f1cd4a4d7dc118edfa9ed
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 13:14:17 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 21 Apr 2015 05:02:54 GMT
server: cloudflare
age: 4381
etag: W/"1dc0-51434f58bfb80-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tA7%2F9hlGj8qKrmKycfHnDXd6VD%2BMrxbdd%2BZ4kKOM9OeUJruTVJNsIsQc%2FD5DoqYq5SAig07HEbnnGZoQCM1DXTPP%2BVcRON9TYUYpcq7B1jZg1wMrk5qZy1PwFjcp1pCkd3IENg4yKfx5GjHHFazVroY%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=86400
cf-polished: origSize=7616
cf-ray: 743607413ddd8fe8-FRA
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-bgj: minify

GET
H2 200 dataTables.responsive.css
www.threatminer.org/bower_components/datatables-responsive/css/ 3 KB
877 B 35ms
32ms Stylesheet
text/css 2606:4700:20::681a:eeb
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.threatminer.org/bower_components/datatables-responsive/css/dataTables.responsive.css
Requested by: Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=4bc695cf6e9f1cd4a4d7dc118edfa9ed
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:eeb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c692f0d15d92d902c12d745947ba1f892a76bbf3f74c6f3a9f590afd0653ee04

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/sample.php?q=4bc695cf6e9f1cd4a4d7dc118edfa9ed
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 13:14:17 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 21 Apr 2015 05:02:54 GMT
server: cloudflare
age: 4382
etag: W/"beb-51434f58bfb80-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aTETP76TVJ4fYA0wWefqlU7zkGq9HXeOV2Fk5Cy%2BOJHG%2BVZDzBdwdT5BOuC1wNijCxXjDo2TTu1577u7WcQNBIQ6%2FEySwVKnAUE9v9jD3vVdSgSStuCgLMmfgRNNAlSRFQr3HlZgjbh6%2FwsGey3%2Fwl0%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=86400
cf-polished: origSize=3051
cf-ray: 743607413ddf8fe8-FRA
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-bgj: minify

GET
H2 200 buttons.dataTables.min.css
www.threatminer.org/bower_components/datatables-plugins/buttons/media/css/ 8 KB
2 KB 36ms
34ms Stylesheet
text/css 2606:4700:20::681a:eeb
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.threatminer.org/bower_components/datatables-plugins/buttons/media/css/buttons.dataTables.min.css
Requested by: Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=4bc695cf6e9f1cd4a4d7dc118edfa9ed
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:eeb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c7d55fb721c0a1bb591d30b6e06f7781fbd13ab200a8aef0fa8df62e455bc0b1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/sample.php?q=4bc695cf6e9f1cd4a4d7dc118edfa9ed
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 13:14:17 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Mon, 01 May 2017 13:08:48 GMT
server: cloudflare
age: 4381
etag: W/"1f58-54e761fab9800-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TwGGZ%2Bh1WQAUAm2XHvJJeScltjd9LOf5k94Y%2FSHg0UI%2Bb1AWNoBx5oL08rmIWCMIB9Dywtxwd5rrjHvDndk3Bvtru36rImp9vmAAwyCBkRCt4wY%2FEnawyoaRK9HWIYtPOKV26l6yx53pxV%2FbJl4gLNs%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=86400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 743607413de18fe8-FRA

GET
H2 200 buttons.bootstrap.min.css
www.threatminer.org/bower_components/datatables-plugins/buttons/media/css/ 2 KB
746 B 32ms
30ms Stylesheet
text/css 2606:4700:20::681a:eeb
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.threatminer.org/bower_components/datatables-plugins/buttons/media/css/buttons.bootstrap.min.css
Requested by: Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=4bc695cf6e9f1cd4a4d7dc118edfa9ed
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:eeb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9926a0d226b45faff8db829a1c445f33efa6522e213fafed1000365d5abf73df

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/sample.php?q=4bc695cf6e9f1cd4a4d7dc118edfa9ed
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 13:14:17 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Mon, 01 May 2017 13:02:52 GMT
server: cloudflare
age: 4382
etag: W/"626-54e760a737700-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mpyTzg1iHBT3xkTVeuIxDUsRmxId9blodCF68OfoggEcRUCiWRnX5JKLeHVu3wrOLV%2FCgDHmd6HfGbzzJNl33%2FHY7tIOmUEChdqFoV%2B3zFivF1qWQt1TUJL9GcDH71cnRDuTND1NkfFjiH0JbtqYakg%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=86400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 743607413de28fe8-FRA

GET
H2 200 sb-admin-2.css
www.threatminer.org/dist/css/ 4 KB
2 KB 32ms
29ms Stylesheet
text/css 2606:4700:20::681a:eeb
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.threatminer.org/dist/css/sb-admin-2.css
Requested by: Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=4bc695cf6e9f1cd4a4d7dc118edfa9ed
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:eeb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 50d6e541020cbfdddf888aa2c42ad1c8d2296f9045709983354441032e2eb55d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/sample.php?q=4bc695cf6e9f1cd4a4d7dc118edfa9ed
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 13:14:17 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Sat, 02 Jan 2021 17:59:17 GMT
server: cloudflare
age: 4382
etag: W/"1606-5b7ee9d93cc8e-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9rpT0VCsY%2B%2BOYBji%2FduUmgpyZNnn%2FGMAidZoQ%2F6d4nhyvsKb8uo%2BY79oKlrsSNIkwuTzTmszFdSRimFnxdDnKeLP15TPcbVHH1NBiwzuDKFhy6rYy9fY02QjN1b5iPzhSdOo2bjKBldfgcnvQ6zIG0U%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=86400
cf-polished: origSize=5638
cf-ray: 743607413de38fe8-FRA
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-bgj: minify

GET
H2 200 font-awesome.min.css
www.threatminer.org/bower_components/font-awesome/css/ 21 KB
5 KB 35ms
33ms Stylesheet
text/css 2606:4700:20::681a:eeb
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.threatminer.org/bower_components/font-awesome/css/font-awesome.min.css
Requested by: Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=4bc695cf6e9f1cd4a4d7dc118edfa9ed
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:eeb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0fb1bbca73646e8e2b93c82e8d8b219647b13d4b440c48e338290b9a685b8de1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/sample.php?q=4bc695cf6e9f1cd4a4d7dc118edfa9ed
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 13:14:17 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 21 Apr 2015 05:02:54 GMT
server: cloudflare
age: 4382
etag: W/"55e0-51434f58bfb80-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6Ofukz3IiGgm8817NmD8A0kgI1Td0J76axAt9DGSwwWAJZcGpJf9KNuTvUpeYEtlNkPpc6Pb8bt7SxhGmsoVH%2FKFOj7Aehvj%2BtczyfH9%2B%2Fw8Uel7PBuIEFRbGC10y92YvUUwjoPy4%2BwlgV6YxrO1kC8%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=86400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 743607413de58fe8-FRA

GET
H2 200 social-share-kit.css
www.threatminer.org/dist/css/ 12 KB
3 KB 31ms
29ms Stylesheet
text/css 2606:4700:20::681a:eeb
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.threatminer.org/dist/css/social-share-kit.css
Requested by: Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=4bc695cf6e9f1cd4a4d7dc118edfa9ed
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:eeb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 60adb5d029ec8a5d4613d7d57ff8a799c43caae1d1d1c2e5c230d65850fd5273

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/sample.php?q=4bc695cf6e9f1cd4a4d7dc118edfa9ed
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 13:14:17 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Fri, 16 Dec 2016 10:13:34 GMT
server: cloudflare
age: 4381
etag: W/"2ff1-543c3d291af80-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=T5a6LCqXdhVgQbUG%2FKOmeCiHW1u0AkcgjxqbEc%2Fo3%2BWxqLtx7IqSqNGqSlalmJTWBXQm6pL%2Fz63EVdrDbnjP1Sd12fJkQ5kHwtJq6RHTW877q2hlszlzB47TaujgXoU6k2HLL8UmVWgAupA5By9qAo0%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=86400
cf-polished: origSize=12273
cf-ray: 743607413de68fe8-FRA
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-bgj: minify

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 166 KB
57 KB 176ms
96ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=4bc695cf6e9f1cd4a4d7dc118edfa9ed

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2a3c041dfc52f52c87207f837c3dbd0b2f0e97a72b90ef6d17ebb72a10782ed8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 13:14:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 57522
x-xss-protection: 0
server: cafe
etag: 2250754046329635131
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Wed, 31 Aug 2022 13:14:17 GMT

GET
H/1.1 200
OK widgets.js Show response
platform.twitter.com/ 97 KB
29 KB 139ms
19ms Script
application/javascript 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets.js
Requested by: Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=4bc695cf6e9f1cd4a4d7dc118edfa9ed
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/67BE) /
Resource Hash: 33558069624c6849e3bedf4ef9ead7bf4cef2afdd7ecb64758a660fa4ae5ed8d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

Date: Wed, 31 Aug 2022 13:14:17 GMT
Content-Encoding: gzip
Age: 1068
X-Cache: HIT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=,edge;dur=1
Content-Length: 29278
x-tw-cdn: VZ
Last-Modified: Mon, 15 Aug 2022 23:23:32 GMT
Server: ECS (frb/67BE)
Etag: "080f1472776d4d1a972a14cea4433aeb+gzip"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=1800

GET
H2 200 ajax-loader.gif
www.threatminer.org/images/ 3 KB
3 KB 47ms
40ms Image
image/gif 2606:4700:20::681a:eeb
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.threatminer.org/images/ajax-loader.gif
Requested by: Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=4bc695cf6e9f1cd4a4d7dc118edfa9ed
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:eeb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 934abde684325043e16edeffd73752cd5f0ab00b5723d8e47a618ce3f16a3799

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/sample.php?q=4bc695cf6e9f1cd4a4d7dc118edfa9ed
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 13:14:17 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 4381
cf-polished: origSize=2608
content-length: 2599
last-modified: Sat, 17 Oct 2015 00:26:24 GMT
server: cloudflare
etag: "a30-52241f64ccc00"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=omuefIjKfjvHL%2B7UI2litzaLJzfSNmRVcSMzg3HE%2FJNh7haL21q7BKPeQTqHkrLoqDpVAmFr0XquFDsD7QjALmCLei7bLjJRERrxcoQYvlMf0H1VbbwMmnteCGtUGBeT9Qx%2BGETo3bbkBAUROu7w1e0%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cache-control: max-age=86400
accept-ranges: bytes
cf-ray: 743607418e718fe8-FRA
cf-bgj: imgq:100,h2pri

GET
H2 200 jquery-1.12.4.min.js Show response
www.threatminer.org/bower_components/jquery/dist/ 95 KB
34 KB 32ms
31ms Script
application/javascript 2606:4700:20::681a:eeb
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.threatminer.org/bower_components/jquery/dist/jquery-1.12.4.min.js
Requested by: Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=4bc695cf6e9f1cd4a4d7dc118edfa9ed
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:eeb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/sample.php?q=4bc695cf6e9f1cd4a4d7dc118edfa9ed
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 13:14:17 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Mon, 01 May 2017 12:15:38 GMT
server: cloudflare
age: 4381
etag: W/"17b8b-54e7561880e80-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VVoh9JLdBpsSNHwsb3MVetsY6MPU72DbvQ6wsGlCFakcWUv1huDqoRCnO28YOIuS5wfrxFSeOe4Ka4yIp7%2FcKoPk1lFmB3VZwv%2FWvas%2B9KgDQSCmmD2dP9Vr%2B1lA8ekieDzI%2FyIgTs%2BLUi3qN3LYAmw%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=86400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 743607417e468fe8-FRA

GET
H2 200 bootstrap.min.js Show response
www.threatminer.org/bower_components/bootstrap/dist/js/ 35 KB
10 KB 29ms
29ms Script
application/javascript 2606:4700:20::681a:eeb
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.threatminer.org/bower_components/bootstrap/dist/js/bootstrap.min.js
Requested by: Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=4bc695cf6e9f1cd4a4d7dc118edfa9ed
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:eeb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d5fd173d00d9733900834e0e1083de86b532e048b15c0420ba5c2db0623644b8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/sample.php?q=4bc695cf6e9f1cd4a4d7dc118edfa9ed
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 13:14:17 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 21 Apr 2015 05:02:54 GMT
server: cloudflare
age: 4381
etag: W/"8c6f-51434f58bfb80-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jxP38B%2FYkf5aRKtIrlJ%2B4x8vZ1jIvcAGYYfrLoFZTvfNxTmKlsYQEDOpy6cGHaf1g0kBtmA%2F0dmYtvjYRhISNjRAPqWoKkzIP5YSh%2BH1HLr62M2TYifIbhUQd483sHltCfR8Wq3aPCs8gOS7gEpcYL8%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=86400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 743607417e4b8fe8-FRA

GET
H2 200 metisMenu.min.js Show response
www.threatminer.org/bower_components/metisMenu/dist/ 2 KB
1 KB 37ms
31ms Script
application/javascript 2606:4700:20::681a:eeb
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.threatminer.org/bower_components/metisMenu/dist/metisMenu.min.js
Requested by: Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=4bc695cf6e9f1cd4a4d7dc118edfa9ed
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:eeb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3ab0a74bbd399efdf7c9c9bffb689f0a755fc7131d5af04c8393d45f5163a69b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/sample.php?q=4bc695cf6e9f1cd4a4d7dc118edfa9ed
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 13:14:17 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 21 Apr 2015 05:02:54 GMT
server: cloudflare
age: 4381
etag: W/"757-51434f58bfb80-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=e8GOxcy%2B5RvuHvD52RvgJf7CqYYGUHWbQZIDpuhqb8VV%2Fl5LqhaqbjK3ao%2BeXVCD9SHFpguhmeSZWizt%2FZymy1siZPN5DZQMREV5uBgqjA8cfDlprqfsAfYWJAQxra16DCDV8qwdqN1I%2F0PJvFOCU5E%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=86400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 743607418e538fe8-FRA

GET
H2 200 jquery.dataTables.min.js Show response
www.threatminer.org/bower_components/datatables/media/js/ 81 KB
29 KB 48ms
39ms Script
application/javascript 2606:4700:20::681a:eeb
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.threatminer.org/bower_components/datatables/media/js/jquery.dataTables.min.js
Requested by: Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=4bc695cf6e9f1cd4a4d7dc118edfa9ed
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:eeb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8f4d3b47b47a8a31163dad5d7fb15e27a0056d07b0c34c6089fd9225664e847c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/sample.php?q=4bc695cf6e9f1cd4a4d7dc118edfa9ed
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 13:14:17 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Mon, 01 May 2017 12:24:55 GMT
server: cloudflare
age: 4381
etag: W/"14544-54e7582bb33c0-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jln7%2FxZw3UPQ6TqVGq9bTX4UniZ0i8QgtPOjIRGMzDLGCtxeu3za%2FoJGMNeQZw0Qdyw8ua3v0ScX%2B9tP%2B2tlH99E8cDBHa2%2BYiqXSXtUgIgUuq22%2FdWdVofIBR0hvuDCGeL89lQPfwmswSTTpX93w%2BY%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=86400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 743607418e5f8fe8-FRA

GET
H2 200 dataTables.bootstrap.min.js Show response
www.threatminer.org/bower_components/datatables-plugins/integration/bootstrap/3/ 2 KB
1 KB 35ms
27ms Script
application/javascript 2606:4700:20::681a:eeb
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.threatminer.org/bower_components/datatables-plugins/integration/bootstrap/3/dataTables.bootstrap.min.js
Requested by: Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=4bc695cf6e9f1cd4a4d7dc118edfa9ed
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:eeb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a905062b971bfb70ba70dda1a454d9cb7f7389be7ff515f6eb9009c8e697a34b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/sample.php?q=4bc695cf6e9f1cd4a4d7dc118edfa9ed
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 13:14:17 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 21 Apr 2015 05:02:54 GMT
server: cloudflare
age: 4381
etag: W/"796-51434f58bfb80-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=r9zd6AFT1UIL06wBQ3xnOsavVl2pbpHhzKVCqHcKSWmC3eB5OgELmrZ5rGT99f0H2DLtlSDW0%2F3WIp9pJN8w4csLkI%2BW3obxue0GW0078MuWisKxqTkll6roWcsIjLx3U9p2814Nq4SR53wJOSdXpfU%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=86400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 743607418e618fe8-FRA

GET
H2 200 dataTables.buttons.min.js Show response
www.threatminer.org/bower_components/datatables-plugins/buttons/media/js/ 16 KB
6 KB 39ms
31ms Script
application/javascript 2606:4700:20::681a:eeb
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.threatminer.org/bower_components/datatables-plugins/buttons/media/js/dataTables.buttons.min.js
Requested by: Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=4bc695cf6e9f1cd4a4d7dc118edfa9ed
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:eeb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8aeaf60f6f34ced8ed9c83b249bdfc8544cc8f318294074898e6ced1d04e678c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/sample.php?q=4bc695cf6e9f1cd4a4d7dc118edfa9ed
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 13:14:17 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Mon, 01 May 2017 12:34:43 GMT
server: cloudflare
age: 4381
etag: W/"4088-54e75a5c75ec0-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YJEDoxeXM7GQcSH2dctnJYYmh6CTF5O5Hw49s9DRY6XNTmOnGpTwASIgkOL%2Fn2mPZR2qG4taj17rZ%2BIt%2BXdzkeaKpSZb%2BCoN%2BsiEYCmSpDLjQ7wsedtv%2F5DiEepmoTvWKMwoV60oxG6RJFtBsFWUQBw%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=86400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 743607418e638fe8-FRA

GET
H2 200 pdfmake.min.js Show response
www.threatminer.org/bower_components/datatables-plugins/pdfmake/media/js/ 1 MB
391 KB 72ms
64ms Script
application/javascript 2606:4700:20::681a:eeb
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.threatminer.org/bower_components/datatables-plugins/pdfmake/media/js/pdfmake.min.js
Requested by: Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=4bc695cf6e9f1cd4a4d7dc118edfa9ed
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:eeb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cf919e6fbfbf62a4f8cfaab4cf5c5f80e7c10be2bc9f7e4c70142175c0b49b4f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/sample.php?q=4bc695cf6e9f1cd4a4d7dc118edfa9ed
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 13:14:17 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Mon, 01 May 2017 11:37:06 GMT
server: cloudflare
age: 4381
etag: W/"106721-54e74d7b9bc80-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZYkDSB2kGp1t4d7oqjHqSRsLNRA0ggJMMMOupykcYFVyA3QH5AOMVaDHMKTJSstgkDxu6Rj9mLtB0e8i%2Bh1cQXlsPo3KH0GKbRI5HC92ddpCIgBKetM5KAiQeHxtj6CpZzkfAgkxYRakZAzlIUke7cM%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=86400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 743607418e648fe8-FRA

GET
H2 200 jszip.min.js Show response
www.threatminer.org/bower_components/datatables-plugins/jszip/media/js/ 100 KB
31 KB 45ms
37ms Script
application/javascript 2606:4700:20::681a:eeb
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.threatminer.org/bower_components/datatables-plugins/jszip/media/js/jszip.min.js
Requested by: Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=4bc695cf6e9f1cd4a4d7dc118edfa9ed
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:eeb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 45b3ffadbc785de6091fa798527891eb7264e4d115e3c1a37acb60e3d70d4966

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/sample.php?q=4bc695cf6e9f1cd4a4d7dc118edfa9ed
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 13:14:17 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Mon, 01 May 2017 11:36:59 GMT
server: cloudflare
age: 4381
etag: W/"18e33-54e74d74eecc0-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4x4HUC9oSDtGkrtCc3476Twb6WHJWTxNCLwTUnqokG6Ag1LXq6qdnoLCeTTuBeGmuRtmBKEB9lJTRBjP8i%2BnE3wSbanfyRd%2BYbTF98dWoZclFMZSaQfZT6D24RtrF2xAS06RqryCAqUTpRRKGUyt1Tk%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=86400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 743607418e668fe8-FRA

GET
H2 200 vfs_fonts.js Show response
www.threatminer.org/bower_components/datatables-plugins/vfs_fonts/media/js/ 933 KB
454 KB 48ms
40ms Script
application/javascript 2606:4700:20::681a:eeb
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.threatminer.org/bower_components/datatables-plugins/vfs_fonts/media/js/vfs_fonts.js
Requested by: Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=4bc695cf6e9f1cd4a4d7dc118edfa9ed
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:eeb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ecee1d502f45731162f99f4d6aa07c0315a26a8382c1b1bc3c9958ab3ff04000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/sample.php?q=4bc695cf6e9f1cd4a4d7dc118edfa9ed
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 13:14:17 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Mon, 01 May 2017 11:37:11 GMT
server: cloudflare
age: 4381
etag: W/"e94d3-54e74d80607c0-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Z6YvlornJ34a9Yjd4jGGQeDjGZ1DxrUp4YRwG%2BkxJDxQnFLS%2FbofLqM7IVif7CvhodUilhGWPG7CRESvxu40ygenxOIv%2BiZygj5ayWNw913aOZ%2FOPFlxh84YN40vJFQVmyLf2v%2B5fvY37OGLdvZ02cA%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=86400
cf-polished: origSize=955603
cf-ray: 743607418e678fe8-FRA
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-bgj: minify

GET
H2 200 buttons.html5.min.js Show response
www.threatminer.org/bower_components/datatables-plugins/buttons/media/js/ 23 KB
6 KB 37ms
29ms Script
application/javascript 2606:4700:20::681a:eeb
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.threatminer.org/bower_components/datatables-plugins/buttons/media/js/buttons.html5.min.js
Requested by: Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=4bc695cf6e9f1cd4a4d7dc118edfa9ed
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:eeb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 07a081c6a38ab09a0163aecaaf77713ffae6e09d06ba1a112efef22e01857ddc

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/sample.php?q=4bc695cf6e9f1cd4a4d7dc118edfa9ed
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 13:14:17 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Mon, 01 May 2017 11:37:16 GMT
server: cloudflare
age: 4381
etag: W/"5b7a-54e74d8525300-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HeHmiDFGsfyz2OTc06FhIzewK5gz11ji5GB%2FomIWXgkHpbnMBfwUrzYiJQbhHCEAK6Vy3MjCEX1L95BqL2CJAWxCfc%2FJ3%2BEtmqeedadHP7ncteycYpZQBDzZQPudcslABiFTRlFcT7bNX%2F%2FFYyoIf08%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=86400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 743607418e688fe8-FRA

GET
H2 200 sb-admin-2.js Show response
www.threatminer.org/dist/js/ 756 B
696 B 38ms
30ms Script
application/javascript 2606:4700:20::681a:eeb
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.threatminer.org/dist/js/sb-admin-2.js
Requested by: Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=4bc695cf6e9f1cd4a4d7dc118edfa9ed
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:eeb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ed99491fe47b5733d1ad2fbf90f5d9066d049a530d1b92ebe47be5e0c527a32e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/sample.php?q=4bc695cf6e9f1cd4a4d7dc118edfa9ed
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 13:14:17 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Sat, 25 May 2019 17:16:01 GMT
server: cloudflare
age: 4381
etag: W/"49d-589b97821f640-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aI7%2FLn%2FNROaXPzspwL0WGkIOw2uNeSgPJkz97m2KKV71%2Bt0CQFRbwsdnjvIcS0Tr2KajswW2oPYffjRqDXzm%2FvL2z40I9VUt4xx6odyCuM3PchBaT4pJHy4RNJqomkJzSmHy88OephkbHeO%2FSTj62xE%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=86400
cf-polished: origSize=1181
cf-ray: 743607418e6a8fe8-FRA
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-bgj: minify

GET
H2 200 tm_utility.js Show response
www.threatminer.org/dist/js/ 8 KB
2 KB 36ms
29ms Script
application/javascript 2606:4700:20::681a:eeb
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.threatminer.org/dist/js/tm_utility.js
Requested by: Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=4bc695cf6e9f1cd4a4d7dc118edfa9ed
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:eeb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e725928ffb665a91ca8a3631e3002edba9b0f9ec66b40a59d53db0f44827e34e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/sample.php?q=4bc695cf6e9f1cd4a4d7dc118edfa9ed
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 13:14:17 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Mon, 22 Nov 2021 16:06:03 GMT
server: cloudflare
age: 4381
etag: W/"2901-5d162cd378793-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ds03QYaBts4woZRGVKJ5UCC1fXHMUUJujzPY%2FH5jIbX9W59hpGv6cks%2BH%2BoKNGfzmfKG8zULqYJeucHKKXeu0gUv6GWc6tKGEH5VdEuwVkMnWK4zwkU4HgbSVElLPMHoyE8JwwbbawAy2%2BWH5LjSNMc%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=86400
cf-polished: origSize=10497
cf-ray: 743607418e6c8fe8-FRA
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-bgj: minify

GET
H2 200 social-share-kit.min.js Show response
www.threatminer.org/dist/js/ 6 KB
3 KB 43ms
36ms Script
application/javascript 2606:4700:20::681a:eeb
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.threatminer.org/dist/js/social-share-kit.min.js
Requested by: Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=4bc695cf6e9f1cd4a4d7dc118edfa9ed
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:eeb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ac74cddb007ace18442f5111c4c23125de6031dca42bcead5ea5bfb12d2ca332

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/sample.php?q=4bc695cf6e9f1cd4a4d7dc118edfa9ed
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 13:14:17 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Sat, 09 Mar 2019 16:07:52 GMT
server: cloudflare
age: 4381
etag: W/"179c-583ab8aa0e600-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=axHJpyaVw3bGD1fjN8%2BUx397k6JeCkRcx9Idk3JA1xHLJBHjaIqk%2FwX%2BdCHWv4ZpPh3c5nGVnrJ%2FJr2EhkGTNkfX02DX%2FCuMnIBiYQh9%2FB%2FX5HElk08DxsLhdLkpnCczCQdFeBMKhnQj01GoSeQQuhk%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=86400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 743607418e6e8fe8-FRA

GET
H2

200

80x15.png
licensebuttons.net/l/by/4.0/
Redirect Chain

https://i.creativecommons.org/l/by/4.0/80x15.png
https://licensebuttons.net/l/by/4.0/80x15.png

430 B
739 B

98ms
28ms

Image
image/png

2606:4700:10::ac43:73f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://licensebuttons.net/l/by/4.0/80x15.png

Requested by

Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=4bc695cf6e9f1cd4a4d7dc118edfa9ed

Protocol

Server

2606:4700:10::ac43:73f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f43d4d35e7ac1e815dc0c8897806e30d928ee62e1aa6ac20f49c649f8b694004

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 13:14:17 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 6803
cf-polished: origSize=640
vary: Accept-Encoding
content-length: 430
x-xss-protection: 1; mode=block
last-modified: Thu, 30 Apr 2020 21:59:13 GMT
server: cloudflare
x-frame-options: deny
etag: "5eab4a31-280"
strict-transport-security: max-age=15768000
content-type: image/png
cache-control: max-age=432000
accept-ranges: bytes
cf-ray: 74360742cdf8bb59-FRA
cf-bgj: imgq:100,h2pri

Redirect headers

date: Wed, 31 Aug 2022 13:14:17 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
server: cloudflare
age: 387
x-frame-options: deny
content-type: text/html
location: https://licensebuttons.net/l/by/4.0/80x15.png
cache-control: max-age=432000
strict-transport-security: max-age=15768000
cf-ray: 74360741fe03925b-FRA
vary: Accept-Encoding
x-xss-protection: 1; mode=block

GET
H2 200 infolinks_main.js Show response
resources.infolinks.com/js/ 3 KB
2 KB 132ms
52ms Script
application/javascript 172.66.41.9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://resources.infolinks.com/js/infolinks_main.js
Requested by: Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=4bc695cf6e9f1cd4a4d7dc118edfa9ed
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1ba70742aa58c224b753098b48de78c0d7ef3fafe2d8893f6cd92cbe68022e90

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

cf-ray: 74360741fddcbb83-FRA
date: Wed, 31 Aug 2022 13:14:17 GMT
via: 1.1 google
cf-cache-status: HIT
last-modified: Tue, 30 Aug 2022 13:14:35 GMT
server: cloudflare
age: 14347
etag: W/"d62-5e775296a94d7"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=3600
content-encoding: gzip
expires: Wed, 31 Aug 2022 10:15:10 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 95ms
17ms Script
text/javascript 2a00:1450:4001:813::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=4bc695cf6e9f1cd4a4d7dc118edfa9ed

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 13 Apr 2022 21:02:38 GMT
server: Golfe2
age: 737
date: Wed, 31 Aug 2022 13:02:00 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Wed, 31 Aug 2022 15:02:00 GMT

GET
H2 200 fontawesome-webfont.woff
www.threatminer.org/bower_components/font-awesome/fonts/ 64 KB
64 KB 72ms
67ms Font
application/font-woff 2606:4700:20::681a:eeb
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.threatminer.org/bower_components/font-awesome/fonts/fontawesome-webfont.woff?v=4.2.0
Requested by: Host: www.threatminer.org
URL: https://www.threatminer.org/bower_components/font-awesome/css/font-awesome.min.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:eeb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 199411f659f41aaccb959bacb1b0de30e54f244352a48c6f9894e65ae0f8a9a1

Request headers

Referer: https://www.threatminer.org/bower_components/font-awesome/css/font-awesome.min.css
Origin: https://www.threatminer.org
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 13:14:17 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 21 Apr 2015 05:02:54 GMT
server: cloudflare
etag: W/"ffac-51434f58bfb80"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7%2FO9IAM%2BrsBpLhUhnTZt3AJr0F%2FbNPH0hMo6RmuQpSL2r2lhX%2Fk9r4IeDrNuIBp%2FMFKQmCOrnRGTK68yURbX%2FnNy23wQPEomLIRImAsjJG6cPC9tusm8C0jvV388nnf2jkbh57xKcsMH4PoBfnYvq%2BU%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/font-woff
cache-control: max-age=86400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 743607418e728fe8-FRA

GET
H2 200 social-share-kit.woff
www.threatminer.org/dist/fonts/ 7 KB
7 KB 104ms
100ms Font
application/font-woff 2606:4700:20::681a:eeb
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.threatminer.org/dist/fonts/social-share-kit.woff
Requested by: Host: www.threatminer.org
URL: https://www.threatminer.org/dist/css/social-share-kit.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:eeb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 697c41fffac431521f2db48c7426ac23b972b6eb7b1242f0bb47d6079884d3a4

Request headers

Referer: https://www.threatminer.org/dist/css/social-share-kit.css
Origin: https://www.threatminer.org
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 13:14:17 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Fri, 16 Dec 2016 10:13:34 GMT
server: cloudflare
etag: W/"1b08-543c3d291af80"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=78NJGMQRgeYsNLJCAZfGb5Xh%2BrylDtbWvRa2lifOlUTNk0Ux13jAZK2Vk19QEf%2BceTcf9soLhgnRsch2ZwSy8wSxOdg9XvxpvXcijjy%2FXWzVW82ZH5P7h7xk8ihgnXbsh7IoTdCS%2FYsfKZ0BxQB%2B3as%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/font-woff
cache-control: max-age=86400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 74360741ae8b8fe8-FRA

GET
H/1.1 200
OK embed.js Show response
threatminer.disqus.com/ 78 KB
25 KB 259ms
181ms Script
application/javascript 199.232.192.134
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://threatminer.disqus.com/embed.js

Requested by

Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=4bc695cf6e9f1cd4a4d7dc118edfa9ed

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

199.232.192.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

openresty /

Resource Hash

901a164342f0df08108d1d071d1a4c6a1265bba8f9f48eec16fe18e7a9c94813

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

Date: Wed, 31 Aug 2022 13:14:17 GMT
Content-Encoding: gzip
Server: openresty
Age: 0
Vary: Accept-Encoding
Connection: keep-alive
Content-Type: application/javascript; charset=utf-8
Cache-Control: private, max-age=60
X-Service: router
Strict-Transport-Security: max-age=300; includeSubdomains
Link: <https://disqus.com>; rel=preconnect, <https://c.disquscdn.com>; rel=preconnect
Content-Length: 25429
Cross-Origin-Resource-Policy: cross-origin

POST
H2 200 collect Show response
www.google-analytics.com/j/ 2 B
210 B 28ms
27ms XHR
text/plain 2a00:1450:4001:813::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&aip=1&a=1463385701&t=pageview&_s=1&dl=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D4bc695cf6e9f1cd4a4d7dc118edfa9ed&ul=en-us&de=UTF-8&dt=4bc695cf6e9f1cd4a4d7dc118edfa9ed%20Malware%20Analysis%20Results%20%7C%20ThreatMiner.org&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEABAAAAAC~&jid=1176498723&gjid=1337422013&cid=1684267297.1661951657&tid=UA-73787980-1&_gid=4934461.1661951657&_r=1&_slc=1&z=1552606996

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.threatminer.org/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 31 Aug 2022 13:14:17 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.threatminer.org
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 getReport.php Show response
www.threatminer.org/ 0
304 B 54ms
45ms XHR
text/html 2606:4700:20::681a:eeb
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.threatminer.org/getReport.php?e=notes_container&t=2&q=4bc695cf6e9f1cd4a4d7dc118edfa9ed
Requested by: Host: www.threatminer.org
URL: https://www.threatminer.org/dist/js/tm_utility.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:eeb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/sample.php?q=4bc695cf6e9f1cd4a4d7dc118edfa9ed
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 13:14:17 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nf4yacsd01RDkOojr6iU3vMFwuCHtfzr0kD2VZhz3rNKK%2BZoVklvveG4wIt1jHxcndIopCsdqkLQQwcBWx8mxfXTHGvCrMmAB70uxN2OzF5i7vXaf1abgRayy0ODcRzfn7kjD3O8Vsf8hFuHYbMDQ28%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=UTF-8
cf-ray: 7436074389118fe8-FRA

GET
H2 200 ice.js Show response
resources.infolinks.com/js/1817.005-3.025/ 178 KB
55 KB 52ms
46ms Script
application/javascript 172.66.41.9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://resources.infolinks.com/js/1817.005-3.025/ice.js
Requested by: Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=4bc695cf6e9f1cd4a4d7dc118edfa9ed
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a2b01b5b2147cc06a77995d2d8ec0f67e9735eb110f8d4c0b8dbece2a785f43c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

cf-ray: 74360743887bbb83-FRA
date: Wed, 31 Aug 2022 13:14:17 GMT
via: 1.1 google
cf-cache-status: HIT
last-modified: Tue, 30 Aug 2022 13:10:17 GMT
server: cloudflare
age: 14343
etag: W/"2c9a5-5e7751a02b6b6"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=2592000
content-encoding: gzip
expires: Fri, 30 Sep 2022 09:15:14 GMT

GET
H2 200 cse.js Show response
cse.google.com/ 7 KB
4 KB 130ms
61ms Script
text/javascript 2a00:1450:4001:82a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cse.google.com/cse.js?cx=414385693720d4156

Requested by

Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=4bc695cf6e9f1cd4a4d7dc118edfa9ed

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gws /

Resource Hash

4e41e3e48a2644dc2b848be94be3e1c192ee8d9c7ba528a8ca3c094b664f75be

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

bfcache-opt-in: unload
date: Wed, 31 Aug 2022 13:14:17 GMT
content-encoding: br
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-WoW64
x-frame-options: SAMEORIGIN
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2997
x-xss-protection: 0
server: gws
expires: Wed, 31 Aug 2022 13:14:17 GMT

GET
H/1.1 200
OK widget_iframe.9d00f3a022654eb8edfbc3190e981f9d.html Show response
platform.twitter.com/widgets/ Frame 9E6B 320 KB
104 KB 29ms
20ms Document
text/html 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/widget_iframe.9d00f3a022654eb8edfbc3190e981f9d.html?origin=https%3A%2F%2Fwww.threatminer.org
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/67D5) /
Resource Hash: 8c0531412c543b9bd978e29acb8f5cf330db9891115d1e9924519d9a675b7b74

Request headers

Referer: https://www.threatminer.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 55068
Cache-Control: public, max-age=315360000
Content-Encoding: gzip
Content-Length: 105445
Content-Type: text/html; charset=utf-8
Date: Wed, 31 Aug 2022 13:14:17 GMT
Etag: "50d73c0b4a4c7e4697b9c6ac6f1ecd75+gzip"
Last-Modified: Mon, 15 Aug 2022 23:01:14 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (frb/67D5)
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=,edge;dur=1
Vary: Accept-Encoding
X-Cache: HIT
x-tw-cdn: VZ

GET
H3 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202208250101/ 343 KB
121 KB 154ms
84ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202208250101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-5720763271532377&plah=www.threatminer.org

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

964ca65aabf2b0d4c0a2f66737c04c01fa29ee8c9ebe6e78c989e269154cceb2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 13:14:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 123448
x-xss-protection: 0
server: cafe
etag: 11101058126484713773
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Wed, 31 Aug 2022 13:14:17 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20220829/r20190131/ Frame B8F3 10 KB
5 KB 89ms
23ms Document
text/html 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20220829/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

de317176fa6b64a8e89bbd45d20b6be2560bbfa96e7e53e63eb754e18bfe6c1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.threatminer.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 6419
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=1209600
content-encoding: gzip
content-length: 4412
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 31 Aug 2022 11:27:18 GMT
etag: 8616628553774171045
expires: Wed, 14 Sep 2022 11:27:18 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 lounge.4ceaf0673822a0def820ebdc38d84415.css
c.disquscdn.com/next/embed/styles/ 0
26 KB 102ms
23ms Other
text/css 2600:9000:21f3:ca00:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/styles/lounge.4ceaf0673822a0def820ebdc38d84415.css

Requested by

Host: threatminer.disqus.com
URL: https://threatminer.disqus.com/embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:21f3:ca00:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Tue, 30 Aug 2022 18:28:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 67535
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 26448
x-xss-protection: 1; mode=block
x-served-by: static-web-2
access-control-allow-origin: *
surrogate-key: next
last-modified: Tue, 30 Aug 2022 17:50:39 GMT
server: nginx
etag: "630e4def-6750"
content-type: text/css; charset=utf-8
via: 1.1 882f747f39885162595630c95dd0012c.cloudfront.net (CloudFront)
expires: Wed, 30 Aug 2023 18:28:42 GMT
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: FRA2-C2
timing-allow-origin: *
x-amz-cf-id: jeW2WiaVL00Sk341vAjkXwgHjESkUj5CRNwlaJ-gKn9qAZBTIhUE5A==
x-cache-hits: 0

GET
H2 200 common.bundle.33bc87b2c4f9324203cc85b7dd1d0492.js
c.disquscdn.com/next/embed/ 0
93 KB 119ms
40ms Other
application/javascript 2600:9000:21f3:ca00:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/common.bundle.33bc87b2c4f9324203cc85b7dd1d0492.js

Requested by

Host: threatminer.disqus.com
URL: https://threatminer.disqus.com/embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:21f3:ca00:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Mon, 25 Jul 2022 05:21:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3225168
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 94755
x-xss-protection: 1; mode=block
x-served-by: static-web-2
access-control-allow-origin: *
surrogate-key: next
last-modified: Fri, 22 Jul 2022 12:02:54 GMT
server: nginx
etag: "62da91ee-17223"
content-type: application/javascript; charset=utf-8
via: 1.1 882f747f39885162595630c95dd0012c.cloudfront.net (CloudFront)
expires: Tue, 25 Jul 2023 05:21:29 GMT
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: FRA2-C2
timing-allow-origin: *
x-amz-cf-id: gEgc5H_RaDmg068uAw8UxsMJK7eTNFAzjnfBs4DKeDJtrdd4ORvfSg==
x-cache-hits: 0

GET
H2 200 lounge.bundle.8d28276e15f31af0eebfd934278922d1.js
c.disquscdn.com/next/embed/ 0
123 KB 152ms
73ms Other
application/javascript 2600:9000:21f3:ca00:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/lounge.bundle.8d28276e15f31af0eebfd934278922d1.js

Requested by

Host: threatminer.disqus.com
URL: https://threatminer.disqus.com/embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:21f3:ca00:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Tue, 30 Aug 2022 18:28:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 67535
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 124861
x-xss-protection: 1; mode=block
x-served-by: static-web-1
access-control-allow-origin: *
surrogate-key: next
last-modified: Tue, 30 Aug 2022 17:50:39 GMT
server: nginx
etag: "630e4def-1e7bd"
content-type: application/javascript; charset=utf-8
via: 1.1 882f747f39885162595630c95dd0012c.cloudfront.net (CloudFront)
expires: Wed, 30 Aug 2023 18:28:42 GMT
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: FRA2-C2
timing-allow-origin: *
x-amz-cf-id: ALD_U73G7v6a08xZUYiikFWgsXPHN7PQuEimCiTe7gWhKZ2VAlZLxg==
x-cache-hits: 0

GET
H/1.1 200
OK config.js
disqus.com/next/ 0
16 KB 103ms
22ms Other
application/javascript 151.101.128.134
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://disqus.com/next/config.js

Requested by

Host: threatminer.disqus.com
URL: https://threatminer.disqus.com/embed.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

151.101.128.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

Date: Wed, 31 Aug 2022 13:14:17 GMT
X-Content-Type-Options: nosniff
Content-Type: application/javascript; charset=UTF-8
Server: nginx
Age: 4
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=300; includeSubdomains
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Access-Control-Allow-Origin: *
Cache-Control: public, stale-while-revalidate=300, s-stalewhilerevalidate=3600, max-age=60
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
Timing-Allow-Origin: *
Content-Length: 15959
X-XSS-Protection: 1; mode=block

GET
H2 200 settings Show response
syndication.twitter.com/ Frame 9E6B 709 B
589 B 204ms
132ms Fetch
application/json 104.244.42.136
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://syndication.twitter.com/settings?session_id=c940bcf3d2e43cd9574b4a07d331b27eaddcac1c

Requested by

Host: platform.twitter.com
URL: https://platform.twitter.com/widgets/widget_iframe.9d00f3a022654eb8edfbc3190e981f9d.html?origin=https%3A%2F%2Fwww.threatminer.org

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.136 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

d65246f2a98e02b32e2a0d80916e65eab499aebe923d078037efd692b31cef58

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://platform.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

x-response-time: 110
date: Wed, 31 Aug 2022 13:14:17 GMT
content-encoding: gzip
last-modified: Wed, 31 Aug 2022 13:14:17 GMT
server: tsa_o
vary: Origin
strict-transport-security: max-age=631138519
content-type: application/json; charset=utf-8
access-control-allow-origin: https://platform.twitter.com
cache-control: must-revalidate, max-age=600
access-control-allow-credentials: true
x-connection-hash: 83c9d45ee42e48c9109d1f3e68e861fe4718c3ddefc5a8c534f14203896d918e
content-length: 308

GET
H2 200 manage Show response
router.infolinks.com/usync/ Frame CE59 0
33 B 242ms
228ms Document
text/plain 172.66.41.9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://router.infolinks.com/usync/manage?pid=3241790&wsid=0&pdom=www.threatminer.org&purl=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D4bc695cf6e9f1cd4a4d7dc118edfa9ed
Requested by: Host: resources.infolinks.com
URL: https://resources.infolinks.com/js/1817.005-3.025/ice.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.threatminer.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cf-cache-status: DYNAMIC
cf-ray: 743607451b4dbb83-FRA
content-length: 0
date: Wed, 31 Aug 2022 13:14:17 GMT
server: cloudflare
via: 1.1 google

GET
H2 200 lcmanage Show response
router.infolinks.com/usync/ 0
43 B 142ms
131ms Script
text/plain 172.66.41.9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://router.infolinks.com/usync/lcmanage?pid=3241790&wsid=0&pdom=www.threatminer.org&purl=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D4bc695cf6e9f1cd4a4d7dc118edfa9ed
Requested by: Host: resources.infolinks.com
URL: https://resources.infolinks.com/js/1817.005-3.025/ice.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 13:14:17 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 743607451b50bb83-FRA
content-length: 0

GET
H2 200 gsd Show response
router.infolinks.com/ 321 B
537 B 274ms
265ms Script
text/javascript 172.66.41.9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://router.infolinks.com/gsd?evt=afterGSD&pid=3241790&wsid=0&pdom=www.threatminer.org&purl=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D4bc695cf6e9f1cd4a4d7dc118edfa9ed&jsv=1817.005-3.025&_cb=16619516577530
Requested by: Host: resources.infolinks.com
URL: https://resources.infolinks.com/js/1817.005-3.025/ice.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c6a144dfb544398da6b08bd46c4e98535657fa040dc01f8236c8548d569ddc96

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 31 Aug 2022 13:14:18 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
p3p: CP="NON DSP NID OUR COR"
content-type: text/javascript;charset=UTF-8
content-encoding: gzip
cache-control: max-age=0
cf-ray: 743607451b4fbb83-FRA
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 cse_element__de.js Show response
www.google.com/cse/static/element/fd562c898514f252/ 303 KB
101 KB 103ms
26ms Script
text/javascript 2a00:1450:4001:829::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/cse/static/element/fd562c898514f252/cse_element__de.js?usqp=CAI%3D

Requested by

Host: cse.google.com
URL: https://cse.google.com/cse.js?cx=414385693720d4156

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ee91e3ee346871abbd9bb130a90522675d3577d82b957e7dac520df815cf9108

