securityaffairs.co Open in urlscan Pro
217.160.0.146 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html/u003ehttps://t.co/t3IqLxdqrl/u003c/e/u003e
Effective URL:
https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html
Submission: On October 09 via api (October 9th 2021, 11:16:07 am UTC) from US — Scanned from DE

Summary HTTP 387 Redirects Links 15 Behaviour Indicators

Summary

This website contacted 88 IPs in 11 countries across 77 domains to perform 387 HTTP transactions. The main IP is 217.160.0.146, located in Germany and belongs to IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE. The main domain is securityaffairs.co.
TLS certificate: Issued by GeoTrust TLS DV RSA Mixed SHA256 2020... on March 24th 2021. Valid for: a year.

This is the only time securityaffairs.co was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 47	217.160.0.146 217.160.0.146	8560 (IONOS-AS ...) (IONOS-AS This is the joint network for IONOS)
2	142.250.74.200 142.250.74.200	15169 (GOOGLE) (GOOGLE)
1	104.18.11.207 104.18.11.207	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	13.224.193.69 13.224.193.69	16509 (AMAZON-02) (AMAZON-02)
1	13.224.193.25 13.224.193.25	16509 (AMAZON-02) (AMAZON-02)
35	2.18.235.93 2.18.235.93	16625 (AKAMAI-AS) (AKAMAI-AS)
15	68.183.31.14 68.183.31.14	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
8	192.0.77.2 192.0.77.2	2635 (AUTOMATTIC) (AUTOMATTIC)
2	157.240.236.1 157.240.236.1	32934 (FACEBOOK) (FACEBOOK)
3	192.0.76.3 192.0.76.3	2635 (AUTOMATTIC) (AUTOMATTIC)
3	142.250.185.174 142.250.185.174	15169 (GOOGLE) (GOOGLE)
2	3.124.181.115 3.124.181.115	16509 (AMAZON-02) (AMAZON-02)
1	13.224.193.81 13.224.193.81	16509 (AMAZON-02) (AMAZON-02)
1	142.250.184.196 142.250.184.196	15169 (GOOGLE) (GOOGLE)
1	192.0.73.2 192.0.73.2	2635 (AUTOMATTIC) (AUTOMATTIC)
1	157.240.236.15 157.240.236.15	32934 (FACEBOOK) (FACEBOOK)
3	172.67.70.113 172.67.70.113	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	18.169.90.17 18.169.90.17	16509 (AMAZON-02) (AMAZON-02)
4	34.102.149.62 34.102.149.62	15169 (GOOGLE) (GOOGLE)
2	178.250.2.146 178.250.2.146	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	51.89.7.110 51.89.7.110	16276 (OVH) (OVH)
3 9	13.248.242.197 13.248.242.197	16509 (AMAZON-02) (AMAZON-02)
3 5	37.252.172.38 37.252.172.38	29990 (ASN-APPNEX) (ASN-APPNEX)
5	157.245.94.128 157.245.94.128	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
4	185.64.189.112 185.64.189.112	62713 (AS-PUBMATIC) (AS-PUBMATIC)
2 17	37.252.172.45 37.252.172.45	29990 (ASN-APPNEX) (ASN-APPNEX)
24	34.98.64.218 34.98.64.218	15169 (GOOGLE) (GOOGLE)