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Tue, 30 Aug 2022 22:28:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 53164
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/prose-team
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 103354
x-xss-protection: 0
last-modified: Tue, 23 Aug 2022 20:48:59 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"prose-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/prose-team"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="prose-team"
expires: Wed, 30 Aug 2023 22:28:13 GMT

GET
H2 200 default+de.css
www.google.com/cse/static/element/fd562c898514f252/ 41 KB
9 KB 97ms
21ms Stylesheet
text/css 2a00:1450:4001:829::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/cse/static/element/fd562c898514f252/default+de.css

Requested by

Host: cse.google.com
URL: https://cse.google.com/cse.js?cx=414385693720d4156

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2b0789c3ab7df1f2580e95bb47eb5bb6dc19b4fc5a91b1f1ae1d9484dab534a9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Thu, 25 Aug 2022 22:17:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 485815
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/prose-team
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9086
x-xss-protection: 0
last-modified: Tue, 23 Aug 2022 20:48:59 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"prose-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/prose-team"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="prose-team"
expires: Fri, 25 Aug 2023 22:17:22 GMT

GET
H2 200 default.css
www.google.com/cse/static/style/look/v4/ 4 KB
1 KB 100ms
25ms Stylesheet
text/css 2a00:1450:4001:829::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/cse/static/style/look/v4/default.css

Requested by

Host: cse.google.com
URL: https://cse.google.com/cse.js?cx=414385693720d4156

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

dcec22bbcb68119d6c7d6d5e088fb82183a9826d0c9e3403f1386fd837f06a89

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 12:40:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1998
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/prose-team
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1345
x-xss-protection: 0
last-modified: Wed, 17 Jun 2020 00:00:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"prose-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/prose-team"}]}
content-type: text/css
cache-control: public, max-age=3000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="prose-team"
expires: Wed, 31 Aug 2022 13:30:59 GMT

GET
H/1.1 200
OK / Show response
disqus.com/embed/comments/ Frame 1BD7 6 KB
4 KB 165ms
161ms Document
text/html 151.101.128.134
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://disqus.com/embed/comments/?base=default&f=threatminer&t_i=4bc695cf6e9f1cd4a4d7dc118edfa9ed&t_u=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D4bc695cf6e9f1cd4a4d7dc118edfa9ed&t_d=4bc695cf6e9f1cd4a4d7dc118edfa9ed%20Malware%20Analysis%20Results%20%7C%20ThreatMiner.org&t_t=4bc695cf6e9f1cd4a4d7dc118edfa9ed%20Malware%20Analysis%20Results%20%7C%20ThreatMiner.org&s_o=default

Requested by

Host: threatminer.disqus.com
URL: https://threatminer.disqus.com/embed.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

151.101.128.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

e22e573e5437aaf7d5a283e133a2ac3159a555e91c31f0cdf5182bdf37a0d100

Security Headers

Name	Value
Content-Security-Policy	script-src https://.twitter.com: https://www.gstatic.com/recaptcha/ https://a.disquscdn.com https://c.disquscdn.com c.disquscdn.com https://.services.disqus.com: https://cdn.boomtrain.com/p13n/ https://apis.google.com https://cdn.syndication.twimg.com/tweets.json https://connect.facebook.net/en_US/sdk.js https://referrer.disqus.com/juggler/ 'unsafe-inline' https://com-disqus.netmng.com:* https://www.google.com/recaptcha/ https://cf.ignitionone.com:* https://disqus.com
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.threatminer.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Age: 0
Cache-Control: stale-if-error=3600, s-stalewhilerevalidate=3600, stale-while-revalidate=30, no-cache, must-revalidate, public, s-maxage=5
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 2718
Content-Security-Policy: script-src https://*.twitter.com:* https://www.gstatic.com/recaptcha/ https://a.disquscdn.com https://c.disquscdn.com c.disquscdn.com https://*.services.disqus.com:* https://cdn.boomtrain.com/p13n/ https://apis.google.com https://cdn.syndication.twimg.com/tweets.json https://connect.facebook.net/en_US/sdk.js https://referrer.disqus.com/juggler/ 'unsafe-inline' https://com-disqus.netmng.com:* https://www.google.com/recaptcha/ https://cf.ignitionone.com:* https://disqus.com
Content-Type: text/html; charset=utf-8
Cross-Origin-Resource-Policy: cross-origin
Date: Wed, 31 Aug 2022 13:14:17 GMT
ETag: W/"lounge:view:8262673387.c416583418f73591017fcc9a6a1e63a7.2"
Last-Modified: Mon, 15 Aug 2022 11:09:24 GMT
Link: <https://c.disquscdn.com>;rel=preconnect,<https://c.disquscdn.com>;rel=dns-prefetch
Referrer-Policy: no-referrer-when-downgrade
Server: nginx
Strict-Transport-Security: max-age=300; includeSubdomains
Timing-Allow-Origin: *
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"

GET
H/1.1 200
OK / Show response
tempest.services.disqus.com/ads-iframe/taboola/ 28 KB
10 KB 211ms
137ms XHR
text/html 199.232.192.64
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://tempest.services.disqus.com/ads-iframe/taboola/?position=top&shortname=threatminer&experiment=network_default&variant=fallthrough&service=dynamic&anchorColor=%23337ab7&colorScheme=light&sourceUrl=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D4bc695cf6e9f1cd4a4d7dc118edfa9ed&typeface=sans-serif&disqus_version=current
Requested by: Host: threatminer.disqus.com
URL: https://threatminer.disqus.com/embed.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 199.232.192.64 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: openresty /
Resource Hash: b26062aaf4d9653e15f981348b676f1c86336b39b3e0486000dc826afea04b4e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

Date: Wed, 31 Aug 2022 13:14:17 GMT
Content-Encoding: gzip
Server: openresty
Age: 0
Vary: Accept-Encoding,
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=300
X-Service: router
Connection: keep-alive
Content-Length: 9455
Cross-Origin-Resource-Policy: cross-origin

GET
H/1.1 200
OK event.gif
referrer.disqus.com/juggler/ 43 B
339 B 185ms
125ms Image
image/gif 199.232.192.134
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://referrer.disqus.com/juggler/event.gif?imp=1op9m2q3rkinke&experiment=network_default&variant=fallthrough&service=dynamic&area=top&product=embed&forum=threatminer&zone=thread&version=0837a7fb2afa86b68e4ee5098ec9905b&page_url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D4bc695cf6e9f1cd4a4d7dc118edfa9ed&page_referrer=&object_type=provider&event=activity&ad_product_name=iab_display&ad_product_layout=iab_display&bin=embed%3Apromoted_discovery%3Adynamic%3Anetwork_default%3Afallthrough&section=default&verb=call&adjective=1&forum_id=5993718

Requested by

Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=4bc695cf6e9f1cd4a4d7dc118edfa9ed

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

199.232.192.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

Date: Wed, 31 Aug 2022 13:14:17 GMT
X-Content-Type-Options: nosniff
Last-Modified: Mon, 28 Sep 1970 06:00:00 GMT
Server: nginx
Content-Type: image/gif
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
Content-Length: 43
X-XSS-Protection: 1; mode=block

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 219 B
647 B 107ms
30ms Script
text/javascript 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=www.threatminer.org&callback=_gfp_s_&client=ca-pub-5720763271532377

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202208250101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-5720763271532377&plah=www.threatminer.org

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

d48d638ed28c442b3b519f386b4c2a7bf3f3a76f20e4c4500cc7c6af5b9b3c3f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 13:14:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 203
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
792 B 90ms
36ms Script
application/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.threatminer.org

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 31 Aug 2022 13:14:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
549 B 84ms
30ms Script
application/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.threatminer.org

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 31 Aug 2022 13:14:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame C1BE 84 KB
30 KB 505ms
453ms Document
text/html 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5720763271532377&output=html&h=250&slotname=4491384285&adk=1382012186&adf=1527761000&pi=t.ma~as.4491384285&w=299&fwrn=4&fwrnh=100&lmt=1661951657&rafmt=3&psa=0&format=299x250&url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D4bc695cf6e9f1cd4a4d7dc118edfa9ed&fwr=0&fwrattr=true&rpe=1&resp_fmts=1&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1661951657581&bpp=5&bdt=441&idt=259&shv=r20220829&mjsv=m202208250101&ptt=9&saldr=aa&abxe=1&correlator=1586759193417&frm=20&pv=2&ga_vid=1684267297.1661951657&ga_sid=1661951658&ga_hid=1463385701&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=0&ady=229&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44770881&oid=2&pvsid=2067061859819734&tmod=1315424044&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CaeE%7C&abl=CA&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&fsb=1&xpc=gfdajWiWZm&p=https%3A//www.threatminer.org&dtd=283

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

210c46ade9f779ccabca3cc10547c59d551664d75e7cc54b62adf18e873c3906

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.threatminer.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: br
content-length: 30540
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 31 Aug 2022 13:14:18 GMT
expires: Wed, 31 Aug 2022 13:14:18 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 3E97 96 KB
32 KB 588ms
550ms Document
text/html 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5720763271532377&output=html&h=600&slotname=6407101181&adk=2989800909&adf=2245449527&pi=t.ma~as.6407101181&w=299&fwrn=4&fwrnh=100&lmt=1661951657&rafmt=1&psa=0&format=299x600&url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D4bc695cf6e9f1cd4a4d7dc118edfa9ed&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1661951657586&bpp=2&bdt=446&idt=288&shv=r20220829&mjsv=m202208250101&ptt=9&saldr=aa&abxe=1&prev_fmts=299x250&correlator=1586759193417&frm=20&pv=1&ga_vid=1684267297.1661951657&ga_sid=1661951658&ga_hid=1463385701&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=0&ady=507&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44770881&oid=2&pvsid=2067061859819734&tmod=1315424044&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CaeE%7C&abl=CA&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=3lIW2ZhTL0&p=https%3A//www.threatminer.org&dtd=297

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

95ba7e6379332d6973da820786448cb21073cdd1d200d203934a0f1aa80747c9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.threatminer.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: br
content-length: 32762
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 31 Aug 2022 13:14:18 GMT
expires: Wed, 31 Aug 2022 13:14:18 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame A1C8 92 KB
32 KB 586ms
560ms Document
text/html 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5720763271532377&output=html&h=200&slotname=1381165906&adk=2644663765&adf=151644923&pi=t.ma~as.1381165906&w=1182&fwrn=4&lmt=1661951657&rafmt=11&psa=0&format=1182x200&url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D4bc695cf6e9f1cd4a4d7dc118edfa9ed&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1661951657588&bpp=2&bdt=448&idt=300&shv=r20220829&mjsv=m202208250101&ptt=9&saldr=aa&abxe=1&prev_fmts=299x250%2C299x600&correlator=1586759193417&frm=20&pv=1&ga_vid=1684267297.1661951657&ga_sid=1661951658&ga_hid=1463385701&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=359&ady=115&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44770881&oid=2&pvsid=2067061859819734&tmod=1315424044&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=rTcnpMJugi&p=https%3A//www.threatminer.org&dtd=304

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8c5e177c739de2397dccf4c69871865b1db9bb18320909f6b04aaa94cb5946e2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.threatminer.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: br
content-length: 33013
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 31 Aug 2022 13:14:18 GMT
expires: Wed, 31 Aug 2022 13:14:18 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 10EB 436 B
236 B 390ms
370ms Document
text/html 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5720763271532377&output=html&h=200&slotname=6125219520&adk=3585176026&adf=3636535385&pi=t.ma~as.6125219520&w=1200&fwrn=4&lmt=1661951657&rafmt=11&psa=0&format=1200x200&url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D4bc695cf6e9f1cd4a4d7dc118edfa9ed&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1661951657590&bpp=1&bdt=449&idt=306&shv=r20220829&mjsv=m202208250101&ptt=9&saldr=aa&abxe=1&prev_fmts=299x250%2C299x600%2C1182x200&correlator=1586759193417&frm=20&pv=1&ga_vid=1684267297.1661951657&ga_sid=1661951658&ga_hid=1463385701&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=350&ady=1139&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44770881&oid=2&pvsid=2067061859819734&tmod=1315424044&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpEe%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&fsb=1&xpc=LozPu9Dnbs&p=https%3A//www.threatminer.org&dtd=312

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ce610363f04fe4cca353810e625ddfbd36fe829c06297c72c95a4c4b50a455c2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.threatminer.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: br
content-length: 213
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 31 Aug 2022 13:14:18 GMT
expires: Wed, 31 Aug 2022 13:14:18 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame DF6A 145 KB
46 KB 422ms
410ms Document
text/html 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5720763271532377&output=html&h=200&slotname=8831273914&adk=3175788880&adf=3735847537&pi=t.ma~as.8831273914&w=1200&fwrn=4&lmt=1661951657&rafmt=11&psa=0&format=1200x200&url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D4bc695cf6e9f1cd4a4d7dc118edfa9ed&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1661951657591&bpp=2&bdt=451&idt=314&shv=r20220829&mjsv=m202208250101&ptt=9&saldr=aa&abxe=1&prev_fmts=299x250%2C299x600%2C1182x200%2C1200x200&correlator=1586759193417&frm=20&pv=1&ga_vid=1684267297.1661951657&ga_sid=1661951658&ga_hid=1463385701&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=350&ady=2523&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44770881&oid=2&pvsid=2067061859819734&tmod=1315424044&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpEebr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&btvi=1&fsb=1&xpc=elDDdbOemD&p=https%3A//www.threatminer.org&dtd=317

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

134e72a0492ee9d642a6ff390f13863b40ba3897a14548afbf88baf8c9c2639e

Security Headers

Name	Value
Content-Security-Policy	child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/3028943097652992417/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/3028943097652992417/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CNH01bGU8fkCFW_llAkdp7ELsg&gqi=qV4PY6qiOZGJ9fgPgNCogAI&layout=/sadbundle/%24csp%253Der3%24/3028943097652992417/index.html
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.threatminer.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: br
content-length: 47559
content-security-policy: child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/3028943097652992417/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/3028943097652992417/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CNH01bGU8fkCFW_llAkdp7ELsg&gqi=qV4PY6qiOZGJ9fgPgNCogAI&layout=/sadbundle/%24csp%253Der3%24/3028943097652992417/index.html
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 31 Aug 2022 13:14:18 GMT
expires: Wed, 31 Aug 2022 13:14:18 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame CB03 436 B
235 B 434ms
430ms Document
text/html 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5720763271532377&output=html&h=200&slotname=3926415687&adk=3167179422&adf=3170887745&pi=t.ma~as.3926415687&w=1200&fwrn=4&lmt=1661951657&rafmt=11&psa=0&format=1200x200&url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D4bc695cf6e9f1cd4a4d7dc118edfa9ed&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1661951657593&bpp=1&bdt=453&idt=319&shv=r20220829&mjsv=m202208250101&ptt=9&saldr=aa&abxe=1&prev_fmts=299x250%2C299x600%2C1182x200%2C1200x200%2C1200x200&correlator=1586759193417&frm=20&pv=1&ga_vid=1684267297.1661951657&ga_sid=1661951658&ga_hid=1463385701&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=350&ady=3963&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44770881&oid=2&pvsid=2067061859819734&tmod=1315424044&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpEebr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=6&uci=a!6&btvi=2&fsb=1&xpc=SniEnRQQlf&p=https%3A//www.threatminer.org&dtd=323

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b55419ee7a5a390123d1b5be3afcb94141ff388492daae1ae83748f94b85a76d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.threatminer.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: br
content-length: 212
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 31 Aug 2022 13:14:18 GMT
expires: Wed, 31 Aug 2022 13:14:18 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 156A 73 KB
23 KB 438ms
434ms Document
text/html 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5720763271532377&output=html&h=591&slotname=4336667154&adk=296923673&adf=1593494102&pi=t.ma~as.4336667154&w=1182&cr_col=4&cr_row=2&fwrn=2&lmt=1661951657&rafmt=9&psa=0&format=1182x591&url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D4bc695cf6e9f1cd4a4d7dc118edfa9ed&crui=image_stacked&fwr=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1661951657595&bpp=2&bdt=455&idt=323&shv=r20220829&mjsv=m202208250101&ptt=9&saldr=aa&abxe=1&prev_fmts=299x250%2C299x600%2C1182x200%2C1200x200%2C1200x200%2C1200x200&correlator=1586759193417&frm=20&pv=1&ga_vid=1684267297.1661951657&ga_sid=1661951658&ga_hid=1463385701&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=359&ady=4318&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44770881&oid=2&pvsid=2067061859819734&tmod=1315424044&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=7&uci=a!7&btvi=3&fsb=1&xpc=pguM8gqM7h&p=https%3A//www.threatminer.org&dtd=329

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1bf5a553d0648ba932acfb3f34078ec6770d350d6ca63f61f19ee1d4d25cff0d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.threatminer.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: br
content-length: 23042
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 31 Aug 2022 13:14:18 GMT
expires: Wed, 31 Aug 2022 13:14:18 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 63ms
63ms Image
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=ach_evt&url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D4bc695cf6e9f1cd4a4d7dc118edfa9ed&tn=DIV&id=privacy_notice&cls=alert%20alert-info%20alert-dismissable%20bottom_popup&ign=false&pw=1600&ph=1200&x=800&y=1130.4

Requested by

Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=4bc695cf6e9f1cd4a4d7dc118edfa9ed

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 31 Aug 2022 13:14:17 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 783F 265 KB
64 KB 1114ms
1113ms Document
text/html 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5720763271532377&output=html&adk=1812271804&adf=3025194257&lmt=1661951657&plat=1%3A16777216%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A34635776%2C32%3A32&format=0x0&url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D4bc695cf6e9f1cd4a4d7dc118edfa9ed&ea=0&pra=7&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1661951657617&bpp=2&bdt=477&idt=311&shv=r20220829&mjsv=m202208250101&ptt=9&saldr=aa&abxe=1&prev_fmts=299x250%2C299x600%2C1182x200%2C1200x200%2C1200x200%2C1200x200%2C1182x591&nras=1&correlator=1586759193417&frm=20&pv=1&ga_vid=1684267297.1661951657&ga_sid=1661951658&ga_hid=1463385701&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44770881&oid=2&pvsid=2067061859819734&tmod=1315424044&uas=0&nvt=1&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=8&uci=a!8&fsb=1&dtd=318

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

faa4174a9de5b70f4234809c9f65280f2214751576362d0493ab676ec96ae2b1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.threatminer.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: br
content-length: 65265
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 31 Aug 2022 13:14:19 GMT
expires: Wed, 31 Aug 2022 13:14:19 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 async-ads.js Show response
cse.google.com/adsense/search/ 141 KB
51 KB 88ms
32ms Script
text/javascript 2a00:1450:4001:82a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cse.google.com/adsense/search/async-ads.js

Requested by

Host: www.google.com
URL: https://www.google.com/cse/static/element/fd562c898514f252/cse_element__de.js?usqp=CAI%3D

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1b2ff27acfa00fae5c6e2fb54b470b3c25c54a1c0872b5cd62c8d645e923d06c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 13:14:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-afs-ui"
etag: "7014698912420203690"
vary: Accept-Encoding
report-to: {"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]}
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
accept-ranges: bytes
expires: Wed, 31 Aug 2022 13:14:18 GMT

GET
H3 200 clear.png
www.google.com/cse/static/css/v2/ 1018 B
1 KB 86ms
21ms Image
image/png 2a00:1450:4001:829::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/cse/static/css/v2/clear.png

Requested by

Host: www.google.com
URL: https://www.google.com/cse/static/element/fd562c898514f252/default+de.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

329d1a750114920332eadc55c129957d9dbe5a1b25745e2f7e0ed4fad75e04cd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/cse/static/element/fd562c898514f252/default+de.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Tue, 30 Aug 2022 17:04:14 GMT
x-content-type-options: nosniff
age: 72604
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/prose-team
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1018
x-xss-protection: 0
last-modified: Mon, 25 May 2020 08:30:00 GMT
server: sffe
report-to: {"group":"prose-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/prose-team"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="prose-team"
expires: Wed, 30 Aug 2023 17:04:14 GMT

GET
H3 200 branding.png
www.google.com/cse/static/images/1x/de/ 1 KB
2 KB 73ms
22ms Image
image/png 2a00:1450:4001:829::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/cse/static/images/1x/de/branding.png

Requested by

Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=4bc695cf6e9f1cd4a4d7dc118edfa9ed

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5ee9e63e519096342d5899e32f1a38b4880ffba6b2aff64178b955a3b7f3a80d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 03:18:05 GMT
x-content-type-options: nosniff
age: 35773
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/prose-team
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1512
x-xss-protection: 0
last-modified: Mon, 25 May 2020 08:30:00 GMT
server: sffe
report-to: {"group":"prose-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/prose-team"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="prose-team"
expires: Thu, 31 Aug 2023 03:18:05 GMT

GET
H3 200 v1 Show response
cse.google.com/cse/element/ 468 B
339 B 280ms
253ms Script
application/javascript 2a00:1450:4001:82a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cse.google.com/cse/element/v1?rsz=filtered_cse&num=10&hl=de&source=gcsc&gss=.com&cselibv=fd562c898514f252&cx=414385693720d4156&q=4bc695cf6e9f1cd4a4d7dc118edfa9ed&safe=active&cse_tok=AB1-RNUif-i4Y6IjGiRjtFZfMseD:1661951657614&lr=&cr=&gl=&filter=0&sort=&as_oq=&as_sitesearch=&exp=csqr,cc&callback=google.search.cse.api7410

Requested by

Host: www.google.com
URL: https://www.google.com/cse/static/element/fd562c898514f252/cse_element__de.js?usqp=CAI%3D

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

8694c8a1a4955e5984379a027719f8f3cbd952f49ad5fa66ea7af908c742b9a5

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/QualityProseCsqrElementHttp/cspreport, script-src 'report-sample' 'nonce-OuOh6djbQfzwSihPTukRzA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/QualityProseCsqrElementHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/QualityProseCsqrElementHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 13:14:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="json.txt"; filename*=UTF-8''json.txt
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
pragma: no-cache
server: ESF
cross-origin-opener-policy: same-origin; report-to="QualityProseCsqrElementHttp"
x-frame-options: SAMEORIGIN
report-to: {"group":"QualityProseCsqrElementHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/QualityProseCsqrElementHttp/external"}]}
content-type: application/javascript; charset=utf-8
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
content-security-policy: require-trusted-types-for 'script';report-uri /_/QualityProseCsqrElementHttp/cspreport, script-src 'report-sample' 'nonce-OuOh6djbQfzwSihPTukRzA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/QualityProseCsqrElementHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/QualityProseCsqrElementHttp/cspreport/allowlist
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 204 generate_204
www.googleapis.com/ 0
210 B 93ms
20ms Image
text/plain 2a00:1450:4001:828::200a
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.googleapis.com/generate_204
Requested by: Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=4bc695cf6e9f1cd4a4d7dc118edfa9ed
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 13:14:18 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H2 204 generate_204
clients1.google.com/ 0
210 B 79ms
20ms Image
text/plain 2a00:1450:4001:801::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://clients1.google.com/generate_204
Requested by: Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=4bc695cf6e9f1cd4a4d7dc118edfa9ed
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:801::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 13:14:18 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H/1.1 200
OK horizon_timeline.08c300ab95020b1109a05214ccb84dea.js Show response
platform.twitter.com/js/ 7 KB
3 KB 35ms
29ms Script
application/javascript 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/js/horizon_timeline.08c300ab95020b1109a05214ccb84dea.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/6776) /
Resource Hash: e3a13155ff6fa3d1e25fccc2a0bbce4302b01c21c8b08c5922d70c62ec1b4bac

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

Date: Wed, 31 Aug 2022 13:14:18 GMT
Content-Encoding: gzip
Age: 55069
X-Cache: HIT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=,edge;dur=1
Content-Length: 2432
x-tw-cdn: VZ
Last-Modified: Mon, 15 Aug 2022 23:01:06 GMT
Server: ECS (frb/6776)
Etag: "d926fdf34ca16c29b65afc4b5fab0702+gzip"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000

GET
H2 200 embeds
syndication.twitter.com/i/jot/ 43 B
111 B 146ms
140ms Image
image/gif 104.244.42.136
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://syndication.twitter.com/i/jot/embeds?dnt=1&l=%7B%22experiment_key%22%3A%22tfw_horizon_timeline_12034%22%2C%22bucket%22%3A%22treatment%22%2C%22version%22%3Anull%2C%22data%22%3A%7B%7D%2C%22context%22%3A%22rufous-eol%22%2C%22_category_%22%3A%22tfw_client_event%22%2C%22triggered_on%22%3A1661951657989%2C%22dnt%22%3Atrue%2C%22client_version%22%3A%2231f0cdc1eaa0f%3A1660602114609%22%2C%22format_version%22%3A1%2C%22widget_origin%22%3A%22%22%2C%22event_namespace%22%3A%7B%22client%22%3A%22tfw%22%2C%22page%22%3A%22ddg%22%2C%22section%22%3A%22tfw_horizon_timeline_12034%22%2C%22action%22%3A%22experiment%22%7D%7D&session_id=c940bcf3d2e43cd9574b4a07d331b27eaddcac1c

Requested by

Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=4bc695cf6e9f1cd4a4d7dc118edfa9ed

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.136 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

x-response-time: 114
date: Wed, 31 Aug 2022 13:14:17 GMT
last-modified: Wed, 31 Aug 2022 13:14:18 GMT
server: tsa_o
vary: Origin
content-type: image/gif
cache-control: must-revalidate, max-age=600
x-connection-hash: 83c9d45ee42e48c9109d1f3e68e861fe4718c3ddefc5a8c534f14203896d918e
strict-transport-security: max-age=631138519
content-length: 43

GET taboola
reporting.services.disqus.com/_log/ Frame ABF8 0
0

GET
H2 200 loader.js Show response
cdn.taboola.com/libtrc/disqus-widget-safetylevel20longtail09/ Frame ABF8 279 KB
57 KB 83ms
20ms Script
application/javascript 151.101.65.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/libtrc/disqus-widget-safetylevel20longtail09/loader.js
Requested by: Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=4bc695cf6e9f1cd4a4d7dc118edfa9ed
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.65.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: b7ea4141dcd9692c4a213e74a8fa10efa0a08920197a43f09463d8ce0160cc4e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

x-amz-version-id: fm1TR1cKn9s4Sczm9D2o6ql4q0wv3KbS
content-encoding: gzip
etag: "df1158beea315e4619826ec3eae9595f"
age: 13735
x-cache: HIT
content-length: 57592
x-amz-id-2: PHaVDzrjBn6FZ4vLyP1ILa0iDAfe/wDNgyFg2RslfKIaGmC8hakYwe/b588wXEloC0/kXsRwK3I=
x-served-by: cache-hhn4024-HHN
last-modified: Wed, 31 Aug 2022 09:25:13 GMT
server: AmazonS3
x-timer: S1661951658.100134,VS0,VE0
date: Wed, 31 Aug 2022 13:14:18 GMT
vary: Accept-Encoding
x-amz-request-id: ACCKPJ8W38GMFQ77
via: 1.1 varnish
cache-control: private,max-age=14401
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
abp: 91
x-cache-hits: 84

GET
H2 200 lounge.load.0837a7fb2afa86b68e4ee5098ec9905b.js Show response
c.disquscdn.com/next/embed/ Frame 1BD7 958 B
1 KB 72ms
18ms Script
application/javascript 2600:9000:21f3:ca00:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/lounge.load.0837a7fb2afa86b68e4ee5098ec9905b.js

Requested by

Host: disqus.com
URL: https://disqus.com/embed/comments/?base=default&f=threatminer&t_i=4bc695cf6e9f1cd4a4d7dc118edfa9ed&t_u=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D4bc695cf6e9f1cd4a4d7dc118edfa9ed&t_d=4bc695cf6e9f1cd4a4d7dc118edfa9ed%20Malware%20Analysis%20Results%20%7C%20ThreatMiner.org&t_t=4bc695cf6e9f1cd4a4d7dc118edfa9ed%20Malware%20Analysis%20Results%20%7C%20ThreatMiner.org&s_o=default

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:21f3:ca00:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

cf168b8d626bde59ab2df042d3dde2c2a42ca958989c9af0df7843557c072b96

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://disqus.com/embed/comments/?base=default&f=threatminer&t_i=4bc695cf6e9f1cd4a4d7dc118edfa9ed&t_u=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D4bc695cf6e9f1cd4a4d7dc118edfa9ed&t_d=4bc695cf6e9f1cd4a4d7dc118edfa9ed%20Malware%20Analysis%20Results%20%7C%20ThreatMiner.org&t_t=4bc695cf6e9f1cd4a4d7dc118edfa9ed%20Malware%20Analysis%20Results%20%7C%20ThreatMiner.org&s_o=default
Origin: https://disqus.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Tue, 30 Aug 2022 18:28:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 67536
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 494
x-xss-protection: 1; mode=block
x-served-by: static-web-1
access-control-allow-origin: *
surrogate-key: next
last-modified: Tue, 30 Aug 2022 17:50:38 GMT
server: nginx
etag: "630e4dee-1ee"
content-type: application/javascript; charset=utf-8
via: 1.1 6fa33d47af6f4da7007689083cfe9b9c.cloudfront.net (CloudFront)
expires: Wed, 30 Aug 2023 18:28:42 GMT
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: FRA2-C2
timing-allow-origin: *
x-amz-cf-id: xwpucEYOZQSvZEiELScGJZa-L-_r1bl4-IxxVk5w8grTVofAiHJhww==
x-cache-hits: 0

POST
H2 200 doq.htm Show response
rt3047.infolinks.com/action/ 1 KB
1 KB 285ms
216ms XHR
text/html 172.66.41.9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://rt3047.infolinks.com/action/doq.htm?pcode=utf-8&r=16619516580621
Requested by: Host: resources.infolinks.com
URL: https://resources.infolinks.com/js/1817.005-3.025/ice.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 58b356a7fa32d1990d4280159c5fff67be16ba28299e24f7196a3032a9f3d384

Request headers

Referer: https://www.threatminer.org/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

cf-ray: 743607476fe05b86-FRA
pragma: no-cache
date: Wed, 31 Aug 2022 13:14:18 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
server: cloudflare
vary: Origin
content-language: de-DE
p3p: CP="NON DSP NID OUR COR"
access-control-allow-origin: https://www.threatminer.org
cache-control: no-cache,no-store
access-control-allow-credentials: true
content-type: text/html;charset=UTF-8
x-application-context: application:prod
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 ThreatMiner Show response
syndication.twitter.com/srv/timeline-profile/screen-name/ Frame 85D0 186 KB
19 KB 758ms
749ms Document
text/html 104.244.42.136
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://syndication.twitter.com/srv/timeline-profile/screen-name/ThreatMiner?dnt=true&embedId=twitter-widget-0&frame=false&lang=en&maxHeight=500&origin=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D4bc695cf6e9f1cd4a4d7dc118edfa9ed&sessionId=c940bcf3d2e43cd9574b4a07d331b27eaddcac1c&showHeader=true&showReplies=false&theme=light&widgetsVersion=31f0cdc1eaa0f%3A1660602114609

Requested by

Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.136 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

550c70f794c21caec7b018f4ea92bccde373326209cdfe9cdd25e84dc9024f47

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Xss-Protection	0

Request headers

Referer: https://www.threatminer.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: must-revalidate, max-age=60
content-encoding: gzip
content-length: 19389
content-type: text/html; charset=utf-8
date: Wed, 31 Aug 2022 13:14:18 GMT
etag: "2e88c-JdIiEVcp2meHNOGHpHOFAa30UWA"
server: tsa_o
strict-transport-security: max-age=631138519
x-connection-hash: 83c9d45ee42e48c9109d1f3e68e861fe4718c3ddefc5a8c534f14203896d918e
x-response-time: 710
x-xss-protection: 0

GET
H3 200 cookie.js Show response
partner.googleadservices.com/gampad/ 192 B
205 B 74ms
30ms Script
text/javascript 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=www.threatminer.org&client=google-coop&product=SAS&callback=__sasCookie

Requested by

Host: cse.google.com
URL: https://cse.google.com/adsense/search/async-ads.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

a9f41a4b1140893ca4007413bed6edff1014e803ce9d66b9c1ff999c92d263cb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 13:14:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 183
x-xss-protection: 0

GET
H3 200 ads Show response
cse.google.com/cse_v2/ Frame 8005 13 KB
2 KB 127ms
126ms Document
text/html 2a00:1450:4001:82a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cse.google.com/cse_v2/ads?adsafe=high&pcsa=true&cx=414385693720d4156&client=google-coop&q=4bc695cf6e9f1cd4a4d7dc118edfa9ed&r=m&hl=de&type=0&oe=UTF-8&ie=UTF-8&fexp=20606%2C17300953%2C17300955%2C17301015%2C17301017%2C17301094%2C17301096&format=p4&ad=p4&nocache=4531661951658091&num=0&output=uds_ads_only&source=gcsc&v=3&bsl=10&pac=0&u_his=2&u_tz=0&dt=1661951658093&u_w=1600&u_h=1200&biw=1600&bih=1200&psw=1600&psh=5185&frm=0&uio=-&qup=1&jsid=csa&jsv=469225491&rurl=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D4bc695cf6e9f1cd4a4d7dc118edfa9ed&adbw=master-1%3A271

Requested by

Host: cse.google.com
URL: https://cse.google.com/adsense/search/async-ads.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gws /

Resource Hash

fd1edeea8eca5642f5b81136083a330b11f52259e6bf124fb6a4d6f610fb6776

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.threatminer.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=3600
content-encoding: br
content-length: 2317
content-type: text/html; charset=UTF-8
date: Wed, 31 Aug 2022 13:14:18 GMT
expires: Wed, 31 Aug 2022 13:14:18 GMT
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
server: gws
x-xss-protection: 0

GET
H2 200 common.bundle.33bc87b2c4f9324203cc85b7dd1d0492.js Show response
c.disquscdn.com/next/embed/ Frame 1BD7 282 KB
93 KB 22ms
21ms Script
application/javascript 2600:9000:21f3:ca00:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/common.bundle.33bc87b2c4f9324203cc85b7dd1d0492.js

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/lounge.load.0837a7fb2afa86b68e4ee5098ec9905b.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:21f3:ca00:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

64cee676a611b27aca955c5e227666f9d955682512ec25b982bd5e2f92eb61dd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://disqus.com/embed/comments/?base=default&f=threatminer&t_i=4bc695cf6e9f1cd4a4d7dc118edfa9ed&t_u=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D4bc695cf6e9f1cd4a4d7dc118edfa9ed&t_d=4bc695cf6e9f1cd4a4d7dc118edfa9ed%20Malware%20Analysis%20Results%20%7C%20ThreatMiner.org&t_t=4bc695cf6e9f1cd4a4d7dc118edfa9ed%20Malware%20Analysis%20Results%20%7C%20ThreatMiner.org&s_o=default
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Mon, 25 Jul 2022 05:21:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3225169
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 94755
x-xss-protection: 1; mode=block
x-served-by: static-web-2
access-control-allow-origin: *
surrogate-key: next
last-modified: Fri, 22 Jul 2022 12:02:54 GMT
server: nginx
etag: "62da91ee-17223"
content-type: application/javascript; charset=utf-8
via: 1.1 882f747f39885162595630c95dd0012c.cloudfront.net (CloudFront)
expires: Tue, 25 Jul 2023 05:21:29 GMT
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: FRA2-C2
timing-allow-origin: *
x-amz-cf-id: wZ7Z4ZZljuDffK1MlEhqBlIuC-wRH0NmKmfxPEqTe05p4hQ1lyw2nw==
x-cache-hits: 0

GET
H2 200 impl.20220831-3-RELEASE.js Show response
cdn.taboola.com/libtrc/ Frame ABF8 680 KB
141 KB 23ms
23ms Script
application/javascript 151.101.65.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/libtrc/impl.20220831-3-RELEASE.js
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/disqus-widget-safetylevel20longtail09/loader.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.65.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3-br /
Resource Hash: c9640eb2befb4938a64076908c70b3e3b72c1af042b031026e8a981d186ccff7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

x-amz-version-id: 1JDvz_ZoSnAjRGhNysmH_XrtoAgjywOs
content-encoding: br
etag: "d755a28c23177ed7593de1487c2c097b"
age: 15598
x-cache: HIT
content-length: 143823
x-amz-id-2: WGGJKSSjOacuq8TjF7DZPJVIs/0O16dMSi62h6vyQZdx0aHPhT5KInwEcC0M3XzeKpAgVgotlDg=
x-served-by: cache-hhn4024-HHN
last-modified: Wed, 31 Aug 2022 08:46:36 GMT
server: AmazonS3-br
x-timer: S1661951658.157929,VS0,VE0
date: Wed, 31 Aug 2022 13:14:18 GMT
vary: Accept-Encoding
x-amz-request-id: NWPPGEZE5YP39B9V
via: 1.1 varnish
cache-control: private,max-age=31536000
accept-ranges: bytes
content-type: application/javascript
abp: 53
x-cache-hits: 14988

GET
H2 200 beacon.js Show response
sb.scorecardresearch.com/ Frame ABF8 4 KB
2 KB 75ms
23ms Script
application/javascript 13.225.78.39
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://sb.scorecardresearch.com/beacon.js
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/disqus-widget-safetylevel20longtail09/loader.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.78.39 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-78-39.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: ee54b51af15f1f68f707da981f3c135c249a25e9293871e1e0cbd2c24c7b6117

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 04:30:00 GMT
content-encoding: gzip
etag: W/"eaf85c1c6758e84acfe134efd70e9373"
last-modified: Tue, 28 Jun 2022 13:19:23 GMT
server: AmazonS3
age: 31460
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 27f665df26bde4a7226480b4a2890ff8.cloudfront.net (CloudFront)
cache-control: max-age=86400
x-amz-cf-pop: FRA2-C2
x-amz-cf-id: xHHGmB7vwQvTNPlhm3-y_R3ANFSl5cRyFnQ_wMuLGIhYgDj7ZD3ApA==

GET
H2 200 lounge.4ceaf0673822a0def820ebdc38d84415.css
c.disquscdn.com/next/embed/styles/ Frame 1BD7 167 KB
26 KB 21ms
20ms Stylesheet
text/css 2600:9000:21f3:ca00:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/styles/lounge.4ceaf0673822a0def820ebdc38d84415.css

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/common.bundle.33bc87b2c4f9324203cc85b7dd1d0492.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:21f3:ca00:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

6fc5e24f50f362ac9281998b69c65d4ad63be9facf941ecae5cf75bf387d85e4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://disqus.com/embed/comments/?base=default&f=threatminer&t_i=4bc695cf6e9f1cd4a4d7dc118edfa9ed&t_u=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D4bc695cf6e9f1cd4a4d7dc118edfa9ed&t_d=4bc695cf6e9f1cd4a4d7dc118edfa9ed%20Malware%20Analysis%20Results%20%7C%20ThreatMiner.org&t_t=4bc695cf6e9f1cd4a4d7dc118edfa9ed%20Malware%20Analysis%20Results%20%7C%20ThreatMiner.org&s_o=default
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Tue, 30 Aug 2022 18:28:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 67536
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 26448
x-xss-protection: 1; mode=block
x-served-by: static-web-2
access-control-allow-origin: *
surrogate-key: next
last-modified: Tue, 30 Aug 2022 17:50:39 GMT
server: nginx
etag: "630e4def-6750"
content-type: text/css; charset=utf-8
via: 1.1 882f747f39885162595630c95dd0012c.cloudfront.net (CloudFront)
expires: Wed, 30 Aug 2023 18:28:42 GMT
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: FRA2-C2
timing-allow-origin: *
x-amz-cf-id: bGCFg8QznpSepfm8uzvJuJ0sn85QXjBzJrDEn4SdXTBs79Y-ZCO_1g==
x-cache-hits: 0

GET
H2 200 lounge.bundle.8d28276e15f31af0eebfd934278922d1.js Show response
c.disquscdn.com/next/embed/ Frame 1BD7 485 KB
123 KB 21ms
20ms Script
application/javascript 2600:9000:21f3:ca00:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/lounge.bundle.8d28276e15f31af0eebfd934278922d1.js

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/common.bundle.33bc87b2c4f9324203cc85b7dd1d0492.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:21f3:ca00:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

b16faf052451dbd71ae93dd1321842a648342f12c1fb6106ebdd501bbd5936e7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://disqus.com/embed/comments/?base=default&f=threatminer&t_i=4bc695cf6e9f1cd4a4d7dc118edfa9ed&t_u=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D4bc695cf6e9f1cd4a4d7dc118edfa9ed&t_d=4bc695cf6e9f1cd4a4d7dc118edfa9ed%20Malware%20Analysis%20Results%20%7C%20ThreatMiner.org&t_t=4bc695cf6e9f1cd4a4d7dc118edfa9ed%20Malware%20Analysis%20Results%20%7C%20ThreatMiner.org&s_o=default
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Tue, 30 Aug 2022 18:28:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 67536
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 124861
x-xss-protection: 1; mode=block
x-served-by: static-web-1
access-control-allow-origin: *
surrogate-key: next
last-modified: Tue, 30 Aug 2022 17:50:39 GMT
server: nginx
etag: "630e4def-1e7bd"
content-type: application/javascript; charset=utf-8
via: 1.1 882f747f39885162595630c95dd0012c.cloudfront.net (CloudFront)
expires: Wed, 30 Aug 2023 18:28:42 GMT
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: FRA2-C2
timing-allow-origin: *
x-amz-cf-id: x6UwU2AZqLZcdTJO8VOeudwkHY0PiQPOlboo-cjZ4XRCXDTREF0k1Q==
x-cache-hits: 0

GET
H/1.1 200
OK config.js Show response
disqus.com/next/ Frame 1BD7 16 KB
16 KB 23ms
22ms Script
application/javascript 151.101.128.134
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://disqus.com/next/config.js

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/common.bundle.33bc87b2c4f9324203cc85b7dd1d0492.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

151.101.128.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

02ce328e0bb8d5fbf1a0591dc168595b09dbb5569454c53b84abc46aec78be94

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://disqus.com/embed/comments/?base=default&f=threatminer&t_i=4bc695cf6e9f1cd4a4d7dc118edfa9ed&t_u=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D4bc695cf6e9f1cd4a4d7dc118edfa9ed&t_d=4bc695cf6e9f1cd4a4d7dc118edfa9ed%20Malware%20Analysis%20Results%20%7C%20ThreatMiner.org&t_t=4bc695cf6e9f1cd4a4d7dc118edfa9ed%20Malware%20Analysis%20Results%20%7C%20ThreatMiner.org&s_o=default
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

Date: Wed, 31 Aug 2022 13:14:18 GMT
X-Content-Type-Options: nosniff
Content-Type: application/javascript; charset=UTF-8
Server: nginx
Age: 5
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=300; includeSubdomains
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Access-Control-Allow-Origin: *
Cache-Control: public, stale-while-revalidate=300, s-stalewhilerevalidate=3600, max-age=60
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
Timing-Allow-Origin: *
Content-Length: 15959
X-XSS-Protection: 1; mode=block

GET
H2 200 json Show response
trc.taboola.com/disqus-widget-safetylevel20longtail09/trc/3/ Frame ABF8 52 KB
14 KB 2367ms
2330ms XHR
application/javascript 151.101.65.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://trc.taboola.com/disqus-widget-safetylevel20longtail09/trc/3/json?tim=13%3A14%3A18.258&lti=deflated&data=%7B%22id%22%3A290%2C%22ii%22%3A%22%2Fsample.php%22%2C%22it%22%3A%22text%22%2C%22sd%22%3Anull%2C%22ui%22%3Anull%2C%22uifp%22%3Anull%2C%22lbt%22%3A1661937891360%2C%22vi%22%3A1661951658256%2C%22cv%22%3A%2220220831-3-RELEASE%22%2C%22uiv%22%3A%22default%22%2C%22u%22%3A%22https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D4bc695cf6e9f1cd4a4d7dc118edfa9ed%22%2C%22ul%22%3A%5B%22en-US%22%2C%22en%22%5D%2C%22btv%22%3A%220%22%2C%22cos%22%3A%224g%22%2C%22plf%22%3A%7B%22ack_exm%22%3Atrue%7D%2C%22bu%22%3A%22https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D4bc695cf6e9f1cd4a4d7dc118edfa9ed%22%2C%22vpi%22%3A%22%2Fsample.php%22%2C%22e%22%3A%22https%3A%2F%2Fwww.threatminer.org%2F%22%2C%22bad%22%3A-1%2C%22sw%22%3A1600%2C%22sh%22%3A1200%2C%22bw%22%3A1208%2C%22sde%22%3A%221.000%22%2C%22bh%22%3A17%2C%22dw%22%3A1208%2C%22dh%22%3A27%2C%22qs%22%3A%22%3Fq%3D4bc695cf6e9f1cd4a4d7dc118edfa9ed%22%2C%22r%22%3A%5B%7B%22li%22%3A%22rbox-t2m%22%2C%22s%22%3A6%2C%22uim%22%3A%22thumbnails-a%3Aabp%3D0%22%2C%22uip%22%3A%22%7B%5C%22domain%5C%22%3A%20%5C%22https%3A%2F%2Fwww.threatminer.org%5C%22%2C%20%5C%22experiment%5C%22%3A%20%5C%22network_default%5C%22%2C%20%5C%22position%5C%22%3A%20%5C%22top%5C%22%2C%20%5C%22shortname%5C%22%3A%20%5C%22threatminer%5C%22%2C%20%5C%22variant%5C%22%3A%20%5C%22fallthrough%5C%22%7D%22%2C%22orig_uip%22%3A%22%7B%5C%22domain%5C%22%3A%20%5C%22https%3A%2F%2Fwww.threatminer.org%5C%22%2C%20%5C%22experiment%5C%22%3A%20%5C%22network_default%5C%22%2C%20%5C%22position%5C%22%3A%20%5C%22top%5C%22%2C%20%5C%22shortname%5C%22%3A%20%5C%22threatminer%5C%22%2C%20%5C%22variant%5C%22%3A%20%5C%22fallthrough%5C%22%7D%22%2C%22cd%22%3A27%2C%22mw%22%3A0%7D%5D%2C%22cb%22%3A%22TRC.callbacks.recommendations_1%22%2C%22lt%22%3A%22deflated%22%7D&llvl=2
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20220831-3-RELEASE.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.65.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 23bd9d4bdefbe0a79d22e79f48b6d365bb82e01f31858e2f5e9e616ee9898f0a

Request headers

Referer: https://www.threatminer.org/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36
Content-Type: text/plain

Response headers

x-vcl-time-ms: 2310
date: Wed, 31 Aug 2022 13:14:20 GMT
content-encoding: gzip
server: nginx
x-timer: S1661951658.308908,VS0,VE2310
x-served-by: cache-hhn4024-HHN
vary: Accept-Encoding
x-cache: MISS
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin: https://www.threatminer.org
access-control-allow-credentials: true
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
via: 1.1 varnish
x-cache-hits: 0

GET
H3 200 async-ads.js Show response
cse.google.com/adsense/search/ Frame 8005 141 KB
51 KB 32ms
31ms Script
text/javascript 2a00:1450:4001:82a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cse.google.com/adsense/search/async-ads.js?pac=0

Requested by

Host: cse.google.com
URL: https://cse.google.com/cse_v2/ads?adsafe=high&pcsa=true&cx=414385693720d4156&client=google-coop&q=4bc695cf6e9f1cd4a4d7dc118edfa9ed&r=m&hl=de&type=0&oe=UTF-8&ie=UTF-8&fexp=20606%2C17300953%2C17300955%2C17301015%2C17301017%2C17301094%2C17301096&format=p4&ad=p4&nocache=4531661951658091&num=0&output=uds_ads_only&source=gcsc&v=3&bsl=10&pac=0&u_his=2&u_tz=0&dt=1661951658093&u_w=1600&u_h=1200&biw=1600&bih=1200&psw=1600&psh=5185&frm=0&uio=-&qup=1&jsid=csa&jsv=469225491&rurl=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D4bc695cf6e9f1cd4a4d7dc118edfa9ed&adbw=master-1%3A271

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

dd65cc22be93ffc5cf52cfedcb9c1a34386b1a2651052937f71daedc5421e13e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cse.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 13:14:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-afs-ui"
etag: "9322675950690353759"
vary: Accept-Encoding
report-to: {"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]}
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
accept-ranges: bytes
expires: Wed, 31 Aug 2022 13:14:18 GMT

GET
H/1.1 200
OK details Show response
disqus.com/api/3.0/forums/ Frame 1BD7 3 KB
3 KB 135ms
134ms XHR
application/json 151.101.128.134
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://disqus.com/api/3.0/forums/details?forum=threatminer&attach=forumFeatures&api_key=E8Uh5l5fHZ6gD8U3KycjAIAk46f68Zw7C6eW8WSjZvCLXebZ7p0r1yrYDrLilk2F

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/common.bundle.33bc87b2c4f9324203cc85b7dd1d0492.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

151.101.128.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

70e638eec586f6ec16bcd225596e40814034c716db62311bebfbb6c27fb19c55

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: */*
Referer: https://disqus.com/embed/comments/?base=default&f=threatminer&t_i=4bc695cf6e9f1cd4a4d7dc118edfa9ed&t_u=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D4bc695cf6e9f1cd4a4d7dc118edfa9ed&t_d=4bc695cf6e9f1cd4a4d7dc118edfa9ed%20Malware%20Analysis%20Results%20%7C%20ThreatMiner.org&t_t=4bc695cf6e9f1cd4a4d7dc118edfa9ed%20Malware%20Analysis%20Results%20%7C%20ThreatMiner.org&s_o=default
X-Requested-With: XMLHttpRequest
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

Date: Wed, 31 Aug 2022 13:14:18 GMT
X-Content-Type-Options: nosniff
Server: nginx
Age: 0
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=300; includeSubdomains
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
Content-Type: application/json
Vary: Origin, Cookie
Content-Length: 3049
X-XSS-Protection: 1; mode=block

GET
H2 204 b
sb.scorecardresearch.com/ Frame ABF8 0
189 B 28ms
22ms Image
text/plain 13.225.78.39
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sb.scorecardresearch.com/b?c1=7&c2=34354936&c3=1&cs_it=b3&cv=3.8.0.210223&ns__t=1661951658347&ns_c=UTF-8&ns_if=1&c7=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D4bc695cf6e9f1cd4a4d7dc118edfa9ed&c8=&c9=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D4bc695cf6e9f1cd4a4d7dc118edfa9ed
Requested by: Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=4bc695cf6e9f1cd4a4d7dc118edfa9ed
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.78.39 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-78-39.fra2.r.cloudfront.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 13:14:18 GMT
via: 1.1 27f665df26bde4a7226480b4a2890ff8.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C2
x-amz-cf-id: vhCV7KsR9AhQcy_Pt6gTRH907Jk6l_JZkG_me34mCw3GIlz5wlJT_Q==
x-cache: Miss from cloudfront

GET
H2 200 in_search.js Show response
resources.infolinks.com/js/1817.005-3.025/ 222 KB
89 KB 36ms
32ms Script
application/javascript 172.66.41.9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://resources.infolinks.com/js/1817.005-3.025/in_search.js
Requested by: Host: resources.infolinks.com
URL: https://resources.infolinks.com/js/1817.005-3.025/ice.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ae938820655d8afb2bcaac1a4c8e03cb464fd7cf04c3f4c9f9ce7917eae728c0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

cf-ray: 74360748e9a0bb83-FRA
date: Wed, 31 Aug 2022 13:14:18 GMT
via: 1.1 google
cf-cache-status: HIT
last-modified: Tue, 30 Aug 2022 13:10:17 GMT
server: cloudflare
age: 14317
etag: W/"3762b-5e7751a02b2ce"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=2592000
content-encoding: gzip
expires: Fri, 30 Sep 2022 09:15:41 GMT

GET
H2 200 index.html Show response
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/3028943097652992417/ Frame 6162 35 KB
11 KB 127ms
51ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/3028943097652992417/index.html

Requested by

Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=4bc695cf6e9f1cd4a4d7dc118edfa9ed

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8035240ab2133ec1e4a3a3bd95392b4177e686299a01de572ade97084071fe7a

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 417355
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 9572
content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
cross-origin-resource-policy: cross-origin
date: Fri, 26 Aug 2022 17:18:23 GMT
expires: Sat, 26 Aug 2023 17:18:23 GMT
last-modified: Thu, 21 Oct 2021 13:21:41 GMT
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 5A3D 0
0 74ms
66ms Fetch
text/html 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CH_tEqV4PY5H8PO_K0_wPp-OukAvH-ez5avSE57-7DrLmwZCuKhABINWzrm1gldqIgpgHoAHdrtvqAsgBCakCpo5-uJ80eT6oAwHIA0iqBOkBT9C0Ux4O7MDyDosM9v1mYCk_sCGrUhiz-fuqH4gd8QYbriYVnMRSsBu476b14fFsa5tCjG2QJxwwvcLsmYNQyteTSpUShyfOYIwg6psfDqNxWHtpDnON838gC6Li2O-mWbnGLn6uu3-FycUdJIHcWA3O8mjTvfCj1T9G3nD_ahMrHy_rA70H4nJmBSRMWkmLp_CWhAOhH-azqTRk8iCckxkhz9NBsquaGGGJwR4wG-m4-iF2EqJtdAaAzMPUZXOv0lHv4xerbzeXwCtA7z-X1tSdPPnFbBnm7IXxBaGhUieD-d8kHD-5jsDABPq9jIXOA5IFBAgEGAGSBQQIBRgEoAYugAeL0aSVAagHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4b2AcA8gcEEJOjA9IIEQiA4YAQEAEYHzICqgI6AoBAgAoByAsBogwIKgYKBM-nsQLYEw3QFQGAFwGyFxwKGggAEhRwdWItNTcyMDc2MzI3MTUzMjM3NxgA&sigh=xPSxTFTBH_k&uach_m=[UACH]&template_id=419

Requested by

Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=4bc695cf6e9f1cd4a4d7dc118edfa9ed

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5720763271532377&output=html&h=200&slotname=8831273914&adk=3175788880&adf=3735847537&pi=t.ma~as.8831273914&w=1200&fwrn=4&lmt=1661951657&rafmt=11&psa=0&format=1200x200&url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D4bc695cf6e9f1cd4a4d7dc118edfa9ed&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1661951657591&bpp=2&bdt=451&idt=314&shv=r20220829&mjsv=m202208250101&ptt=9&saldr=aa&abxe=1&prev_fmts=299x250%2C299x600%2C1182x200%2C1200x200&correlator=1586759193417&frm=20&pv=1&ga_vid=1684267297.1661951657&ga_sid=1661951658&ga_hid=1463385701&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=350&ady=2523&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44770881&oid=2&pvsid=2067061859819734&tmod=1315424044&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpEebr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&btvi=1&fsb=1&xpc=elDDdbOemD&p=https%3A//www.threatminer.org&dtd=317
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Wed, 31 Aug 2022 13:14:18 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Wed, 31 Aug 2022 13:14:18 GMT

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220829/r20110914/ Frame 5A3D 23 KB
10 KB 95ms
20ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220829/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5720763271532377&output=html&h=200&slotname=8831273914&adk=3175788880&adf=3735847537&pi=t.ma~as.8831273914&w=1200&fwrn=4&lmt=1661951657&rafmt=11&psa=0&format=1200x200&url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D4bc695cf6e9f1cd4a4d7dc118edfa9ed&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1661951657591&bpp=2&bdt=451&idt=314&shv=r20220829&mjsv=m202208250101&ptt=9&saldr=aa&abxe=1&prev_fmts=299x250%2C299x600%2C1182x200%2C1200x200&correlator=1586759193417&frm=20&pv=1&ga_vid=1684267297.1661951657&ga_sid=1661951658&ga_hid=1463385701&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=350&ady=2523&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44770881&oid=2&pvsid=2067061859819734&tmod=1315424044&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpEebr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&btvi=1&fsb=1&xpc=elDDdbOemD&p=https%3A//www.threatminer.org&dtd=317

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f63e08b18115b72e6d2cbe9db5f7527d2731545d38beae54317e10cfe0f58fc6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 13:13:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 52
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9615
x-xss-protection: 0
server: cafe
etag: 5965352936607719246
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 14 Sep 2022 13:13:26 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220829/r20110914/client/ Frame 5A3D 3 KB
1 KB 120ms
45ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220829/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 13:11:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 152
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 14 Sep 2022 13:11:46 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220829/r20110914/client/ Frame 5A3D 17 KB
8 KB 99ms
25ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220829/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

57000ea03bfb53734d0858b8fe992e6742226f23f311eb0f9d2177e2a84a5621

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 13:13:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 62
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7599
x-xss-protection: 0
server: cafe
etag: 9215437806027971270
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 14 Sep 2022 13:13:16 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 5A3D 141 KB
44 KB 116ms
42ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3d94a91612f816c172c583d17bb06e140969a22fae663e7b8cae7d18d55eb2c6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 13:14:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44757
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1661773661488070"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 31 Aug 2022 13:14:18 GMT

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220829/r20110914/ Frame 156A 23 KB
9 KB 100ms
28ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220829/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5720763271532377&output=html&h=591&slotname=4336667154&adk=296923673&adf=1593494102&pi=t.ma~as.4336667154&w=1182&cr_col=4&cr_row=2&fwrn=2&lmt=1661951657&rafmt=9&psa=0&format=1182x591&url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D4bc695cf6e9f1cd4a4d7dc118edfa9ed&crui=image_stacked&fwr=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1661951657595&bpp=2&bdt=455&idt=323&shv=r20220829&mjsv=m202208250101&ptt=9&saldr=aa&abxe=1&prev_fmts=299x250%2C299x600%2C1182x200%2C1200x200%2C1200x200%2C1200x200&correlator=1586759193417&frm=20&pv=1&ga_vid=1684267297.1661951657&ga_sid=1661951658&ga_hid=1463385701&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=359&ady=4318&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44770881&oid=2&pvsid=2067061859819734&tmod=1315424044&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=7&uci=a!7&btvi=3&fsb=1&xpc=pguM8gqM7h&p=https%3A//www.threatminer.org&dtd=329

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f63e08b18115b72e6d2cbe9db5f7527d2731545d38beae54317e10cfe0f58fc6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 13:13:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 52
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9615
x-xss-protection: 0
server: cafe
etag: 5965352936607719246
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 14 Sep 2022 13:13:26 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 156A 8 KB
1 KB 102ms
31ms Stylesheet
text/css 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:700,500,400,300

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

684dfe949ae87a38c2afbcee199f51b0025dd9121b524d62e881cf40846cdd21

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 31 Aug 2022 12:04:35 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Wed, 31 Aug 2022 13:14:18 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 31 Aug 2022 13:14:18 GMT

GET
H2 200 outstream.min.css
imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20220822_RC00/ Frame 156A 14 KB
3 KB 87ms
27ms Stylesheet
text/css 2a00:1450:4001:801::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20220822_RC00/outstream.min.css

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

48ca4c570f2d58d8ff837e1c8f7d73e418a485ae23b2c9322f2f351d71d93aa7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Mon, 29 Aug 2022 13:39:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 171306
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2798
x-xss-protection: 0
last-modified: Mon, 22 Aug 2022 10:41:04 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 29 Aug 2023 13:39:12 GMT

GET
H2 200 outstream.min.js Show response
imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20220822_RC00/ Frame 156A 357 KB
123 KB 87ms
29ms Script
text/javascript 2a00:1450:4001:801::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20220822_RC00/outstream.min.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0f32dffd9527dbaf143a31a4d853ae7ef258ce4ef6f2de04b9cbe7e838473887

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Mon, 29 Aug 2022 13:39:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 171306
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 126294
x-xss-protection: 0
last-modified: Mon, 22 Aug 2022 10:41:04 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 29 Aug 2023 13:39:12 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220829/r20110914/client/ Frame 156A 17 KB
7 KB 111ms
41ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220829/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

57000ea03bfb53734d0858b8fe992e6742226f23f311eb0f9d2177e2a84a5621

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 13:13:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 62
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7599
x-xss-protection: 0
server: cafe
etag: 9215437806027971270
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 14 Sep 2022 13:13:16 GMT

GET
H2 200 noavatar92.png
a.disquscdn.com/1660573036/images/ Frame 1BD7 2 KB
2 KB 112ms
28ms Image
image/png 199.232.198.49
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://a.disquscdn.com/1660573036/images/noavatar92.png

Requested by

Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=4bc695cf6e9f1cd4a4d7dc118edfa9ed

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

199.232.198.49 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

36ef66124133ca33c8b44c487293c3180e5ab681ff3cad3c728ea4f894ec3444

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://disqus.com/embed/comments/?base=default&f=threatminer&t_i=4bc695cf6e9f1cd4a4d7dc118edfa9ed&t_u=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D4bc695cf6e9f1cd4a4d7dc118edfa9ed&t_d=4bc695cf6e9f1cd4a4d7dc118edfa9ed%20Malware%20Analysis%20Results%20%7C%20ThreatMiner.org&t_t=4bc695cf6e9f1cd4a4d7dc118edfa9ed%20Malware%20Analysis%20Results%20%7C%20ThreatMiner.org&s_o=default
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 13:14:18 GMT
x-content-type-options: nosniff
last-modified: Fri, 26 Feb 2021 20:50:09 GMT
server: nginx
age: 1358019
etag: "60395f01-66c"
strict-transport-security: max-age=300; includeSubdomains
content-type: image/png
x-xss-protection: 1; mode=block
cache-control: max-age=2592000
cross-origin-resource-policy: cross-origin
x-amz-cf-pop: FRA56-P3
content-length: 1644
x-amz-cf-id: CbzV0ooRiJWgOzc_bbWzIxsVj1GHx68iE4a3PkTrOjXSSpHhQqNcIA==
expires: Wed, 14 Sep 2022 20:00:38 GMT

GET
DATA 200
OK truncated
/ Frame 1BD7 37 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

Content-Type: image/gif

GET
H2 200 svg-sprite.4da5413f5086c5755b46094b813dbfcd.svg
c.disquscdn.com/next/embed/assets/img/ Frame 1BD7 13 KB
13 KB 24ms
24ms Image
image/svg+xml 2600:9000:21f3:ca00:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.disquscdn.com/next/embed/assets/img/svg-sprite.4da5413f5086c5755b46094b813dbfcd.svg

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/styles/lounge.4ceaf0673822a0def820ebdc38d84415.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:21f3:ca00:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

3270642c89180c12db93775e2a774b6dadd9bd98cffc963075c85afd2c17b6e4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c.disquscdn.com/next/embed/styles/lounge.4ceaf0673822a0def820ebdc38d84415.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Mon, 25 Jul 2022 05:21:30 GMT
via: 1.1 882f747f39885162595630c95dd0012c.cloudfront.net (CloudFront)
x-content-type-options: nosniff
age: 3225168
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 13079
x-xss-protection: 1; mode=block
x-served-by: static-web-1
surrogate-key: next
last-modified: Fri, 22 Jul 2022 12:02:55 GMT
server: nginx
etag: "62da91ef-3317"
content-type: image/svg+xml; charset=utf-8
access-control-allow-origin: *
expires: Tue, 25 Jul 2023 05:21:30 GMT
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: FRA2-C2
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: klxlYpcYFW9A-6e2tvg3hMjiOAqbhr-_BYsQP9j8lt0YF2uyfRRDtw==
x-cache-hits: 0

GET
H2 200 loader.ba7c86e8b4b6135bb668d05223f8f127.gif
c.disquscdn.com/next/embed/assets/img/ Frame 1BD7 3 KB
3 KB 24ms
21ms Image
image/gif 2600:9000:21f3:ca00:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.disquscdn.com/next/embed/assets/img/loader.ba7c86e8b4b6135bb668d05223f8f127.gif

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/styles/lounge.4ceaf0673822a0def820ebdc38d84415.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:21f3:ca00:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

4c4491dcfa94cb46fb73742fc2caf49a1cd59027304af1830c7dc6ce1889857c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c.disquscdn.com/next/embed/styles/lounge.4ceaf0673822a0def820ebdc38d84415.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Sat, 04 Jun 2022 12:47:57 GMT
via: 1.1 882f747f39885162595630c95dd0012c.cloudfront.net (CloudFront)
x-content-type-options: nosniff
age: 7604781
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 2971
x-xss-protection: 1; mode=block
x-served-by: static-web-2
surrogate-key: next
last-modified: Fri, 03 Jun 2022 17:03:15 GMT
server: nginx
etag: "629a3ed3-b9b"
content-type: image/gif
access-control-allow-origin: *
expires: Sun, 04 Jun 2023 12:47:57 GMT
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: FRA2-C2
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: HpqkPSrs9I7ol0BNK5Zz7jIy2tWvFPdYnM1VbVzomgjN4RAjpgOU0g==
x-cache-hits: 0

GET
H2 200 sprite.ad630a07080a45451f139a7487853ff8.png
c.disquscdn.com/next/embed/assets/img/ Frame 1BD7 2 KB
2 KB 25ms
22ms Image
image/png 2600:9000:21f3:ca00:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.disquscdn.com/next/embed/assets/img/sprite.ad630a07080a45451f139a7487853ff8.png

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/styles/lounge.4ceaf0673822a0def820ebdc38d84415.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:21f3:ca00:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

9714221c828961b20f45a782c3281c0596f6652cfe1299bee18097f98e8fb7b3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c.disquscdn.com/next/embed/styles/lounge.4ceaf0673822a0def820ebdc38d84415.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 15 Jun 2022 02:15:06 GMT
via: 1.1 882f747f39885162595630c95dd0012c.cloudfront.net (CloudFront)
x-content-type-options: nosniff
age: 6692352
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 1763
x-xss-protection: 1; mode=block
x-served-by: static-web-1
surrogate-key: next
last-modified: Fri, 03 Jun 2022 17:03:15 GMT
server: nginx
etag: "629a3ed3-6e3"
content-type: image/png
access-control-allow-origin: *
expires: Thu, 15 Jun 2023 02:15:06 GMT
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: FRA2-C2
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: K8OdtZ6DtMYpvwksvk4byMS4orp1yFLwH3L2nD0j-LLXVaAr3xCxBA==
x-cache-hits: 0

GET
H2 200 icons.4cc7a703d2fdfe684151ff8ac24d45f1.woff2
c.disquscdn.com/next/embed/assets/font/ Frame 1BD7 8 KB
8 KB 26ms
23ms Font
application/octet-stream 2600:9000:21f3:ca00:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/assets/font/icons.4cc7a703d2fdfe684151ff8ac24d45f1.woff2

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/styles/lounge.4ceaf0673822a0def820ebdc38d84415.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:21f3:ca00:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

f2a341fc815d45c21da726d4c843c2c5d3e1f333465347c3c75d040d556df4e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://c.disquscdn.com/next/embed/styles/lounge.4ceaf0673822a0def820ebdc38d84415.css
Origin: https://disqus.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Fri, 03 Jun 2022 22:05:41 GMT
via: 1.1 6fa33d47af6f4da7007689083cfe9b9c.cloudfront.net (CloudFront)
x-content-type-options: nosniff
age: 7657717
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 7900
x-xss-protection: 1; mode=block
x-served-by: static-web-1
surrogate-key: next
last-modified: Fri, 03 Jun 2022 17:03:15 GMT
server: nginx
etag: "629a3ed3-1edc"
content-type: application/octet-stream
access-control-allow-origin: *
expires: Sat, 03 Jun 2023 22:05:41 GMT
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: FRA2-C2
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: qFGdPpdglK6hVVqi2vxO8u4NcquMmkWaKUzB3IJP35rrp3vUUPZRdA==
x-cache-hits: 0

GET
H3 200 css
fonts.googleapis.com/ Frame C1BE 4 KB
621 B 78ms
31ms Stylesheet
text/css 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5720763271532377&output=html&h=250&slotname=4491384285&adk=1382012186&adf=1527761000&pi=t.ma~as.4491384285&w=299&fwrn=4&fwrnh=100&lmt=1661951657&rafmt=3&psa=0&format=299x250&url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D4bc695cf6e9f1cd4a4d7dc118edfa9ed&fwr=0&fwrattr=true&rpe=1&resp_fmts=1&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1661951657581&bpp=5&bdt=441&idt=259&shv=r20220829&mjsv=m202208250101&ptt=9&saldr=aa&abxe=1&correlator=1586759193417&frm=20&pv=2&ga_vid=1684267297.1661951657&ga_sid=1661951658&ga_hid=1463385701&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=0&ady=229&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44770881&oid=2&pvsid=2067061859819734&tmod=1315424044&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CaeE%7C&abl=CA&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&fsb=1&xpc=gfdajWiWZm&p=https%3A//www.threatminer.org&dtd=283

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

46d1791d45e9e6840842ef90f192c2c6f1f4247baa7c1f32f2da75d3a05c0de2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 31 Aug 2022 12:04:00 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Wed, 31 Aug 2022 13:14:18 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 31 Aug 2022 13:14:18 GMT

GET
H3 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220829/r20110914/client/ Frame C1BE 2 KB
902 B 75ms
29ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220829/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

981c0bff12cb03203363a70e8ffe9b7fdf4af3b0b10c7a02a639eb13327574c0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 13:07:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 393
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 875
x-xss-protection: 0
server: cafe
etag: 16974406330603315520
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 14 Sep 2022 13:07:45 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220829/r20110914/ Frame C1BE 23 KB
9 KB 71ms
24ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220829/r20110914/abg_lite_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f63e08b18115b72e6d2cbe9db5f7527d2731545d38beae54317e10cfe0f58fc6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 13:08:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 376
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9615
x-xss-protection: 0
server: cafe
etag: 5965352936607719246
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 14 Sep 2022 13:08:02 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220829/r20110914/client/ Frame C1BE 3 KB
1 KB 21ms
20ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220829/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 13:09:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 274
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 14 Sep 2022 13:09:44 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220829/r20110914/client/ Frame C1BE 17 KB
7 KB 72ms
26ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220829/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

57000ea03bfb53734d0858b8fe992e6742226f23f311eb0f9d2177e2a84a5621

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 13:04:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 561
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7599
x-xss-protection: 0
server: cafe
etag: 9215437806027971270
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 14 Sep 2022 13:04:57 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame C1BE 141 KB
44 KB 94ms
41ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3d94a91612f816c172c583d17bb06e140969a22fae663e7b8cae7d18d55eb2c6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 13:14:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44757
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1661773661488070"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 31 Aug 2022 13:14:18 GMT

GET
H2 200 e3ca5db921b3b46420ba257a4c2f6b26.js Show response
www.gstatic.com/mysidia/ Frame C1BE 33 KB
13 KB 83ms
27ms Script
text/javascript 2a00:1450:4001:801::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/e3ca5db921b3b46420ba257a4c2f6b26.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

24302eeb5b736bcc9f610299a37ac5dcf7e5b4c11591489fe9ad89f1533bd09b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 24 Aug 2022 22:40:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 570850
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13683
x-xss-protection: 0
last-modified: Mon, 22 Aug 2022 19:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Tue, 22 Nov 2022 22:40:08 GMT

GET
H2 200 alfie_v4.63f1ab6d6b9d5807dc0c94ef3fe0b851.js Show response
c.disquscdn.com/next/embed/ 78 KB
27 KB 27ms
22ms Script
application/javascript 2600:9000:21f3:ca00:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/alfie_v4.63f1ab6d6b9d5807dc0c94ef3fe0b851.js

Requested by

Host: threatminer.disqus.com
URL: https://threatminer.disqus.com/embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:21f3:ca00:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

9efb3d5e1b082a66bd94908b42afb4cf6fe0e8eb8f50b8d2a18f6a5da03e6a18

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Mon, 25 Jul 2022 05:21:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3225168
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 26578
x-xss-protection: 1; mode=block
x-served-by: static-web-1
access-control-allow-origin: *
surrogate-key: next
last-modified: Fri, 22 Jul 2022 12:02:54 GMT
server: nginx
etag: "62da91ee-67d2"
content-type: application/javascript; charset=utf-8
via: 1.1 882f747f39885162595630c95dd0012c.cloudfront.net (CloudFront)
expires: Tue, 25 Jul 2023 05:21:30 GMT
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: FRA2-C2
timing-allow-origin: *
x-amz-cf-id: zrkehST6mDA1pPoJQo4CUO-TTmSKCRDBTpiAySIHKqTS5hM1czkayg==
x-cache-hits: 0

GET
H/1.1 200
OK event.gif
referrer.disqus.com/juggler/ Frame 1BD7 43 B
339 B 111ms
109ms Image
image/gif 199.232.192.134
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://referrer.disqus.com/juggler/event.gif?abe=0&embed_hidden=0&load_time=350&event=init_embed&thread=8262673387&forum=threatminer&forum_id=5993718&imp=1op9m2q3rkinke&thread_slug=4bc695cf6e9f1cd4a4d7dc118edfa9ed_malware_analysis_results_threatminerorg&user_type=anon&referrer=https%3A%2F%2Fwww.threatminer.org%2F&theme=next&dnt=0&tracking_enabled=0&experiment=network_default&variant=fallthrough&service=dynamic&promoted_enabled=true&max_enabled=true

Requested by

Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=4bc695cf6e9f1cd4a4d7dc118edfa9ed

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

199.232.192.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://disqus.com/embed/comments/?base=default&f=threatminer&t_i=4bc695cf6e9f1cd4a4d7dc118edfa9ed&t_u=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D4bc695cf6e9f1cd4a4d7dc118edfa9ed&t_d=4bc695cf6e9f1cd4a4d7dc118edfa9ed%20Malware%20Analysis%20Results%20%7C%20ThreatMiner.org&t_t=4bc695cf6e9f1cd4a4d7dc118edfa9ed%20Malware%20Analysis%20Results%20%7C%20ThreatMiner.org&s_o=default
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

Date: Wed, 31 Aug 2022 13:14:18 GMT
X-Content-Type-Options: nosniff
Last-Modified: Mon, 28 Sep 1970 06:00:00 GMT
Server: nginx
Content-Type: image/gif
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
Content-Length: 43
X-XSS-Protection: 1; mode=block

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame C1BE 0
0 67ms
67ms Fetch
text/html 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CqB2aqV4PY6voObW5mLAPwJe-sA3ukeL6aq3p7ZrQDtrZHhABINWzrm1gldqIgpgHoAGro5TaAsgBCakCsDNyxsLJsD6oAwHIA8sEqgTkAU_QE5aYIrGSm3TLUDN3o9nfo2CH8UgsH_00cBMjsOnuURl3Y1U1ijaSr0xQPij3uBQgtXBdIcnVTdaRRUVGur6dZvjNGnMENpFx6PJHQNRIMpjYHOMZpYynoebaZVRRQZgGkSLBWdnE5TIDRUAfJfSs7jBKfFSwxUlvfgNw6NYZekijFKLg00Op5Z3nWsYpwHlGmP3AG5HITM44UwWmWwFBlkm3Pu7UsWM6BLemnfVkhHFCwjN2DtY9WH2LfKdm2NCR_d3APFm_6FtgSLJO7CYoMnT_B6jQgdKledwE3nZXUG0B_8AE7sW-ldMDoAYugAfO9d7CAagHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4b2AcA8gcEEJarC9IIEQiA4YAQEAEYHzICqgI6AoBAgAoByAsB2BMD0BUBgBcBshccChoIABIUcHViLTU3MjA3NjMyNzE1MzIzNzcYAA&sigh=mAKQsl-2y8E&uach_m=[UACH]&template_id=5000

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5720763271532377&output=html&h=250&slotname=4491384285&adk=1382012186&adf=1527761000&pi=t.ma~as.4491384285&w=299&fwrn=4&fwrnh=100&lmt=1661951657&rafmt=3&psa=0&format=299x250&url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D4bc695cf6e9f1cd4a4d7dc118edfa9ed&fwr=0&fwrattr=true&rpe=1&resp_fmts=1&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1661951657581&bpp=5&bdt=441&idt=259&shv=r20220829&mjsv=m202208250101&ptt=9&saldr=aa&abxe=1&correlator=1586759193417&frm=20&pv=2&ga_vid=1684267297.1661951657&ga_sid=1661951658&ga_hid=1463385701&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=0&ady=229&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44770881&oid=2&pvsid=2067061859819734&tmod=1315424044&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CaeE%7C&abl=CA&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&fsb=1&xpc=gfdajWiWZm&p=https%3A//www.threatminer.org&dtd=283
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Wed, 31 Aug 2022 13:14:18 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3 200 css
fonts.googleapis.com/ Frame 3E97 8 KB
893 B 32ms
30ms Stylesheet
text/css 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5720763271532377&output=html&h=600&slotname=6407101181&adk=2989800909&adf=2245449527&pi=t.ma~as.6407101181&w=299&fwrn=4&fwrnh=100&lmt=1661951657&rafmt=1&psa=0&format=299x600&url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D4bc695cf6e9f1cd4a4d7dc118edfa9ed&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1661951657586&bpp=2&bdt=446&idt=288&shv=r20220829&mjsv=m202208250101&ptt=9&saldr=aa&abxe=1&prev_fmts=299x250&correlator=1586759193417&frm=20&pv=1&ga_vid=1684267297.1661951657&ga_sid=1661951658&ga_hid=1463385701&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=0&ady=507&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44770881&oid=2&pvsid=2067061859819734&tmod=1315424044&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CaeE%7C&abl=CA&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=3lIW2ZhTL0&p=https%3A//www.threatminer.org&dtd=297

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

4cf6f3dffbc65f9231255bf31f40ddc84a45bc57428b41d6786afc7153b90b7a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 31 Aug 2022 12:05:53 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Wed, 31 Aug 2022 13:14:18 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 31 Aug 2022 13:14:18 GMT

GET
H3 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220829/r20110914/client/ Frame 3E97 2 KB
902 B 22ms
21ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220829/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

981c0bff12cb03203363a70e8ffe9b7fdf4af3b0b10c7a02a639eb13327574c0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 13:07:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 393
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 875
x-xss-protection: 0
server: cafe
etag: 16974406330603315520
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 14 Sep 2022 13:07:45 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220829/r20110914/ Frame 3E97 23 KB
9 KB 22ms
21ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220829/r20110914/abg_lite_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f63e08b18115b72e6d2cbe9db5f7527d2731545d38beae54317e10cfe0f58fc6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 13:08:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 376
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9615
x-xss-protection: 0
server: cafe
etag: 5965352936607719246
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 14 Sep 2022 13:08:02 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220829/r20110914/client/ Frame 3E97 3 KB
1 KB 25ms
24ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220829/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 13:09:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 274
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 14 Sep 2022 13:09:44 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220829/r20110914/client/ Frame 3E97 17 KB
7 KB 25ms
24ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220829/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

57000ea03bfb53734d0858b8fe992e6742226f23f311eb0f9d2177e2a84a5621

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 13:04:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 561
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7599
x-xss-protection: 0
server: cafe
etag: 9215437806027971270
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 14 Sep 2022 13:04:57 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 3E97 141 KB
44 KB 42ms
41ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3d94a91612f816c172c583d17bb06e140969a22fae663e7b8cae7d18d55eb2c6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 13:14:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44757
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1661773661488070"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 31 Aug 2022 13:14:18 GMT

GET
H2 200 e3ca5db921b3b46420ba257a4c2f6b26.js Show response
www.gstatic.com/mysidia/ Frame 3E97 33 KB
13 KB 23ms
22ms Script
text/javascript 2a00:1450:4001:801::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/e3ca5db921b3b46420ba257a4c2f6b26.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

24302eeb5b736bcc9f610299a37ac5dcf7e5b4c11591489fe9ad89f1533bd09b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 24 Aug 2022 22:40:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 570850
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13683
x-xss-protection: 0
last-modified: Mon, 22 Aug 2022 19:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Tue, 22 Nov 2022 22:40:08 GMT

GET
H2 200 getads.htm Show response
rt3047.infolinks.com/action/ 2 KB
1 KB 384ms
383ms Script
text/html 172.66.41.9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://rt3047.infolinks.com/action/getads.htm?hks=%5B%7B%22lid%22%3A%22d_IL_INSEARCH%22%2C%22bdc%22%3A1%2C%22prod_t%22%3A%22d%22%2C%22garc%22%3A0%2C%22sdata%22%3A%22license%22%2C%22scs%22%3A%22UVPATUEIaZ%22%7D%5D&rid=109cd881-78b4-4998-ae96-84fc5506e86b&jsv=1817.005-3.025&sr=1600X1200&rts=1661951658797&cfv=-1&cb=getAdsResponse&os=Windows&ov=10&br=Chrome&bv=105.0.5195.52&dv=p&ce=t&purl=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D4bc695cf6e9f1cd4a4d7dc118edfa9ed&tzo=-0000&c=c&strg=true&rsd=Uz8VXgtGmyLVo7gKvyFkxiOCxqigpbZpq5U29z83x9WTJmpsDSKwTyxFcufE7QKuAhE0AfSMw0bcajEBA0Xt0bAI2rFx0AfGx12t7tKw9sgZ5Gacq3uODgcWy4URjfzR4WuAqX29yGoxA34BANQqhYhy2cU6K-_S&rsk=10&rcs=tM2Z_TJAmPykQpUXCAiFMg&hbnr=false
Requested by: Host: resources.infolinks.com
URL: https://resources.infolinks.com/js/1817.005-3.025/ice.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c6cdaf18f2911427fdfbd4ea68b80211d5087f58fbf3a9f0c9459bb4e0103558

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 31 Aug 2022 13:14:19 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
server: cloudflare
p3p: CP="NON DSP NID OUR COR"
content-language: de-DE
content-type: text/html;charset=UTF-8
cache-control: no-cache,no-store
cf-ray: 7436074b8e39bb83-FRA
x-application-context: application:prod
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 0e36d09df9ff74ac9a9a8e304d461f4b.js Show response
www.gstatic.com/mysidia/ Frame A1C8 10 KB
5 KB 52ms
26ms Script
text/javascript 2a00:1450:4001:801::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/0e36d09df9ff74ac9a9a8e304d461f4b.js?tag=client_fast_engine_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5720763271532377&output=html&h=200&slotname=1381165906&adk=2644663765&adf=151644923&pi=t.ma~as.1381165906&w=1182&fwrn=4&lmt=1661951657&rafmt=11&psa=0&format=1182x200&url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D4bc695cf6e9f1cd4a4d7dc118edfa9ed&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1661951657588&bpp=2&bdt=448&idt=300&shv=r20220829&mjsv=m202208250101&ptt=9&saldr=aa&abxe=1&prev_fmts=299x250%2C299x600&correlator=1586759193417&frm=20&pv=1&ga_vid=1684267297.1661951657&ga_sid=1661951658&ga_hid=1463385701&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=359&ady=115&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44770881&oid=2&pvsid=2067061859819734&tmod=1315424044&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=rTcnpMJugi&p=https%3A//www.threatminer.org&dtd=304

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8a5dc38cec076d349128944270877cc436cf084bb9ea8130ad55a644c40b35f5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Thu, 25 Aug 2022 01:33:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 560459
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4500
x-xss-protection: 0
last-modified: Thu, 25 Aug 2022 01:10:52 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Wed, 23 Nov 2022 01:33:19 GMT

GET
H2 200 666f8711a2e2427c18d55be59075e64d.js Show response
www.gstatic.com/mysidia/ Frame A1C8 10 KB
4 KB 61ms
35ms Script
text/javascript 2a00:1450:4001:801::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/666f8711a2e2427c18d55be59075e64d.js?tag=text/vanilla_highlight

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a1767e117939b584dcd71619f758af4119ef63c6f8c436a5d97f0a2353d66bb7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Thu, 25 Aug 2022 02:47:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 556020
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4415
x-xss-protection: 0
last-modified: Thu, 25 Aug 2022 01:10:52 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Wed, 23 Nov 2022 02:47:18 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame A1C8 8 KB
893 B 32ms
31ms Stylesheet
text/css 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

4cf6f3dffbc65f9231255bf31f40ddc84a45bc57428b41d6786afc7153b90b7a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 31 Aug 2022 12:00:14 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Wed, 31 Aug 2022 13:14:18 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 31 Aug 2022 13:14:18 GMT

GET
H3 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220829/r20110914/client/ Frame A1C8 2 KB
902 B 25ms
19ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220829/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

981c0bff12cb03203363a70e8ffe9b7fdf4af3b0b10c7a02a639eb13327574c0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 13:07:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 394
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 875
x-xss-protection: 0
server: cafe
etag: 16974406330603315520
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 14 Sep 2022 13:07:45 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220829/r20110914/ Frame A1C8 23 KB
9 KB 22ms
21ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220829/r20110914/abg_lite_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f63e08b18115b72e6d2cbe9db5f7527d2731545d38beae54317e10cfe0f58fc6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 13:08:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 376
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9615
x-xss-protection: 0
server: cafe
etag: 5965352936607719246
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 14 Sep 2022 13:08:02 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220829/r20110914/client/ Frame A1C8 3 KB
1 KB 25ms
20ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220829/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 13:09:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 275
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 14 Sep 2022 13:09:44 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220829/r20110914/client/ Frame A1C8 17 KB
7 KB 25ms
24ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220829/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

57000ea03bfb53734d0858b8fe992e6742226f23f311eb0f9d2177e2a84a5621

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 13:04:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 561
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7599
x-xss-protection: 0
server: cafe
etag: 9215437806027971270
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 14 Sep 2022 13:04:57 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame A1C8 141 KB
44 KB 46ms
45ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3d94a91612f816c172c583d17bb06e140969a22fae663e7b8cae7d18d55eb2c6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 13:14:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44757
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1661773661488070"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 31 Aug 2022 13:14:18 GMT

GET
H3 200 e3ca5db921b3b46420ba257a4c2f6b26.js Show response
www.gstatic.com/mysidia/ Frame A1C8 33 KB
13 KB 72ms
24ms Script
text/javascript 2a00:1450:4001:801::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/e3ca5db921b3b46420ba257a4c2f6b26.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

24302eeb5b736bcc9f610299a37ac5dcf7e5b4c11591489fe9ad89f1533bd09b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 24 Aug 2022 22:40:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 570851
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13683
x-xss-protection: 0
last-modified: Mon, 22 Aug 2022 19:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Tue, 22 Nov 2022 22:40:08 GMT

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 78F3 143 B
163 B 29ms
21ms Document
text/html 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5720763271532377&output=html&h=200&slotname=8831273914&adk=3175788880&adf=3735847537&pi=t.ma~as.8831273914&w=1200&fwrn=4&lmt=1661951657&rafmt=11&psa=0&format=1200x200&url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D4bc695cf6e9f1cd4a4d7dc118edfa9ed&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1661951657591&bpp=2&bdt=451&idt=314&shv=r20220829&mjsv=m202208250101&ptt=9&saldr=aa&abxe=1&prev_fmts=299x250%2C299x600%2C1182x200%2C1200x200&correlator=1586759193417&frm=20&pv=1&ga_vid=1684267297.1661951657&ga_sid=1661951658&ga_hid=1463385701&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=350&ady=2523&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44770881&oid=2&pvsid=2067061859819734&tmod=1315424044&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpEebr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&btvi=1&fsb=1&xpc=elDDdbOemD&p=https%3A//www.threatminer.org&dtd=317
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 174
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
date: Wed, 31 Aug 2022 13:11:24 GMT
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 exitapi-impl.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/api/ Frame 6162 9 KB
3 KB 26ms
20ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/api/exitapi-impl.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/3028943097652992417/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d661244532ddce6a92fb96fde511e23ea4de69ff2e41a5bffb884caa71166e01

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 04:52:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 30115
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3271
x-xss-protection: 0
server: cafe
etag: 7483759447172721109
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Thu, 01 Sep 2022 04:52:23 GMT

GET
H3 200 addata.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame 6162 26 KB
10 KB 27ms
20ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/3028943097652992417/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

54a66c4693bfd79901040269ae7d7304508cbd02859797a1780f2bbe72176e23

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 04:52:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 30114
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10382
x-xss-protection: 0
server: cafe
etag: 12806417668659483808
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Thu, 01 Sep 2022 04:52:24 GMT

GET
H2 200 tweenmax_1.19.0_643d6911392a3398cb1607993edabfa7_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame 6162 109 KB
37 KB 106ms
30ms Script
text/javascript 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/tweenmax_1.19.0_643d6911392a3398cb1607993edabfa7_min.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/3028943097652992417/index.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

36c0ec05d79bd9d3164effc3eca0f1962cd6f82bb1f41cb212e080910be24153

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 13:14:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37530
x-xss-protection: 0
last-modified: Tue, 06 Sep 2016 20:51:14 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 31 Aug 2022 13:14:18 GMT

GET
H3 200 2728354180183721846
tpc.googlesyndication.com/simgad/2503614514097453847/ Frame C1BE 20 KB
20 KB 33ms
30ms Image
image/png 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/2503614514097453847/2728354180183721846?w=400&h=209

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1a99993a2c81fc1b8c536321195c448f9d9666a5665c5746927b4b8dfc351b25

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Sun, 28 Aug 2022 15:30:17 GMT
x-content-type-options: nosniff
age: 251041
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20230
x-xss-protection: 0
last-modified: Wed, 29 Jun 2022 12:57:56 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Mon, 28 Aug 2023 15:30:17 GMT

GET
DATA 200
OK truncated
/ Frame C1BE 209 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4dd81a8cd53de1ae4155c08769c077252fae843edde3773be4dcaf439fdc94b1