4	34.149.20.76 34.149.20.76	15169 (GOOGLE) (GOOGLE)
4	34.107.148.139 34.107.148.139	15169 (GOOGLE) (GOOGLE)
4	69.173.144.143 69.173.144.143	26667 (RUBICONPR...) (RUBICONPROJECT)
4	63.251.14.14 63.251.14.14	32475 (SINGLEHOP...) (SINGLEHOP-LLC)
4	178.162.133.150 178.162.133.150	60781 (LEASEWEB-...) (LEASEWEB-NL-AMS-01 Netherlands)
3	35.157.16.220 35.157.16.220	16509 (AMAZON-02) (AMAZON-02)
2	18.156.195.47 18.156.195.47	16509 (AMAZON-02) (AMAZON-02)
1	5.178.65.246 5.178.65.246	50673 (SERVERIUS-AS) (SERVERIUS-AS)
29	142.250.186.98 142.250.186.98	15169 (GOOGLE) (GOOGLE)
3	142.250.186.130 142.250.186.130	15169 (GOOGLE) (GOOGLE)
1	142.250.185.194 142.250.185.194	15169 (GOOGLE) (GOOGLE)
4	142.250.184.194 142.250.184.194	15169 (GOOGLE) (GOOGLE)
2 7	142.250.74.194 142.250.74.194	15169 (GOOGLE) (GOOGLE)
11	172.217.16.129 172.217.16.129	15169 (GOOGLE) (GOOGLE)
3	142.250.185.68 142.250.185.68	15169 (GOOGLE) (GOOGLE)
5	2.18.233.180 2.18.233.180	16625 (AKAMAI-AS) (AKAMAI-AS)
5	2.18.232.130 2.18.232.130	16625 (AKAMAI-AS) (AKAMAI-AS)
1	208.100.17.178 208.100.17.178	32748 (STEADFAST) (STEADFAST)
2	23.37.42.132 23.37.42.132	16625 (AKAMAI-AS) (AKAMAI-AS)
7 8	185.29.134.248 185.29.134.248	30419 (MEDIAMATH...) (MEDIAMATH-INC)
5 5	91.228.74.226 91.228.74.226	16509 (AMAZON-02) (AMAZON-02)
9 10	37.157.2.238 37.157.2.238	198622 (ADFORM) (ADFORM)
13 25	142.250.185.98 142.250.185.98	15169 (GOOGLE) (GOOGLE)
1	185.64.189.115 185.64.189.115	62713 (AS-PUBMATIC) (AS-PUBMATIC)
1	142.250.184.226 142.250.184.226	15169 (GOOGLE) (GOOGLE)
2 2	213.155.156.169 213.155.156.169	1299 (TWELVE99 ...) (TWELVE99 Twelve99)
8	185.64.190.80 185.64.190.80	62713 (AS-PUBMATIC) (AS-PUBMATIC)
1	178.250.0.163 178.250.0.163	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1 1	85.114.159.93 85.114.159.93	24961 (MYLOC-AS ...) (MYLOC-AS IP Backbone of myLoc managed IT AG)
11	185.64.189.110 185.64.189.110	62713 (AS-PUBMATIC) (AS-PUBMATIC)
5 5	52.215.67.233 52.215.67.233	16509 (AMAZON-02) (AMAZON-02)
1 1	74.214.196.140 74.214.196.140	19189 (PULSEPOINT) (PULSEPOINT)
1 1	185.86.137.131 185.86.137.131	201081 (SMARTADSE...) (SMARTADSERVER)
1 1	162.55.6.213 162.55.6.213	24940 (HETZNER-AS) (HETZNER-AS)
3 3	213.19.147.44 213.19.147.44	26120 (RHYTHMONE) (RHYTHMONE)
1 1	87.98.128.108 87.98.128.108	16276 (OVH) (OVH)
1	104.26.10.209 104.26.10.209	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	63.251.232.170 63.251.232.170	29791 (VOXEL-DOT...) (VOXEL-DOT-NET)
1 3	104.18.12.5 104.18.12.5	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 2	151.101.129.44 151.101.129.44	54113 (FASTLY) (FASTLY)
1	38.91.45.7 38.91.45.7	398989 (DEEPINTENT) (DEEPINTENT)