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 3E97 0
0 71ms
68ms Fetch
text/html 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CrGA5qV4PY-3pOtuS78EPveCF8ATukeL6aovc7MGlDtrZHhABINWzrm1gldqIgpgHoAGro5TaAsgBCakCsDNyxsLJsD6oAwHIA8sEqgTnAU_QV8zy6TSkwapSiAuFktmInvlTCwidotfiWfrpU8ybazycQxQtA0YYM5Ts8j2Cbdx9HlcY6a6LuHmHm6NJHKordUICGizYWTSm-CAWJh8ojVwB5NIUgcDnOfkwdcHeCTNMPjfOlmsFKiltQI7MXanAPPvxNi3gAWASv8NgKB5cM-0Vs3xhTcd6CBh09Yyy9IiydJQEoW_rkTvYIxWL-YtmkPePDt98kT_9frFfDGTkbBz8KrhZiA3nTcpsfdxeKNrc427YfGaEAnkULdspPkkZtNEk8m3SuQLaa5KhP2SHLsz0InSGTcAE7sW-ldMDoAYugAfO9d7CAagHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4b2AcA8gcEEMC4K9IIEQiA4YAQEAEYHzICqgI6AoBAgAoByAsB2BMDiBQD0BUBgBcBshccChoIABIUcHViLTU3MjA3NjMyNzE1MzIzNzcYAA&sigh=Gf0TlB3L9PU&uach_m=[UACH]&template_id=5000

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5720763271532377&output=html&h=600&slotname=6407101181&adk=2989800909&adf=2245449527&pi=t.ma~as.6407101181&w=299&fwrn=4&fwrnh=100&lmt=1661951657&rafmt=1&psa=0&format=299x600&url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D4bc695cf6e9f1cd4a4d7dc118edfa9ed&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1661951657586&bpp=2&bdt=446&idt=288&shv=r20220829&mjsv=m202208250101&ptt=9&saldr=aa&abxe=1&prev_fmts=299x250&correlator=1586759193417&frm=20&pv=1&ga_vid=1684267297.1661951657&ga_sid=1661951658&ga_hid=1463385701&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=0&ady=507&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44770881&oid=2&pvsid=2067061859819734&tmod=1315424044&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CaeE%7C&abl=CA&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=3lIW2ZhTL0&p=https%3A//www.threatminer.org&dtd=297
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Wed, 31 Aug 2022 13:14:18 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/8728300671622179665/ Frame 3E97 7 KB
7 KB 21ms
20ms Image
image/jpeg 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/8728300671622179665/downsize_200k_v1?w=400&h=209

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

29e30afd116c44fad14a3833f5a8bca24d57a66a92fc5d3898746b1785e3864f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Tue, 30 Aug 2022 09:46:30 GMT
x-content-type-options: nosniff
age: 98868
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7538
x-xss-protection: 0
last-modified: Mon, 30 Aug 2021 14:34:52 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Wed, 30 Aug 2023 09:46:30 GMT

GET
DATA 200
OK truncated
/ Frame 3E97 206 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 44eefef34507164f4234b958d8f6906488a2521071379498041568bae9499b2e

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame 3E97 209 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4dd81a8cd53de1ae4155c08769c077252fae843edde3773be4dcaf439fdc94b1

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 pixel.gif
cdn.viglink.com/images/ 43 B
101 B 112ms
36ms Image
image/gif 2606:4700::6810:a40d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.viglink.com/images/pixel.gif?ch=1&rn=8.7624007439096
Requested by: Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=4bc695cf6e9f1cd4a4d7dc118edfa9ed
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:a40d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 13:14:19 GMT
cf-cache-status: HIT
last-modified: Tue, 10 Feb 2015 03:29:39 GMT
server: cloudflare
age: 7
etag: "221d8352905f2c38b3cb2bd191d630b0"
vary: Accept-Encoding
content-type: image/gif
cache-control: max-age=15, must-revalidate
content-length: 43
accept-ranges: bytes
cf-ray: 7436074cab2a9165-FRA
x-amz-request-id: NKB2T52EKXD9JJRC
x-amz-id-2: 78SSfNZ6+Y09fYTBp7XTo6lv0cIGuiyP71zW0jRW2LjbpKUptdL7EdX/67m+Peu1vImiXsky2nk=

GET
H2 200 pixel.gif
cdn.viglink.com/images/ 43 B
356 B 110ms
35ms Image
image/gif 2606:4700::6810:a40d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.viglink.com/images/pixel.gif?ch=2&rn=8.7624007439096
Requested by: Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=4bc695cf6e9f1cd4a4d7dc118edfa9ed
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:a40d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 13:14:19 GMT
cf-cache-status: HIT
last-modified: Tue, 10 Feb 2015 03:29:39 GMT
server: cloudflare
age: 7
etag: "221d8352905f2c38b3cb2bd191d630b0"
vary: Accept-Encoding
content-type: image/gif
cache-control: max-age=15, must-revalidate
content-length: 43
accept-ranges: bytes
cf-ray: 7436074cab2e9165-FRA
x-amz-request-id: NKB2T52EKXD9JJRC
x-amz-id-2: 78SSfNZ6+Y09fYTBp7XTo6lv0cIGuiyP71zW0jRW2LjbpKUptdL7EdX/67m+Peu1vImiXsky2nk=

GET
DATA 200
OK truncated
/ Frame 5A3D 217 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6e0e7332cefe3fbb4e030eb0f022a9cae2f56bc7e224f3c2b85117508b8e066e

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

Content-Type: image/png

GET
H/1.1 200
OK runtime-d2ba011899a8bc832546.js Show response
platform.twitter.com/_next/static/chunks/ Frame 85D0 4 KB
3 KB 21ms
20ms Script
application/javascript 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/_next/static/chunks/runtime-d2ba011899a8bc832546.js
Requested by: Host: syndication.twitter.com
URL: https://syndication.twitter.com/srv/timeline-profile/screen-name/ThreatMiner?dnt=true&embedId=twitter-widget-0&frame=false&lang=en&maxHeight=500&origin=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D4bc695cf6e9f1cd4a4d7dc118edfa9ed&sessionId=c940bcf3d2e43cd9574b4a07d331b27eaddcac1c&showHeader=true&showReplies=false&theme=light&widgetsVersion=31f0cdc1eaa0f%3A1660602114609
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/6724) /
Resource Hash: 9df8804be7bc833a0f7bda128387f950072b9c844a13747e22ae6cfdcb515b00

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://syndication.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

Date: Wed, 31 Aug 2022 13:14:18 GMT
Content-Encoding: gzip
Age: 55069
X-Cache: HIT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=,edge;dur=1
Content-Length: 2102
x-tw-cdn: VZ
Last-Modified: Wed, 17 Aug 2022 17:37:20 GMT
Server: ECS (frb/6724)
Etag: "9f542b1e6fbe41a0a4865d93098693f4+gzip"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000

GET
H/1.1 200
OK modules.c7def0268c66f6a548ed.js Show response
platform.twitter.com/_next/static/chunks/ Frame 85D0 286 KB
94 KB 45ms
19ms Script
application/javascript 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/_next/static/chunks/modules.c7def0268c66f6a548ed.js
Requested by: Host: syndication.twitter.com
URL: https://syndication.twitter.com/srv/timeline-profile/screen-name/ThreatMiner?dnt=true&embedId=twitter-widget-0&frame=false&lang=en&maxHeight=500&origin=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D4bc695cf6e9f1cd4a4d7dc118edfa9ed&sessionId=c940bcf3d2e43cd9574b4a07d331b27eaddcac1c&showHeader=true&showReplies=false&theme=light&widgetsVersion=31f0cdc1eaa0f%3A1660602114609
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/67BC) /
Resource Hash: cdc46119f82b8cc0c4fa0ad51203da3154d0aee0e887aaf26a46988e5f359070

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://syndication.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

Date: Wed, 31 Aug 2022 13:14:18 GMT
Content-Encoding: gzip
Age: 55069
X-Cache: HIT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=,edge;dur=1
Content-Length: 95749
x-tw-cdn: VZ
Last-Modified: Wed, 17 Aug 2022 17:37:21 GMT
Server: ECS (frb/67BC)
Etag: "51acddf0dbfab928b183f36c1ee67619+gzip"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000

GET
H/1.1 200
OK main-e9db78f5e7b3d83edd5e.js Show response
platform.twitter.com/_next/static/chunks/ Frame 85D0 90 B
653 B 70ms
20ms Script
application/javascript 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/_next/static/chunks/main-e9db78f5e7b3d83edd5e.js
Requested by: Host: syndication.twitter.com
URL: https://syndication.twitter.com/srv/timeline-profile/screen-name/ThreatMiner?dnt=true&embedId=twitter-widget-0&frame=false&lang=en&maxHeight=500&origin=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D4bc695cf6e9f1cd4a4d7dc118edfa9ed&sessionId=c940bcf3d2e43cd9574b4a07d331b27eaddcac1c&showHeader=true&showReplies=false&theme=light&widgetsVersion=31f0cdc1eaa0f%3A1660602114609
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/673A) /
Resource Hash: 80534a6e1ec41d37acec8be383f8d1112dbbeea31dd51ead47463095c13bff3a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://syndication.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

Date: Wed, 31 Aug 2022 13:14:19 GMT
Access-Control-Allow-Methods: GET
Last-Modified: Wed, 17 Aug 2022 17:37:20 GMT
Server: ECS (frb/673A)
Age: 55070
Etag: "8e33207e7b788da9abde5b6d33da0b00"
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=,edge;dur=1
Accept-Ranges: bytes
Content-Type: application/javascript; charset=utf-8
Content-Length: 90

GET
H/1.1 200
OK _app-f921177a8618779237dd.js Show response
platform.twitter.com/_next/static/chunks/pages/ Frame 85D0 1 KB
1 KB 82ms
20ms Script
application/javascript 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/_next/static/chunks/pages/_app-f921177a8618779237dd.js
Requested by: Host: syndication.twitter.com
URL: https://syndication.twitter.com/srv/timeline-profile/screen-name/ThreatMiner?dnt=true&embedId=twitter-widget-0&frame=false&lang=en&maxHeight=500&origin=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D4bc695cf6e9f1cd4a4d7dc118edfa9ed&sessionId=c940bcf3d2e43cd9574b4a07d331b27eaddcac1c&showHeader=true&showReplies=false&theme=light&widgetsVersion=31f0cdc1eaa0f%3A1660602114609
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/6727) /
Resource Hash: 0b646f6a0117000d7a12cb08668222c21cd3ae0194b31cb4a12a60547171e380

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://syndication.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

Date: Wed, 31 Aug 2022 13:14:19 GMT
Content-Encoding: gzip
Age: 55070
X-Cache: HIT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=,edge;dur=1
Content-Length: 668
x-tw-cdn: VZ
Last-Modified: Wed, 17 Aug 2022 17:37:20 GMT
Server: ECS (frb/6727)
Etag: "be3e428d416daa9027cecf70b5f26bf9+gzip"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000

GET
H/1.1 200
OK %5BscreenName%5D-18c5091b9b3426f0194f.js Show response
platform.twitter.com/_next/static/chunks/pages/timeline-profile/screen-name/ Frame 85D0 13 KB
2 KB 83ms
21ms Script
application/javascript 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/_next/static/chunks/pages/timeline-profile/screen-name/%5BscreenName%5D-18c5091b9b3426f0194f.js
Requested by: Host: syndication.twitter.com
URL: https://syndication.twitter.com/srv/timeline-profile/screen-name/ThreatMiner?dnt=true&embedId=twitter-widget-0&frame=false&lang=en&maxHeight=500&origin=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D4bc695cf6e9f1cd4a4d7dc118edfa9ed&sessionId=c940bcf3d2e43cd9574b4a07d331b27eaddcac1c&showHeader=true&showReplies=false&theme=light&widgetsVersion=31f0cdc1eaa0f%3A1660602114609
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/6712) /
Resource Hash: 32e5acf1b97e30e8721e8a3ee93bac752bc702eafd176b57074ea17f07063585

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://syndication.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

Date: Wed, 31 Aug 2022 13:14:19 GMT
Content-Encoding: gzip
Age: 55070
X-Cache: HIT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ,edge;dur=2
Content-Length: 1228
x-tw-cdn: VZ
Last-Modified: Wed, 17 Aug 2022 17:37:20 GMT
Server: ECS (frb/6712)
Etag: "894f10ff8654944198f92198524998a4+gzip"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000

GET
H/1.1 200
OK _buildManifest.js Show response
platform.twitter.com/_next/static/zCh8LVg1_TSeSe2HMSR25/ Frame 85D0 1 KB
1010 B 20ms
19ms Script
application/javascript 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/_next/static/zCh8LVg1_TSeSe2HMSR25/_buildManifest.js
Requested by: Host: syndication.twitter.com
URL: https://syndication.twitter.com/srv/timeline-profile/screen-name/ThreatMiner?dnt=true&embedId=twitter-widget-0&frame=false&lang=en&maxHeight=500&origin=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D4bc695cf6e9f1cd4a4d7dc118edfa9ed&sessionId=c940bcf3d2e43cd9574b4a07d331b27eaddcac1c&showHeader=true&showReplies=false&theme=light&widgetsVersion=31f0cdc1eaa0f%3A1660602114609
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/6725) /
Resource Hash: 6796ccb15426d91d3311ea27d429c2d35605243125f7e30fb554271b393a9c27

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://syndication.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

Date: Wed, 31 Aug 2022 13:14:19 GMT
Content-Encoding: gzip
Age: 55070
X-Cache: HIT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=,edge;dur=1
Content-Length: 416
x-tw-cdn: VZ
Last-Modified: Wed, 17 Aug 2022 17:37:20 GMT
Server: ECS (frb/6725)
Etag: "ac61950c88e23d04701a0e7b53c34aff+gzip"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000

GET
H/1.1 200
OK _ssgManifest.js Show response
platform.twitter.com/_next/static/zCh8LVg1_TSeSe2HMSR25/ Frame 85D0 76 B
639 B 22ms
22ms Script
application/javascript 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/_next/static/zCh8LVg1_TSeSe2HMSR25/_ssgManifest.js
Requested by: Host: syndication.twitter.com
URL: https://syndication.twitter.com/srv/timeline-profile/screen-name/ThreatMiner?dnt=true&embedId=twitter-widget-0&frame=false&lang=en&maxHeight=500&origin=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D4bc695cf6e9f1cd4a4d7dc118edfa9ed&sessionId=c940bcf3d2e43cd9574b4a07d331b27eaddcac1c&showHeader=true&showReplies=false&theme=light&widgetsVersion=31f0cdc1eaa0f%3A1660602114609
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/674D) /
Resource Hash: 653f3e53e89b4f8548ff86c19e92bb3c6b84b6be7485a320b1e00893ed877479

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://syndication.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

Date: Wed, 31 Aug 2022 13:14:19 GMT
Access-Control-Allow-Methods: GET
Last-Modified: Wed, 17 Aug 2022 17:37:20 GMT
Server: ECS (frb/674D)
Age: 55070
Etag: "abee47769bf307639ace4945f9cfd4ff"
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=,edge;dur=1
Accept-Ranges: bytes
Content-Type: application/javascript; charset=utf-8
Content-Length: 76

GET
DATA 200
OK truncated
/ Frame C1BE 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ae79a25d5946ffd53f83880ae13a44a7b235c82f3cacb8b3486c5358f8839c73

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

Content-Type: image/png

POST
H2 204 csi
csi.gstatic.com/ Frame 156A 0
327 B 108ms
43ms Ping
image/gif 2001:4860:4802:32::3
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=1~l7hn3v7j&c=7117984497273&slotId=3558992248636.5&qqid=CPWk1rGU8fkCFW3n4wcdmsMPzw&fb=outstream-lima&sei=44729911%2C44730425%2C44730426%2C44752538%2C75259414%2C420706098&nsei=44714510%2C72811302%2C75259405%2C75259407%2C75259408%2C318491509%2C447279544&bi=outstream
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20220822_RC00/outstream.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::3 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 31 Aug 2022 13:14:19 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame 156A 15 KB
16 KB 74ms
21ms Font
font/woff2 2a00:1450:4001:801::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:700,500,400,300

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Sun, 28 Aug 2022 05:29:41 GMT
x-content-type-options: nosniff
age: 287078
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15860
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 28 Aug 2023 05:29:41 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ Frame 156A 15 KB
15 KB 74ms
26ms Font
font/woff2 2a00:1450:4001:801::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:700,500,400,300

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Thu, 25 Aug 2022 08:01:51 GMT
x-content-type-options: nosniff
age: 537148
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15744
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 25 Aug 2023 08:01:51 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 156A 0
20 B 58ms
58ms Image
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=osv-info&clickstring=CLvEtql4PY_Un7c6P7w-ah7_4DKaQsPBrjd6zmqAQ8a_q4qIyEAEg1bOubWCV2oiCmAegAYK9m8QoyAEFqQI1dxVD44NtPqgDAcgDmwSqBKoCT9BW8BsoYnhn4pG2Ma153J7HQwOQxKge9-3DNvEO1WFDUr33ek2AFTFp4359JYoNQ60jVolLIQ8lTK02S9Ydc9DLsW9uZTQ0_VF1GXdKLFBP2rVQO7USXNIrBL5IhBJOSJFO98Lhqy0lxOHtP8vT1ppfTucktcZAkjSaz3FR4glQ84tzEA067kzklLALUpdEs0eI1Ys373lpNhG9a1ucznB5KyAf3UcXRPZFkGUK6Ppfxp4NLzx1Y4CJkhTEv09TLnh2NH7o1dCC9QWWGh1S8RhYl_xMgnHdzAkkZ8hGKyjzH9byxMxgt2yPMdIb7rqltHgpQYSEQxIaBRue0vnVdsDED571mJszmkxDQ-Vt_JIZe9QG4VztjWAc9XgiY7gGoTSdPy5DFkemSsAEg_Cp2JUE4AQDkAYBoAZ2gAeC9eujA6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB9-fsQLYBwDSCBEIgOGAEBABGB8yAqoCOgKAQIAKAcgLAeALAYAMAbAT_5KZEMgThpiC4QPYEwqIFALYFAHQFQH4FgGAFwE&eventType=clickstring&clientTime=1661951659000&ai=CLvEtql4PY_Un7c6P7w-ah7_4DKaQsPBrjd6zmqAQ8a_q4qIyEAEg1bOubWCV2oiCmAegAYK9m8QoyAEFqQI1dxVD44NtPqgDAcgDmwSqBKoCT9BW8BsoYnhn4pG2Ma153J7HQwOQxKge9-3DNvEO1WFDUr33ek2AFTFp4359JYoNQ60jVolLIQ8lTK02S9Ydc9DLsW9uZTQ0_VF1GXdKLFBP2rVQO7USXNIrBL5IhBJOSJFO98Lhqy0lxOHtP8vT1ppfTucktcZAkjSaz3FR4glQ84tzEA067kzklLALUpdEs0eI1Ys373lpNhG9a1ucznB5KyAf3UcXRPZFkGUK6Ppfxp4NLzx1Y4CJkhTEv09TLnh2NH7o1dCC9QWWGh1S8RhYl_xMgnHdzAkkZ8hGKyjzH9byxMxgt2yPMdIb7rqltHgpQYSEQxIaBRue0vnVdsDED571mJszmkxDQ-Vt_JIZe9QG4VztjWAc9XgiY7gGoTSdPy5DFkemSsAEg_Cp2JUE4AQDkAYBoAZ2gAeC9eujA6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB9-fsQLYBwDSCBEIgOGAEBABGB8yAqoCOgKAQIAKAcgLAeALAYAMAbAT_5KZEMgThpiC4QPYEwqIFALYFAHQFQH4FgGAFwE

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 31 Aug 2022 13:14:19 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 vast Show response
bid.g.doubleclick.net/dbm/ Frame 156A 28 KB
16 KB 172ms
71ms XHR
text/xml 74.125.71.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://bid.g.doubleclick.net/dbm/vast?dbm_c=AKAmf-DYB_VDUJ0Joby-DV4db2hfhkbPaLGGSa294z6qCvzfZn8yG9tri0bmbRV_lJ7P5AUlj54WDSPdLgr4m78UZBoPVJMDlg&cry=1&dbm_d=AKAmf-DQdImYx3qB14uWxzwU2f6flgB2AJYLM8sao9Tuyp8kqpDMmhrszarzzciFkuqbiKlFQjI9Gs-zq390xfbTykp5MZvgji2hiyGPCb_dwbE7ZRZLehKaoH2XWbuWzspaEvZc0Rhj1NuoJT7jmTdiw_gF2WKbM2BF_-wC9M-PsYTKginurkebUs7vsoMjGAP4kWpEhhye8Z3n0z5Sckox2OI1QvGRhjPmvvrZM2spdTnDid4RmJFpYdJ2pM8E6SGilrkV6pEyF99i8JXKNdGW10IMv-ZP2VRCkRZXZAFSonJOw8GdwMYxhcTQM7fM0MwPFx2m5p8EetyTPf_J_3Wh4eoEWL6b4Dr4Xck1H1Taxw7e3BOd0vUJssgd-w-Wczw9ZlGMkWgE0KTeGBsybnH6kCL2hkU8gAOkWAit6xd06dIlgAEyr3ROMgY5MDNahwb104x6aAeZaxH9wLiDgrrVQdSsZ8QeHtEKqPqDNmocoM5-08nsof46Kfap62of5PIFJ3hZEgWe3cMY90o3z1eyQMtwBhK-5wkp-qTVjDTPVXDZuI6OxOx8XR-KP5R3tsMH5vSwZ5LGjA4aRDzWERTK0kueQCJFA1n96Mp14znQN-WekWR0ZrTXnQ46xaIgmpK4UUYcmDqQPd6HFjkj4k80vJPEORI4OVHj5ha8miPcBZDEsj-ViL32XW18fibjWadVQSdXRLzOC5nh6U0gU9hnzYDAvdPZ3dpubZ1egVq0BJM-wbb-A1do1ptGdRFTQXHZ7A_i0ZCGikRn9bamdEN3tAcJHn_jQyom_xdxmJDC1r8n5RCU75TgkHt4ZjkYwV8KcWSWQlhcfFsXPOkXDakBBq-LDP3VvmKbAaOsDY8oi_1h-gpeet2_HvbiWV_9R97IEwV8Eyo3YoErtD6VPK4Yf6ZEkbOPGUPnG-a0MK5x7QutRUtYNRYWSleZ6JdV6ImfYi8Q3O7cy3YjkeknMv3wDzbhCejn2GOJwwaUi8EKnnckecIIloRrJoG-pNftG1pbKM25EfV_tmLw_LTyfqN2d0i5HOoov0oJJ6ovnCok4bvq-DrdTiwVtU7cSGjb5JaiOc2-SYg04o-wAWvSWn4AUxF12sI5ETK18v-esFMdIhzpf7IowEDFDxaHp8-O5iC_Fb1sOLQyX-cgCgdHXtFoblDsXR7_Tov_uT1Q-NImw4f3-d84C8x_gOblhD_OC1pu-xlKsYd8q3ifaR1b8TSsdVpcbz2XFPp3BCpNJwy52RPwK6gjT8QGwGEUygPGiUwezVP7eWEG1TJBJO4iA8cXMBDeR_AILrCA7nLTcQNSzqfc-TWYjGgvjALOvEZ-TO5UPOaUVeaY4WMjmArAo8xgOHFcnFcpNXmhbvhRFTJgf_KLg119d4IvhwlfmXF7gMBJF9L1GwD__cgMtJhpq4Wr9Bua7TUPsDSdb-_hRf6NFann9T4I3NoZJB4tB8ZxzjKlvDcXgXEvNblGYxi6kMzUH6h14O053gnJUsrr8D3LJ8obP9ZQU3jc5io87s8HC2LSRVtZr6_Bblrt_tUbKFWmXQO9qHLMUp1AgasN9IFktpLGjwXrbHf6oPrBA7EdILT3F4g7HRl9d_K3A9SzuJfUfrUn1cv_-HAStWBjbVvp1aCENBmptGcPdTZYqPAIXzX0OY4TgGtnZwA-913FBoDPF_zul9EDTe1-nkkLruz7-xYGFhhiyawG_5Bmy_PxyyriHm-ACox7s7_kgXkaFKw6dR2cjRlA0ImcLorpwlJCHF4VQMgu5asCF3nT4PkmWXtMmHKAS3Ew1mBMd3MQY6NjFOVif-lnP2H6WnNESnk3IDkdqzItDBQ-963wIs-ooH2CzuozhYbAAV4ZTRTImBlpQoFhaenzwHxCPMsSv2AQdAHwmD6bGolJB8E2bEu626kVpCHaRznaxd9ZZ3wrKvHm1ctDgsXIbL0A5eVmsJb5_VSeOhBtvv6fPjPmg0Bu4sU0uYm08AC5fv97tMbAea5NaUZgRwcY61ZHohRHajpgXvqKa0tLpQBOxWCl7m4fmzlIysrKAAXz7tE6S22ubeCq_u0Ur5Aj1WsfYtRcbsXShPU2RBp6nPMmYx5U8zNqYwKiPqAfVPZ5VdxwByIr5SHucPgzq4QM8zcGaw_iwg5xJTTB5JuQ9FQNxjNuSz3cz0ysRwSQZN9bzTyzzyKi4hfzdp_JsfA19EPFNi5iZoOw8pVT7ROgm8_p2qjthv6M59A6f38J8ayIdgYugNMZm68OGRHgA8e_Iv0EM7YHLmINg5Y-LT_zSwiavZIZ1yFwr0QfvbvJKdS3sw_6ZiaYc9tbflf3VTNjl5Ij7d_OMlxx3PXKJtD3vbvQw2_q2nl8V40EM5yDix-LkP5zr2Aq4KOwvNYpnqulZD2nRcfsjjN3PAi7MIq51STjbvZPe8x74xbRnbrlUmRE2GfBfJF5wHxzwnhjJTMwgzZRUBU7NFjimdy2uDaEHhQt_f0sCftuiTPb0EUTO9v2znO3kooAcML5UYdCTSMDXL89QY0KXK8_y_9gvDh0wu4p3T3K67e80GYKKvjk3GqD-21gKbaSnjcF9znpfuDwyBAIfbUBjSW6Qg5EJN4NXXMjVUPgJc0mxuYl1xVqOvPmkBavnrjqEIDVSkLpmgozvIbnQ-7Jmx1-9sUB49qdEijkhJj2-zA597lIBQNFHnGdPBQQNqe2zoZON9xwKMVI96ScAIMpWZ97hVmvlHclmgSL1CaWpfkv-PnYNnMdi89fUv9Uemx6idbBgJkRjoqbi36uxDrbLJRbis8gyWcidT1n57gg2m6rVKNrpsSql1RzbugOAlQTaBcbnN50MlIpz2pYiVsbFU6nFYLoOo-chFG7yoQtGNkta_1NfvIrShUaxsL91iLiU0Z5e-52mrud5yNGbdlfZ-MqsLBoHoPWRVtMJhlKsOMrdoM4FGFzKjkV8uZBaCQY27CXh0bfGdTaINNGUv2vA_XqbA5E0Arw5H90C3tilJNtXb1r5nxnfsabZ_dDUPntTfONM8RPwlN4JsSMLXon1n7fYS2Ci1iJFYq-IYRvNz-Hv82nYeE27fxJW8MikktXVlnRSJ0OVo-eAZP551gf7kTqrEdrWEZfJ4vhKTmq97gNcWoMfz0p1FyunlZKRijd_kM3zyNM5VVdFL-A2iMnurKtcjE_25Ene1BK56EE7ngdFOIiccHQJCqSWtZ9fMuVHQhti2ZaYKcSUiEvCgsVa9OdcdGKcDl8dnlF9TP44Zo9nUrAnWi3E36DYOdFVJdqE1rw1EyIb8sjdyVNg38WJ4q7BLjNtz6CH6zqVHrwWWkzt2iCFfmcweB2zdGTLduajGgdFFdygFE_Qv7y_GfnT1zys8R8GlvBB9Od5ZMaydXoTRE5IzrsJd8Tn92O1cdOCxqD5lD67e2gUqKzb6XmjtBOnI3DDHj9kpxMgeTfD1oU7MNwijLCJY-1bayliVegMJocRCaeo0fMmkZzbDr70PmGIK5Zu6_m_pCuI7Y2lorGyrJ3qCLKnaXMKwz9xVAgrwchMpCBWFlxqEkToCnv9LgC8Wi2FS6Y8_6tx_ziCKgh7D7_zxDPm3uk&cid=CAASBORoy9Y&sdkv=h.0.0.0&osd=2&frm=2&vis=1&sdr=1

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20220822_RC00/outstream.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.125.71.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wn-in-f154.1e100.net

Software

cafe /

Resource Hash

bd395465ac15978c67b0e9dfc8787ee3c2550b0b2bff5b5944fae483c225ff77

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 13:14:19 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15818
x-xss-protection: 0
pragma: no-cache
server: cafe
content-type: text/xml; charset=UTF-8
access-control-allow-origin: https://googleads.g.doubleclick.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 156A 0
0 61ms
60ms Fetch
text/html 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=Crqx3ql4PY_Un7c6P7w-ah7_4DKaQsPBrjd6zmqAQ8a_q4qIyEAEg1bOubWCV2oiCmAegAYK9m8QoyAEFqQI1dxVD44NtPqgDAaoEpwJP0FbwGyhieGfikbYxrXncnsdDA5DEqB737cM28Q7VYUNSvfd6TYAVMWnjfn0lig1DrSNWiUshDyVMrTZL1h1z0Muxb25lNDT9UXUZd0osUE_atVA7tRJc0isEvkiEEk5IkU73wuGrLSXE4e0_y9PWml9O5yS1xkCSNJrPcVHiCVDzi3MQDTruTOSUsAtSl0SzR4jVizfveWk2Eb1rW5zOcHkrIB_dRxdE9kWQZQro-l_Gng0vPHVjgImSFMS_T1MueHY0fujV0IL1BZYaHVLxGFiX_EyCcd3MCSRnyEYrKPMf1vLEzGC3NI7ThRCUZ5QmzuOj-2OhLpyuZiZ582mCynjTwtSSTTqzVLTYVhBEG5NT-h5hxAGH3Mp_UA57DPlbS3pd_uydwASD8KnYlQTgBAOIBZO-2LJDkgUGCB0QBBgBkgUGCB0QARgBkgUGCB4QARgBkAYBoAZ2gAeC9eujA6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4b2AcA8gcJENotGJfQ1c4B0ggRCIDhgBAQARgfMgKqAjoCgECACgHICwGwE_-SmRDIE4aYguED2BMKiBQC2BQB0BUBgBcBshccChoIABIUcHViLTU3MjA3NjMyNzE1MzIzNzcYAA&sigh=v_nkghyM3Gc&uach_m=[UACH]&cid=CAQSGwCsnQUxaI3s96Fs-Hjn_Quvv-mdlygulA3M4Q&vt=10

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5720763271532377&output=html&h=591&slotname=4336667154&adk=296923673&adf=1593494102&pi=t.ma~as.4336667154&w=1182&cr_col=4&cr_row=2&fwrn=2&lmt=1661951657&rafmt=9&psa=0&format=1182x591&url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D4bc695cf6e9f1cd4a4d7dc118edfa9ed&crui=image_stacked&fwr=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1661951657595&bpp=2&bdt=455&idt=323&shv=r20220829&mjsv=m202208250101&ptt=9&saldr=aa&abxe=1&prev_fmts=299x250%2C299x600%2C1182x200%2C1200x200%2C1200x200%2C1200x200&correlator=1586759193417&frm=20&pv=1&ga_vid=1684267297.1661951657&ga_sid=1661951658&ga_hid=1463385701&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=359&ady=4318&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44770881&oid=2&pvsid=2067061859819734&tmod=1315424044&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=7&uci=a!7&btvi=3&fsb=1&xpc=pguM8gqM7h&p=https%3A//www.threatminer.org&dtd=329
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Wed, 31 Aug 2022 13:14:19 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H2 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame C1BE 16 KB
16 KB 76ms
50ms Font
font/woff2 2a00:1450:4001:801::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A400%2C500

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 24 Aug 2022 20:10:25 GMT
x-content-type-options: nosniff
age: 579834
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15920
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:45 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 24 Aug 2023 20:10:25 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ Frame C1BE 15 KB
15 KB 67ms
43ms Font
font/woff2 2a00:1450:4001:801::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A400%2C500

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Thu, 25 Aug 2022 08:01:51 GMT
x-content-type-options: nosniff
age: 537148
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15744
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 25 Aug 2023 08:01:51 GMT

GET
DATA 200
OK truncated
/ Frame 156A 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c6d8f1eb914be17db9daf198741bc79007179f85c77f8773b982d84f3f206d87

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame A1C8 0
0 64ms
64ms Fetch
text/html 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CbJ-PqV4PY9bgOoiT78EPorGAwAXukeL6apDd2tecDtrZHhABINWzrm1gldqIgpgHoAGro5TaAsgBAakCsDNyxsLJsD6oAwHIA8sEqgToAU_QguwzGvhUoKDtV9-rXz-bg_6lCT13AVGB5kjO66LBRb7SqZxN6Dwhcl4moBcYipaasIMKWypadoMNtDNUWR0-Bq7S5S8-lvVEyEnhVUcMCrVA4Zlmd47x5W3vhhKO8Pam_68maUQwUHQLYyWo-7AZWVmlajgUE_ePCI42QgjX59Je3OViFfNv9AZoQww3RdZVz2hit5gWsVZgo_cJrTuP5PXOdbrpY_HXn3Vre2myXMRr76y2dfDzBf52FHscNhiXo0Yf_62-MnvNgkCNxRnqMr9hpgyOarly1nw-rPGr3CCkFK2x_8HABJbGvpXTA4AHzvXewgGoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G9gHAfIHBBDDxwfSCBEIgOGAEBABGB8yAqoCOgKAQIAKAcgLAdgTA4gUA9AVAYAXAbIXHAoaCAASFHB1Yi01NzIwNzYzMjcxNTMyMzc3GAA&sigh=JWb4Ya4rg2M&uach_m=[UACH]

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5720763271532377&output=html&h=200&slotname=1381165906&adk=2644663765&adf=151644923&pi=t.ma~as.1381165906&w=1182&fwrn=4&lmt=1661951657&rafmt=11&psa=0&format=1182x200&url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D4bc695cf6e9f1cd4a4d7dc118edfa9ed&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1661951657588&bpp=2&bdt=448&idt=300&shv=r20220829&mjsv=m202208250101&ptt=9&saldr=aa&abxe=1&prev_fmts=299x250%2C299x600&correlator=1586759193417&frm=20&pv=1&ga_vid=1684267297.1661951657&ga_sid=1661951658&ga_hid=1463385701&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=359&ady=115&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44770881&oid=2&pvsid=2067061859819734&tmod=1315424044&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=rTcnpMJugi&p=https%3A//www.threatminer.org&dtd=304
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Wed, 31 Aug 2022 13:14:19 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3 200 617128392d656a001145bb00.jpg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/3028943097652992417/ Frame 6162 59 KB
59 KB 23ms
23ms Image
image/jpeg 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/3028943097652992417/617128392d656a001145bb00.jpg

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/3028943097652992417/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4f517d1ac417e75a3d8818ae63ffe2187e0b3939bfd9f04181fb1267cac69431

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 515999
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 60254
x-xss-protection: 0
last-modified: Thu, 21 Oct 2021 13:21:41 GMT
server: sffe
date: Thu, 25 Aug 2022 13:54:20 GMT
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Fri, 25 Aug 2023 13:54:20 GMT

GET
H3 200 617128392d656a001145bafc.svg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/3028943097652992417/ Frame 6162 2 KB
932 B 28ms
27ms Image
image/svg+xml 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/3028943097652992417/617128392d656a001145bafc.svg

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/3028943097652992417/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3120614819b26a2eb6d80b72a5a31bd143499bb9653db71941b6e6a463260eab

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding: gzip
x-content-type-options: nosniff
age: 417355
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 900
x-xss-protection: 0
last-modified: Thu, 21 Oct 2021 13:21:41 GMT
server: sffe
date: Fri, 26 Aug 2022 17:18:24 GMT
vary: Accept-Encoding
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sat, 26 Aug 2023 17:18:24 GMT

GET
H3 200 61712ac02d656a001145bbb4.jpg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/3028943097652992417/ Frame 6162 116 KB
116 KB 29ms
28ms Image
image/jpeg 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/3028943097652992417/61712ac02d656a001145bbb4.jpg

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/3028943097652992417/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2c27eb38979eee78869d19b69550daca7dbfd23c480de81234044c0bb061bd6b

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 585252
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 118894
x-xss-protection: 0
last-modified: Thu, 21 Oct 2021 13:21:41 GMT
server: sffe
date: Wed, 24 Aug 2022 18:40:07 GMT
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Thu, 24 Aug 2023 18:40:07 GMT

GET
DATA 200
OK truncated
/ Frame 6162 5 KB
5 KB Font
font/truetype

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 0224a11bcc4a7bb6bba5eb4160eeb1de3eadf4c9e9a36d92686aabba1a7c110f

Request headers

Referer
Origin: null
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

Content-Type: font/truetype;charset=utf-8

GET
DATA 200
OK truncated
/ Frame 3E97 219 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 13cb584d2a659e438d0f2927607e03b70402180e7f4df9ce7de3c0d1cdb19ca9

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame F664 143 B
163 B 22ms
21ms Document
text/html 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5720763271532377&output=html&h=200&slotname=1381165906&adk=2644663765&adf=151644923&pi=t.ma~as.1381165906&w=1182&fwrn=4&lmt=1661951657&rafmt=11&psa=0&format=1182x200&url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D4bc695cf6e9f1cd4a4d7dc118edfa9ed&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1661951657588&bpp=2&bdt=448&idt=300&shv=r20220829&mjsv=m202208250101&ptt=9&saldr=aa&abxe=1&prev_fmts=299x250%2C299x600&correlator=1586759193417&frm=20&pv=1&ga_vid=1684267297.1661951657&ga_sid=1661951658&ga_hid=1463385701&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=359&ady=115&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44770881&oid=2&pvsid=2067061859819734&tmod=1315424044&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=rTcnpMJugi&p=https%3A//www.threatminer.org&dtd=304
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 175
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
date: Wed, 31 Aug 2022 13:11:24 GMT
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame A1C8 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bd50ebd05c794c55ae75b0253f21026e2f94be7d3afff4b803e7f2418732b3fc

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

Content-Type: image/png

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 78F3
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
18 B

42ms
42ms

Document
text/html

2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 31 Aug 2022 13:14:19 GMT
expires: Wed, 31 Aug 2022 13:14:19 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 31 Aug 2022 13:14:19 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2
fonts.gstatic.com/s/googlesans/v45/ Frame 3E97 28 KB
28 KB 67ms
23ms Font
font/woff2 2a00:1450:4001:801::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v45/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4a6fab14bfe7b33fe5dc5349a2bb3720037e0ed7ebe621b352340f9514d83c08

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 08:44:44 GMT
x-content-type-options: nosniff
age: 16175
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28288
x-xss-protection: 0
last-modified: Wed, 01 Jun 2022 19:05:56 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 31 Aug 2023 08:44:44 GMT

GET
H3 200 kgODt4LT3wRHpfZf-cCV6tHK-CEpZ0phJKiXjce9MW0.js Show response
pagead2.googlesyndication.com/bg/ Frame 26F7 36 KB
15 KB 22ms
21ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/kgODt4LT3wRHpfZf-cCV6tHK-CEpZ0phJKiXjce9MW0.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

920383b782d3df0447a5f65ff9c095ead1caf82129674a6124a8978dc7bd316d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 12:06:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 4074
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15816
x-xss-protection: 0
last-modified: Mon, 22 Aug 2022 11:08:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 31 Aug 2023 12:06:25 GMT

GET
H3 200 HdsydzJK.js Show response
tpc.googlesyndication.com/sodar/ Frame 156A 41 KB
15 KB 24ms
24ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/HdsydzJK.js

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20220822_RC00/outstream.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1ddb3277324a871335ef0b7e680de58c9a79b3c1355b4082ca5425818c8a0306

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Tue, 30 Aug 2022 08:18:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 104140
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15407
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 30 Aug 2023 08:18:39 GMT

HEAD
H/1.1

200
OK

file.mp4
r3---sn-4g5lznez.c.2mdn.net/videoplayback/id/7a19311de55a1d60/itag/343/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1693487659/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip... Frame 156A
Redirect Chain

https://gcdn.2mdn.net/videoplayback/id/7a19311de55a1d60/itag/343/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1693487659/sparams/ip,ipbits,expire,id,itag,source,ctier,acao/signa...
https://r3---sn-4g5lznez.c.2mdn.net/videoplayback/id/7a19311de55a1d60/itag/343/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1693487659/sparams/acao,ctier,expire,id,ip,ipbits,ita...

0
0

122ms
22ms

Fetch
video/mp4

2a00:1450:4001:11::8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://r3---sn-4g5lznez.c.2mdn.net/videoplayback/id/7a19311de55a1d60/itag/343/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1693487659/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/08E80288A8C2ED6FE41FBF7673BD51BE1CB65B5F.10A1A963B2E26D6112EA1A93D73CA8B99E466141/key/cms1/cms_redirect/yes/mh/3l/mip/2001:1b60:2:240:3247::10/mm/42/mn/sn-4g5lznez/ms/onc/mt/1661950229/mv/u/mvi/3/pl/29/file/file.mp4

Requested by

Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=4bc695cf6e9f1cd4a4d7dc118edfa9ed

Protocol

HTTP/1.1

Server

2a00:1450:4001:11::8 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gvs 1.0 /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

Date: Wed, 31 Aug 2022 13:14:19 GMT
X-Content-Type-Options: nosniff
Connection: close
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Content-Length: 6389289
Last-Modified: Tue, 05 Jul 2022 12:12:01 GMT
Server: gvs 1.0
Vary: Origin
Content-Type: video/mp4
Access-Control-Allow-Origin: null
Access-Control-Expose-Headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
Cache-Control: private, max-age=86400
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Timing-Allow-Origin: null
Expires: Wed, 31 Aug 2022 13:14:19 GMT

Redirect headers

date: Wed, 31 Aug 2022 13:14:19 GMT
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 654
x-xss-protection: 0
pragma: no-cache
server: ClientMapServer
location: https://r3---sn-4g5lznez.c.2mdn.net/videoplayback/id/7a19311de55a1d60/itag/343/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1693487659/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/08E80288A8C2ED6FE41FBF7673BD51BE1CB65B5F.10A1A963B2E26D6112EA1A93D73CA8B99E466141/key/cms1/cms_redirect/yes/mh/3l/mip/2001:1b60:2:240:3247::10/mm/42/mn/sn-4g5lznez/ms/onc/mt/1661950229/mv/u/mvi/3/pl/29/file/file.mp4
x-frame-options: SAMEORIGIN
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://googleads.g.doubleclick.net
access-control-expose-headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: https://googleads.g.doubleclick.net
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK 2.691622e4391d1973cb65.js Show response
platform.twitter.com/_next/static/chunks/ Frame 85D0 23 KB
8 KB 53ms
48ms Script
application/javascript 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/_next/static/chunks/2.691622e4391d1973cb65.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/_next/static/chunks/runtime-d2ba011899a8bc832546.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/669E) /
Resource Hash: 2adcd0a627dee2ac4ab782a00745d7678e374dc4625ddf673a88121977d77c67

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://syndication.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

Date: Wed, 31 Aug 2022 13:14:19 GMT
Content-Encoding: gzip
Age: 55070
X-Cache: HIT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=,edge;dur=1
Content-Length: 7674
x-tw-cdn: VZ
Last-Modified: Wed, 17 Aug 2022 17:37:20 GMT
Server: ECS (frb/669E)
Etag: "942b5b928a24465d1906b4716131d896+gzip"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000

GET
H/1.1 200
OK 13.09c590cd998fa2397151.js Show response
platform.twitter.com/_next/static/chunks/ Frame 85D0 37 KB
12 KB 52ms
48ms Script
application/javascript 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/_next/static/chunks/13.09c590cd998fa2397151.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/_next/static/chunks/runtime-d2ba011899a8bc832546.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/67D3) /
Resource Hash: 051bd41696a497c7891aaa6a93dce72c29739554d4e62fb90105b763be65af0a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://syndication.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

Date: Wed, 31 Aug 2022 13:14:19 GMT
Content-Encoding: gzip
Age: 55070
X-Cache: HIT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=,edge;dur=1
Content-Length: 11940
x-tw-cdn: VZ
Last-Modified: Wed, 17 Aug 2022 17:37:20 GMT
Server: ECS (frb/67D3)
Etag: "76694dab102afd5143c360f0ebd05d2f+gzip"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000

GET
H3 200 reactive_library_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202208250101/ 149 KB
53 KB 89ms
88ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202208250101/reactive_library_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2d3049aa7cdfb91844f8eebee3a12ef3b26b99ff7ad34026cf0e66431808ac30

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 13:14:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 54512
x-xss-protection: 0
server: cafe
etag: 6600079751191921638
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Wed, 31 Aug 2022 13:14:19 GMT

GET
H3 200 4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2
fonts.gstatic.com/s/googlesans/v45/ Frame A1C8 28 KB
28 KB 40ms
21ms Font
font/woff2 2a00:1450:4001:801::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v45/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4a6fab14bfe7b33fe5dc5349a2bb3720037e0ed7ebe621b352340f9514d83c08

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 08:44:44 GMT
x-content-type-options: nosniff
age: 16175
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28288
x-xss-protection: 0
last-modified: Wed, 01 Jun 2022 19:05:56 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 31 Aug 2023 08:44:44 GMT

GET
H2 200 adview.htm
rt3047.infolinks.com/action/ 0
136 B 254ms
253ms Image
text/html 172.66.41.9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rt3047.infolinks.com/action/adview.htm?rid=109cd881-78b4-4998-ae96-84fc5506e86b&bdc=1&midx=0&emd=NDg0fnd3dy5jb25zZWpvc3l0cnVjb3MuY28&rts=1661951659400&prod_t=d&jsv=1817.005-3.025&skin=sidebar&theme=lightBlue&sdata=license&scs=UVPATUEIaZ&rsd=Uz8VXgtGmyLVo7gKvyFkxiOCxqigpbZpq5U29z83x9WTJmpsDSKwTyxFcufE7QKuAhE0AfSMw0bcajEBA0Xt0bAI2rFx0AfGx12t7tKw9sgZ5Gacq3uODgcWy4URjfzR4WuAqX29yGoxA34BANQqhYhy2cU6K-_S&rsk=10&rcs=tM2Z_TJAmPykQpUXCAiFMg
Requested by: Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=4bc695cf6e9f1cd4a4d7dc118edfa9ed
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 31 Aug 2022 13:14:19 GMT
cf-cache-status: DYNAMIC
server: cloudflare
p3p: CP="NON DSP NID OUR COR"
content-type: text/html;charset=UTF-8
cache-control: no-cache,no-store
cf-ray: 7436074f6cd8bb83-FRA
content-length: 0
x-application-context: application:prod
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK /
b1t-nydc1.zemanta.com/t/imp/impression/6T3VJUEJWAPNR3RJX556Z7HMOX3LEIPNXAHHETN4YDR7MZ4LH3MJYA62M2Q2GR3CFE7QZDSZ5T275LWVUDUXOZ7O7V3H4C2OQRUZABESZZERY2PLSI5WPSIVZWGVYMJLFP2GXHJPE6JI3DX2NI4AHLLXLZNA7W... 26 B
127 B 443ms
101ms Image
image/gif 70.42.32.191
INTERNAP-BLK3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://b1t-nydc1.zemanta.com/t/imp/impression/6T3VJUEJWAPNR3RJX556Z7HMOX3LEIPNXAHHETN4YDR7MZ4LH3MJYA62M2Q2GR3CFE7QZDSZ5T275LWVUDUXOZ7O7V3H4C2OQRUZABESZZERY2PLSI5WPSIVZWGVYMJLFP2GXHJPE6JI3DX2NI4AHLLXLZNA7W7WOTOI7F5ZYKUEH4KZQWOZNGMGDUSF4WUM4KJN7WIHOUZFQGSQX6MZWQGIWWBNLLNKKJXL7X7B63VT3STGP7CUVTFJKDPB4FS43ZAVJWUCAEGRIFRYM7K2PNGFVOR7AFGNZE3ZHH7ZH4Y3CA2PEZAAUUSYG66VEQN7VG7UZZUZZZ74V66WPNGJE6GFTMWIPPEXRVANBTQ2XVGLFJDUNH2Q/?
Requested by: Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=4bc695cf6e9f1cd4a4d7dc118edfa9ed
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 70.42.32.191 , United States, ASN13789 (INTERNAP-BLK3, US),
Reverse DNS: ny.outbrain.com
Software: /
Resource Hash: 3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

Date: Wed, 31 Aug 2022 13:14:19 GMT
Content-Length: 26
Content-Type: image/gif

GET
H2 200 020a3d21e66d0be4fd74178d8e99357402.jpg
zem.outbrainimg.com/p/srv/sha/5e/e6/82/ 6 KB
7 KB 92ms
21ms Image
image/jpeg 151.101.114.132
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://zem.outbrainimg.com/p/srv/sha/5e/e6/82/020a3d21e66d0be4fd74178d8e99357402.jpg?w=90&h=70&fit=crop&crop=center&fm=jpg

Requested by

Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=4bc695cf6e9f1cd4a4d7dc118edfa9ed

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.114.132 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

imgix /

Resource Hash

7bc18b5718942a0be257c8e21bf09551dc3042b91a222f21f382b98242c0a99f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 13:14:19 GMT
via: 1.1 varnish
x-content-type-options: nosniff
age: 2717892
x-cache: HIT, MISS, HIT
x-imgix-id: 3261f1a479513e32fc5bfd40f465462a6c54d5ba
content-length: 6524
x-served-by: cache-sjc10042-SJC, cache-hhn4020-HHN, cache-hhn4081-HHN
last-modified: Sun, 31 Jul 2022 02:16:07 GMT
server: imgix
x-timer: S1661951660.500379,VS0,VE0
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
accept-ranges: bytes
cross-origin-resource-policy: cross-origin
x-cache-hits: 2

GET
H3 200 kgODt4LT3wRHpfZf-cCV6tHK-CEpZ0phJKiXjce9MW0.js Show response
pagead2.googlesyndication.com/bg/ Frame 1CC9 36 KB
15 KB 22ms
22ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/kgODt4LT3wRHpfZf-cCV6tHK-CEpZ0phJKiXjce9MW0.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

920383b782d3df0447a5f65ff9c095ead1caf82129674a6124a8978dc7bd316d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 12:06:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 4074
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15816
x-xss-protection: 0
last-modified: Mon, 22 Aug 2022 11:08:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 31 Aug 2023 12:06:25 GMT

GET
DATA 200
OK truncated
/ 2 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1f42b6c9dab0b73174621c0daba5d82d4f2d841fed05a3784952e660b13fb78b

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

Content-Type: image/png

POST
H/1.1 200
OK ping Show response
links.services.disqus.com/api/ 317 B
754 B 120ms
70ms XHR
text/javascript 199.232.192.64
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://links.services.disqus.com/api/ping
Requested by: Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/alfie_v4.63f1ab6d6b9d5807dc0c94ef3fe0b851.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 199.232.192.64 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: 31476f477af5411a2350f9cc0824eaf7dab774e9f28665c65be42ddd19932379

Request headers

Referer: https://www.threatminer.org/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

Pragma: no-cache
Date: Wed, 31 Aug 2022 13:14:19 GMT
Server: Apache-Coyote/1.1
P3P: CP="ALL IND DSP COR CUR ADM TAIo PSDo OUR COM INT NAV PUR STA UNI"
Access-Control-Allow-Origin: https://www.threatminer.org
Cache-Control: no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/javascript;charset=UTF-8
Content-Length: 317
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3 200 kgODt4LT3wRHpfZf-cCV6tHK-CEpZ0phJKiXjce9MW0.js Show response
pagead2.googlesyndication.com/bg/ Frame 6162 36 KB
15 KB 22ms
21ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/kgODt4LT3wRHpfZf-cCV6tHK-CEpZ0phJKiXjce9MW0.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

920383b782d3df0447a5f65ff9c095ead1caf82129674a6124a8978dc7bd316d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 12:06:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 4074
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15816
x-xss-protection: 0
last-modified: Mon, 22 Aug 2022 11:08:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 31 Aug 2023 12:06:25 GMT

GET
H3 200 H0ZEmIz7.html Show response
tpc.googlesyndication.com/sodar/ Frame 120C 23 KB
9 KB 20ms
20ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/H0ZEmIz7.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/HdsydzJK.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1f4644988cfb9648d5236c12056f9ca31317c75544ef8776f4fec148322bb954

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 88141
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8727
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 30 Aug 2022 12:45:18 GMT
expires: Wed, 30 Aug 2023 12:45:18 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame F664
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

41ms
40ms

Document
text/html

2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 31 Aug 2022 13:14:19 GMT
expires: Wed, 31 Aug 2022 13:14:19 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 31 Aug 2022 13:14:19 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1 200
OK 0.8f205dbb7b06b224e307.js Show response
platform.twitter.com/_next/static/chunks/ Frame 85D0 595 KB
183 KB 26ms
21ms Script
application/javascript 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/_next/static/chunks/0.8f205dbb7b06b224e307.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/_next/static/chunks/runtime-d2ba011899a8bc832546.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/6763) /
Resource Hash: dfde5485c4fc9e9acca625d86fbeb240c9bd3ab78a395721aae49aa97b091c93

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://syndication.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

Date: Wed, 31 Aug 2022 13:14:19 GMT
Content-Encoding: gzip
Age: 55070
X-Cache: HIT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=,edge;dur=1
Content-Length: 186671
x-tw-cdn: VZ
Last-Modified: Wed, 17 Aug 2022 17:37:22 GMT
Server: ECS (frb/6763)
Etag: "11f6449263029b9f59f18afa52cc99ed+gzip"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000

GET
H/1.1 200
OK 1.5e254e44cdee3fa37dc8.js Show response
platform.twitter.com/_next/static/chunks/ Frame 85D0 1 MB
289 KB 24ms
19ms Script
application/javascript 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/_next/static/chunks/1.5e254e44cdee3fa37dc8.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/_next/static/chunks/runtime-d2ba011899a8bc832546.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/6731) /
Resource Hash: 61723fe95f866398ae8490661ffb77e0fcd3d5eb598eeebb1ed5e593049487e2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://syndication.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

Date: Wed, 31 Aug 2022 13:14:19 GMT
Content-Encoding: gzip
Age: 55070
X-Cache: HIT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ,edge;dur=1
Content-Length: 295182
x-tw-cdn: VZ
Last-Modified: Wed, 17 Aug 2022 17:37:20 GMT
Server: ECS (frb/6731)
Etag: "8ed3dcb9e2dee09ff8ca7e94a8527825+gzip"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000

GET
H/1.1 200
OK 4.5238eaaf6e1b92b24f7e.js Show response
platform.twitter.com/_next/static/chunks/ Frame 85D0 2 KB
2 KB 26ms
21ms Script
application/javascript 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/_next/static/chunks/4.5238eaaf6e1b92b24f7e.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/_next/static/chunks/runtime-d2ba011899a8bc832546.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/67D3) /
Resource Hash: 7f9ae5335d4db51a427fcbd9d291958b98ac28713fa8b6dc8de328d9298a8735

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://syndication.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

Date: Wed, 31 Aug 2022 13:14:19 GMT
Content-Encoding: gzip
Age: 55070
X-Cache: HIT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=,edge;dur=1
Content-Length: 1220
x-tw-cdn: VZ
Last-Modified: Wed, 17 Aug 2022 17:37:20 GMT
Server: ECS (frb/67D3)
Etag: "5686b744ee1b68496ce70aace8e12820+gzip"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000

GET
H3 200 kgODt4LT3wRHpfZf-cCV6tHK-CEpZ0phJKiXjce9MW0.js Show response
pagead2.googlesyndication.com/bg/ Frame 410E 36 KB
15 KB 25ms
23ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/kgODt4LT3wRHpfZf-cCV6tHK-CEpZ0phJKiXjce9MW0.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

920383b782d3df0447a5f65ff9c095ead1caf82129674a6124a8978dc7bd316d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 12:06:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 4074
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15816
x-xss-protection: 0
last-modified: Mon, 22 Aug 2022 11:08:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 31 Aug 2023 12:06:25 GMT

GET
H3 206 file.mp4
r3---sn-4g5lznez.c.2mdn.net/videoplayback/id/7a19311de55a1d60/itag/343/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1693487659/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip... Frame 156A 781 KB
0 46ms
21ms Media
video/mp4 2a00:1450:4001:11::8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=4bc695cf6e9f1cd4a4d7dc118edfa9ed

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:11::8 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gvs 1.0 /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://googleads.g.doubleclick.net/
Accept-Encoding: identity;q=1, *;q=0
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36
Range: bytes=0-

Response headers

date: Wed, 31 Aug 2022 13:14:19 GMT
x-content-type-options: nosniff
Content-Range: bytes 0-6389288/6389289
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Content-Length: 6389289
expires: Wed, 31 Aug 2022 13:14:19 GMT
last-modified: Tue, 05 Jul 2022 12:12:01 GMT
server: gvs 1.0
vary: Origin
content-type: video/mp4
access-control-allow-origin: https://googleads.g.doubleclick.net
access-control-expose-headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
cache-control: private, max-age=86400
access-control-allow-credentials: true
accept-ranges: bytes
timing-allow-origin: https://googleads.g.doubleclick.net
client-protocol: quic

GET
H/1.1 200
OK sync.gif
links.services.disqus.com/api/ 43 B
375 B 64ms
61ms Image
image/gif 199.232.192.64
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://links.services.disqus.com/api/sync.gif?key=cfdfcf52dffd0a702a61bad27507376d
Requested by: Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=4bc695cf6e9f1cd4a4d7dc118edfa9ed
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 199.232.192.64 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: 89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 31 Aug 2022 13:14:19 GMT
Server: Apache-Coyote/1.1
P3P: CP="ALL IND DSP COR CUR ADM TAIo PSDo OUR COM INT NAV PUR STA UNI"
Cache-Control: no-cache, no-store
Connection: keep-alive
Content-Type: image/gif;charset=UTF-8
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
122 B 216ms
29ms Script
application/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.threatminer.org

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 31 Aug 2022 13:14:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 72ms
29ms Script
application/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.threatminer.org

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 31 Aug 2022 13:14:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20220829/r20110914/ Frame E7FD 10 KB
4 KB 26ms
21ms Document
text/html 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20220829/r20110914/zrt_lookup.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

de317176fa6b64a8e89bbd45d20b6be2560bbfa96e7e53e63eb754e18bfe6c1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.threatminer.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 49183
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=1209600
content-encoding: gzip
content-length: 4412
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 30 Aug 2022 23:34:36 GMT
etag: 8616628553774171045
expires: Tue, 13 Sep 2022 23:34:36 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20220829/r20110914/ Frame 1BF2 10 KB
4 KB 26ms
22ms Document
text/html 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20220829/r20110914/zrt_lookup.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

de317176fa6b64a8e89bbd45d20b6be2560bbfa96e7e53e63eb754e18bfe6c1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.threatminer.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 49183
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=1209600
content-encoding: gzip
content-length: 4412
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 30 Aug 2022 23:34:36 GMT
etag: 8616628553774171045
expires: Tue, 13 Sep 2022 23:34:36 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

POST
H/1.1 200
OK domains Show response
links.services.disqus.com/api/ 58 B
494 B 67ms
67ms XHR
text/javascript 199.232.192.64
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://links.services.disqus.com/api/domains
Requested by: Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/alfie_v4.63f1ab6d6b9d5807dc0c94ef3fe0b851.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 199.232.192.64 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: d8b28269b52356b04e9b50f17369eb1abbb37635ec2171964568829a49015a6f

Request headers

Referer: https://www.threatminer.org/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

Pragma: no-cache
Date: Wed, 31 Aug 2022 13:14:19 GMT
Server: Apache-Coyote/1.1
P3P: CP="ALL IND DSP COR CUR ADM TAIo PSDo OUR COM INT NAV PUR STA UNI"
Access-Control-Allow-Origin: https://www.threatminer.org
Cache-Control: no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/javascript;charset=UTF-8
Content-Length: 58
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3 200 woHX-vsUocJZKT3Xlr8m3oSeq6S0iuLiA_v8-B2MNhs.js Show response
pagead2.googlesyndication.com/bg/ Frame 120C 36 KB
15 KB 26ms
25ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/woHX-vsUocJZKT3Xlr8m3oSeq6S0iuLiA_v8-B2MNhs.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/H0ZEmIz7.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c281d7fafb14a1c259293dd796bf26de849eaba4b48ae2e203fbfcf81d8c361b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Tue, 30 Aug 2022 19:15:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 64758
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15802
x-xss-protection: 0
last-modified: Mon, 22 Aug 2022 11:08:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 30 Aug 2023 19:15:01 GMT

GET
H/1.1 200
OK ondemand.Dropdown.439f5863d42d2c4e587d.js Show response
platform.twitter.com/_next/static/chunks/ Frame 85D0 6 KB
3 KB 21ms
21ms Script
application/javascript 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/_next/static/chunks/ondemand.Dropdown.439f5863d42d2c4e587d.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/_next/static/chunks/runtime-d2ba011899a8bc832546.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/669F) /
Resource Hash: edb75c328dc364054a6afb3d5fecddde3c6298d89b15c96f9b77858a93d5df4c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://syndication.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

Date: Wed, 31 Aug 2022 13:14:19 GMT
Content-Encoding: gzip
Age: 55070
X-Cache: HIT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=,edge;dur=1
Content-Length: 2595
x-tw-cdn: VZ
Last-Modified: Wed, 17 Aug 2022 17:37:20 GMT
Server: ECS (frb/669F)
Etag: "ecb940ef53fa7c0bf625b22f9af2b345+gzip"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000

GET
H/1.1 200
OK vendors~ondemand.LottieWeb.84a69543ec64b75cae2a.js Show response
platform.twitter.com/_next/static/chunks/ Frame 85D0 148 KB
42 KB 22ms
21ms Script
application/javascript 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/_next/static/chunks/vendors~ondemand.LottieWeb.84a69543ec64b75cae2a.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/_next/static/chunks/runtime-d2ba011899a8bc832546.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/67BC) /
Resource Hash: 222fa391f26a0b6f4b5d8459ada308e078e6d2e69707766e247692a6f45676c8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://syndication.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

Date: Wed, 31 Aug 2022 13:14:20 GMT
Content-Encoding: gzip
Age: 55071
X-Cache: HIT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=,edge;dur=1
Content-Length: 41941
x-tw-cdn: VZ
Last-Modified: Wed, 17 Aug 2022 17:37:21 GMT
Server: ECS (frb/67BC)
Etag: "72929dff5e574c1b877555fd36c7683a+gzip"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000

GET
H2 200 like.3.json Show response
abs.twimg.com/sticky/animations/ Frame 85D0 19 KB
2 KB 96ms
21ms Fetch
application/json 2606:2800:233:8173:898f:63b3:95c3:79d2
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://abs.twimg.com/sticky/animations/like.3.json

Requested by

Host: platform.twitter.com
URL: https://platform.twitter.com/_next/static/chunks/1.5e254e44cdee3fa37dc8.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:233:8173:898f:63b3:95c3:79d2 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (frd/E2B0) /

Resource Hash

7d2cdcfb9a06ae6226f06b3cb14c4a53fa0f94ec5048dfb469d6834f6fb4e124

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://syndication.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 13:14:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2767909
x-ton-expected-size: 19835
x-cache: HIT
vary: Accept-Encoding
content-length: 1627
x-response-time: 9
surrogate-key: twitter-assets
last-modified: Tue, 15 Feb 2022 21:43:54 GMT
server: ECAcc (frd/E2B0)
etag: "b9munHAdxNyPtNl2GaO2bw=="
strict-transport-security: max-age=631138519
content-type: application/json
access-control-allow-origin: *
x-connection-hash: b2416fb8c94532ef46b2069f2a8d4ab6aa32507f9132cb6f6efe61940801c5b3
accept-ranges: bytes
timing-allow-origin: https://twitter.com, https://mobile.twitter.com
expires: Thu, 31 Aug 2023 13:14:20 GMT

GET
H2 200 1f448.svg
abs-0.twimg.com/emoji/v2/svg/ Frame 85D0 571 B
514 B 90ms
21ms Image
image/svg+xml 104.244.43.131
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://abs-0.twimg.com/emoji/v2/svg/1f448.svg

Requested by

Host: syndication.twitter.com
URL: https://syndication.twitter.com/srv/timeline-profile/screen-name/ThreatMiner?dnt=true&embedId=twitter-widget-0&frame=false&lang=en&maxHeight=500&origin=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D4bc695cf6e9f1cd4a4d7dc118edfa9ed&sessionId=c940bcf3d2e43cd9574b4a07d331b27eaddcac1c&showHeader=true&showReplies=false&theme=light&widgetsVersion=31f0cdc1eaa0f%3A1660602114609

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.43.131 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

4a1b6dc2f5a2d982076bb9749027da81c6c24bad4d6ee899e0aabd627031cb44

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://syndication.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

strict-transport-security: max-age=631138519
content-encoding: gzip
x-content-type-options: nosniff
x-cache: HIT, HIT
server-timing: x-cache;desc=HIT, x-tw-cdn;desc=FT
content-length: 373
etag: "HjttJ7+yHwTcngDHvJZcVQ=="
x-served-by: cache-fty21356-FTY, cache-hhn4032-HHN
last-modified: Wed, 21 Feb 2018 22:30:55 GMT
date: Wed, 31 Aug 2022 13:14:20 GMT
vary: Accept-Encoding
x-tw-cdn: FT
content-type: image/svg+xml
access-control-allow-origin: *
accept-ranges: bytes
timing-allow-origin: https://twitter.com, https://mobile.twitter.com
expires: Wed, 08 Jun 2022 10:40:50 GMT

GET
H2 200 1f602.svg
abs-0.twimg.com/emoji/v2/svg/ Frame 85D0 2 KB
1 KB 90ms
20ms Image
image/svg+xml 104.244.43.131
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://abs-0.twimg.com/emoji/v2/svg/1f602.svg

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.43.131 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

1752c287f6fbbb65e1c982399584bbc9b1e0c46f0dc181cda9b8028dc60c4c01

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://syndication.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

strict-transport-security: max-age=631138519
content-encoding: gzip
x-content-type-options: nosniff
x-cache: HIT, HIT
server-timing: x-cache;desc=HIT, x-tw-cdn;desc=FT
content-length: 770
etag: "YgFQPzqpGEcKIZCzbR4Zbw=="
x-served-by: cache-fty21323-FTY, cache-hhn4032-HHN
last-modified: Wed, 21 Feb 2018 22:31:08 GMT
date: Wed, 31 Aug 2022 13:14:20 GMT
vary: Accept-Encoding
x-tw-cdn: FT
content-type: image/svg+xml
access-control-allow-origin: *
accept-ranges: bytes
timing-allow-origin: https://twitter.com, https://mobile.twitter.com
expires: Fri, 17 Mar 2023 06:55:51 GMT

GET
H2 200 1f918.svg
abs-0.twimg.com/emoji/v2/svg/ Frame 85D0 1 KB
751 B 90ms
21ms Image
image/svg+xml 104.244.43.131
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://abs-0.twimg.com/emoji/v2/svg/1f918.svg

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.43.131 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

7747173ae0867afea05aba24e5cdeccb30d438445577780791b4cb3348436f8b

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://syndication.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

strict-transport-security: max-age=631138519
content-encoding: gzip
x-content-type-options: nosniff
x-cache: HIT, HIT
server-timing: x-cache;desc=HIT, x-tw-cdn;desc=FT
content-length: 611
etag: "TMY5iYc1Ub6SGPghkybrYg=="
x-served-by: cache-fty21351-FTY, cache-hhn4032-HHN
last-modified: Fri, 18 Jan 2019 21:00:32 GMT
date: Wed, 31 Aug 2022 13:14:20 GMT
vary: Accept-Encoding
x-tw-cdn: FT
content-type: image/svg+xml
access-control-allow-origin: *
accept-ranges: bytes
timing-allow-origin: https://twitter.com, https://mobile.twitter.com
expires: Thu, 18 May 2023 05:30:10 GMT

GET
H2 200 D2wzfrBX4AEGE9H.jpg
pbs.twimg.com/tweet_video_thumb/ Frame 85D0 8 KB
8 KB 118ms
19ms Image
image/jpeg 2606:2800:134:1a0d:1429:742:782:b6
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/tweet_video_thumb/D2wzfrBX4AEGE9H.jpg

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:1a0d:1429:742:782:b6 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (frb/669E) /

Resource Hash

0978cc2c3431f65d379b1f8fba4c27a88d006a1e59d1486965e5ffc57b529b42

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://syndication.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 13:14:20 GMT
x-content-type-options: nosniff
age: 23268
x-cache: HIT
server-timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ,edge;dur=1
content-length: 7825
x-response-time: 106
surrogate-key: tweet_video_thumb tweet_video_thumb/bucket/1 tweet_video_thumb/1111319827271114753
last-modified: Thu, 28 Mar 2019 17:29:08 GMT
server: ECS (frb/669E)
strict-transport-security: max-age=631138519
x-tw-cdn: VZ, VZ
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: a319f2b1d16e3fdd9d7722ed5baed3f6a836c731ae00edbc2218d7ce7fb52dac
accept-ranges: bytes
timing-allow-origin: https://twitter.com, https://mobile.twitter.com

GET
H2 200 D1ErO9GW0AQ_Cn_.jpg
pbs.twimg.com/tweet_video_thumb/ Frame 85D0 11 KB
11 KB 119ms
20ms Image
image/jpeg 2606:2800:134:1a0d:1429:742:782:b6
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/tweet_video_thumb/D1ErO9GW0AQ_Cn_.jpg

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:1a0d:1429:742:782:b6 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (frb/67E2) /

Resource Hash

4b71222bdc0dd351b946e936f3f5aed39569314c4646ef9bdf800d89f9141839

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://syndication.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 13:14:20 GMT
x-content-type-options: nosniff
age: 82667
x-cache: HIT
server-timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ,edge;dur=1
content-length: 11105
x-response-time: 107
surrogate-key: tweet_video_thumb tweet_video_thumb/bucket/9 tweet_video_thumb/1103710919601868804
last-modified: Thu, 07 Mar 2019 17:34:03 GMT
server: ECS (frb/67E2)
strict-transport-security: max-age=631138519
x-tw-cdn: VZ, VZ
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: bb662ffeab4ca4c5fc4c295c6120bad248d8679767fe9231973c78a4454227d1
accept-ranges: bytes
timing-allow-origin: https://twitter.com, https://mobile.twitter.com

GET
H2 200 jot
syndication.twitter.com/i/ Frame 85D0 43 B
126 B 135ms
134ms Image
image/gif 104.244.42.136
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://syndication.twitter.com/i/jot?l=%7B%22_category_%22%3A%22tfw_client_event%22%2C%22triggered_on%22%3A1661951660397%2C%22event_namespace%22%3A%7B%22action%22%3A%22results%22%2C%22client%22%3A%22tfw%22%2C%22page%22%3A%22timeline-profile%22%2C%22section%22%3A%22main%22%7D%2C%22context%22%3A%22horizon%22%2C%22client_version%22%3A%2231f0cdc1eaa0f%3A1660602114609%22%2C%22dnt%22%3Atrue%2C%22widget_id%22%3A%22twitter-widget-0%22%2C%22widget_origin%22%3A%22https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D4bc695cf6e9f1cd4a4d7dc118edfa9ed%22%2C%22widget_frame%22%3A%22false%22%2C%22widget_partner%22%3A%22%22%2C%22widget_site_screen_name%22%3A%22%22%2C%22widget_site_user_id%22%3A%22%22%2C%22widget_creator_screen_name%22%3A%22%22%2C%22widget_creator_user_id%22%3A%22%22%2C%22widget_iframe_version%22%3A%2231005a7%3A1660755999885%22%2C%22widget_data_source%22%3A%22screen-name%3AThreatMiner%22%7D&dnt=1&session_id=c940bcf3d2e43cd9574b4a07d331b27eaddcac1c

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.136 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://syndication.twitter.com/srv/timeline-profile/screen-name/ThreatMiner?dnt=true&embedId=twitter-widget-0&frame=false&lang=en&maxHeight=500&origin=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D4bc695cf6e9f1cd4a4d7dc118edfa9ed&sessionId=c940bcf3d2e43cd9574b4a07d331b27eaddcac1c&showHeader=true&showReplies=false&theme=light&widgetsVersion=31f0cdc1eaa0f%3A1660602114609
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

x-response-time: 113
date: Wed, 31 Aug 2022 13:14:20 GMT
last-modified: Wed, 31 Aug 2022 13:14:20 GMT
server: tsa_o
vary: Origin
content-type: image/gif
cache-control: must-revalidate, max-age=600
x-connection-hash: 83c9d45ee42e48c9109d1f3e68e861fe4718c3ddefc5a8c534f14203896d918e
strict-transport-security: max-age=631138519
content-length: 43

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame C1BE 42 B
64 B 102ms
60ms Fetch
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjst5BSQFS9VveG2D0MHxrxk7PtMScPk29agpsEUOpK0BWWjIvBM8FcBRqEFdpxlTqZf9AIxJzQe5eyWYvGMeva6OpEeDLWr--6zhnrdF_1MO0TsmNnmpYNEZnJq8Y-zOZlNBfYdikQ5ntiHxzJhh8V-Gub5814FswnDgONruMz59Y01gUrso68ufFAyh9GPh103Vph5KeXv4hwiN-rRTtJ-aFknVGLxzSTgMxvNIP3FgVCimMiTE8ov09LhCdRHuNmqSOqsgqDFyqh5-47imxFG2_7jR-tXHMRIDzkPLjoHaD0RqYi1QvmJGBhz4xsscn6uRQIfAZ41zBCW6SShPXtMZq07X95zQCwonkSTMN7V_TFAmO43azYZa27Wshut4kggVejh0dA4msOpx3v-KzIqk2-mkhmzTM-UqCtb4qg-io6wbY0wUKraMphprsqiIbBpChpbVBs-vUx1uFFB9fLJhlcOXFOHvEoAaVEuETLKFBXGYxt6cY5rJz-rGM6ycO9OkNJRR5i-ozVxVN0KUWeY3KN912_R1rAQvp2nAXvpGkXCuVKP3xCSUAux7JWb1DHN-7MPxcoQTkmDI1KpCuwsRm_umKh4mX5wbdCAWyvI6aYZnT9UiQe2N8pJF2A3T76Ik0mqTBK7VRqlVeigIvBHHBZhNvI-X0tcH7r-v02ytMJHnunabNP3Ga7maPqhG50v3rdaT5k-tuCZ7-I_gm_2FHUvtKin3V70V_teBTxKUjShlma9uYINcdTR0c7qH21qjmKUzhCPVDciR9kYyIep48-fhY7PY9epAY4cwvBhsF8bKXZ7JB_UPDdDbzUM89XKWYTyJFOfXmMfj7HokkOW3VACaHu7OGCCRwZByURj4ExQmuyMWBSwMXvhtd3Mk4VmjWknjyW2YrUm0MmAbJjDgYuzfgK8OPnL3ZQMSPHf7qPxpDsUybR4GZDN67yNrKwkdeknYM_arPeEhux9TrV1UGiRjrw&sai=AMfl-YTjT4MisgHS81egiKzHdllgMtrDBKICE_qZq2KHhVzBGxi_FcOQsmOnbJ1sP2PU-R4CmjylgwsHhzq2ULolUPCDgPFqx5Z2YA&sig=Cg0ArKJSzF0dVawSSSEgEAE&id=lidar2&mcvt=1253&p=0,0,250,299&mtos=1253,1253,1253,1253,1253&tos=1253,0,0,0,0&v=20220829&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=22&adk=1382012186&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1661951657866&rpt=1322&met=mue&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 31 Aug 2022 13:14:20 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 csi
csi.gstatic.com/ Frame 156A 0
17 B 88ms
42ms Ping
image/gif 2001:4860:4802:32::3
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=2~l7hn3v95&c=7117984497273&slotId=3558992248636.5&qqid=CPWk1rGU8fkCFW3n4wcdmsMPzw&fb=outstream-lima&gpm_i=7&gpm_c=7&gpm_a=7&smb=1000&br=963&mt=video%2Fmp4&vs=640x360&ulv=1&cll=0&vast_v=2.0&vmfc=9&vhc=0&msm=1&aits=0%2C18%2C692%2C59%2C342%2C343%2C344%2C345%2C346&webm=0&vp9=0&vamt=video%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4&hvmf=false&vms=1&bit=343&vsrc=web_video_ads&ape=1&ple=0&umsem=0
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20220822_RC00/outstream.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2001:4860:4802:32::3 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 31 Aug 2022 13:14:20 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 3E97 42 B
64 B 95ms
57ms Fetch
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsufvNFrHrl3tSUxAtps3WgjQ3heQzsGYche7w9B9sjrCWQAxMYcR3MP8NpvChIFGQi0-t3iDKX6sY3_TGfBKCBDgKJ12GJh9nOU7Eu9TuzD3bt6OoDdHnrI_ECwtJolAJYJIEs9gfGPWxkQfHM2qE_MHHyUPizLl2nEsjrNpeagXvMeaqY9LTA5667buVJh_EqntBK-mbNhcC-eWuRVRqscCWm94j003sfzt3WFiJ84UsFmaCde8eY60xAlUEU3DmAHUfLhkTO2P6aEV8pgyKyAsqJlIQ4xQNkO_7Ba832EdzHnW5yW312G8nJ2D1Yr1ApEcpFTiF9ERYEXT3o2UeEfAFd1vZQ-6JN5IOlGsb8SQOUG3eCtFkTCi4nJDksr4jdaSbBNz_X1nQShY9BTx6zR6T3EB1kZMpTrgiuy7xgXqkDf7hmnFkP7Ikti4eov3HuCQWSftRH0A5pqqR-1A1CAFefa_WeGCEIXepas_BXiyjMDihX6m3Ks8CW7InipXq8O0LvBl1y5K6c9_mhVIJdobLwdtJlAkW3DJgN5RNHkf5lCtvKMwr-krZBUE9J9S81b2obEBpo5lNrNhZBht1rJt5SWfWocRjtW-5RedkyBaUTvZWVTC4hpiqNAhqZIaoESnhlWkydVOYeK9pAiy3-VrM_du-SCrkqiLoDgs_jnjMXj2xO_Dlwu3YtjAbov0uDETI6fIWi52gtWTOh26M1gK-AMr3iWIOYc7pm5n1kYu7-3uO7y0JL3bU9BnRUEEwqbbUtsyuFZ9wirJESmuMvoazaLqsLYJ1DWcKI_mSQVRsBtTAAiVyFcZbW_zygf4zM4qSGuMisw0ZI8q3woloKztWTWPEhISi_LAZ7aSEmvwN5bi57XFS7tuIanyvlkgVuOl8ottJt1tTKoLNZXkTNG3MDjrcAxIxzSblQWhlKFtPMzA8Vs_AX7nTSPMkR373jXsdvhfido39a1r5ywN21EI-rzFCwNKP84zkHB&sai=AMfl-YQJw7gsPE8phvcOOcTEnmiDF5D0S1Z3jkxtnmbXr4BIV3VClNDB9rT2QgoLRYLeeWH2y3lxgpVrklL_daxHvbZcBvzDyOxMDw&sig=Cg0ArKJSzGpmocgwAPdkEAE&id=lidar2&mcvt=1084&p=0,0,600,299&mtos=0,1084,1084,1084,1084&tos=0,1084,0,0,0&v=20220829&bin=7&avms=nio&bs=0,0&mc=0.81&if=1&vu=1&app=0&itpl=22&adk=2989800909&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1661951657885&rpt=1460&met=mue&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 31 Aug 2022 13:14:20 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 css2
fonts.googleapis.com/ Frame E7FD 4 KB
636 B 29ms
29ms Stylesheet
text/css 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220829/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

c2777526a216d9692dd29697ebee7836fe8ae65f3a290faa20b75b64c0625205

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 31 Aug 2022 11:59:20 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Wed, 31 Aug 2022 13:14:20 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 31 Aug 2022 13:14:20 GMT

GET
H3 200 feedback_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame E7FD 205 B
229 B 23ms
22ms Image
image/png 2a00:1450:4001:801::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/feedback_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220829/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 11:30:50 GMT
x-content-type-options: nosniff
age: 6210
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 205
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Thu, 31 Aug 2023 11:30:50 GMT

GET
H3 200 settings_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame E7FD 604 B
628 B 24ms
23ms Image
image/png 2a00:1450:4001:801::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/settings_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220829/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 11:44:12 GMT
x-content-type-options: nosniff
age: 5408
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 604
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Thu, 31 Aug 2023 11:44:12 GMT

GET
H3 200 interstitial_ad_frame_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220829/r20110914/elements/html/ Frame E7FD 19 KB
8 KB 20ms
19ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220829/r20110914/elements/html/interstitial_ad_frame_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220829/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b3d58bcf272258d6dde92e0123d8bd16f3caf1c4a025147c5964fe778e064e6a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 13:10:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 231
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8311
x-xss-protection: 0
server: cafe
etag: 13410161823615325117
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 14 Sep 2022 13:10:29 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame 1BF2 4 KB
621 B 30ms
30ms Stylesheet
text/css 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto%3A400%2C700

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220829/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

099f342bcdd01d03cacd2d665bb82ed11b7110f74768ec40774de44140481a38

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 31 Aug 2022 12:01:25 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Wed, 31 Aug 2022 13:14:20 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 31 Aug 2022 13:14:20 GMT

GET
H3 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220829/r20110914/client/ Frame 1BF2 2 KB
916 B 21ms
20ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220829/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220829/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

981c0bff12cb03203363a70e8ffe9b7fdf4af3b0b10c7a02a639eb13327574c0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 13:07:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 395
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 875
x-xss-protection: 0
server: cafe
etag: 16974406330603315520
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 14 Sep 2022 13:07:45 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220829/r20110914/ Frame 1BF2 23 KB
9 KB 20ms
19ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220829/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220829/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f63e08b18115b72e6d2cbe9db5f7527d2731545d38beae54317e10cfe0f58fc6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 13:08:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 378
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9615
x-xss-protection: 0
server: cafe
etag: 5965352936607719246
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 14 Sep 2022 13:08:02 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220829/r20110914/client/ Frame 1BF2 3 KB
1 KB 21ms
21ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220829/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220829/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 13:09:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 276
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 14 Sep 2022 13:09:44 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220829/r20110914/client/ Frame 1BF2 17 KB
7 KB 21ms
21ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220829/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220829/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

57000ea03bfb53734d0858b8fe992e6742226f23f311eb0f9d2177e2a84a5621

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 13:04:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 563
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7599
x-xss-protection: 0
server: cafe
etag: 9215437806027971270
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 14 Sep 2022 13:04:57 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 1BF2 141 KB
44 KB 42ms
41ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220829/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3d94a91612f816c172c583d17bb06e140969a22fae663e7b8cae7d18d55eb2c6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 13:14:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44757
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1661773661488070"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 31 Aug 2022 13:14:20 GMT

GET
H3 200 e3ca5db921b3b46420ba257a4c2f6b26.js Show response
www.gstatic.com/mysidia/ Frame 1BF2 33 KB
13 KB 23ms
23ms Script
text/javascript 2a00:1450:4001:801::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/e3ca5db921b3b46420ba257a4c2f6b26.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220829/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

24302eeb5b736bcc9f610299a37ac5dcf7e5b4c11591489fe9ad89f1533bd09b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 24 Aug 2022 22:40:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 570852
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13683
x-xss-protection: 0
last-modified: Mon, 22 Aug 2022 19:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Tue, 22 Nov 2022 22:40:08 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame A1C8 42 B
64 B 58ms
58ms Fetch
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjss6BNcMi31L_ja7mkCB4ZKxWP-DbhLd382z-4mph_27QAKLshmC9SZaj9cWqt1tkKbDhgQupWy6jQ3Ho66ujEjbx0Tm_j2luwWSU2PbRTwoQD6agreWKAs7uZSKKG-yd3dqiRBrC2ThMeTRZScv5Pz_Bq_88vHJMLDNac0bkIAx2zCHimycF_EhsyYu-cdr1ieYWlSHe-P-25365HoP2LJvdP8XOg-bWP0Wk7QHApqwV3fL4E88WhK6bCZXRQkN8SJOn-jLDXeslNor6NPBRh7o3CkVB6bPaO_YxeKtfLpx7Po8Jt_Nqbn06dv5FmmMFB1_dH2x3URsBjgl9gG4bnr4O2pT5CZsZWoHNoo6_aExNOutwBAKHXxw12mluuLXR01QBqvY1Gm_KJ3HH023_kku8_YzGXEdyFA7NaqYNfQYl7cocyu9tNoEnTzLJLOSEG4MWurnL9YZIuyC2Xken-fGiMZi1fYnKpSSeY4Ie86TQxZJzopjYKoipygFC7qGPqk5KuGNYzZeBFXPRxhdo-wOsHKHiYYeDsieN3ytfFqLFximQvB0JDaSMCtNL3GTBivxIluhWVrYdqxDA2W4o0J7m6FTmR0B0bmpTEYuTPSCgRFC3MuRFM3M8mbBYqqQIYLXdGKGkWSi5S4ZG0dAeSPHnad4yopXvtKzQCBHgFR0tv8jgNdCR3A5vT0RCUuTJJz33fJkcP-MlFRusD4Nw5Gezo1Rg-HycuQCwqQv5zF5205nyNcnXos5qBi1-RZjVlDw8tD6IVO-MWr3AZPQ4DFLGOiKIj25LlUG6jLcu7bpaivNNRU2xTzHlWOicjh3h092svJHmoklYn1oZIf9H0okVGb7ylXIVEyJo9tgasJpLUDJX8NgrAXJXKx8DwlCTIgxarvaMuqSWfU0mGuhTjdGcyXoPNBdF-qCnYpKew_ldBDINtK7Bmvmg1E5L1Z-etE7-0HEeud8ano0F0AenNtLRmXmRm2D0-JrIQ&sai=AMfl-YSa_A25xmowSkkxQdQgNqTv2UaAXSF-NmOGTSSMnyuybvK5ctGZZT0CxxTECaamyxAKFfX1xTiPIrtnptdz0Ukm27JYgzR5fw&sig=Cg0ArKJSzFMl09LrBYLHEAE&id=lidar2&mcvt=1017&p=0,0,200,1182&mtos=1017,1017,1017,1017,1017&tos=1017,0,0,0,0&v=20220829&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=22&adk=2644663765&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1661951657893&rpt=1656&met=mue&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 31 Aug 2022 13:14:20 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame DA65 8 KB
893 B 31ms
31ms Stylesheet
text/css 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220829/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

4cf6f3dffbc65f9231255bf31f40ddc84a45bc57428b41d6786afc7153b90b7a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 31 Aug 2022 12:05:13 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Wed, 31 Aug 2022 13:14:20 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 31 Aug 2022 13:14:20 GMT

GET
H3 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220829/r20110914/client/ Frame DA65 2 KB
916 B 20ms
19ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220829/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220829/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

981c0bff12cb03203363a70e8ffe9b7fdf4af3b0b10c7a02a639eb13327574c0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 13:07:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 395
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 875
x-xss-protection: 0
server: cafe
etag: 16974406330603315520
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 14 Sep 2022 13:07:45 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220829/r20110914/ Frame DA65 23 KB
9 KB 20ms
19ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220829/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220829/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f63e08b18115b72e6d2cbe9db5f7527d2731545d38beae54317e10cfe0f58fc6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 13:08:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 378
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9615
x-xss-protection: 0
server: cafe
etag: 5965352936607719246
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 14 Sep 2022 13:08:02 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220829/r20110914/client/ Frame DA65 3 KB
1 KB 20ms
19ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220829/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220829/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 13:09:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 276
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 14 Sep 2022 13:09:44 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220829/r20110914/client/ Frame DA65 17 KB
7 KB 21ms
20ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220829/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220829/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

57000ea03bfb53734d0858b8fe992e6742226f23f311eb0f9d2177e2a84a5621

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 13:04:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 563
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7599
x-xss-protection: 0
server: cafe
etag: 9215437806027971270
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 14 Sep 2022 13:04:57 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame DA65 141 KB
44 KB 36ms
35ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220829/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3d94a91612f816c172c583d17bb06e140969a22fae663e7b8cae7d18d55eb2c6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 13:14:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44757
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1661773661488070"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 31 Aug 2022 13:14:20 GMT

GET
H3 200 e3ca5db921b3b46420ba257a4c2f6b26.js Show response
www.gstatic.com/mysidia/ Frame DA65 33 KB
13 KB 22ms
21ms Script
text/javascript 2a00:1450:4001:801::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/e3ca5db921b3b46420ba257a4c2f6b26.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220829/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

24302eeb5b736bcc9f610299a37ac5dcf7e5b4c11591489fe9ad89f1533bd09b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 24 Aug 2022 22:40:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 570852
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13683
x-xss-protection: 0
last-modified: Mon, 22 Aug 2022 19:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Tue, 22 Nov 2022 22:40:08 GMT

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 088E 143 B
163 B 21ms
21ms Document
text/html 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220829/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/html/r20220829/r20110914/zrt_lookup.html?fsb=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 176
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
date: Wed, 31 Aug 2022 13:11:24 GMT
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 cta-component.20220831-3-RELEASE.es6.js Show response
cdn.taboola.com/libtrc/ Frame ABF8 19 KB
5 KB 21ms
21ms Script
application/javascript 151.101.65.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/libtrc/cta-component.20220831-3-RELEASE.es6.js
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/disqus-widget-safetylevel20longtail09/loader.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.65.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 9248ba4a0edb62b60903814872f619e730319446b950439d7e288093eda5caa8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

x-amz-version-id: mE7LlYQi5jcQysTIaXKTEhfw2XLnWSS0
content-encoding: gzip
etag: "b2c95aecf0e13710e6593bc5ce4a2d08"
age: 14451
x-cache: HIT
x-amz-replication-status: COMPLETED
content-length: 5108
x-amz-id-2: DSmUVrndMQgzaGLYs58NDZYlhS/LLy6jx4XliTFA1agdwbkJYwjHofqdlj4JSkcIjxQGgq047fw=
x-served-by: cache-hhn4024-HHN
last-modified: Wed, 31 Aug 2022 09:12:40 GMT
server: AmazonS3
x-timer: S1661951661.705082,VS0,VE0
date: Wed, 31 Aug 2022 13:14:20 GMT
vary: Accept-Encoding
x-amz-request-id: T3BTDHZFF21HBS10
via: 1.1 varnish
cache-control: private,max-age=14400
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
abp: 53
x-cache-hits: 6944