3	185.64.190.81 185.64.190.81	62713 (AS-PUBMATIC) (AS-PUBMATIC)
3 3	51.210.112.63 51.210.112.63	16276 (OVH) (OVH)
2 2	52.48.137.92 52.48.137.92	16509 (AMAZON-02) (AMAZON-02)
1 2	104.22.25.87 104.22.25.87	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 2	159.253.128.188 159.253.128.188	36351 (SOFTLAYER) (SOFTLAYER)
2 2	3.126.56.137 3.126.56.137	16509 (AMAZON-02) (AMAZON-02)
1 2	212.82.100.176 212.82.100.176	34010 (YAHOO-IRD) (YAHOO-IRD)
3 3	18.194.231.4 18.194.231.4	16509 (AMAZON-02) (AMAZON-02)
2 2	18.194.128.57 18.194.128.57	16509 (AMAZON-02) (AMAZON-02)
4 4	151.101.66.49 151.101.66.49	54113 (FASTLY) (FASTLY)
1	63.215.202.140 63.215.202.140	41041 (VCLK-EU-SE) (VCLK-EU-SE)
2 2	66.155.71.25 66.155.71.25	13768 (COGECO-PEER1) (COGECO-PEER1)
1 1	46.228.164.11 46.228.164.11	56396 (AMOBEE) (AMOBEE)
2 2	159.65.197.210 159.65.197.210	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
1 1	34.98.107.212 34.98.107.212	15169 (GOOGLE) (GOOGLE)
1	54.194.104.251 54.194.104.251	16509 (AMAZON-02) (AMAZON-02)
2 4	2.18.234.21 2.18.234.21	16625 (AKAMAI-AS) (AKAMAI-AS)
6	142.250.185.70 142.250.185.70	15169 (GOOGLE) (GOOGLE)
3 7	69.173.151.90 69.173.151.90	26667 (RUBICONPR...) (RUBICONPROJECT)
1	87.248.118.23 87.248.118.23	203220 (YAHOO-DEB) (YAHOO-DEB)
1	35.244.174.68 35.244.174.68	15169 (GOOGLE) (GOOGLE)
2	142.250.186.66 142.250.186.66	15169 (GOOGLE) (GOOGLE)
2 2	64.202.112.63 64.202.112.63	23352 (SERVERCEN...) (SERVERCENTRAL)
1 1	193.0.160.128 193.0.160.128	54312 (ROCKETFUEL) (ROCKETFUEL)
3 3	35.205.207.25 35.205.207.25	15169 (GOOGLE) (GOOGLE)
1	82.113.101.132 82.113.101.132	6805 (TDDE-ASN1) (TDDE-ASN1)
4	116.202.48.214 116.202.48.214	24940 (HETZNER-AS) (HETZNER-AS)
1 2	185.29.134.249 185.29.134.249	30419 (MEDIAMATH...) (MEDIAMATH-INC)
1	2.18.233.201 2.18.233.201	16625 (AKAMAI-AS) (AKAMAI-AS)
1	151.101.193.108 151.101.193.108	54113 (FASTLY) (FASTLY)
3	37.252.172.37 37.252.172.37	29990 (ASN-APPNEX) (ASN-APPNEX)
1 4	176.9.26.250 176.9.26.250	24940 (HETZNER-AS) (HETZNER-AS)
2 2	145.239.193.130 145.239.193.130	16276 (OVH) (OVH)
1	88.198.250.30 88.198.250.30	24940 (HETZNER-AS) (HETZNER-AS)
1	185.172.148.128 185.172.148.128	44239 (PROINITY ...) (PROINITY PROINITY)
4	46.236.13.147 46.236.13.147	12703 (PULSANT-AS) (PULSANT-AS)
1 2	142.250.185.198 142.250.185.198	15169 (GOOGLE) (GOOGLE)
1	54.76.176.197 54.76.176.197	16509 (AMAZON-02) (AMAZON-02)
1	172.217.18.106 172.217.18.106	15169 (GOOGLE) (GOOGLE)
2	142.250.186.35 142.250.186.35	15169 (GOOGLE) (GOOGLE)
1	13.225.87.68 13.225.87.68	16509 (AMAZON-02) (AMAZON-02)
4	52.215.101.139 52.215.101.139	16509 (AMAZON-02) (AMAZON-02)
387	88