GET
H2 200 UnitWidgetItemDesktop.min.js Show response
vidstat.taboola.com/lite-unit/3.9.2/ Frame ABF8 103 KB
30 KB 22ms
21ms Script
application/javascript 151.101.65.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://vidstat.taboola.com/lite-unit/3.9.2/UnitWidgetItemDesktop.min.js
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20220831-3-RELEASE.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.65.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 4052bdc457a2ebf44a0671f11a91ef88f3b70ddfc706b5ae289365877dfd7d75

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 13:14:20 GMT
via: 1.1 36cd2d0f34e25c2dc5099656a60bedac.cloudfront.net (CloudFront), 1.1 varnish
age: 187654
x-cache: Hit from cloudfront, HIT
content-encoding: gzip
content-length: 29862
x-served-by: cache-hhn4024-HHN
last-modified: Mon, 29 Aug 2022 09:04:08 GMT
server: AmazonS3
x-timer: S1661951661.709424,VS0,VE0
etag: "9b41d4f2702a079eae60f297e3e0c705"
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=2592000
x-amz-cf-pop: FRA60-P1
accept-ranges: bytes
access-control-allow-headers: *
x-amz-cf-id: O8NQfdMl2FnivvnxxxzVhaPmwyYhVB-Ye0Jj8rA2FpGggSpZ6b4ghA==
x-cache-hits: 7897

GET
H2 200 userx.20220831-3-RELEASE.es6.js Show response
cdn.taboola.com/libtrc/ Frame ABF8 17 KB
6 KB 21ms
21ms Script
application/javascript 151.101.65.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/libtrc/userx.20220831-3-RELEASE.es6.js
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/disqus-widget-safetylevel20longtail09/loader.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.65.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: bc16081f9a735eee6268951116cf1fa8577e4a7ae41fbe87785813ff13b78e7c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

x-amz-version-id: 2JyzuPU5YQ3ksB4UGDbY_531pPwqo6Og
content-encoding: gzip
etag: "1c311473ae4d9e51666b0add3098023d"
age: 14113
x-cache: HIT
x-amz-replication-status: COMPLETED
content-length: 5398
x-amz-id-2: UVraFPL0EVKhg2zKA6eYXKfenpxP9/PcDg1pEBuPu+FN/vXxIy9F8scsm4T0CFwBvRTje3oIx24=
x-served-by: cache-hhn4024-HHN
last-modified: Wed, 31 Aug 2022 09:16:06 GMT
server: AmazonS3
x-timer: S1661951661.709336,VS0,VE0
date: Wed, 31 Aug 2022 13:14:20 GMT
vary: Accept-Encoding
x-amz-request-id: 0ZDTDDGEY6CD643A
via: 1.1 varnish
cache-control: private,max-age=14400
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
abp: 53
x-cache-hits: 5477

GET
H3 200 kgODt4LT3wRHpfZf-cCV6tHK-CEpZ0phJKiXjce9MW0.js Show response
pagead2.googlesyndication.com/bg/ Frame 94ED 36 KB
15 KB 22ms
22ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/kgODt4LT3wRHpfZf-cCV6tHK-CEpZ0phJKiXjce9MW0.js

Requested by

Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=4bc695cf6e9f1cd4a4d7dc118edfa9ed

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

920383b782d3df0447a5f65ff9c095ead1caf82129674a6124a8978dc7bd316d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 12:06:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 4075
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15816
x-xss-protection: 0
last-modified: Mon, 22 Aug 2022 11:08:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 31 Aug 2023 12:06:25 GMT

GET
H2 200 5787a8c6f2ac22f4cf786b9a01a45bfe.jpg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_350%2Cw_420%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ Frame ABF8 15 KB
16 KB 26ms
24ms Image
image/webp 151.101.65.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_350%2Cw_420%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/5787a8c6f2ac22f4cf786b9a01a45bfe.jpg
Requested by: Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=4bc695cf6e9f1cd4a4d7dc118edfa9ed
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.65.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: f29dd40df9ac4828ea82db6468144627316bc9a84d472d6a22b5e19a09844aba

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

x-vcl-time-ms: 1
date: Wed, 31 Aug 2022 13:14:20 GMT
via: 1.1 varnish, 1.1 varnish
age: 1215997
edge-cache-tag: 558162314493728202709430617110659392522,440009874943970692176080915478359259825,29ecf9b93bbf306179626feeda1fab70
cache-tag: 558162314493728202709430617110659392522,440009874943970692176080915478359259825,29ecf9b93bbf306179626feeda1fab70
x-ratelimit-remaining: 100
x-envoy-upstream-service-time: 129
expiration: expiry-date="Fri, 09 Sep 2022 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
x-cache: MISS, HIT, MISS, HIT, HIT
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_350%2Cw_420%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/5787a8c6f2ac22f4cf786b9a01a45bfe.jpg
content-length: 15724
x-backend-name: CH_DIR:3FP7YNX3LMizprTZsG7BSW--F_CH_nlb803
last-modified: Tue, 09 Aug 2022 12:24:30 GMT
server: nginx
x-timer: S1661951661.751524,VS0,VE1
etag: "8530520143a7d92132e252016047dec3"
x-served-by: cache-iad-kcgs7200164-IAD, cache-iad-kcgs7200146-IAD, cache-lga21968-LGA, cache-iad-kiad7000133-IAD, cache-hhn4024-HHN
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 1, 0, 1, 1

GET
H2 200 2e396e287f9afadce536e0b9b5f5d906.png
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_350%2Cw_420%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ Frame ABF8 9 KB
10 KB 23ms
22ms Image
image/webp 151.101.65.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_350%2Cw_420%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/2e396e287f9afadce536e0b9b5f5d906.png
Requested by: Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=4bc695cf6e9f1cd4a4d7dc118edfa9ed
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.65.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 3b6a72cdedb82436a5cd5c8c0bf4adc0d205a8ea9871b66bc8b9091c9b6d9ac5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

x-vcl-time-ms: 1
date: Wed, 31 Aug 2022 13:14:20 GMT
via: 1.1 varnish, 1.1 varnish
age: 6599011
edge-cache-tag: 602273645581070279816528367847824682028,440009874943970692176080915478359259825,29ecf9b93bbf306179626feeda1fab70
cache-tag: 602273645581070279816528367847824682028,440009874943970692176080915478359259825,29ecf9b93bbf306179626feeda1fab70
x-ratelimit-remaining: 100
x-envoy-upstream-service-time: 133
expiration: expiry-date="Thu, 14 Jul 2022 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
x-cache: HIT, HIT, HIT, HIT, HIT
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_350%2Cw_420%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/2e396e287f9afadce536e0b9b5f5d906.png
content-length: 9290
x-backend-name: LA_DIR:3FP7YNX3LMizprTZsG7BSW--F_LA_nlb203
last-modified: Mon, 13 Jun 2022 16:13:14 GMT
server: nginx
x-timer: S1661951661.751315,VS0,VE1
etag: "eb51f4d3f5fa9962e991b968e939c9d7"
x-served-by: cache-iad-kcgs7200088-IAD, cache-iad-kiad7000172-IAD, cache-bur-kbur8200155-BUR, cache-iad-kcgs7200044-IAD, cache-hhn4024-HHN
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 1, 1, 1, 1, 1

GET
H2 200 b58b4f7c1e941441925f8d03f208a478.png
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ Frame ABF8 6 KB
7 KB 21ms
21ms Image
image/webp 151.101.65.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/b58b4f7c1e941441925f8d03f208a478.png
Requested by: Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=4bc695cf6e9f1cd4a4d7dc118edfa9ed
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.65.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 5c716008e2578c6ba824b0ae8c1dd76907f2ef6a5008f15566bc5aa14c7ef647

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

x-vcl-time-ms: 0
date: Wed, 31 Aug 2022 13:14:20 GMT
via: 1.1 varnish, 1.1 varnish
age: 2523368
edge-cache-tag: 558301326595206426335788883242168886885,459052303457394366171479749282851127576,29ecf9b93bbf306179626feeda1fab70
cache-tag: 558301326595206426335788883242168886885,459052303457394366171479749282851127576,29ecf9b93bbf306179626feeda1fab70
x-ratelimit-remaining: 100
x-envoy-upstream-service-time: 160
expiration: expiry-date="Tue, 23 Aug 2022 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
x-cache: MISS, MISS, MISS, HIT, HIT
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/b58b4f7c1e941441925f8d03f208a478.png
content-length: 6294
x-backend-name: LA_DIR:3FP7YNX3LMizprTZsG7BSW--F_LA_nlb204
last-modified: Sat, 23 Jul 2022 11:57:18 GMT
server: nginx
x-timer: S1661951661.751523,VS0,VE0
etag: "dfb9043d221bf4b69994636659bb621b"
x-served-by: cache-iad-kcgs7200058-IAD, cache-iad-kjyo7100046-IAD, cache-bur-kbur8200143-BUR, cache-iad-kcgs7200158-IAD, cache-hhn4024-HHN
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 0, 0, 1, 2

GET
H2 200 631c1ff0d23cf6a81288dcd6665f7e21.jpeg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ Frame ABF8 9 KB
9 KB 22ms
22ms Image
image/webp 151.101.65.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/631c1ff0d23cf6a81288dcd6665f7e21.jpeg
Requested by: Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=4bc695cf6e9f1cd4a4d7dc118edfa9ed
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.65.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: ac45f9eb04caa3c790d68df06347748c2ce22a15e8d54d6700dd993c33cfc482

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

x-vcl-time-ms: 1
date: Wed, 31 Aug 2022 13:14:20 GMT
via: 1.1 varnish, 1.1 varnish
age: 2427723
edge-cache-tag: 302842989073288693754828640052786808965,459052303457394366171479749282851127576,29ecf9b93bbf306179626feeda1fab70
cache-tag: 302842989073288693754828640052786808965,459052303457394366171479749282851127576,29ecf9b93bbf306179626feeda1fab70
status: 200 OK
x-ratelimit-remaining: 100
x-envoy-upstream-service-time: 163
x-cache: HIT, HIT, MISS, HIT, HIT
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/631c1ff0d23cf6a81288dcd6665f7e21.jpeg
content-length: 8728
x-request-id: e16be5ec29248a9d49fd20fb34e6ca11
x-backend-name: LA_DIR:3FP7YNX3LMizprTZsG7BSW--F_LA_nlb204
last-modified: Wed, 13 Jul 2022 08:34:34 GMT
server: nginx
x-timer: S1661951661.756035,VS0,VE1
etag: "41f2f4663da9cea720094ea84cf7f4df"
x-served-by: cache-iad-kjyo7100092-IAD, cache-iad-kiad7000090-IAD, cache-bur-kbur8200176-BUR, cache-iad-kcgs7200039-IAD, cache-hhn4024-HHN
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 1, 1, 0, 1, 1

GET
H2 200 74c9c674bca49bd2008f8d1b38220b51.jpg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ Frame ABF8 5 KB
5 KB 22ms
22ms Image
image/webp 151.101.65.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/74c9c674bca49bd2008f8d1b38220b51.jpg
Requested by: Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=4bc695cf6e9f1cd4a4d7dc118edfa9ed
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.65.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: b72a6d12c7ebacdf3e83c330d60a1f44a51b11761cf13c2c88bcd1eba65778a8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

x-vcl-time-ms: 1
date: Wed, 31 Aug 2022 13:14:20 GMT
via: 1.1 varnish, 1.1 varnish
age: 1221733
edge-cache-tag: 371961608281409670295735852296645138854,459052303457394366171479749282851127576,29ecf9b93bbf306179626feeda1fab70
cache-tag: 371961608281409670295735852296645138854,459052303457394366171479749282851127576,29ecf9b93bbf306179626feeda1fab70
status: 200 OK
x-ratelimit-remaining: 100
x-envoy-upstream-service-time: 444
x-cache: MISS, MISS, MISS, HIT, HIT
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/74c9c674bca49bd2008f8d1b38220b51.jpg
content-length: 4842
x-request-id: 6cd50a6dd5cc72de87aea63422b8ea80
x-backend-name: CH_DIR:3FP7YNX3LMizprTZsG7BSW--F_CH_nlb801
last-modified: Sun, 14 Aug 2022 12:32:30 GMT
server: nginx
x-timer: S1661951661.756015,VS0,VE1
etag: "e7551f760c1b2a93a0f80f8f1aca9110"
x-served-by: cache-iad-kiad7000117-IAD, cache-iad-kjyo7100115-IAD, cache-lga21943-LGA, cache-iad-kiad7000075-IAD, cache-hhn4024-HHN
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 0, 0, 1, 1

GET
H2 200 96540d7e280d1752eb29a63462da233a.png
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ Frame ABF8 9 KB
10 KB 21ms
21ms Image
image/webp 151.101.65.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/96540d7e280d1752eb29a63462da233a.png
Requested by: Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=4bc695cf6e9f1cd4a4d7dc118edfa9ed
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.65.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 2633d6af8749d9a1e8ba7780a9bd6a7e6d42efa3b0969a1f2499f1049bde7632

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

x-vcl-time-ms: 0
date: Wed, 31 Aug 2022 13:14:20 GMT
via: 1.1 varnish, 1.1 varnish
age: 2272797
edge-cache-tag: 521983737166130977277568576119609228919,459052303457394366171479749282851127576,29ecf9b93bbf306179626feeda1fab70
cache-tag: 521983737166130977277568576119609228919,459052303457394366171479749282851127576,29ecf9b93bbf306179626feeda1fab70
status: 200 OK
x-ratelimit-remaining: 100
x-envoy-upstream-service-time: 56
x-cache: MISS, MISS, HIT, HIT, HIT
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/96540d7e280d1752eb29a63462da233a.png
content-length: 9584
x-request-id: 2019c1d9c4d3ea4e8e1969cce69f12b7
x-backend-name: CH_DIR:3FP7YNX3LMizprTZsG7BSW--F_CH_nlb804
last-modified: Tue, 02 Aug 2022 10:32:33 GMT
server: nginx
x-timer: S1661951661.762765,VS0,VE0
etag: "58e30ddcfe3d86eaa15cc06466cebcbc"
x-served-by: cache-iad-kiad7000121-IAD, cache-iad-kiad7000040-IAD, cache-lga21972-LGA, cache-iad-kiad7000034-IAD, cache-hhn4024-HHN
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 0, 1, 1, 2

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 14 KB
11 KB 66ms
65ms XHR
application/json 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20220829&st=env

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2dc80a877e0f26b3c0987b75ef0a5c7b8587e7b6cefdfe5bc4970869d1b91e6e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 31 Aug 2022 13:14:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11061
x-xss-protection: 0

GET
H2 200 container-1.0.html Show response
resources.infolinks.com/static/ Frame 1FD5 430 B
457 B 30ms
30ms Document
text/html 172.66.41.9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://resources.infolinks.com/static/container-1.0.html
Requested by: Host: resources.infolinks.com
URL: https://resources.infolinks.com/js/1817.005-3.025/ice.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 42307b6e2231b2de1535854ab77c8fd201f88822e3f87ca3c4e8d3624ce65678

Request headers

Referer: https://www.threatminer.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 12779
cache-control: max-age=2592000
cf-cache-status: HIT
cf-ray: 743607588cc9bb83-FRA
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Wed, 31 Aug 2022 13:14:20 GMT
expires: Fri, 30 Sep 2022 09:41:21 GMT
last-modified: Wed, 17 Nov 2021 13:25:02 GMT
server: cloudflare
vary: Accept-Encoding
via: 1.1 google

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_350%2Cw_420%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/5787a8c6f2ac22f4cf786b9a01a45bfe.jpg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.65.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: f29dd40df9ac4828ea82db6468144627316bc9a84d472d6a22b5e19a09844aba

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

x-vcl-time-ms: 0
date: Wed, 31 Aug 2022 13:14:20 GMT
via: 1.1 varnish, 1.1 varnish
age: 1215997
edge-cache-tag: 558162314493728202709430617110659392522,440009874943970692176080915478359259825,29ecf9b93bbf306179626feeda1fab70
cache-tag: 558162314493728202709430617110659392522,440009874943970692176080915478359259825,29ecf9b93bbf306179626feeda1fab70
x-ratelimit-remaining: 100
x-envoy-upstream-service-time: 129
expiration: expiry-date="Fri, 09 Sep 2022 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
x-cache: MISS, HIT, MISS, HIT, HIT
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_350%2Cw_420%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/5787a8c6f2ac22f4cf786b9a01a45bfe.jpg
content-length: 15724
x-backend-name: CH_DIR:3FP7YNX3LMizprTZsG7BSW--F_CH_nlb803
last-modified: Tue, 09 Aug 2022 12:24:30 GMT
server: nginx
x-timer: S1661951661.884960,VS0,VE0
etag: "8530520143a7d92132e252016047dec3"
x-served-by: cache-iad-kcgs7200164-IAD, cache-iad-kcgs7200146-IAD, cache-lga21968-LGA, cache-iad-kiad7000133-IAD, cache-hhn4024-HHN
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 1, 0, 1, 2

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_350%2Cw_420%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/2e396e287f9afadce536e0b9b5f5d906.png
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.65.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 3b6a72cdedb82436a5cd5c8c0bf4adc0d205a8ea9871b66bc8b9091c9b6d9ac5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

x-vcl-time-ms: 0
date: Wed, 31 Aug 2022 13:14:20 GMT
via: 1.1 varnish, 1.1 varnish
age: 6599011
edge-cache-tag: 602273645581070279816528367847824682028,440009874943970692176080915478359259825,29ecf9b93bbf306179626feeda1fab70
cache-tag: 602273645581070279816528367847824682028,440009874943970692176080915478359259825,29ecf9b93bbf306179626feeda1fab70
x-ratelimit-remaining: 100
x-envoy-upstream-service-time: 133
expiration: expiry-date="Thu, 14 Jul 2022 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
x-cache: HIT, HIT, HIT, HIT, HIT
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_350%2Cw_420%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/2e396e287f9afadce536e0b9b5f5d906.png
content-length: 9290
x-backend-name: LA_DIR:3FP7YNX3LMizprTZsG7BSW--F_LA_nlb203
last-modified: Mon, 13 Jun 2022 16:13:14 GMT
server: nginx
x-timer: S1661951661.885666,VS0,VE0
etag: "eb51f4d3f5fa9962e991b968e939c9d7"
x-served-by: cache-iad-kcgs7200088-IAD, cache-iad-kiad7000172-IAD, cache-bur-kbur8200155-BUR, cache-iad-kcgs7200044-IAD, cache-hhn4024-HHN
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 1, 1, 1, 1, 2

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/b58b4f7c1e941441925f8d03f208a478.png
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.65.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 5c716008e2578c6ba824b0ae8c1dd76907f2ef6a5008f15566bc5aa14c7ef647

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

x-vcl-time-ms: 0
date: Wed, 31 Aug 2022 13:14:20 GMT
via: 1.1 varnish, 1.1 varnish
age: 2523368
edge-cache-tag: 558301326595206426335788883242168886885,459052303457394366171479749282851127576,29ecf9b93bbf306179626feeda1fab70
cache-tag: 558301326595206426335788883242168886885,459052303457394366171479749282851127576,29ecf9b93bbf306179626feeda1fab70
x-ratelimit-remaining: 100
x-envoy-upstream-service-time: 160
expiration: expiry-date="Tue, 23 Aug 2022 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
x-cache: MISS, MISS, MISS, HIT, HIT
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/b58b4f7c1e941441925f8d03f208a478.png
content-length: 6294
x-backend-name: LA_DIR:3FP7YNX3LMizprTZsG7BSW--F_LA_nlb204
last-modified: Sat, 23 Jul 2022 11:57:18 GMT
server: nginx
x-timer: S1661951661.886227,VS0,VE0
etag: "dfb9043d221bf4b69994636659bb621b"
x-served-by: cache-iad-kcgs7200058-IAD, cache-iad-kjyo7100046-IAD, cache-bur-kbur8200143-BUR, cache-iad-kcgs7200158-IAD, cache-hhn4024-HHN
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 0, 0, 1, 3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/631c1ff0d23cf6a81288dcd6665f7e21.jpeg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.65.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: ac45f9eb04caa3c790d68df06347748c2ce22a15e8d54d6700dd993c33cfc482

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

x-vcl-time-ms: 0
date: Wed, 31 Aug 2022 13:14:20 GMT
via: 1.1 varnish, 1.1 varnish
age: 2427723
edge-cache-tag: 302842989073288693754828640052786808965,459052303457394366171479749282851127576,29ecf9b93bbf306179626feeda1fab70
cache-tag: 302842989073288693754828640052786808965,459052303457394366171479749282851127576,29ecf9b93bbf306179626feeda1fab70
status: 200 OK
x-ratelimit-remaining: 100
x-envoy-upstream-service-time: 163
x-cache: HIT, HIT, MISS, HIT, HIT
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/631c1ff0d23cf6a81288dcd6665f7e21.jpeg
content-length: 8728
x-request-id: e16be5ec29248a9d49fd20fb34e6ca11
x-backend-name: LA_DIR:3FP7YNX3LMizprTZsG7BSW--F_LA_nlb204
last-modified: Wed, 13 Jul 2022 08:34:34 GMT
server: nginx
x-timer: S1661951661.886205,VS0,VE0
etag: "41f2f4663da9cea720094ea84cf7f4df"
x-served-by: cache-iad-kjyo7100092-IAD, cache-iad-kiad7000090-IAD, cache-bur-kbur8200176-BUR, cache-iad-kcgs7200039-IAD, cache-hhn4024-HHN
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 1, 1, 0, 1, 2

GET
H2 200 74c9c674bca49bd2008f8d1b38220b51.jpg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ Frame ABF8 5 KB
6 KB 24ms
24ms Image
image/webp 151.101.65.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/74c9c674bca49bd2008f8d1b38220b51.jpg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.65.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: b72a6d12c7ebacdf3e83c330d60a1f44a51b11761cf13c2c88bcd1eba65778a8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

x-vcl-time-ms: 0
date: Wed, 31 Aug 2022 13:14:20 GMT
via: 1.1 varnish, 1.1 varnish
age: 1221733
edge-cache-tag: 371961608281409670295735852296645138854,459052303457394366171479749282851127576,29ecf9b93bbf306179626feeda1fab70
cache-tag: 371961608281409670295735852296645138854,459052303457394366171479749282851127576,29ecf9b93bbf306179626feeda1fab70
status: 200 OK
x-ratelimit-remaining: 100
x-envoy-upstream-service-time: 444
x-cache: MISS, MISS, MISS, HIT, HIT
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/74c9c674bca49bd2008f8d1b38220b51.jpg
content-length: 4842
x-request-id: 6cd50a6dd5cc72de87aea63422b8ea80
x-backend-name: CH_DIR:3FP7YNX3LMizprTZsG7BSW--F_CH_nlb801
last-modified: Sun, 14 Aug 2022 12:32:30 GMT
server: nginx
x-timer: S1661951661.886183,VS0,VE0
etag: "e7551f760c1b2a93a0f80f8f1aca9110"
x-served-by: cache-iad-kiad7000117-IAD, cache-iad-kjyo7100115-IAD, cache-lga21943-LGA, cache-iad-kiad7000075-IAD, cache-hhn4024-HHN
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 0, 0, 1, 2

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 088E
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

39ms
38ms

Document
text/html

2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220829/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 31 Aug 2022 13:14:20 GMT
expires: Wed, 31 Aug 2022 13:14:20 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 31 Aug 2022 13:14:20 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 kgODt4LT3wRHpfZf-cCV6tHK-CEpZ0phJKiXjce9MW0.js Show response
pagead2.googlesyndication.com/bg/ Frame 638C 36 KB
15 KB 22ms
21ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/kgODt4LT3wRHpfZf-cCV6tHK-CEpZ0phJKiXjce9MW0.js

Requested by

Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=4bc695cf6e9f1cd4a4d7dc118edfa9ed

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

920383b782d3df0447a5f65ff9c095ead1caf82129674a6124a8978dc7bd316d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 12:06:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 4075
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15816
x-xss-protection: 0
last-modified: Mon, 22 Aug 2022 11:08:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 31 Aug 2023 12:06:25 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 120C 0
20 B 58ms
58ms Image
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=34&t=2&li=v_h.0.0.0&bgai=Bmjr4q14PY4bACcSb1waj8ZmQCQAAAAA4AeAEAg&bg=!Q0ClQATNAAaXrHhMt6w7ACkAdvg8WvMzuzh0MukX5kjT6E7ga5bxXXuCbqyXO3D3nJo4nrIY0bsRlQIAAAFnUgAAAAJoAQeZAtMh4XG7bpv9At1YScRk4f5vnAP_UNtQR94qVLQ3lG24Ed75mQ96YmHyUkUuvQxvXBYRSQX_-mEboShNVD6mzUZoT5uqDKlD2bWGBrUfslSQH1K3fTT33E63kljjk64nmpnHEWX-aYuRShRBwkMMXubY48Js6AZICgF3d-gOZ2NFwij1TWJnH5B1Po1fFYH_Hdc8SOgH4lsuAmXZKCwlL2W7b3Q5fI75cUEo78uoo0RVlF22DSFtZUfmEc6j9QRxAt5NowgbhO5VqsKgUlj9thwd2uoLsbJnHu66TkjYd4kPck8DBTpDaVH1txteBkS4msfewKrRzlVaSLufmG4KXlE0hlT3uWBNti2qF70Eaa4AgWXy5NoOhq8ZT_e7XTDihmr6rz9P3qM3apV-iLHpv0fqJBnTLnYhZ3ZH81pNHIMpmN033xqqozCBZnM299fXnhoHWHDPtoCe3GN1iWQdbKhFDNr0-wbfMbg6E3MDxzPRuZ2wSQZJ8n41dnCIKqS5EagGtlos7RQoVFPFLWWxrVNFkkb4IkNePuMk5F0Q8zlv1of3X39Ng8HMYde1ooApaiPO5rsBtl_r2chYeMy1x3oj-TeOmvGT3HHd0NgquIPT6Xvf20NF-g2Fr3GY6c-SX3kvJuMIkvM40vPVVvDEycnr9fIPUf4WYLD8GDFjoGgTPk1df_0TaFOKPX0mZ8RcyCH2WePXcLRxAHYMg0qSlAXK7ExNSyqdtqmcgmtADM3OTAZHjeyopLamk2XTrPJ4vikvqRWOKx792jNLq5DBIJI80SmVp3NRARpkPWwG4h8zmD_qQRFCHN5jrr9-pnRkgko6AO0XvPzOJEobjyj28_x-ZqIwst1p62D0Zhzk3zENcXOOCnRwq6FV_UXOYHfZG7qTg1jU-3_pmf7pm5obBmoQg4RGP8TR_LkxGw2FJxOWKTtspdIz7TBbReVjLfDwqthpdXQ

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 31 Aug 2022 13:14:20 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 36ms
36ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 13:14:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 31 Aug 2022 13:14:20 GMT

GET
H3

200

check
pixel.tapad.com/idsync/ex/receive/ Frame 1FD5
Redirect Chain

https://pixel.tapad.com/idsync/ex/receive?partner_device_id=85767262-e13f-4614-a7e9-fcc88de9a818=&partner_id=3337
https://pixel.tapad.com/idsync/ex/receive/check?partner_device_id=85767262-e13f-4614-a7e9-fcc88de9a818=&partner_id=3337

95 B
113 B

57ms
33ms

Image
image/png

35.227.248.159
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.tapad.com/idsync/ex/receive/check?partner_device_id=85767262-e13f-4614-a7e9-fcc88de9a818=&partner_id=3337

Requested by

Host: resources.infolinks.com
URL: https://resources.infolinks.com/static/container-1.0.html

Protocol

Server

35.227.248.159 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

159.248.227.35.bc.googleusercontent.com

Software

Resource Hash

3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://resources.infolinks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 13:14:21 GMT
via: 1.1 google
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 95
strict-transport-security: max-age=31536000
p3p: policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"

Redirect headers

location: https://pixel.tapad.com/idsync/ex/receive/check?partner_device_id=85767262-e13f-4614-a7e9-fcc88de9a818=&partner_id=3337
date: Wed, 31 Aug 2022 13:14:21 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
strict-transport-security: max-age=31536000
p3p: policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 281F 13 KB
5 KB 22ms
20ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.threatminer.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 377
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 31 Aug 2022 13:08:04 GMT
expires: Thu, 31 Aug 2023 13:08:04 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 91B8 783 B
536 B 31ms
30ms Document
text/html 2a00:1450:4001:829::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

1fb28428f938a351d9d40e3ecf160f1e073e2ec72268229f47b4a495d8a97f45

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-7P5T9NiN4cAcOO-pjGAJ_Q' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.threatminer.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=300
content-encoding: gzip
content-length: 514
content-security-policy: script-src 'report-sample' 'nonce-7P5T9NiN4cAcOO-pjGAJ_Q' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Wed, 31 Aug 2022 13:14:21 GMT
expires: Wed, 31 Aug 2022 13:14:21 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 kgODt4LT3wRHpfZf-cCV6tHK-CEpZ0phJKiXjce9MW0.js Show response
pagead2.googlesyndication.com/bg/ Frame 281F 36 KB
15 KB 22ms
22ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/kgODt4LT3wRHpfZf-cCV6tHK-CEpZ0phJKiXjce9MW0.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

920383b782d3df0447a5f65ff9c095ead1caf82129674a6124a8978dc7bd316d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 12:06:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 4076
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15816
x-xss-protection: 0
last-modified: Mon, 22 Aug 2022 11:08:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 31 Aug 2023 12:06:25 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 91B8 0
0 56ms
56ms Image
text/html 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20220829&jk=2067061859819734&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

GET
H2 200 st Show response
imprammp.taboola.com/ Frame CAAE 742 B
542 B 31ms
30ms Document
text/html 151.101.65.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://imprammp.taboola.com/st?cijs=convusmp&ttype=0&cisd=convusmp&cipid=66361655&crid=-1&dast=V7RkMCFgMdofPxc55SfAQdofPxc55SfAUAAAAGBuIHJGWYGBaW3Wqt8SxXa9FqM1srN47dWjccjCYu3243M5mGQFKGiWFh2a3WGs9ytRatNrO1cuPYrXXDwWji8u12M5NpDUloOh0-171e9_vdRUfLy2F6O-0uy11v-fk1D7fh7LILjob_4j2aeGzL1cZmWzlnjo3JtDCNfCOPYzFcmWwO58pkBwAAAICH____fwgAAACACAAAAAAJAAAAAIqAin8LgQsAAAAAjP___38NACiOBnGYDLqn2eS6-1x2fwAAAACAAAAAAJAADJBWlwBQuJyc_P_________HDNBn3sj8____3xj0ADz4ADwIAQAAfAwVq16bP60ZhhMVzBYxAgAAAMiW0544mtQJlUXV__9_vxXAFQBAgCB9QnRNlu6gxFsYAABAgNhwiGqKr2iGxtgCPSx-v9lh1_jdLvv_________N_s_-0cTYtILTwuCqB9W-wUEAFj7BQQAYFM3AIA3AbiQ40DT6fC57vW63-8uOlpeDtPbaXdZ7nrLzy86glYMBqszoN1wNZrMDgAAAODu____H284RDXFVzRDQw-ELBOXw2Uabhwex8K0WS6Gs43J5FwOVxPjZDZcbu_RJj5JYvX3z2_CFqPVZLJZDmfLxWQwHA1Ho_0NxGA1wIkYLJeTyWKyW41Wo81wN5oNFigQgwlStGgwWY1Gk8VkuBpNVrPlYrfbIEWrVrPRZjBczSaz3W41HAyXoxFO2GK0mkw2y-FsuZgMhqPhaDREmFyYJsOZc-QWzRaGtWg2Mq2Vy8HGLVsYlwuTYznyzFZu0etjehiGK9Nk40XBAJm9SJ4W6USyGA43LsfMZlitbIvRxuIY7BbOkcU2WxknppFtIpZoThbpRHbZlywTl8NlGm4cHsfCtFkuhrONyeRcDlcT42Q2XO6bC9NkOHOO3KLZwrAWzUamtXI52LhlC-NyYXIsR57Zyi16fUwPw3Blmmz8jdlssVwtZrPBvjGbLZarxWw22HeYTM_U52x0TY9-j8rhFG4b2pvDoHAZLN6fxLSYdmcH0cl3dOqkKmVRZ_TdukevQeE5eFTD63IZnh4X3-bPoHAcDIpYIrhIJyKn5_H6vHVPk89lemseNpfpeXbZXmbLYOy3-0wPp9mwnIglStNFOtFrHm7D2WUXHA0XsURwukgnopfxdFH_0UEWu7liMZpLFsO5YrlKAAAAAAAAAABLmDNvAgAAAHAayGY4HKzWeRCbyWS1WS0X4EFdQhcYBAAAAAAAYJfDcJl3ZwdCrLjx4xJyeh6vz1v3NPlcprfmYXOZnmeX7WW2DMZ-u8_0cJoNyykDPDgtMm_-TBBrtVrWAAAAAtgAAAAB3Lp5CyCL4v_____jAAAAZOToAQAAxPeBQCj1wo9cKfgJcDUYDg!&cmcv=&pix=undefined&cb=1661951661149&uv=3221&tms=1661951661149&abt=adh5c-1_vA!adh5c_vA!inc_all_video_vA!Noappq22_vC!t45!ufm&ru=https://www.threatminer.org/sample.php?q=4bc695cf6e9f1cd4a4d7dc118edfa9ed&ft=1&unm=WIDGET_ITEM&aure=false&agl=1&cirid=e0b0a275-c395-4536-9c17-7804be777fd4&excid=e22lLINE_ITEM_ID_WILL_BE_HERE_ON_SERVINGc&tst=1&docw=0&cs=true&cias=1
Requested by: Host: vidstat.taboola.com
URL: https://vidstat.taboola.com/lite-unit/3.9.2/UnitWidgetItemDesktop.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.65.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 878a2c6c7257a40f4bd4a98b8e865f1307fadd09a359b067f19049d6f096a4c3

Request headers

Referer: https://www.threatminer.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
content-encoding: gzip
content-type: text/html;charset=ISO-8859-1
date: Wed, 31 Aug 2022 13:14:21 GMT
server: nginx
vary: Accept-Encoding
via: 1.1 varnish
x-cache: MISS
x-cache-hits: 0
x-served-by: cache-hhn4024-HHN
x-timer: S1661951661.163644,VS0,VE10

GET
H2 200 sync Show response
am-match.taboola.com/ Frame 141E 742 B
828 B 427ms
29ms Document
text/html 141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://am-match.taboola.com/sync?dast=V7RkMCFgMdofPxc55SfAQdofPxc55SfAUAAAAGBuIHJGWYGBaW3Wqt8SxXa9FqM1srN47dWjccjCYu3243M5mGQFKGiWFh2a3WGs9ytRatNrO1cuPYrXXDwWji8u12M5NpDUloOh0-171e9_vdRUfLy2F6O-0uy11v-fk1D7fh7LILjob_4j2aeGzL1cZmWzlnjo3JtDCNfCOPYzFcmWwO58pkBwAAAICH____fwgAAACACAAAAAAJAAAAAIqAin8LgQsAAAAAjP___38NACiOBnGYDLqn2eS6-1x2fwAAAACAAAAAAJAADJBWlwBQuJyc_P_________HDNBn3sj8____3xj0ADz4ADwIAQAAfAwVq16bP60ZhhMVzBYxAgAAAMiW0544mtQJlUXV__9_vxXAFQBAgCB9QnRNlu6gxFsYAABAgNhwiGqKr2iGxtgCPSx-v9lh1_jdLvv_________N_s_-0cTYtILTwuCqB9W-wUEAFj7BQQAYFM3AIA3AbiQ40DT6fC57vW63-8uOlpeDtPbaXdZ7nrLzy86glYMBqszoN1wNZrMDgAAAODu____H284RDXFVzRDQw-ELBOXw2Uabhwex8K0WS6Gs43J5FwOVxPjZDZcbu_RJj5JYvX3z2_CFqPVZLJZDmfLxWQwHA1Ho_0NxGA1wIkYLJeTyWKyW41Wo81wN5oNFigQgwlStGgwWY1Gk8VkuBpNVrPlYrfbIEWrVrPRZjBczSaz3W41HAyXoxFO2GK0mkw2y-FsuZgMhqPhaDREmFyYJsOZc-QWzRaGtWg2Mq2Vy8HGLVsYlwuTYznyzFZu0etjehiGK9Nk40XBAJm9SJ4W6USyGA43LsfMZlitbIvRxuIY7BbOkcU2WxknppFtIpZoThbpRHbZlywTl8NlGm4cHsfCtFkuhrONyeRcDlcT42Q2XO6bC9NkOHOO3KLZwrAWzUamtXI52LhlC-NyYXIsR57Zyi16fUwPw3Blmmz8jdlssVwtZrPBvjGbLZarxWw22HeYTM_U52x0TY9-j8rhFG4b2pvDoHAZLN6fxLSYdmcH0cl3dOqkKmVRZ_TdukevQeE5eFTD63IZnh4X3-bPoHAcDIpYIrhIJyKn5_H6vHVPk89lemseNpfpeXbZXmbLYOy3-0wPp9mwnIglStNFOtFrHm7D2WUXHA0XsURwukgnopfxdFH_0UEWu7liMZpLFsO5YrlKAAAAAAAAAABLmDNvAgAAAHAayGY4HKzWeRCbyWS1WS0X4EFdQhcYBAAAAAAAYJfDcJl3ZwdCrLjx4xJyeh6vz1v3NPlcprfmYXOZnmeX7WW2DMZ-u8_0cJoNyykDPDgtMm_-TBBrtVrWAAAAAtgAAAAB3Lp5CyCL4v_____jAAAAZOToAQAAxPeBQCj1wo9cKfgJcDUYDg!&excid=22&docw=0&cijs=1&nlb=false
Requested by: Host: vidstat.taboola.com
URL: https://vidstat.taboola.com/lite-unit/3.9.2/UnitWidgetItemDesktop.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: 878a2c6c7257a40f4bd4a98b8e865f1307fadd09a359b067f19049d6f096a4c3

Request headers

Referer: https://www.threatminer.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

content-type: text/html;charset=ISO-8859-1
date: Wed, 31 Aug 2022 13:14:21 GMT
machineid: 3402
server: nginx

POST
H2 200 VideoBidRequestHandlerServlet Show response
wf.taboola.com/ Frame ABF8 1 KB
739 B 92ms
91ms XHR
application/json 151.101.65.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://wf.taboola.com/VideoBidRequestHandlerServlet?oid=15&width=700&height=393&pubid=169497&tagid=953497&crid=-1&noaop=5&sortOrderType=0&cb=1661951661154&mimes=5,10,11,12&isvideo=0&plmd=2&mindur=1&maxdur=210&minbr=1&maxbr=10000&st=0&seq=1&pv=1477&pt=-308820455&tz=0&viewable=true&ddast=V7RkMCFgMdofPxc55SfAQdofPxc55SfAUAAAAGBuIHJGWYGBaW3Wqt8SxXa9FqM1srN47dWjccjCYu3243M5mGQFKGiWFh2a3WGs9ytRatNrO1cuPYrXXDwWji8u12M5NpDUloOh0-171e9_vdRUfLy2F6O-0uy11v-fk1D7fh7LILjob_4j2aeGzL1cZmWzlnjo3JtDCNfCOPYzFcmWwO58pkBwAAAICH____fwgAAACACAAAAAAJAAAAAIqAin8LgQsAAAAAjP___38NACiOBnGYDLqn2eS6-1x2fwAAAACAAAAAAJAADJBWlwBQuJyc_P_________HDNBn3sj8____3xj0ADz4ADwIAQAAfAwVq16bP60ZhhMVzBYxAgAAAMiW0544mtQJlUXV__9_vxXAFQBAgCB9QnRNlu6gxFsYAABAgNhwiGqKr2iGxtgCPSx-v9lh1_jdLvv_________N_s_-0cTYtILTwuCqB9W-wUEAFj7BQQAYFM3AIA3AbiQ40DT6fC57vW63-8uOlpeDtPbaXdZ7nrLzy86glYMBqszoN1wNZrMDgAAAODu____H284RDXFVzRDQw-ELBOXw2Uabhwex8K0WS6Gs43J5FwOVxPjZDZcbu_RJj5JYvX3z2_CFqPVZLJZDmfLxWQwHA1Ho_0NxGA1wIkYLJeTyWKyW41Wo81wN5oNFigQgwlStGgwWY1Gk8VkuBpNVrPlYrfbIEWrVrPRZjBczSaz3W41HAyXoxFO2GK0mkw2y-FsuZgMhqPhaDREmFyYJsOZc-QWzRaGtWg2Mq2Vy8HGLVsYlwuTYznyzFZu0etjehiGK9Nk40XBAJm9SJ4W6USyGA43LsfMZlitbIvRxuIY7BbOkcU2WxknppFtIpZoThbpRHbZlywTl8NlGm4cHsfCtFkuhrONyeRcDlcT42Q2XO6bC9NkOHOO3KLZwrAWzUamtXI52LhlC-NyYXIsR57Zyi16fUwPw3Blmmz8jdlssVwtZrPBvjGbLZarxWw22HeYTM_U52x0TY9-j8rhFG4b2pvDoHAZLN6fxLSYdmcH0cl3dOqkKmVRZ_TdukevQeE5eFTD63IZnh4X3-bPoHAcDIpYIrhIJyKn5_H6vHVPk89lemseNpfpeXbZXmbLYOy3-0wPp9mwnIglStNFOtFrHm7D2WUXHA0XsURwukgnopfxdFH_0UEWu7liMZpLFsO5YrlKAAAAAAAAAABLmDNvAgAAAHAayGY4HKzWeRCbyWS1WS0X4EFdQhcYBAAAAAAAYJfDcJl3ZwdCrLjx4xJyeh6vz1v3NPlcprfmYXOZnmeX7WW2DMZ-u8_0cJoNyykDPDgtMm_-TBBrtVrWAAAAAtgAAAAB3Lp5CyCL4v_____jAAAAZOToAQAAxPeBQCj1wo9cKfgJcDUYDg!&proto=2,3,5,6&encoded=1&pstn=vforce2&callback=&wfv=1&amp=0&qsz=7&ft=1&pb=0&pagg=1&sd=undefined&ctsldr=0&dtagid=1322535&dpubid=238805&abtst=adh5c-1_vA!adh5c_vA!inc_all_video_vA!Noappq22_vC!t45!ufm&mPre=0.033&cirf=https%3A%2F%2Fwww.threatminer.org&en=1
Requested by: Host: vidstat.taboola.com
URL: https://vidstat.taboola.com/lite-unit/3.9.2/UnitWidgetItemDesktop.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.65.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 70f53498a31b5816d21cde992682b32b44dced1eb07cbc4718a8e672fa9b4f02

Request headers

Referer: https://www.threatminer.org/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36
Content-type: text/plain

Response headers

date: Wed, 31 Aug 2022 13:14:21 GMT
content-encoding: gzip
access-control-allow-origin: https://www.threatminer.org
machineid: 1448
x-cache: MISS
x-cache-hits: 0
x-served-by: cache-hhn4024-HHN
pragma: no-cache
server: nginx
x-timer: S1661951661.167553,VS0,VE70
vary: Accept-Encoding
content-type: application/json;charset=utf-8
via: 1.1 varnish
cache-control: no-cache,must-revalidate,no-store,max-age=0,s-maxage=0
access-control-allow-credentials: true
accept-ranges: bytes
expires: Sat, 26 Jul 1997 05:00:00 GMT

GET
H2 200 st
am-vid-events.taboola.com/ Frame ABF8 0
43 B 692ms
27ms Image
text/plain 141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://am-vid-events.taboola.com/st?cijs=convusmp&ttype=45&cisd=convusmp&cipid=66361655&crid=-1&dast=V7RkMCFgMdofPxc55SfAQdofPxc55SfAUAAAAGBuIHJGWYGBaW3Wqt8SxXa9FqM1srN47dWjccjCYu3243M5mGQFKGiWFh2a3WGs9ytRatNrO1cuPYrXXDwWji8u12M5NpDUloOh0-171e9_vdRUfLy2F6O-0uy11v-fk1D7fh7LILjob_4j2aeGzL1cZmWzlnjo3JtDCNfCOPYzFcmWwO58pkBwAAAICH____fwgAAACACAAAAAAJAAAAAIqAin8LgQsAAAAAjP___38NACiOBnGYDLqn2eS6-1x2fwAAAACAAAAAAJAADJBWlwBQuJyc_P_________HDNBn3sj8____3xj0ADz4ADwIAQAAfAwVq16bP60ZhhMVzBYxAgAAAMiW0544mtQJlUXV__9_vxXAFQBAgCB9QnRNlu6gxFsYAABAgNhwiGqKr2iGxtgCPSx-v9lh1_jdLvv_________N_s_-0cTYtILTwuCqB9W-wUEAFj7BQQAYFM3AIA3AbiQ40DT6fC57vW63-8uOlpeDtPbaXdZ7nrLzy86glYMBqszoN1wNZrMDgAAAODu____H284RDXFVzRDQw-ELBOXw2Uabhwex8K0WS6Gs43J5FwOVxPjZDZcbu_RJj5JYvX3z2_CFqPVZLJZDmfLxWQwHA1Ho_0NxGA1wIkYLJeTyWKyW41Wo81wN5oNFigQgwlStGgwWY1Gk8VkuBpNVrPlYrfbIEWrVrPRZjBczSaz3W41HAyXoxFO2GK0mkw2y-FsuZgMhqPhaDREmFyYJsOZc-QWzRaGtWg2Mq2Vy8HGLVsYlwuTYznyzFZu0etjehiGK9Nk40XBAJm9SJ4W6USyGA43LsfMZlitbIvRxuIY7BbOkcU2WxknppFtIpZoThbpRHbZlywTl8NlGm4cHsfCtFkuhrONyeRcDlcT42Q2XO6bC9NkOHOO3KLZwrAWzUamtXI52LhlC-NyYXIsR57Zyi16fUwPw3Blmmz8jdlssVwtZrPBvjGbLZarxWw22HeYTM_U52x0TY9-j8rhFG4b2pvDoHAZLN6fxLSYdmcH0cl3dOqkKmVRZ_TdukevQeE5eFTD63IZnh4X3-bPoHAcDIpYIrhIJyKn5_H6vHVPk89lemseNpfpeXbZXmbLYOy3-0wPp9mwnIglStNFOtFrHm7D2WUXHA0XsURwukgnopfxdFH_0UEWu7liMZpLFsO5YrlKAAAAAAAAAABLmDNvAgAAAHAayGY4HKzWeRCbyWS1WS0X4EFdQhcYBAAAAAAAYJfDcJl3ZwdCrLjx4xJyeh6vz1v3NPlcprfmYXOZnmeX7WW2DMZ-u8_0cJoNyykDPDgtMm_-TBBrtVrWAAAAAtgAAAAB3Lp5CyCL4v_____jAAAAZOToAQAAxPeBQCj1wo9cKfgJcDUYDg!&cmcv=&pix=31589837&cb=1661951661149&uv=3221&tms=1661951661149&abt=adh5c-1_vA!adh5c_vA!inc_all_video_vA!Noappq22_vC!t45!ufm&ru=https://www.threatminer.org/sample.php?q=4bc695cf6e9f1cd4a4d7dc118edfa9ed&ft=1&unm=WIDGET_ITEM&debug=pn:!sqg:!torgn:1661951657785.2!ts:1661951661149&mntl=1
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 13:14:21 GMT
content-length: 0
server: nginx

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 281F 0
12 B 20ms
19ms Image
text/plain 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?A8Eaxw
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 13:14:21 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H2 200 sync
taboola-supply-partners.tremorhub.com/ Frame CAAE 43 B
183 B 412ms
107ms Image
image/gif 2600:1f18:612b:4216:bf1f:4380:1bf2:c0ae
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://taboola-supply-partners.tremorhub.com/sync?UISTB=%3CtaboolaUserId%3E&gdpr=1&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Ftelaria-rtb-network%2F1%2Frtb-h%2F%3Fgdpr%3D1%26us_privacy%3D1---%26taboola_hm%3D%5BTVUSER_ID%5D%26orig%3Dvideo
Requested by: Host: imprammp.taboola.com
URL: https://imprammp.taboola.com/st?cijs=convusmp&ttype=0&cisd=convusmp&cipid=66361655&crid=-1&dast=V7RkMCFgMdofPxc55SfAQdofPxc55SfAUAAAAGBuIHJGWYGBaW3Wqt8SxXa9FqM1srN47dWjccjCYu3243M5mGQFKGiWFh2a3WGs9ytRatNrO1cuPYrXXDwWji8u12M5NpDUloOh0-171e9_vdRUfLy2F6O-0uy11v-fk1D7fh7LILjob_4j2aeGzL1cZmWzlnjo3JtDCNfCOPYzFcmWwO58pkBwAAAICH____fwgAAACACAAAAAAJAAAAAIqAin8LgQsAAAAAjP___38NACiOBnGYDLqn2eS6-1x2fwAAAACAAAAAAJAADJBWlwBQuJyc_P_________HDNBn3sj8____3xj0ADz4ADwIAQAAfAwVq16bP60ZhhMVzBYxAgAAAMiW0544mtQJlUXV__9_vxXAFQBAgCB9QnRNlu6gxFsYAABAgNhwiGqKr2iGxtgCPSx-v9lh1_jdLvv_________N_s_-0cTYtILTwuCqB9W-wUEAFj7BQQAYFM3AIA3AbiQ40DT6fC57vW63-8uOlpeDtPbaXdZ7nrLzy86glYMBqszoN1wNZrMDgAAAODu____H284RDXFVzRDQw-ELBOXw2Uabhwex8K0WS6Gs43J5FwOVxPjZDZcbu_RJj5JYvX3z2_CFqPVZLJZDmfLxWQwHA1Ho_0NxGA1wIkYLJeTyWKyW41Wo81wN5oNFigQgwlStGgwWY1Gk8VkuBpNVrPlYrfbIEWrVrPRZjBczSaz3W41HAyXoxFO2GK0mkw2y-FsuZgMhqPhaDREmFyYJsOZc-QWzRaGtWg2Mq2Vy8HGLVsYlwuTYznyzFZu0etjehiGK9Nk40XBAJm9SJ4W6USyGA43LsfMZlitbIvRxuIY7BbOkcU2WxknppFtIpZoThbpRHbZlywTl8NlGm4cHsfCtFkuhrONyeRcDlcT42Q2XO6bC9NkOHOO3KLZwrAWzUamtXI52LhlC-NyYXIsR57Zyi16fUwPw3Blmmz8jdlssVwtZrPBvjGbLZarxWw22HeYTM_U52x0TY9-j8rhFG4b2pvDoHAZLN6fxLSYdmcH0cl3dOqkKmVRZ_TdukevQeE5eFTD63IZnh4X3-bPoHAcDIpYIrhIJyKn5_H6vHVPk89lemseNpfpeXbZXmbLYOy3-0wPp9mwnIglStNFOtFrHm7D2WUXHA0XsURwukgnopfxdFH_0UEWu7liMZpLFsO5YrlKAAAAAAAAAABLmDNvAgAAAHAayGY4HKzWeRCbyWS1WS0X4EFdQhcYBAAAAAAAYJfDcJl3ZwdCrLjx4xJyeh6vz1v3NPlcprfmYXOZnmeX7WW2DMZ-u8_0cJoNyykDPDgtMm_-TBBrtVrWAAAAAtgAAAAB3Lp5CyCL4v_____jAAAAZOToAQAAxPeBQCj1wo9cKfgJcDUYDg!&cmcv=&pix=undefined&cb=1661951661149&uv=3221&tms=1661951661149&abt=adh5c-1_vA!adh5c_vA!inc_all_video_vA!Noappq22_vC!t45!ufm&ru=https://www.threatminer.org/sample.php?q=4bc695cf6e9f1cd4a4d7dc118edfa9ed&ft=1&unm=WIDGET_ITEM&aure=false&agl=1&cirid=e0b0a275-c395-4536-9c17-7804be777fd4&excid=e22lLINE_ITEM_ID_WILL_BE_HERE_ON_SERVINGc&tst=1&docw=0&cs=true&cias=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:612b:4216:bf1f:4380:1bf2:c0ae Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://imprammp.taboola.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 13:14:21 GMT
server: Apache-Coyote/1.1
p3p: CP='This is not a P3P policy. See https://telaria.com/privacy-policy/'
content-type: image/gif

GET
H2 200 generic
match.adsrvr.org/track/cmf/ Frame CAAE 70 B
265 B 136ms
45ms Image
image/gif 35.71.131.137
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/generic?gdpr=1&ttd_pid=054f32o&us_privacy=1---&ttd_tpi=1
Requested by: Host: imprammp.taboola.com
URL: https://imprammp.taboola.com/st?cijs=convusmp&ttype=0&cisd=convusmp&cipid=66361655&crid=-1&dast=V7RkMCFgMdofPxc55SfAQdofPxc55SfAUAAAAGBuIHJGWYGBaW3Wqt8SxXa9FqM1srN47dWjccjCYu3243M5mGQFKGiWFh2a3WGs9ytRatNrO1cuPYrXXDwWji8u12M5NpDUloOh0-171e9_vdRUfLy2F6O-0uy11v-fk1D7fh7LILjob_4j2aeGzL1cZmWzlnjo3JtDCNfCOPYzFcmWwO58pkBwAAAICH____fwgAAACACAAAAAAJAAAAAIqAin8LgQsAAAAAjP___38NACiOBnGYDLqn2eS6-1x2fwAAAACAAAAAAJAADJBWlwBQuJyc_P_________HDNBn3sj8____3xj0ADz4ADwIAQAAfAwVq16bP60ZhhMVzBYxAgAAAMiW0544mtQJlUXV__9_vxXAFQBAgCB9QnRNlu6gxFsYAABAgNhwiGqKr2iGxtgCPSx-v9lh1_jdLvv_________N_s_-0cTYtILTwuCqB9W-wUEAFj7BQQAYFM3AIA3AbiQ40DT6fC57vW63-8uOlpeDtPbaXdZ7nrLzy86glYMBqszoN1wNZrMDgAAAODu____H284RDXFVzRDQw-ELBOXw2Uabhwex8K0WS6Gs43J5FwOVxPjZDZcbu_RJj5JYvX3z2_CFqPVZLJZDmfLxWQwHA1Ho_0NxGA1wIkYLJeTyWKyW41Wo81wN5oNFigQgwlStGgwWY1Gk8VkuBpNVrPlYrfbIEWrVrPRZjBczSaz3W41HAyXoxFO2GK0mkw2y-FsuZgMhqPhaDREmFyYJsOZc-QWzRaGtWg2Mq2Vy8HGLVsYlwuTYznyzFZu0etjehiGK9Nk40XBAJm9SJ4W6USyGA43LsfMZlitbIvRxuIY7BbOkcU2WxknppFtIpZoThbpRHbZlywTl8NlGm4cHsfCtFkuhrONyeRcDlcT42Q2XO6bC9NkOHOO3KLZwrAWzUamtXI52LhlC-NyYXIsR57Zyi16fUwPw3Blmmz8jdlssVwtZrPBvjGbLZarxWw22HeYTM_U52x0TY9-j8rhFG4b2pvDoHAZLN6fxLSYdmcH0cl3dOqkKmVRZ_TdukevQeE5eFTD63IZnh4X3-bPoHAcDIpYIrhIJyKn5_H6vHVPk89lemseNpfpeXbZXmbLYOy3-0wPp9mwnIglStNFOtFrHm7D2WUXHA0XsURwukgnopfxdFH_0UEWu7liMZpLFsO5YrlKAAAAAAAAAABLmDNvAgAAAHAayGY4HKzWeRCbyWS1WS0X4EFdQhcYBAAAAAAAYJfDcJl3ZwdCrLjx4xJyeh6vz1v3NPlcprfmYXOZnmeX7WW2DMZ-u8_0cJoNyykDPDgtMm_-TBBrtVrWAAAAAtgAAAAB3Lp5CyCL4v_____jAAAAZOToAQAAxPeBQCj1wo9cKfgJcDUYDg!&cmcv=&pix=undefined&cb=1661951661149&uv=3221&tms=1661951661149&abt=adh5c-1_vA!adh5c_vA!inc_all_video_vA!Noappq22_vC!t45!ufm&ru=https://www.threatminer.org/sample.php?q=4bc695cf6e9f1cd4a4d7dc118edfa9ed&ft=1&unm=WIDGET_ITEM&aure=false&agl=1&cirid=e0b0a275-c395-4536-9c17-7804be777fd4&excid=e22lLINE_ITEM_ID_WILL_BE_HERE_ON_SERVINGc&tst=1&docw=0&cs=true&cias=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.71.131.137 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://imprammp.taboola.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 31 Aug 2022 13:14:21 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H2

200

rtb-h Show response
sync-t1.taboola.com/sg/spotx-rtb-network/1/ Frame CAAE
Redirect Chain

https://sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3D...
https://sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3D...
https://sync-t1.taboola.com/sg/spotx-rtb-network/1/rtb-h?taboola_hm=d38e05e2-292e-11ed-8650-1348667f0106&orig=video&us_privacy=1---gdpr=1&

0
99 B

191ms
26ms

Script
text/plain

141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://sync-t1.taboola.com/sg/spotx-rtb-network/1/rtb-h?taboola_hm=d38e05e2-292e-11ed-8650-1348667f0106&orig=video&us_privacy=1---gdpr=1&
Requested by: Host: imprammp.taboola.com
URL: https://imprammp.taboola.com/st?cijs=convusmp&ttype=0&cisd=convusmp&cipid=66361655&crid=-1&dast=V7RkMCFgMdofPxc55SfAQdofPxc55SfAUAAAAGBuIHJGWYGBaW3Wqt8SxXa9FqM1srN47dWjccjCYu3243M5mGQFKGiWFh2a3WGs9ytRatNrO1cuPYrXXDwWji8u12M5NpDUloOh0-171e9_vdRUfLy2F6O-0uy11v-fk1D7fh7LILjob_4j2aeGzL1cZmWzlnjo3JtDCNfCOPYzFcmWwO58pkBwAAAICH____fwgAAACACAAAAAAJAAAAAIqAin8LgQsAAAAAjP___38NACiOBnGYDLqn2eS6-1x2fwAAAACAAAAAAJAADJBWlwBQuJyc_P_________HDNBn3sj8____3xj0ADz4ADwIAQAAfAwVq16bP60ZhhMVzBYxAgAAAMiW0544mtQJlUXV__9_vxXAFQBAgCB9QnRNlu6gxFsYAABAgNhwiGqKr2iGxtgCPSx-v9lh1_jdLvv_________N_s_-0cTYtILTwuCqB9W-wUEAFj7BQQAYFM3AIA3AbiQ40DT6fC57vW63-8uOlpeDtPbaXdZ7nrLzy86glYMBqszoN1wNZrMDgAAAODu____H284RDXFVzRDQw-ELBOXw2Uabhwex8K0WS6Gs43J5FwOVxPjZDZcbu_RJj5JYvX3z2_CFqPVZLJZDmfLxWQwHA1Ho_0NxGA1wIkYLJeTyWKyW41Wo81wN5oNFigQgwlStGgwWY1Gk8VkuBpNVrPlYrfbIEWrVrPRZjBczSaz3W41HAyXoxFO2GK0mkw2y-FsuZgMhqPhaDREmFyYJsOZc-QWzRaGtWg2Mq2Vy8HGLVsYlwuTYznyzFZu0etjehiGK9Nk40XBAJm9SJ4W6USyGA43LsfMZlitbIvRxuIY7BbOkcU2WxknppFtIpZoThbpRHbZlywTl8NlGm4cHsfCtFkuhrONyeRcDlcT42Q2XO6bC9NkOHOO3KLZwrAWzUamtXI52LhlC-NyYXIsR57Zyi16fUwPw3Blmmz8jdlssVwtZrPBvjGbLZarxWw22HeYTM_U52x0TY9-j8rhFG4b2pvDoHAZLN6fxLSYdmcH0cl3dOqkKmVRZ_TdukevQeE5eFTD63IZnh4X3-bPoHAcDIpYIrhIJyKn5_H6vHVPk89lemseNpfpeXbZXmbLYOy3-0wPp9mwnIglStNFOtFrHm7D2WUXHA0XsURwukgnopfxdFH_0UEWu7liMZpLFsO5YrlKAAAAAAAAAABLmDNvAgAAAHAayGY4HKzWeRCbyWS1WS0X4EFdQhcYBAAAAAAAYJfDcJl3ZwdCrLjx4xJyeh6vz1v3NPlcprfmYXOZnmeX7WW2DMZ-u8_0cJoNyykDPDgtMm_-TBBrtVrWAAAAAtgAAAAB3Lp5CyCL4v_____jAAAAZOToAQAAxPeBQCj1wo9cKfgJcDUYDg!&cmcv=&pix=undefined&cb=1661951661149&uv=3221&tms=1661951661149&abt=adh5c-1_vA!adh5c_vA!inc_all_video_vA!Noappq22_vC!t45!ufm&ru=https://www.threatminer.org/sample.php?q=4bc695cf6e9f1cd4a4d7dc118edfa9ed&ft=1&unm=WIDGET_ITEM&aure=false&agl=1&cirid=e0b0a275-c395-4536-9c17-7804be777fd4&excid=e22lLINE_ITEM_ID_WILL_BE_HERE_ON_SERVINGc&tst=1&docw=0&cs=true&cias=1
Protocol: H2
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://imprammp.taboola.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 13:14:21 GMT
access-control-allow-credentials: true
server: nginx
x-fastly-to-nlb-rtt: 25571

Redirect headers

Date: Wed, 31 Aug 2022 13:14:21 GMT
Server: nginx
Location: https://sync-t1.taboola.com/sg/spotx-rtb-network/1/rtb-h?taboola_hm=d38e05e2-292e-11ed-8650-1348667f0106&orig=video&us_privacy=1---gdpr=1&
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/plain
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials: false
X-fe: 78
Connection: keep-alive
Content-Length: 0

GET
H2 200 cmTagWIDGET_ITEM.js Show response
vidstat.taboola.com/vpaid/units/32_2_1/infra/ Frame ABF8 725 KB
124 KB 64ms
21ms Script
application/javascript 151.101.129.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://vidstat.taboola.com/vpaid/units/32_2_1/infra/cmTagWIDGET_ITEM.js
Requested by: Host: vidstat.taboola.com
URL: https://vidstat.taboola.com/lite-unit/3.9.2/UnitWidgetItemDesktop.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.129.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3-br /
Resource Hash: 8e5222350bd22079ba76a819e20ccea6be4235110a4b8cebd33564fdda18cab7

Request headers

Referer: https://www.threatminer.org/
Origin: https://www.threatminer.org
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 13:14:21 GMT
via: 1.1 varnish
age: 187533
x-amz-meta-mtime: 1661763973
x-cache: HIT
x-amz-meta-ctime: 1661763975
x-amz-meta-mode: 33188
content-encoding: br
content-length: 126712
x-amz-id-2: UqIOectxORRsy1fzSz1D2lWFJ5P06vEogkblf2DtjwEnPW22hjM6QkzunByn49W34XTZTGmo/HQ=
x-served-by: cache-hhn4075-HHN
accept-ranges: bytes
last-modified: Mon, 29 Aug 2022 09:06:16 GMT
server: AmazonS3-br
x-timer: S1661951661.304922,VS0,VE0
etag: "5f22089507fa10d5707ce2727a7dc3e8"
x-amz-meta-uid: 0
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS, HEAD
x-amz-request-id: MQC8X2EQAWM8H23W
access-control-allow-origin: *
cache-control: public, max-age=2592000
x-amz-meta-gid: 0
content-type: application/javascript
access-control-allow-headers: *
x-cache-hits: 17824

GET
H2 200 cmOsUnit.css
vidstat.taboola.com/vpaid/units/32_2_1/assets/css/ Frame ABF8 63 KB
9 KB 21ms
21ms Stylesheet
text/css 151.101.65.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://vidstat.taboola.com/vpaid/units/32_2_1/assets/css/cmOsUnit.css
Requested by: Host: vidstat.taboola.com
URL: https://vidstat.taboola.com/lite-unit/3.9.2/UnitWidgetItemDesktop.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.65.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3-br /
Resource Hash: 380c8dd7c2b23d5b7572ed28bb68013004e8b81fd50a43c631475afb9760f5c8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 13:14:21 GMT
via: 1.1 varnish
age: 187533
x-amz-meta-mtime: 1661764028
x-cache: HIT
x-amz-meta-ctime: 1661764029
x-amz-meta-mode: 33188
content-encoding: br
content-length: 8297
x-amz-id-2: jMjT70Hd+SsaTy3qsA7tG6CA7T6xYnOVfkZWLZgjMMS4f54R80hSCznlxirh0NjoEal6JN5DbSA=
x-served-by: cache-hhn4024-HHN
accept-ranges: bytes
last-modified: Mon, 29 Aug 2022 09:07:10 GMT
server: AmazonS3-br
x-timer: S1661951661.262871,VS0,VE0
etag: "a28320a69408adba1f01f56d6eb80708"
x-amz-meta-uid: 0
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS, HEAD
x-amz-request-id: MQC715RR5YPW5EX4
access-control-allow-origin: *
cache-control: public, max-age=2592000
x-amz-meta-gid: 0
content-type: text/css
access-control-allow-headers: *
x-cache-hits: 40987

GET
H2 200 OvaMediaPlayer.js Show response
vidstat.taboola.com/vpaid/vPlayer/player/v14.7.7/ Frame ABF8 426 KB
85 KB 22ms
22ms Script
application/javascript 151.101.65.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://vidstat.taboola.com/vpaid/vPlayer/player/v14.7.7/OvaMediaPlayer.js
Requested by: Host: vidstat.taboola.com
URL: https://vidstat.taboola.com/vpaid/units/32_2_1/infra/cmTagWIDGET_ITEM.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.65.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3-br /
Resource Hash: 376dd78b0a9611070abca5b4dca8c5497cc263a969779273d20c3ee9a1d01711

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 13:14:21 GMT
via: 1.1 varnish
age: 22562
x-amz-meta-mtime: 1661929036
x-cache: HIT
x-amz-meta-ctime: 1661929049
x-amz-meta-mode: 33188
content-encoding: br
content-length: 86596
x-amz-id-2: jgDVIYUf/OAyCv2LlA0iw3VeFooUOOVyQnPPa7j4rSEaW/r3Z53Dyi4cu35FQikSnIONRuU5Fyo=
x-served-by: cache-hhn4024-HHN
accept-ranges: bytes
last-modified: Wed, 31 Aug 2022 06:57:30 GMT
server: AmazonS3-br
x-timer: S1661951661.469587,VS0,VE0
etag: "dc6f9c508a655c577be225354b665441"
x-amz-meta-uid: 0
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS, HEAD
x-amz-request-id: WK7NQA0YND95YBGW
access-control-allow-origin: *
cache-control: public, max-age=2592000
x-amz-meta-gid: 0
content-type: application/javascript
access-control-allow-headers: *
x-cache-hits: 10906

GET
H2 200 sync Show response
am-match.taboola.com/ Frame E18A 742 B
827 B 84ms
29ms Document
text/html 141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://am-match.taboola.com/sync?dast=V7RkMCFgMdofPxc55SfAQdofPxc55SfAUAAAAGBuIHJGWYGBaW3Wqt8SxXa9FqM1srN47dWjccjCYu3243M5mGQFKGiWFh2a3WGs9ytRatNrO1cuPYrXXDwWji8u12M5NpDUloOh0-171e9_vdRUfLy2F6O-0uy11v-fk1D7fh7LILjob_4j2aeGzL1cZmWzlnjo3JtDCNfCOPYzFcmWwO58pkBwAAAICH____fwgAAACACAAAAAAJAAAAAIqAin8LgQsAAAAAjP___38NACiOBnGYDLqn2eS6-1x2fwAAAACAAAAAAJAADJBWlwBQuJyc_P_________HDNBn3sj8____3xj0ADz4ADwIAQAAfAwVq16bP60ZhhMVzBYxAgAAAMiW0544mtQJlUXV__9_vxXAFQBAgCB9QnRNlu6gxFsYAABAgNhwiGqKr2iGxtgCPSx-v9lh1_jdLvv_________N_s_-0cTYtILTwuCqB9W-wUEAFj7BQQAYFM3AIA3AbiQ40DT6fC57vW63-8uOlpeDtPbaXdZ7nrLzy86glYMBqszoN1wNZrMDgAAAODu____H284RDXFVzRDQw-ELBOXw2Uabhwex8K0WS6Gs43J5FwOVxPjZDZcbu_RJj5JYvX3z2_CFqPVZLJZDmfLxWQwHA1Ho_0NxGA1wIkYLJeTyWKyW41Wo81wN5oNFigQgwlStGgwWY1Gk8VkuBpNVrPlYrfbIEWrVrPRZjBczSaz3W41HAyXoxFO2GK0mkw2y-FsuZgMhqPhaDREmFyYJsOZc-QWzRaGtWg2Mq2Vy8HGLVsYlwuTYznyzFZu0etjehiGK9Nk40XBAJm9SJ4W6USyGA43LsfMZlitbIvRxuIY7BbOkcU2WxknppFtIpZoThbpRHbZlywTl8NlGm4cHsfCtFkuhrONyeRcDlcT42Q2XO6bC9NkOHOO3KLZwrAWzUamtXI52LhlC-NyYXIsR57Zyi16fUwPw3Blmmz8jdlssVwtZrPBvjGbLZarxWw22HeYTM_U52x0TY9-j8rhFG4b2pvDoHAZLN6fxLSYdmcH0cl3dOqkKmVRZ_TdukevQeE5eFTD63IZnh4X3-bPoHAcDIpYIrhIJyKn5_H6vHVPk89lemseNpfpeXbZXmbLYOy3-0wPp9mwnIglStNFOtFrHm7D2WUXHA0XsURwukgnopfxdFH_0UEWu7liMZpLFsO5YrlKAAAAAAAAAABLmDNvAgAAAHAayGY4HKzWeRCbyWS1WS0X4EFdQhcYBAAAAAAAYJfDcJl3ZwdCrLjx4xJyeh6vz1v3NPlcprfmYXOZnmeX7WW2DMZ-u8_0cJoNyykDPDgtMm_-TBBrtVrWAAAAAtgAAAAB3Lp5CyCL4v_____jAAAAZOToAQAAxPeBQCj1wo9cKfgJcDUYDg!&excid=22&docw=0&cijs=1&nlb=false
Requested by: Host: vidstat.taboola.com
URL: https://vidstat.taboola.com/vpaid/units/32_2_1/infra/cmTagWIDGET_ITEM.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: 878a2c6c7257a40f4bd4a98b8e865f1307fadd09a359b067f19049d6f096a4c3

Request headers

Referer: https://www.threatminer.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

content-type: text/html;charset=ISO-8859-1
date: Wed, 31 Aug 2022 13:14:21 GMT
machineid: 3406
server: nginx

GET
H2 200 st
am-vid-events.taboola.com/ Frame ABF8 0
43 B 377ms
27ms Image
text/plain 141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://am-vid-events.taboola.com/st?cijs=convusmp&ttype=45&cisd=convusmp&cipid=66361655&crid=-1&dast=V7RkMCFgMdofPxc55SfAQdofPxc55SfAUAAAAGBuIHJGWYGBaW3Wqt8SxXa9FqM1srN47dWjccjCYu3243M5mGQFKGiWFh2a3WGs9ytRatNrO1cuPYrXXDwWji8u12M5NpDUloOh0-171e9_vdRUfLy2F6O-0uy11v-fk1D7fh7LILjob_4j2aeGzL1cZmWzlnjo3JtDCNfCOPYzFcmWwO58pkBwAAAICH____fwgAAACACAAAAAAJAAAAAIqAin8LgQsAAAAAjP___38NACiOBnGYDLqn2eS6-1x2fwAAAACAAAAAAJAADJBWlwBQuJyc_P_________HDNBn3sj8____3xj0ADz4ADwIAQAAfAwVq16bP60ZhhMVzBYxAgAAAMiW0544mtQJlUXV__9_vxXAFQBAgCB9QnRNlu6gxFsYAABAgNhwiGqKr2iGxtgCPSx-v9lh1_jdLvv_________N_s_-0cTYtILTwuCqB9W-wUEAFj7BQQAYFM3AIA3AbiQ40DT6fC57vW63-8uOlpeDtPbaXdZ7nrLzy86glYMBqszoN1wNZrMDgAAAODu____H284RDXFVzRDQw-ELBOXw2Uabhwex8K0WS6Gs43J5FwOVxPjZDZcbu_RJj5JYvX3z2_CFqPVZLJZDmfLxWQwHA1Ho_0NxGA1wIkYLJeTyWKyW41Wo81wN5oNFigQgwlStGgwWY1Gk8VkuBpNVrPlYrfbIEWrVrPRZjBczSaz3W41HAyXoxFO2GK0mkw2y-FsuZgMhqPhaDREmFyYJsOZc-QWzRaGtWg2Mq2Vy8HGLVsYlwuTYznyzFZu0etjehiGK9Nk40XBAJm9SJ4W6USyGA43LsfMZlitbIvRxuIY7BbOkcU2WxknppFtIpZoThbpRHbZlywTl8NlGm4cHsfCtFkuhrONyeRcDlcT42Q2XO6bC9NkOHOO3KLZwrAWzUamtXI52LhlC-NyYXIsR57Zyi16fUwPw3Blmmz8jdlssVwtZrPBvjGbLZarxWw22HeYTM_U52x0TY9-j8rhFG4b2pvDoHAZLN6fxLSYdmcH0cl3dOqkKmVRZ_TdukevQeE5eFTD63IZnh4X3-bPoHAcDIpYIrhIJyKn5_H6vHVPk89lemseNpfpeXbZXmbLYOy3-0wPp9mwnIglStNFOtFrHm7D2WUXHA0XsURwukgnopfxdFH_0UEWu7liMZpLFsO5YrlKAAAAAAAAAABLmDNvAgAAAHAayGY4HKzWeRCbyWS1WS0X4EFdQhcYBAAAAAAAYJfDcJl3ZwdCrLjx4xJyeh6vz1v3NPlcprfmYXOZnmeX7WW2DMZ-u8_0cJoNyykDPDgtMm_-TBBrtVrWAAAAAtgAAAAB3Lp5CyCL4v_____jAAAAZOToAQAAxPeBQCj1wo9cKfgJcDUYDg!&cmcv=&pix=31589837&cb=1661951661437&uv=3221&tms=1661951661437&su=&abt=Noappq22_vC!adh5c-1_vA!adh5c_vA!inc_all_video_vA!t45!t45!ufm_vA&ru=https://www.threatminer.org/sample.php?q=4bc695cf6e9f1cd4a4d7dc118edfa9ed&ft=1&unm=WIDGET_ITEM&debug=pn:!sqg:!torgn:1661951657785.2!ts:1661951661436&
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 13:14:21 GMT
content-length: 0
server: nginx

GET
H2 206 blackScreen5.mp4
vidstatb.taboola.com/vid/ Frame ABF8 89 KB
89 KB 22ms
21ms Media
video/mp4 151.101.65.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://vidstatb.taboola.com/vid/blackScreen5.mp4
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.65.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 0407dafc112212a135d1aa4dd9b40ba0208c6bb6b1959f5535af093254189d66

Request headers

Referer: https://www.threatminer.org/
Accept-Encoding: identity;q=1, *;q=0
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36
Range: bytes=0-

Response headers

date: Wed, 31 Aug 2022 13:14:21 GMT
via: 1.1 387adc951beb5181d840dfb5d1f09488.cloudfront.net (CloudFront), 1.1 varnish
age: 453753
x-amz-meta-mtime: 1497790207
x-cache: Hit from cloudfront, HIT
Content-Range: bytes 0-90783/90784
x-amz-meta-mode: 33188
Content-Length: 90784
x-served-by: cache-hhn4024-HHN
last-modified: Sun, 02 Jul 2017 20:40:57 GMT
server: AmazonS3
x-timer: S1661951661.495967,VS0,VE0
etag: "b2b087fe4ae638c533731c347fcd4df8"
x-amz-meta-uid: 0
access-control-allow-methods: GET, OPTIONS, HEAD
x-amz-meta-gid: 0
access-control-allow-origin: *
cache-control: public, max-age=2592000
x-amz-cf-pop: FRA56-P4
accept-ranges: bytes
content-type: video/mp4
access-control-allow-headers: *
x-amz-cf-id: bvT6FK2rTo_nl7n5dhIG0oxfs4XCgY3wJgHK2ZZqm_ol_dkUdi0-QQ==
x-cache-hits: 69457

GET
H/1.1 200
OK event.gif
referrer.disqus.com/juggler/ 43 B
339 B 113ms
112ms Image
image/gif 199.232.192.134
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://referrer.disqus.com/juggler/event.gif?imp=1op9m2q3rkinke&experiment=network_default&variant=fallthrough&service=dynamic&area=top&product=embed&forum=threatminer&zone=thread&version=0837a7fb2afa86b68e4ee5098ec9905b&page_url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D4bc695cf6e9f1cd4a4d7dc118edfa9ed&page_referrer=&object_type=advertisement&provider=taboola&event=activity&ad_product_name=iab_display&ad_product_layout=iab_display&bin=embed%3Apromoted_discovery%3Adynamic%3Anetwork_default%3Afallthrough&object_id=%5B184193%5D&section=default&verb=load&advertisement_id=184193&forum_id=5993718

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

199.232.192.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

Date: Wed, 31 Aug 2022 13:14:21 GMT
X-Content-Type-Options: nosniff
Last-Modified: Mon, 28 Sep 1970 06:00:00 GMT
Server: nginx
Content-Type: image/gif
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
Content-Length: 43
X-XSS-Protection: 1; mode=block

GET
H2 200 sync
taboola-supply-partners.tremorhub.com/ Frame 141E 43 B
182 B 107ms
107ms Image
image/gif 2600:1f18:612b:4216:bf1f:4380:1bf2:c0ae
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://taboola-supply-partners.tremorhub.com/sync?UISTB=%3CtaboolaUserId%3E&gdpr=1&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Ftelaria-rtb-network%2F1%2Frtb-h%2F%3Fgdpr%3D1%26us_privacy%3D1---%26taboola_hm%3D%5BTVUSER_ID%5D%26orig%3Dvideo
Requested by: Host: am-match.taboola.com
URL: https://am-match.taboola.com/sync?dast=V7RkMCFgMdofPxc55SfAQdofPxc55SfAUAAAAGBuIHJGWYGBaW3Wqt8SxXa9FqM1srN47dWjccjCYu3243M5mGQFKGiWFh2a3WGs9ytRatNrO1cuPYrXXDwWji8u12M5NpDUloOh0-171e9_vdRUfLy2F6O-0uy11v-fk1D7fh7LILjob_4j2aeGzL1cZmWzlnjo3JtDCNfCOPYzFcmWwO58pkBwAAAICH____fwgAAACACAAAAAAJAAAAAIqAin8LgQsAAAAAjP___38NACiOBnGYDLqn2eS6-1x2fwAAAACAAAAAAJAADJBWlwBQuJyc_P_________HDNBn3sj8____3xj0ADz4ADwIAQAAfAwVq16bP60ZhhMVzBYxAgAAAMiW0544mtQJlUXV__9_vxXAFQBAgCB9QnRNlu6gxFsYAABAgNhwiGqKr2iGxtgCPSx-v9lh1_jdLvv_________N_s_-0cTYtILTwuCqB9W-wUEAFj7BQQAYFM3AIA3AbiQ40DT6fC57vW63-8uOlpeDtPbaXdZ7nrLzy86glYMBqszoN1wNZrMDgAAAODu____H284RDXFVzRDQw-ELBOXw2Uabhwex8K0WS6Gs43J5FwOVxPjZDZcbu_RJj5JYvX3z2_CFqPVZLJZDmfLxWQwHA1Ho_0NxGA1wIkYLJeTyWKyW41Wo81wN5oNFigQgwlStGgwWY1Gk8VkuBpNVrPlYrfbIEWrVrPRZjBczSaz3W41HAyXoxFO2GK0mkw2y-FsuZgMhqPhaDREmFyYJsOZc-QWzRaGtWg2Mq2Vy8HGLVsYlwuTYznyzFZu0etjehiGK9Nk40XBAJm9SJ4W6USyGA43LsfMZlitbIvRxuIY7BbOkcU2WxknppFtIpZoThbpRHbZlywTl8NlGm4cHsfCtFkuhrONyeRcDlcT42Q2XO6bC9NkOHOO3KLZwrAWzUamtXI52LhlC-NyYXIsR57Zyi16fUwPw3Blmmz8jdlssVwtZrPBvjGbLZarxWw22HeYTM_U52x0TY9-j8rhFG4b2pvDoHAZLN6fxLSYdmcH0cl3dOqkKmVRZ_TdukevQeE5eFTD63IZnh4X3-bPoHAcDIpYIrhIJyKn5_H6vHVPk89lemseNpfpeXbZXmbLYOy3-0wPp9mwnIglStNFOtFrHm7D2WUXHA0XsURwukgnopfxdFH_0UEWu7liMZpLFsO5YrlKAAAAAAAAAABLmDNvAgAAAHAayGY4HKzWeRCbyWS1WS0X4EFdQhcYBAAAAAAAYJfDcJl3ZwdCrLjx4xJyeh6vz1v3NPlcprfmYXOZnmeX7WW2DMZ-u8_0cJoNyykDPDgtMm_-TBBrtVrWAAAAAtgAAAAB3Lp5CyCL4v_____jAAAAZOToAQAAxPeBQCj1wo9cKfgJcDUYDg!&excid=22&docw=0&cijs=1&nlb=false
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:612b:4216:bf1f:4380:1bf2:c0ae Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://am-match.taboola.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 13:14:21 GMT
server: Apache-Coyote/1.1
p3p: CP='This is not a P3P policy. See https://telaria.com/privacy-policy/'
content-type: image/gif

GET
H2 200 generic
match.adsrvr.org/track/cmf/ Frame 141E 70 B
264 B 52ms
52ms Image
image/gif 35.71.131.137
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/generic?gdpr=1&ttd_pid=054f32o&us_privacy=1---&ttd_tpi=1
Requested by: Host: am-match.taboola.com
URL: https://am-match.taboola.com/sync?dast=V7RkMCFgMdofPxc55SfAQdofPxc55SfAUAAAAGBuIHJGWYGBaW3Wqt8SxXa9FqM1srN47dWjccjCYu3243M5mGQFKGiWFh2a3WGs9ytRatNrO1cuPYrXXDwWji8u12M5NpDUloOh0-171e9_vdRUfLy2F6O-0uy11v-fk1D7fh7LILjob_4j2aeGzL1cZmWzlnjo3JtDCNfCOPYzFcmWwO58pkBwAAAICH____fwgAAACACAAAAAAJAAAAAIqAin8LgQsAAAAAjP___38NACiOBnGYDLqn2eS6-1x2fwAAAACAAAAAAJAADJBWlwBQuJyc_P_________HDNBn3sj8____3xj0ADz4ADwIAQAAfAwVq16bP60ZhhMVzBYxAgAAAMiW0544mtQJlUXV__9_vxXAFQBAgCB9QnRNlu6gxFsYAABAgNhwiGqKr2iGxtgCPSx-v9lh1_jdLvv_________N_s_-0cTYtILTwuCqB9W-wUEAFj7BQQAYFM3AIA3AbiQ40DT6fC57vW63-8uOlpeDtPbaXdZ7nrLzy86glYMBqszoN1wNZrMDgAAAODu____H284RDXFVzRDQw-ELBOXw2Uabhwex8K0WS6Gs43J5FwOVxPjZDZcbu_RJj5JYvX3z2_CFqPVZLJZDmfLxWQwHA1Ho_0NxGA1wIkYLJeTyWKyW41Wo81wN5oNFigQgwlStGgwWY1Gk8VkuBpNVrPlYrfbIEWrVrPRZjBczSaz3W41HAyXoxFO2GK0mkw2y-FsuZgMhqPhaDREmFyYJsOZc-QWzRaGtWg2Mq2Vy8HGLVsYlwuTYznyzFZu0etjehiGK9Nk40XBAJm9SJ4W6USyGA43LsfMZlitbIvRxuIY7BbOkcU2WxknppFtIpZoThbpRHbZlywTl8NlGm4cHsfCtFkuhrONyeRcDlcT42Q2XO6bC9NkOHOO3KLZwrAWzUamtXI52LhlC-NyYXIsR57Zyi16fUwPw3Blmmz8jdlssVwtZrPBvjGbLZarxWw22HeYTM_U52x0TY9-j8rhFG4b2pvDoHAZLN6fxLSYdmcH0cl3dOqkKmVRZ_TdukevQeE5eFTD63IZnh4X3-bPoHAcDIpYIrhIJyKn5_H6vHVPk89lemseNpfpeXbZXmbLYOy3-0wPp9mwnIglStNFOtFrHm7D2WUXHA0XsURwukgnopfxdFH_0UEWu7liMZpLFsO5YrlKAAAAAAAAAABLmDNvAgAAAHAayGY4HKzWeRCbyWS1WS0X4EFdQhcYBAAAAAAAYJfDcJl3ZwdCrLjx4xJyeh6vz1v3NPlcprfmYXOZnmeX7WW2DMZ-u8_0cJoNyykDPDgtMm_-TBBrtVrWAAAAAtgAAAAB3Lp5CyCL4v_____jAAAAZOToAQAAxPeBQCj1wo9cKfgJcDUYDg!&excid=22&docw=0&cijs=1&nlb=false
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.71.131.137 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://am-match.taboola.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 31 Aug 2022 13:14:21 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H2

200

rtb-h Show response
sync-t1.taboola.com/sg/spotx-rtb-network/1/ Frame 141E
Redirect Chain

https://sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3D...
https://sync-t1.taboola.com/sg/spotx-rtb-network/1/rtb-h?taboola_hm=d38e05e2-292e-11ed-8650-1348667f0106&orig=video&us_privacy=1---gdpr=1&

0
98 B

27ms
26ms

Script
text/plain

141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://sync-t1.taboola.com/sg/spotx-rtb-network/1/rtb-h?taboola_hm=d38e05e2-292e-11ed-8650-1348667f0106&orig=video&us_privacy=1---gdpr=1&
Requested by: Host: am-match.taboola.com
URL: https://am-match.taboola.com/sync?dast=V7RkMCFgMdofPxc55SfAQdofPxc55SfAUAAAAGBuIHJGWYGBaW3Wqt8SxXa9FqM1srN47dWjccjCYu3243M5mGQFKGiWFh2a3WGs9ytRatNrO1cuPYrXXDwWji8u12M5NpDUloOh0-171e9_vdRUfLy2F6O-0uy11v-fk1D7fh7LILjob_4j2aeGzL1cZmWzlnjo3JtDCNfCOPYzFcmWwO58pkBwAAAICH____fwgAAACACAAAAAAJAAAAAIqAin8LgQsAAAAAjP___38NACiOBnGYDLqn2eS6-1x2fwAAAACAAAAAAJAADJBWlwBQuJyc_P_________HDNBn3sj8____3xj0ADz4ADwIAQAAfAwVq16bP60ZhhMVzBYxAgAAAMiW0544mtQJlUXV__9_vxXAFQBAgCB9QnRNlu6gxFsYAABAgNhwiGqKr2iGxtgCPSx-v9lh1_jdLvv_________N_s_-0cTYtILTwuCqB9W-wUEAFj7BQQAYFM3AIA3AbiQ40DT6fC57vW63-8uOlpeDtPbaXdZ7nrLzy86glYMBqszoN1wNZrMDgAAAODu____H284RDXFVzRDQw-ELBOXw2Uabhwex8K0WS6Gs43J5FwOVxPjZDZcbu_RJj5JYvX3z2_CFqPVZLJZDmfLxWQwHA1Ho_0NxGA1wIkYLJeTyWKyW41Wo81wN5oNFigQgwlStGgwWY1Gk8VkuBpNVrPlYrfbIEWrVrPRZjBczSaz3W41HAyXoxFO2GK0mkw2y-FsuZgMhqPhaDREmFyYJsOZc-QWzRaGtWg2Mq2Vy8HGLVsYlwuTYznyzFZu0etjehiGK9Nk40XBAJm9SJ4W6USyGA43LsfMZlitbIvRxuIY7BbOkcU2WxknppFtIpZoThbpRHbZlywTl8NlGm4cHsfCtFkuhrONyeRcDlcT42Q2XO6bC9NkOHOO3KLZwrAWzUamtXI52LhlC-NyYXIsR57Zyi16fUwPw3Blmmz8jdlssVwtZrPBvjGbLZarxWw22HeYTM_U52x0TY9-j8rhFG4b2pvDoHAZLN6fxLSYdmcH0cl3dOqkKmVRZ_TdukevQeE5eFTD63IZnh4X3-bPoHAcDIpYIrhIJyKn5_H6vHVPk89lemseNpfpeXbZXmbLYOy3-0wPp9mwnIglStNFOtFrHm7D2WUXHA0XsURwukgnopfxdFH_0UEWu7liMZpLFsO5YrlKAAAAAAAAAABLmDNvAgAAAHAayGY4HKzWeRCbyWS1WS0X4EFdQhcYBAAAAAAAYJfDcJl3ZwdCrLjx4xJyeh6vz1v3NPlcprfmYXOZnmeX7WW2DMZ-u8_0cJoNyykDPDgtMm_-TBBrtVrWAAAAAtgAAAAB3Lp5CyCL4v_____jAAAAZOToAQAAxPeBQCj1wo9cKfgJcDUYDg!&excid=22&docw=0&cijs=1&nlb=false
Protocol: H2
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://am-match.taboola.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 13:14:21 GMT
access-control-allow-credentials: true
server: nginx
x-fastly-to-nlb-rtt: 25525