47 217.160.0.146 (Germany) 1 redirects

ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE)
PTR: 217-160-0-146.elastic-ssl.ui-r.com

securityaffairs.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.74.200 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s02-in-f8.1e100.net

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.18.11.207 (None, )

ASN13335 (CLOUDFLARENET, US)

maxcdn.bootstrapcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.224.193.69 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-193-69.fra2.r.cloudfront.net

ws.sharethis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.224.193.25 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-193-25.fra2.r.cloudfront.net

platform-api.sharethis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

35 2.18.235.93 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-235-93.deploy.static.akamaitechnologies.com

contextual.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
lg3.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
hblg.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 68.183.31.14 (North Bergen, United States)

ASN14061 (DIGITALOCEAN-ASN, US)

served-by.pixfuture.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 192.0.77.2 (United States)

ASN2635 (AUTOMATTIC, US)
PTR: i1.wp.com

i0.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
i1.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
i2.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 157.240.236.1 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
PTR: xx-fbcdn-shv-02-frx5.fbcdn.net

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 192.0.76.3 (United States)

ASN2635 (AUTOMATTIC, US)

stats.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 142.250.185.174 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s51-in-f14.1e100.net

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.124.181.115 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-124-181-115.eu-central-1.compute.amazonaws.com

l.sharethis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.224.193.81 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-193-81.fra2.r.cloudfront.net

buttons-config.sharethis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.184.196 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s11-in-f4.1e100.net

google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.0.73.2 (United States)

ASN2635 (AUTOMATTIC, US)

secure.gravatar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 157.240.236.15 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
PTR: edge-star-shv-02-frx5.facebook.com

graph.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 172.67.70.113 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.pixfuture.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.169.90.17 (London, United Kingdom)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-169-90-17.eu-west-2.compute.amazonaws.com

aa.agkn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 34.102.149.62 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 62.149.102.34.bc.googleusercontent.com

navvy.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 178.250.2.146 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

gum.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 51.89.7.110 (London, United Kingdom)

ASN16276 (OVH, FR)
PTR: p23.id5-sync.com

id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 13.248.242.197 (United States) 3 redirects

ASN16509 (AMAZON-02, US)
PTR: a97adde81b00f2ca4.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 37.252.172.38 (Frankfurt am Main, Germany) 3 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 690.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 157.245.94.128 (North Bergen, United States)

ASN14061 (DIGITALOCEAN-ASN, US)

prebidserver.pixfuture.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 185.64.189.112 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)

hbopenbid.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 37.252.172.45 (Frankfurt am Main, Germany) 2 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 693.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

24 34.98.64.218 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 218.64.98.34.bc.googleusercontent.com

pixfuture2-d.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
eu-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
us-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 34.149.20.76 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 76.20.149.34.bc.googleusercontent.com

ssc.33across.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 34.107.148.139 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 139.148.107.34.bc.googleusercontent.com

prebid.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 69.173.144.143 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)

fastlane.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 63.251.14.14 (United States)

ASN32475 (SINGLEHOP-LLC, US)

ap.lijit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 178.162.133.150 (Rotterdam, Netherlands)

ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL)
PTR: ams-1-apex.go.sonobi.com

apex.go.sonobi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 35.157.16.220 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-35-157-16-220.eu-central-1.compute.amazonaws.com

btlr.sharethrough.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.156.195.47 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-156-195-47.eu-central-1.compute.amazonaws.com

c2shb.ssp.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 5.178.65.246 (Woerden, Netherlands)

ASN50673 (SERVERIUS-AS, NL)
PTR: ads.us.e-planning.net

ads.us.e-planning.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

29 142.250.186.98 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s06-in-f2.1e100.net

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 142.250.186.130 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s07-in-f2.1e100.net

partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.185.194 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s52-in-f2.1e100.net