Redirect headers

Date: Wed, 31 Aug 2022 13:14:21 GMT
Server: nginx
Location: https://sync-t1.taboola.com/sg/spotx-rtb-network/1/rtb-h?taboola_hm=d38e05e2-292e-11ed-8650-1348667f0106&orig=video&us_privacy=1---gdpr=1&
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/plain
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials: false
X-fe: 95
Connection: keep-alive
Content-Length: 0

GET
H2 200 sync
taboola-supply-partners.tremorhub.com/ Frame E18A 43 B
182 B 107ms
107ms Image
image/gif 2600:1f18:612b:4216:bf1f:4380:1bf2:c0ae
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://taboola-supply-partners.tremorhub.com/sync?UISTB=%3CtaboolaUserId%3E&gdpr=1&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Ftelaria-rtb-network%2F1%2Frtb-h%2F%3Fgdpr%3D1%26us_privacy%3D1---%26taboola_hm%3D%5BTVUSER_ID%5D%26orig%3Dvideo
Requested by: Host: am-match.taboola.com
URL: https://am-match.taboola.com/sync?dast=V7RkMCFgMdofPxc55SfAQdofPxc55SfAUAAAAGBuIHJGWYGBaW3Wqt8SxXa9FqM1srN47dWjccjCYu3243M5mGQFKGiWFh2a3WGs9ytRatNrO1cuPYrXXDwWji8u12M5NpDUloOh0-171e9_vdRUfLy2F6O-0uy11v-fk1D7fh7LILjob_4j2aeGzL1cZmWzlnjo3JtDCNfCOPYzFcmWwO58pkBwAAAICH____fwgAAACACAAAAAAJAAAAAIqAin8LgQsAAAAAjP___38NACiOBnGYDLqn2eS6-1x2fwAAAACAAAAAAJAADJBWlwBQuJyc_P_________HDNBn3sj8____3xj0ADz4ADwIAQAAfAwVq16bP60ZhhMVzBYxAgAAAMiW0544mtQJlUXV__9_vxXAFQBAgCB9QnRNlu6gxFsYAABAgNhwiGqKr2iGxtgCPSx-v9lh1_jdLvv_________N_s_-0cTYtILTwuCqB9W-wUEAFj7BQQAYFM3AIA3AbiQ40DT6fC57vW63-8uOlpeDtPbaXdZ7nrLzy86glYMBqszoN1wNZrMDgAAAODu____H284RDXFVzRDQw-ELBOXw2Uabhwex8K0WS6Gs43J5FwOVxPjZDZcbu_RJj5JYvX3z2_CFqPVZLJZDmfLxWQwHA1Ho_0NxGA1wIkYLJeTyWKyW41Wo81wN5oNFigQgwlStGgwWY1Gk8VkuBpNVrPlYrfbIEWrVrPRZjBczSaz3W41HAyXoxFO2GK0mkw2y-FsuZgMhqPhaDREmFyYJsOZc-QWzRaGtWg2Mq2Vy8HGLVsYlwuTYznyzFZu0etjehiGK9Nk40XBAJm9SJ4W6USyGA43LsfMZlitbIvRxuIY7BbOkcU2WxknppFtIpZoThbpRHbZlywTl8NlGm4cHsfCtFkuhrONyeRcDlcT42Q2XO6bC9NkOHOO3KLZwrAWzUamtXI52LhlC-NyYXIsR57Zyi16fUwPw3Blmmz8jdlssVwtZrPBvjGbLZarxWw22HeYTM_U52x0TY9-j8rhFG4b2pvDoHAZLN6fxLSYdmcH0cl3dOqkKmVRZ_TdukevQeE5eFTD63IZnh4X3-bPoHAcDIpYIrhIJyKn5_H6vHVPk89lemseNpfpeXbZXmbLYOy3-0wPp9mwnIglStNFOtFrHm7D2WUXHA0XsURwukgnopfxdFH_0UEWu7liMZpLFsO5YrlKAAAAAAAAAABLmDNvAgAAAHAayGY4HKzWeRCbyWS1WS0X4EFdQhcYBAAAAAAAYJfDcJl3ZwdCrLjx4xJyeh6vz1v3NPlcprfmYXOZnmeX7WW2DMZ-u8_0cJoNyykDPDgtMm_-TBBrtVrWAAAAAtgAAAAB3Lp5CyCL4v_____jAAAAZOToAQAAxPeBQCj1wo9cKfgJcDUYDg!&excid=22&docw=0&cijs=1&nlb=false
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:612b:4216:bf1f:4380:1bf2:c0ae Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://am-match.taboola.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 13:14:21 GMT
server: Apache-Coyote/1.1
p3p: CP='This is not a P3P policy. See https://telaria.com/privacy-policy/'
content-type: image/gif

GET
H2 200 generic
match.adsrvr.org/track/cmf/ Frame E18A 70 B
264 B 46ms
45ms Image
image/gif 35.71.131.137
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/generic?gdpr=1&ttd_pid=054f32o&us_privacy=1---&ttd_tpi=1
Requested by: Host: am-match.taboola.com
URL: https://am-match.taboola.com/sync?dast=V7RkMCFgMdofPxc55SfAQdofPxc55SfAUAAAAGBuIHJGWYGBaW3Wqt8SxXa9FqM1srN47dWjccjCYu3243M5mGQFKGiWFh2a3WGs9ytRatNrO1cuPYrXXDwWji8u12M5NpDUloOh0-171e9_vdRUfLy2F6O-0uy11v-fk1D7fh7LILjob_4j2aeGzL1cZmWzlnjo3JtDCNfCOPYzFcmWwO58pkBwAAAICH____fwgAAACACAAAAAAJAAAAAIqAin8LgQsAAAAAjP___38NACiOBnGYDLqn2eS6-1x2fwAAAACAAAAAAJAADJBWlwBQuJyc_P_________HDNBn3sj8____3xj0ADz4ADwIAQAAfAwVq16bP60ZhhMVzBYxAgAAAMiW0544mtQJlUXV__9_vxXAFQBAgCB9QnRNlu6gxFsYAABAgNhwiGqKr2iGxtgCPSx-v9lh1_jdLvv_________N_s_-0cTYtILTwuCqB9W-wUEAFj7BQQAYFM3AIA3AbiQ40DT6fC57vW63-8uOlpeDtPbaXdZ7nrLzy86glYMBqszoN1wNZrMDgAAAODu____H284RDXFVzRDQw-ELBOXw2Uabhwex8K0WS6Gs43J5FwOVxPjZDZcbu_RJj5JYvX3z2_CFqPVZLJZDmfLxWQwHA1Ho_0NxGA1wIkYLJeTyWKyW41Wo81wN5oNFigQgwlStGgwWY1Gk8VkuBpNVrPlYrfbIEWrVrPRZjBczSaz3W41HAyXoxFO2GK0mkw2y-FsuZgMhqPhaDREmFyYJsOZc-QWzRaGtWg2Mq2Vy8HGLVsYlwuTYznyzFZu0etjehiGK9Nk40XBAJm9SJ4W6USyGA43LsfMZlitbIvRxuIY7BbOkcU2WxknppFtIpZoThbpRHbZlywTl8NlGm4cHsfCtFkuhrONyeRcDlcT42Q2XO6bC9NkOHOO3KLZwrAWzUamtXI52LhlC-NyYXIsR57Zyi16fUwPw3Blmmz8jdlssVwtZrPBvjGbLZarxWw22HeYTM_U52x0TY9-j8rhFG4b2pvDoHAZLN6fxLSYdmcH0cl3dOqkKmVRZ_TdukevQeE5eFTD63IZnh4X3-bPoHAcDIpYIrhIJyKn5_H6vHVPk89lemseNpfpeXbZXmbLYOy3-0wPp9mwnIglStNFOtFrHm7D2WUXHA0XsURwukgnopfxdFH_0UEWu7liMZpLFsO5YrlKAAAAAAAAAABLmDNvAgAAAHAayGY4HKzWeRCbyWS1WS0X4EFdQhcYBAAAAAAAYJfDcJl3ZwdCrLjx4xJyeh6vz1v3NPlcprfmYXOZnmeX7WW2DMZ-u8_0cJoNyykDPDgtMm_-TBBrtVrWAAAAAtgAAAAB3Lp5CyCL4v_____jAAAAZOToAQAAxPeBQCj1wo9cKfgJcDUYDg!&excid=22&docw=0&cijs=1&nlb=false
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.71.131.137 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://am-match.taboola.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 31 Aug 2022 13:14:21 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H2

200

rtb-h Show response
sync-t1.taboola.com/sg/spotx-rtb-network/1/ Frame E18A
Redirect Chain

https://sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3D...
https://sync-t1.taboola.com/sg/spotx-rtb-network/1/rtb-h?taboola_hm=d38e05e2-292e-11ed-8650-1348667f0106&orig=video&us_privacy=1---gdpr=1&

0
98 B

27ms
26ms

Script
text/plain

141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://sync-t1.taboola.com/sg/spotx-rtb-network/1/rtb-h?taboola_hm=d38e05e2-292e-11ed-8650-1348667f0106&orig=video&us_privacy=1---gdpr=1&
Requested by: Host: am-match.taboola.com
URL: https://am-match.taboola.com/sync?dast=V7RkMCFgMdofPxc55SfAQdofPxc55SfAUAAAAGBuIHJGWYGBaW3Wqt8SxXa9FqM1srN47dWjccjCYu3243M5mGQFKGiWFh2a3WGs9ytRatNrO1cuPYrXXDwWji8u12M5NpDUloOh0-171e9_vdRUfLy2F6O-0uy11v-fk1D7fh7LILjob_4j2aeGzL1cZmWzlnjo3JtDCNfCOPYzFcmWwO58pkBwAAAICH____fwgAAACACAAAAAAJAAAAAIqAin8LgQsAAAAAjP___38NACiOBnGYDLqn2eS6-1x2fwAAAACAAAAAAJAADJBWlwBQuJyc_P_________HDNBn3sj8____3xj0ADz4ADwIAQAAfAwVq16bP60ZhhMVzBYxAgAAAMiW0544mtQJlUXV__9_vxXAFQBAgCB9QnRNlu6gxFsYAABAgNhwiGqKr2iGxtgCPSx-v9lh1_jdLvv_________N_s_-0cTYtILTwuCqB9W-wUEAFj7BQQAYFM3AIA3AbiQ40DT6fC57vW63-8uOlpeDtPbaXdZ7nrLzy86glYMBqszoN1wNZrMDgAAAODu____H284RDXFVzRDQw-ELBOXw2Uabhwex8K0WS6Gs43J5FwOVxPjZDZcbu_RJj5JYvX3z2_CFqPVZLJZDmfLxWQwHA1Ho_0NxGA1wIkYLJeTyWKyW41Wo81wN5oNFigQgwlStGgwWY1Gk8VkuBpNVrPlYrfbIEWrVrPRZjBczSaz3W41HAyXoxFO2GK0mkw2y-FsuZgMhqPhaDREmFyYJsOZc-QWzRaGtWg2Mq2Vy8HGLVsYlwuTYznyzFZu0etjehiGK9Nk40XBAJm9SJ4W6USyGA43LsfMZlitbIvRxuIY7BbOkcU2WxknppFtIpZoThbpRHbZlywTl8NlGm4cHsfCtFkuhrONyeRcDlcT42Q2XO6bC9NkOHOO3KLZwrAWzUamtXI52LhlC-NyYXIsR57Zyi16fUwPw3Blmmz8jdlssVwtZrPBvjGbLZarxWw22HeYTM_U52x0TY9-j8rhFG4b2pvDoHAZLN6fxLSYdmcH0cl3dOqkKmVRZ_TdukevQeE5eFTD63IZnh4X3-bPoHAcDIpYIrhIJyKn5_H6vHVPk89lemseNpfpeXbZXmbLYOy3-0wPp9mwnIglStNFOtFrHm7D2WUXHA0XsURwukgnopfxdFH_0UEWu7liMZpLFsO5YrlKAAAAAAAAAABLmDNvAgAAAHAayGY4HKzWeRCbyWS1WS0X4EFdQhcYBAAAAAAAYJfDcJl3ZwdCrLjx4xJyeh6vz1v3NPlcprfmYXOZnmeX7WW2DMZ-u8_0cJoNyykDPDgtMm_-TBBrtVrWAAAAAtgAAAAB3Lp5CyCL4v_____jAAAAZOToAQAAxPeBQCj1wo9cKfgJcDUYDg!&excid=22&docw=0&cijs=1&nlb=false
Protocol: H2
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://am-match.taboola.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 13:14:21 GMT
access-control-allow-credentials: true
server: nginx
x-fastly-to-nlb-rtt: 25515

Redirect headers

Date: Wed, 31 Aug 2022 13:14:21 GMT
Server: nginx
Location: https://sync-t1.taboola.com/sg/spotx-rtb-network/1/rtb-h?taboola_hm=d38e05e2-292e-11ed-8650-1348667f0106&orig=video&us_privacy=1---gdpr=1&
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/plain
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials: false
X-fe: 78
Connection: keep-alive
Content-Length: 0

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 60ms
60ms Image
text/html 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20220829&jk=2067061859819734&bg=!SEulSw_NAAaXrHhMt6w7ACkAdvg8WvRdkqoN0idzPu7HKe-n-iXMvIpTlqA97mBo2G5nyUOguD-NNgIAAABPUgAAAAFoAQeZAqq3QOo4YtFSySOjXInTxOEECw7TUUaD5M9XQBivDYekUrJcfjo7599X4zN9bHpyCbQs1r5IpiHOUOp_33gaWz3_qW9C3UE3YlYiqLs-CT09QjBMMrXnXH3HN9lIPBRSxqIFhiHgsphufcCECyILa0q8EDCu0URzQmfCA0itzkDtaspt3P0KcY1MdqAv8GpbZ_3paR8Dp3t_mMIHa3U1YFLn_v7Z40lz4cr5zWtSVB98ZdfNZfMUS4q8dD4bJSxYwC-s0jxz8YgoWgDeYmadjYU3NDRobz3SSsnaa4AYFjjs9wn8sXMNzOIMzx5KvEPhWiveG6X_dkyqGm3rvD3evxG0kscHwhNzeD4EhFPWoRFTPT99zcJHdzKOOdVvK0yH0IY8jwrPstnsDW4otxxkMF_53D6wf4Ee2N0kkYs3Cyru9fNbs3LeAQUnOyXkgbxsVtLPM_1ZM6Va2yyBmQTddxM1XB_V2Glu8lJpE1UBtH_w-PNq3cGEBOVQeBfN6vZY47PDn4JVklJJT9zlSF8ddqoueqCx3F_Vop59n8oFuAIbPgHGSYFIucUysmGYI-7MQpjYSAo4Xpgrjn5GSa8lUh9-l6-zIMVR1JDU4KFQ6ZUCXsfeUyDXn4wZhNw1o2fMAKJaeJBEYw0ylq52kN1MK-bGwYOKjpAzp0gr8_A9H_8hmoQ1RXLC-uBJpLNuDnpusDzqii0BWsSrBVkC83aujgZft7Dg0hBBY7AFrTE1_YBlI5kJNUAiXsmlhTLL_3q456V72XjYjtgJPVIoT6qZD97wmrC3fkkJAVn7uCtXC-xbjRO-Ox1aJqNvA6c3mIFblyaMUg7c31V865chAORTY1Plg3RAmSDLjFeXseXRyVUB0EbDFIpLdrD5vQacFmrHB2JUyWAtPY_lbKSM
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

POST
H2 204 bulk Show response
trc.taboola.com/disqus-widget-safetylevel20longtail09/log/3/ Frame ABF8 0
321 B 30ms
30ms XHR
image/gif 151.101.65.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://trc.taboola.com/disqus-widget-safetylevel20longtail09/log/3/bulk?tvi2=4948&route=AM%3AAM%3AV&lti=deflated&bulkSize=1
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20220831-3-RELEASE.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.65.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.threatminer.org/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

x-vcl-time-ms: 9
pragma: no-cache
date: Wed, 31 Aug 2022 13:14:21 GMT
via: 1.1 varnish
server: nginx
x-timer: S1661951662.746160,VS0,VE9
x-served-by: cache-hhn4024-HHN
x-cache: MISS
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin: https://www.threatminer.org
cache-control: no-cache
access-control-allow-credentials: true
accept-ranges: bytes
content-type: image/gif
x-cache-hits: 0

GET
H2 200 f539211219b796ffbb49949997c764f0.png
cdn.taboola.com/libtrc/static/thumbnails/ Frame ABF8 254 B
704 B 21ms
21ms Image
image/png 151.101.65.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.taboola.com/libtrc/static/thumbnails/f539211219b796ffbb49949997c764f0.png
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.65.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: f68019eb4b4e5933301d4ee75969e0cb94ed8333bf514630fa749eb9c3e483c9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

x-amz-version-id: hL.cyLD7Q4TL5ceY.7JQwF9m5IYI8mkC
via: 1.1 varnish
etag: "dfa7b52c86e56bd67fa4002f6ed19854"
age: 21315
x-cache: HIT
x-amz-replication-status: COMPLETED
content-length: 254
x-amz-id-2: bGxiVQJJV6ushs+GurmdUMKcP55jXiZTni4zPfO1R2tT9H40rLWGSHO/uxS9hhOPRniEOikC9As=
x-served-by: cache-hhn4024-HHN
last-modified: Wed, 24 Jun 2015 07:14:11 GMT
server: AmazonS3
x-amz-meta-s3cmd-attrs: uid:0/gname:root/uname:root/gid:0/mode:33188/mtime:1377415166/atime:1435052450/md5:dfa7b52c86e56bd67fa4002f6ed19854/ctime:1422381567
x-timer: S1661951662.904012,VS0,VE0
date: Wed, 31 Aug 2022 13:14:21 GMT
x-amz-request-id: QQBJB95DTC5C6ET8
cache-control: private,max-age=31536000
accept-ranges: bytes
content-type: image/png
abp: 53
x-cache-hits: 7169

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: reporting.services.disqus.com
URL: https://reporting.services.disqus.com/_log/taboola?placement=%7B%22domain%22%3A%20%22https%3A%2F%2Fwww.threatminer.org%22%2C%20%22experiment%22%3A%20%22network_default%22%2C%20%22position%22%3A%20%22top%22%2C%20%22shortname%22%3A%20%22threatminer%22%2C%20%22variant%22%3A%20%22fallthrough%22%7D&is_taboola_named=false&language=en&colorscheme=light&typeface=sans-serif&variant=fallthrough&forum_id=5993718&source_url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D4bc695cf6e9f1cd4a4d7dc118edfa9ed&organization_id=4448595&taboola_publisher_name=disqus-widget-safetylevel20longtail09&experiment=network_default&mode=thumbnails-a&position=top&shortname=threatminer&referrer_url=https%3A%2F%2Fwww.threatminer.org%2F&canonical_url&q=4bc695cf6e9f1cd4a4d7dc118edfa9ed&1661951658013

Verdicts & Comments Add Verdict or Comment

127 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

15 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.threatminer.org/	1969-12-31 23:59:59	Name: PHPSESSID Value: 3g02tr4a82t9dbaireeq554hp4
.threatminer.org/	1970-01-20 15:15:11	Name: _ga Value: GA1.2.1684267297.1661951657
.threatminer.org/	1970-01-20 05:40:38	Name: _gid Value: GA1.2.4934461.1661951657
.threatminer.org/	1970-01-20 05:39:11	Name: _gat Value: 1
www.threatminer.org/	1969-12-31 23:59:59	Name: logglytrackingsession Value: 9ec74f66-d26c-42ff-a713-648ce2c6af67
.infolinks.com/	1970-01-20 15:15:11	Name: cuid Value: 85767262-e13f-4614-a7e9-fcc88de9a818
.threatminer.org/	1970-01-20 15:00:47	Name: __gads Value: ID=2abf611f708d6f95-225348cb0dce005e:T=1661951657:RT=1661951657:S=ALNI_MaUVmre7GUmf6icPodSfXJslY4nVQ
.www.threatminer.org/	1970-01-20 15:00:47	Name: __gsas Value: ID=906d74423210f10e:T=1661951658:S=ALNI_MYWjRpdYthO4LSUxrl4Bfy4caw8bA
.doubleclick.net/	1970-01-20 15:00:47	Name: IDE Value: AHWqTUkiKY7z_NZDa_8ncTFzdb5GNGralyBFpZBpnSg2LsigChULzHXgM-ZqlyLGksY
.doubleclick.net/	1970-01-20 05:39:15	Name: DSID Value: NO_DATA
www.threatminer.org/	1970-01-20 14:24:47	Name: trc_cookie_storage Value: taboola%2520global%253Auser-id%3D9a428f9d-46a0-46d4-990c-6a89ad19d36e-tucta08e42c
.tapad.com/	1970-01-20 07:05:35	Name: TapAd_TS Value: 1661951661059
.tapad.com/	1970-01-20 07:05:35	Name: TapAd_DID Value: 3df5f3fe-0204-4020-9f6c-25ff39602c6a
.tapad.com/	1970-01-20 07:05:35	Name: TapAd_3WAY_SYNCS Value:
.spotxchange.com/	1970-01-20 06:19:30	Name: audience Value: d38e05e2-292e-11ed-8650-1348667f0106

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	error	URL: https://www.threatminer.org/sample.php?q=4bc695cf6e9f1cd4a4d7dc118edfa9ed Message: Access to XMLHttpRequest at 'https://reporting.services.disqus.com/_log/taboola?placement=%7B%22domain%22%3A%20%22https%3A%2F%2Fwww.threatminer.org%22%2C%20%22experiment%22%3A%20%22network_default%22%2C%20%22position%22%3A%20%22top%22%2C%20%22shortname%22%3A%20%22threatminer%22%2C%20%22variant%22%3A%20%22fallthrough%22%7D&is_taboola_named=false&language=en&colorscheme=light&typeface=sans-serif&variant=fallthrough&forum_id=5993718&source_url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D4bc695cf6e9f1cd4a4d7dc118edfa9ed&organization_id=4448595&taboola_publisher_name=disqus-widget-safetylevel20longtail09&experiment=network_default&mode=thumbnails-a&position=top&shortname=threatminer&referrer_url=https%3A%2F%2Fwww.threatminer.org%2F&canonical_url&q=4bc695cf6e9f1cd4a4d7dc118edfa9ed&1661951658013' from origin 'https://www.threatminer.org' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://reporting.services.disqus.com/_log/taboola?placement=%7B%22domain%22%3A%20%22https%3A%2F%2Fwww.threatminer.org%22%2C%20%22experiment%22%3A%20%22network_default%22%2C%20%22position%22%3A%20%22top%22%2C%20%22shortname%22%3A%20%22threatminer%22%2C%20%22variant%22%3A%20%22fallthrough%22%7D&is_taboola_named=false&language=en&colorscheme=light&typeface=sans-serif&variant=fallthrough&forum_id=5993718&source_url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D4bc695cf6e9f1cd4a4d7dc118edfa9ed&organization_id=4448595&taboola_publisher_name=disqus-widget-safetylevel20longtail09&experiment=network_default&mode=thumbnails-a&position=top&shortname=threatminer&referrer_url=https%3A%2F%2Fwww.threatminer.org%2F&canonical_url&q=4bc695cf6e9f1cd4a4d7dc118edfa9ed&1661951658013 Message: Failed to load resource: net::ERR_FAILED
javascript	warning	URL: https://googleads.g.doubleclick.net/pagead/html/r20220829/r20110914/zrt_lookup.html?fsb=1#RS-1-&adk=1812271802&client=ca-pub-5720763271532377&fa=2&ifi=10&uci=a!a&btvi=4&xpc=HJyNaBkOOe&p=https%3A//www.threatminer.org Message: The resource https://fonts.googleapis.com/css?family=Roboto%3A400%2C700 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a.disquscdn.com
abs-0.twimg.com
abs.twimg.com
adservice.google.com
adservice.google.de
am-match.taboola.com
am-vid-events.taboola.com
b1t-nydc1.zemanta.com
bid.g.doubleclick.net
c.disquscdn.com
cdn.taboola.com
cdn.viglink.com
clients1.google.com
cse.google.com
csi.gstatic.com
disqus.com
fonts.googleapis.com
fonts.gstatic.com
gcdn.2mdn.net
googleads.g.doubleclick.net
i.creativecommons.org
images.taboola.com
imasdk.googleapis.com
imprammp.taboola.com
licensebuttons.net
links.services.disqus.com
match.adsrvr.org
pagead2.googlesyndication.com
partner.googleadservices.com
pbs.twimg.com
pixel.tapad.com
platform.twitter.com
r3---sn-4g5lznez.c.2mdn.net
referrer.disqus.com
reporting.services.disqus.com
resources.infolinks.com
router.infolinks.com
rt3047.infolinks.com
s0.2mdn.net
sb.scorecardresearch.com
sync-t1.taboola.com
sync.search.spotxchange.com
syndication.twitter.com
taboola-supply-partners.tremorhub.com
tempest.services.disqus.com
threatminer.disqus.com
tpc.googlesyndication.com
trc.taboola.com
vidstat.taboola.com
vidstatb.taboola.com
wf.taboola.com
www.google-analytics.com
www.google.com
www.googleapis.com
www.googletagservices.com
www.gstatic.com
www.threatminer.org
zem.outbrainimg.com
reporting.services.disqus.com
104.244.42.136
104.244.43.131
13.225.78.39
141.226.228.48
142.250.186.98
151.101.114.132
151.101.128.134
151.101.129.44
151.101.65.44
172.66.41.9
185.94.180.125
199.232.192.134
199.232.192.64
199.232.198.49
2001:4860:4802:32::3
2600:1f18:612b:4216:bf1f:4380:1bf2:c0ae
2600:9000:21f3:ca00:6:8656:f5c0:93a1
2606:2800:134:1a0d:1429:742:782:b6
2606:2800:233:8173:898f:63b3:95c3:79d2
2606:2800:234:59:254c:406:2366:268c
2606:4700:10::6814:9710
2606:4700:10::ac43:73f
2606:4700:20::681a:eeb
2606:4700::6810:a40d
2a00:1450:4001:11::8
2a00:1450:4001:801::2003
2a00:1450:4001:801::200a
2a00:1450:4001:801::200e
2a00:1450:4001:803::2002
2a00:1450:4001:808::2002
2a00:1450:4001:80e::2006
2a00:1450:4001:811::2002
2a00:1450:4001:813::200e
2a00:1450:4001:828::200a
2a00:1450:4001:829::2004
2a00:1450:4001:82a::2001
2a00:1450:4001:82a::200a
2a00:1450:4001:82a::200e
2a00:1450:4001:82b::2002
2a00:1450:4001:831::2002
35.227.248.159
35.71.131.137
70.42.32.191
74.125.71.154
0224a11bcc4a7bb6bba5eb4160eeb1de3eadf4c9e9a36d92686aabba1a7c110f
02ce328e0bb8d5fbf1a0591dc168595b09dbb5569454c53b84abc46aec78be94
0407dafc112212a135d1aa4dd9b40ba0208c6bb6b1959f5535af093254189d66
051bd41696a497c7891aaa6a93dce72c29739554d4e62fb90105b763be65af0a
07a081c6a38ab09a0163aecaaf77713ffae6e09d06ba1a112efef22e01857ddc
0978cc2c3431f65d379b1f8fba4c27a88d006a1e59d1486965e5ffc57b529b42
099f342bcdd01d03cacd2d665bb82ed11b7110f74768ec40774de44140481a38
0b646f6a0117000d7a12cb08668222c21cd3ae0194b31cb4a12a60547171e380
0f32dffd9527dbaf143a31a4d853ae7ef258ce4ef6f2de04b9cbe7e838473887
0fb1bbca73646e8e2b93c82e8d8b219647b13d4b440c48e338290b9a685b8de1
134e72a0492ee9d642a6ff390f13863b40ba3897a14548afbf88baf8c9c2639e
13cb584d2a659e438d0f2927607e03b70402180e7f4df9ce7de3c0d1cdb19ca9
1752c287f6fbbb65e1c982399584bbc9b1e0c46f0dc181cda9b8028dc60c4c01
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
199411f659f41aaccb959bacb1b0de30e54f244352a48c6f9894e65ae0f8a9a1
1a99993a2c81fc1b8c536321195c448f9d9666a5665c5746927b4b8dfc351b25
1b2ff27acfa00fae5c6e2fb54b470b3c25c54a1c0872b5cd62c8d645e923d06c
1ba70742aa58c224b753098b48de78c0d7ef3fafe2d8893f6cd92cbe68022e90
1bf5a553d0648ba932acfb3f34078ec6770d350d6ca63f61f19ee1d4d25cff0d
1ddb3277324a871335ef0b7e680de58c9a79b3c1355b4082ca5425818c8a0306
1f42b6c9dab0b73174621c0daba5d82d4f2d841fed05a3784952e660b13fb78b
1f4644988cfb9648d5236c12056f9ca31317c75544ef8776f4fec148322bb954
1fb28428f938a351d9d40e3ecf160f1e073e2ec72268229f47b4a495d8a97f45
210c46ade9f779ccabca3cc10547c59d551664d75e7cc54b62adf18e873c3906
222fa391f26a0b6f4b5d8459ada308e078e6d2e69707766e247692a6f45676c8
23bd9d4bdefbe0a79d22e79f48b6d365bb82e01f31858e2f5e9e616ee9898f0a
24302eeb5b736bcc9f610299a37ac5dcf7e5b4c11591489fe9ad89f1533bd09b
2633d6af8749d9a1e8ba7780a9bd6a7e6d42efa3b0969a1f2499f1049bde7632
29e30afd116c44fad14a3833f5a8bca24d57a66a92fc5d3898746b1785e3864f
2a3c041dfc52f52c87207f837c3dbd0b2f0e97a72b90ef6d17ebb72a10782ed8
2adcd0a627dee2ac4ab782a00745d7678e374dc4625ddf673a88121977d77c67
2b0789c3ab7df1f2580e95bb47eb5bb6dc19b4fc5a91b1f1ae1d9484dab534a9
2c27eb38979eee78869d19b69550daca7dbfd23c480de81234044c0bb061bd6b
2d3049aa7cdfb91844f8eebee3a12ef3b26b99ff7ad34026cf0e66431808ac30
2dc80a877e0f26b3c0987b75ef0a5c7b8587e7b6cefdfe5bc4970869d1b91e6e
3120614819b26a2eb6d80b72a5a31bd143499bb9653db71941b6e6a463260eab
31476f477af5411a2350f9cc0824eaf7dab774e9f28665c65be42ddd19932379
3270642c89180c12db93775e2a774b6dadd9bd98cffc963075c85afd2c17b6e4
329d1a750114920332eadc55c129957d9dbe5a1b25745e2f7e0ed4fad75e04cd
32e5acf1b97e30e8721e8a3ee93bac752bc702eafd176b57074ea17f07063585
33558069624c6849e3bedf4ef9ead7bf4cef2afdd7ecb64758a660fa4ae5ed8d
36c0ec05d79bd9d3164effc3eca0f1962cd6f82bb1f41cb212e080910be24153
36ef66124133ca33c8b44c487293c3180e5ab681ff3cad3c728ea4f894ec3444
376dd78b0a9611070abca5b4dca8c5497cc263a969779273d20c3ee9a1d01711
380c8dd7c2b23d5b7572ed28bb68013004e8b81fd50a43c631475afb9760f5c8
3ab0a74bbd399efdf7c9c9bffb689f0a755fc7131d5af04c8393d45f5163a69b
3b6a72cdedb82436a5cd5c8c0bf4adc0d205a8ea9871b66bc8b9091c9b6d9ac5
3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1
3d94a91612f816c172c583d17bb06e140969a22fae663e7b8cae7d18d55eb2c6
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
4052bdc457a2ebf44a0671f11a91ef88f3b70ddfc706b5ae289365877dfd7d75
42307b6e2231b2de1535854ab77c8fd201f88822e3f87ca3c4e8d3624ce65678
44eefef34507164f4234b958d8f6906488a2521071379498041568bae9499b2e
45b3ffadbc785de6091fa798527891eb7264e4d115e3c1a37acb60e3d70d4966
46d1791d45e9e6840842ef90f192c2c6f1f4247baa7c1f32f2da75d3a05c0de2
48ca4c570f2d58d8ff837e1c8f7d73e418a485ae23b2c9322f2f351d71d93aa7
4a1b6dc2f5a2d982076bb9749027da81c6c24bad4d6ee899e0aabd627031cb44
4a6fab14bfe7b33fe5dc5349a2bb3720037e0ed7ebe621b352340f9514d83c08
4b71222bdc0dd351b946e936f3f5aed39569314c4646ef9bdf800d89f9141839
4c4491dcfa94cb46fb73742fc2caf49a1cd59027304af1830c7dc6ce1889857c
4cf6f3dffbc65f9231255bf31f40ddc84a45bc57428b41d6786afc7153b90b7a
4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840
4dd81a8cd53de1ae4155c08769c077252fae843edde3773be4dcaf439fdc94b1
4e41e3e48a2644dc2b848be94be3e1c192ee8d9c7ba528a8ca3c094b664f75be
4f517d1ac417e75a3d8818ae63ffe2187e0b3939bfd9f04181fb1267cac69431
50d6e541020cbfdddf888aa2c42ad1c8d2296f9045709983354441032e2eb55d
54a66c4693bfd79901040269ae7d7304508cbd02859797a1780f2bbe72176e23
550c70f794c21caec7b018f4ea92bccde373326209cdfe9cdd25e84dc9024f47
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
57000ea03bfb53734d0858b8fe992e6742226f23f311eb0f9d2177e2a84a5621
58b356a7fa32d1990d4280159c5fff67be16ba28299e24f7196a3032a9f3d384
5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b
5c716008e2578c6ba824b0ae8c1dd76907f2ef6a5008f15566bc5aa14c7ef647
5ee9e63e519096342d5899e32f1a38b4880ffba6b2aff64178b955a3b7f3a80d
60adb5d029ec8a5d4613d7d57ff8a799c43caae1d1d1c2e5c230d65850fd5273
61723fe95f866398ae8490661ffb77e0fcd3d5eb598eeebb1ed5e593049487e2
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
64cee676a611b27aca955c5e227666f9d955682512ec25b982bd5e2f92eb61dd
653f3e53e89b4f8548ff86c19e92bb3c6b84b6be7485a320b1e00893ed877479
668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404
6796ccb15426d91d3311ea27d429c2d35605243125f7e30fb554271b393a9c27
684dfe949ae87a38c2afbcee199f51b0025dd9121b524d62e881cf40846cdd21
697c41fffac431521f2db48c7426ac23b972b6eb7b1242f0bb47d6079884d3a4
6e0e7332cefe3fbb4e030eb0f022a9cae2f56bc7e224f3c2b85117508b8e066e
6fc5e24f50f362ac9281998b69c65d4ad63be9facf941ecae5cf75bf387d85e4
70e638eec586f6ec16bcd225596e40814034c716db62311bebfbb6c27fb19c55
70f53498a31b5816d21cde992682b32b44dced1eb07cbc4718a8e672fa9b4f02
7747173ae0867afea05aba24e5cdeccb30d438445577780791b4cb3348436f8b
7bc18b5718942a0be257c8e21bf09551dc3042b91a222f21f382b98242c0a99f
7d2cdcfb9a06ae6226f06b3cb14c4a53fa0f94ec5048dfb469d6834f6fb4e124
7f9ae5335d4db51a427fcbd9d291958b98ac28713fa8b6dc8de328d9298a8735
8035240ab2133ec1e4a3a3bd95392b4177e686299a01de572ade97084071fe7a
80534a6e1ec41d37acec8be383f8d1112dbbeea31dd51ead47463095c13bff3a
8694c8a1a4955e5984379a027719f8f3cbd952f49ad5fa66ea7af908c742b9a5
878a2c6c7257a40f4bd4a98b8e865f1307fadd09a359b067f19049d6f096a4c3
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7
8a5dc38cec076d349128944270877cc436cf084bb9ea8130ad55a644c40b35f5
8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14
8aeaf60f6f34ced8ed9c83b249bdfc8544cc8f318294074898e6ced1d04e678c
8c0531412c543b9bd978e29acb8f5cf330db9891115d1e9924519d9a675b7b74
8c5e177c739de2397dccf4c69871865b1db9bb18320909f6b04aaa94cb5946e2
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8e5222350bd22079ba76a819e20ccea6be4235110a4b8cebd33564fdda18cab7
8f4d3b47b47a8a31163dad5d7fb15e27a0056d07b0c34c6089fd9225664e847c
901a164342f0df08108d1d071d1a4c6a1265bba8f9f48eec16fe18e7a9c94813
920383b782d3df0447a5f65ff9c095ead1caf82129674a6124a8978dc7bd316d
9248ba4a0edb62b60903814872f619e730319446b950439d7e288093eda5caa8
934abde684325043e16edeffd73752cd5f0ab00b5723d8e47a618ce3f16a3799
95ba7e6379332d6973da820786448cb21073cdd1d200d203934a0f1aa80747c9
964ca65aabf2b0d4c0a2f66737c04c01fa29ee8c9ebe6e78c989e269154cceb2
9714221c828961b20f45a782c3281c0596f6652cfe1299bee18097f98e8fb7b3
981c0bff12cb03203363a70e8ffe9b7fdf4af3b0b10c7a02a639eb13327574c0
9926a0d226b45faff8db829a1c445f33efa6522e213fafed1000365d5abf73df
9df8804be7bc833a0f7bda128387f950072b9c844a13747e22ae6cfdcb515b00
9efb3d5e1b082a66bd94908b42afb4cf6fe0e8eb8f50b8d2a18f6a5da03e6a18
a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a1767e117939b584dcd71619f758af4119ef63c6f8c436a5d97f0a2353d66bb7
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a2b01b5b2147cc06a77995d2d8ec0f67e9735eb110f8d4c0b8dbece2a785f43c
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a905062b971bfb70ba70dda1a454d9cb7f7389be7ff515f6eb9009c8e697a34b
a9f41a4b1140893ca4007413bed6edff1014e803ce9d66b9c1ff999c92d263cb
aa26c8bbb26abb9718c7ca1c13f3929589012b8dc67d817e51ed9ff53f8453d7
ac45f9eb04caa3c790d68df06347748c2ce22a15e8d54d6700dd993c33cfc482
ac74cddb007ace18442f5111c4c23125de6031dca42bcead5ea5bfb12d2ca332
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
ae79a25d5946ffd53f83880ae13a44a7b235c82f3cacb8b3486c5358f8839c73
ae938820655d8afb2bcaac1a4c8e03cb464fd7cf04c3f4c9f9ce7917eae728c0
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
b16faf052451dbd71ae93dd1321842a648342f12c1fb6106ebdd501bbd5936e7
b26062aaf4d9653e15f981348b676f1c86336b39b3e0486000dc826afea04b4e
b3d58bcf272258d6dde92e0123d8bd16f3caf1c4a025147c5964fe778e064e6a
b55419ee7a5a390123d1b5be3afcb94141ff388492daae1ae83748f94b85a76d
b72a6d12c7ebacdf3e83c330d60a1f44a51b11761cf13c2c88bcd1eba65778a8
b7ea4141dcd9692c4a213e74a8fa10efa0a08920197a43f09463d8ce0160cc4e
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bc16081f9a735eee6268951116cf1fa8577e4a7ae41fbe87785813ff13b78e7c
bd395465ac15978c67b0e9dfc8787ee3c2550b0b2bff5b5944fae483c225ff77
bd50ebd05c794c55ae75b0253f21026e2f94be7d3afff4b803e7f2418732b3fc
c2777526a216d9692dd29697ebee7836fe8ae65f3a290faa20b75b64c0625205
c281d7fafb14a1c259293dd796bf26de849eaba4b48ae2e203fbfcf81d8c361b
c692f0d15d92d902c12d745947ba1f892a76bbf3f74c6f3a9f590afd0653ee04
c6a144dfb544398da6b08bd46c4e98535657fa040dc01f8236c8548d569ddc96
c6cdaf18f2911427fdfbd4ea68b80211d5087f58fbf3a9f0c9459bb4e0103558
c6d8f1eb914be17db9daf198741bc79007179f85c77f8773b982d84f3f206d87
c7d55fb721c0a1bb591d30b6e06f7781fbd13ab200a8aef0fa8df62e455bc0b1
c9640eb2befb4938a64076908c70b3e3b72c1af042b031026e8a981d186ccff7
cdc46119f82b8cc0c4fa0ad51203da3154d0aee0e887aaf26a46988e5f359070
ce610363f04fe4cca353810e625ddfbd36fe829c06297c72c95a4c4b50a455c2
cf168b8d626bde59ab2df042d3dde2c2a42ca958989c9af0df7843557c072b96
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
cf919e6fbfbf62a4f8cfaab4cf5c5f80e7c10be2bc9f7e4c70142175c0b49b4f
d48d638ed28c442b3b519f386b4c2a7bf3f3a76f20e4c4500cc7c6af5b9b3c3f
d5fd173d00d9733900834e0e1083de86b532e048b15c0420ba5c2db0623644b8
d65246f2a98e02b32e2a0d80916e65eab499aebe923d078037efd692b31cef58
d661244532ddce6a92fb96fde511e23ea4de69ff2e41a5bffb884caa71166e01
d8b28269b52356b04e9b50f17369eb1abbb37635ec2171964568829a49015a6f
dcec22bbcb68119d6c7d6d5e088fb82183a9826d0c9e3403f1386fd837f06a89
dd65cc22be93ffc5cf52cfedcb9c1a34386b1a2651052937f71daedc5421e13e
de317176fa6b64a8e89bbd45d20b6be2560bbfa96e7e53e63eb754e18bfe6c1f
dfde5485c4fc9e9acca625d86fbeb240c9bd3ab78a395721aae49aa97b091c93
e0dc574fb2b266dba913861d60b0c69d1e41f0fd095a3341a45f26401cd8b6b3
e22e573e5437aaf7d5a283e133a2ac3159a555e91c31f0cdf5182bdf37a0d100
e3a13155ff6fa3d1e25fccc2a0bbce4302b01c21c8b08c5922d70c62ec1b4bac
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e725928ffb665a91ca8a3631e3002edba9b0f9ec66b40a59d53db0f44827e34e
ecee1d502f45731162f99f4d6aa07c0315a26a8382c1b1bc3c9958ab3ff04000
ed99491fe47b5733d1ad2fbf90f5d9066d049a530d1b92ebe47be5e0c527a32e
edb75c328dc364054a6afb3d5fecddde3c6298d89b15c96f9b77858a93d5df4c
ee54b51af15f1f68f707da981f3c135c249a25e9293871e1e0cbd2c24c7b6117
ee91e3ee346871abbd9bb130a90522675d3577d82b957e7dac520df815cf9108
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f04b517ba5d6a0510485689a3e42dac000f51640fd71b986804cba178eae42a5
f29dd40df9ac4828ea82db6468144627316bc9a84d472d6a22b5e19a09844aba
f2a341fc815d45c21da726d4c843c2c5d3e1f333465347c3c75d040d556df4e5
f43d4d35e7ac1e815dc0c8897806e30d928ee62e1aa6ac20f49c649f8b694004
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
f63e08b18115b72e6d2cbe9db5f7527d2731545d38beae54317e10cfe0f58fc6
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
f68019eb4b4e5933301d4ee75969e0cb94ed8333bf514630fa749eb9c3e483c9
faa4174a9de5b70f4234809c9f65280f2214751576362d0493ab676ec96ae2b1
fac55d188233bffb66023997fcdf69c38df2f62ee4654ad62c61a85b6e81d705
fd1edeea8eca5642f5b81136083a330b11f52259e6bf124fb6a4d6f610fb6776

www.threatminer.org Open in urlscan Pro 2606:4700:20::681a:eeb Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

274 Requests

97 %HTTPS

59 %IPv6

27 Domains

58 Subdomains

43 IPs

3 Countries

5261 kBTransfer

15336 kBSize

15 Cookies

10 Outgoing links

Redirected requests

274 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 11 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

www.threatminer.org Open in urlscan Pro
2606:4700:20::681a:eeb Public Scan

Screenshot
Live screenshot

Full Image

274
Requests

97 %
HTTPS

59 %
IPv6

27
Domains

58
Subdomains

43
IPs

3
Countries

5261 kB
Transfer

15336 kB
Size

15
Cookies

274 HTTP transactions
11 data transactions