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.250.184.194 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s11-in-f2.1e100.net

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 142.250.74.194 (United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s02-in-f2.1e100.net

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 172.217.16.129 (United States)

ASN15169 (GOOGLE, US)
PTR: zrh04s06-in-f129.1e100.net

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 142.250.185.68 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s48-in-f4.1e100.net

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2.18.233.180 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-233-180.deploy.static.akamaitechnologies.com

ads.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2.18.232.130 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-232-130.deploy.static.akamaitechnologies.com

acdn.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 208.100.17.178 (United States)

ASN32748 (STEADFAST, US)
PTR: ip178.208-100-17.static.steadfastdns.net

ssc-cms.33across.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.37.42.132 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-37-42-132.deploy.static.akamaitechnologies.com

eus.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 185.29.134.248 (United Kingdom) 7 redirects

ASN30419 (MEDIAMATH-INC, US)

sync.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 91.228.74.226 (United Kingdom) 5 redirects

ASN16509 (AMAZON-02, US)

pixel.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 37.157.2.238 (Denmark) 9 redirects

ASN198622 (ADFORM, DK)

c1.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

25 142.250.185.98 (United States) 13 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s49-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.64.189.115 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.184.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s12-in-f2.1e100.net

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 213.155.156.169 (Uppsala, Sweden) 2 redirects

ASN1299 (TWELVE99 Twelve99, Telia Carrier, SE)
PTR: 213-155-156-169.teliacarrier-cust.com

d5p.de17a.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 185.64.190.80 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)

image2.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.250.0.163 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

dis.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 85.114.159.93 (Germany) 1 redirects

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)
PTR: dsp.adfarm1.adition.com

dsp.adfarm1.adition.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 185.64.189.110 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)

simage2.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 52.215.67.233 (Dublin, Ireland) 5 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-215-67-233.eu-west-1.compute.amazonaws.com

match.prod.bidr.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 74.214.196.140 (Sunnyvale, United States) 1 redirects

ASN19189 (PULSEPOINT, US)

bh.contextweb.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.86.137.131 (France) 1 redirects

ASN201081 (SMARTADSERVER, FR)

rtb-csync.smartadserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 162.55.6.213 (Germany) 1 redirects

ASN24940 (HETZNER-AS, DE)
PTR: static.213.6.55.162.clients.your-server.de

csync.loopme.me	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 213.19.147.44 (United Kingdom) 3 redirects

ASN26120 (RHYTHMONE, US)

sync.1rx.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
sync.targeting.unrulymedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 87.98.128.108 (France) 1 redirects

ASN16276 (OVH, FR)
PTR: ip108.ip-87-98-128.eu

green.erne.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.26.10.209 (United States)

ASN13335 (CLOUDFLARENET, US)

ad4m.at	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 63.251.232.170 (United States)

ASN29791 (VOXEL-DOT-NET, US)
PTR: ams-mon-1.sys.adgear.com

cm.adgrx.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 104.18.12.5 (None, ) 1 redirects

ASN13335 (CLOUDFLARENET, US)

a.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
s.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.129.44 (United States) 1 redirects

ASN54113 (FASTLY, US)

trc.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
match.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 38.91.45.7 (United States)

ASN398989 (DEEPINTENT, US)

match.deepintent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 185.64.190.81 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)

image4.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
simage4.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 51.210.112.63 (France) 3 redirects

ASN16276 (OVH, FR)
PTR: pikafka-3.cloudy.ovh

pixel.onaudience.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.48.137.92 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-48-137-92.eu-west-1.compute.amazonaws.com

sync.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.22.25.87 (None, ) 1 redirects

ASN13335 (CLOUDFLARENET, US)

spl.zeotap.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
mwzeom.zeotap.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 159.253.128.188 (Amsterdam, Netherlands) 1 redirects

ASN36351 (SOFTLAYER, US)
PTR: bc.80.fd9f.ip4.static.sl-reverse.com

um.simpli.fi	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.126.56.137 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-126-56-137.eu-central-1.compute.amazonaws.com

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 212.82.100.176 (Dublin, Ireland) 1 redirects

ASN34010 (YAHOO-IRD, GB)
PTR: pr-bh-ing.pbp.vip.ir2.yahoo.com

pr-bh.ybp.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 18.194.231.4 (Frankfurt am Main, Germany) 3 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-194-231-4.eu-central-1.compute.amazonaws.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.194.128.57 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-194-128-57.eu-central-1.compute.amazonaws.com

rtb.mfadsrvr.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 151.101.66.49 (United States) 4 redirects

ASN54113 (FASTLY, US)

sync-tm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 63.215.202.140 (Amsterdam, Netherlands)

ASN41041 (VCLK-EU-SE, US)
PTR: ams01-login.dotomi.com

pubmatic-match.dotomi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 66.155.71.25 (Portsmouth, United Kingdom) 2 redirects

ASN13768 (COGECO-PEER1, CA)

pixel-sync.sitescout.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 46.228.164.11 (United Kingdom) 1 redirects

ASN56396 (AMOBEE, GB)

ad.turn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 159.65.197.210 (Amsterdam, Netherlands) 2 redirects

ASN14061 (DIGITALOCEAN-ASN, US)

match.adsby.bidtheatre.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.98.107.212 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 212.107.98.34.bc.googleusercontent.com

ads.playground.xyz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.194.104.251 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-194-104-251.eu-west-1.compute.amazonaws.com

rtb.gumgum.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2.18.234.21 (Frankfurt am Main, Germany) 2 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-234-21.deploy.static.akamaitechnologies.com

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 142.250.185.70 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s48-in-f6.1e100.net

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 69.173.151.90 (United States) 3 redirects

ASN26667 (RUBICONPROJECT, US)

token.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 87.248.118.23 (Frankfurt am Main, Germany)

ASN203220 (YAHOO-DEB, GB)
PTR: e2.ycpi.vip.deb.yahoo.com

ads.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.244.174.68 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 68.174.244.35.bc.googleusercontent.com

id.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.186.66 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s05-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 64.202.112.63 (United States) 2 redirects

ASN23352 (SERVERCENTRAL, US)
PTR: ny.outbrain.com

b1sync.zemanta.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 193.0.160.128 (United States) 1 redirects

ASN54312 (ROCKETFUEL, US)

a.rfihub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 35.205.207.25 (Brussels, Belgium) 3 redirects

ASN15169 (GOOGLE, US)
PTR: 25.207.205.35.bc.googleusercontent.com

ads.avads.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 82.113.101.132 (Hanau, Germany)

ASN6805 (TDDE-ASN1, DE)
PTR: portal.o2online.de

portal.o2online.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 116.202.48.214 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.214.48.202.116.clients.your-server.de

hal9000.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.29.134.249 (United Kingdom) 1 redirects

ASN30419 (MEDIAMATH-INC, US)

tags.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2.18.233.201 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-233-201.deploy.static.akamaitechnologies.com

pixel.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.193.108 (United States)

ASN54113 (FASTLY, US)

cdn.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 37.252.172.37 (Frankfurt am Main, Germany)

ASN29990 (ASN-APPNEX, US)
PTR: 691.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

fra1-ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 176.9.26.250 (Germany) 1 redirects

ASN24940 (HETZNER-AS, DE)
PTR: static.250.26.9.176.clients.your-server.de

hal900014.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 145.239.193.130 (France) 2 redirects

ASN16276 (OVH, FR)

pv.medialead.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 88.198.250.30 (Schwaig, Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.88-198-250-30.clients.your-server.de

pb.media01.eu	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.172.148.128 (Switzerland)

ASN44239 (PROINITY PROINITY, CH)

adv.office-partner.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 46.236.13.147 (United Kingdom)

ASN12703 (PULSANT-AS, GB)
PTR: 46-236-13-147.servers.dedipower.net

track.webgains.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.185.198 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s52-in-f6.1e100.net

5994599.fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.76.176.197 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-76-176-197.eu-west-1.compute.amazonaws.com

ad-server.eu	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.217.18.106 (United States)

ASN15169 (GOOGLE, US)
PTR: zrh04s05-in-f106.1e100.net

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.186.35 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s04-in-f3.1e100.net

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.225.87.68 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-87-68.fra2.r.cloudfront.net

analytics.webgains.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 52.215.101.139 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-215-101-139.eu-west-1.compute.amazonaws.com

api.webgains.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
47	securityaffairs.co 1 redirects securityaffairs.co	1 MB
43	media.net contextual.media.net lg3.media.net navvy.media.net prebid.media.net hblg.media.net	375 KB
40	googlesyndication.com pagead2.googlesyndication.com tpc.googlesyndication.com	724 KB
34	doubleclick.net 16 redirects googleads.g.doubleclick.net cm.g.doubleclick.net googleads4.g.doubleclick.net 5994599.fls.doubleclick.net	43 KB
32	pubmatic.com hbopenbid.pubmatic.com ads.pubmatic.com image6.pubmatic.com image2.pubmatic.com simage2.pubmatic.com image4.pubmatic.com simage4.pubmatic.com	48 KB
31	adnxs.com 5 redirects secure.adnxs.com ib.adnxs.com acdn.adnxs.com cdn.adnxs.com fra1-ib.adnxs.com	141 KB
24	openx.net pixfuture2-d.openx.net eu-u.openx.net us-u.openx.net	6 KB
23	pixfuture.com served-by.pixfuture.com cdn.pixfuture.com prebidserver.pixfuture.com	525 KB
13	rubiconproject.com 3 redirects fastlane.rubiconproject.com eus.rubiconproject.com token.rubiconproject.com pixel.rubiconproject.com	17 KB
11	mathtag.com 8 redirects sync.mathtag.com tags.mathtag.com pixel.mathtag.com	6 KB
11	wp.com i0.wp.com i1.wp.com stats.wp.com i2.wp.com pixel.wp.com	49 KB
10	adform.net 9 redirects c1.adform.net	5 KB
9	adsrvr.org 3 redirects match.adsrvr.org	3 KB
8	redintelligence.net 1 redirects hal9000.redintelligence.net hal900014.redintelligence.net	55 KB
7	google.com adservice.google.com www.google.com	3 KB
7	yahoo.com 3 redirects c2shb.ssp.yahoo.com ups.analytics.yahoo.com pr-bh.ybp.yahoo.com ads.yahoo.com	4 KB
6	2mdn.net s0.2mdn.net	180 KB
5	webgains.io analytics.webgains.io api.webgains.io	51 KB
5	bidr.io 5 redirects match.prod.bidr.io	2 KB
5	quantserve.com 5 redirects pixel.quantserve.com	2 KB
5	33across.com ssc.33across.com ssc-cms.33across.com	764 B
5	sharethis.com ws.sharethis.com platform-api.sharethis.com l.sharethis.com buttons-config.sharethis.com	50 KB
4	webgains.com track.webgains.com	7 KB
4	casalemedia.com 2 redirects dsum-sec.casalemedia.com	4 KB
4	everesttech.net 4 redirects sync-tm.everesttech.net	1 KB
4	sonobi.com apex.go.sonobi.com	3 KB
4	lijit.com ap.lijit.com	3 KB
4	google-analytics.com www.google-analytics.com google-analytics.com	39 KB
3	avads.net 3 redirects ads.avads.net	950 B
3	bidswitch.net 3 redirects x.bidswitch.net	2 KB
3	onaudience.com 3 redirects pixel.onaudience.com	1 KB
3	tribalfusion.com 1 redirects a.tribalfusion.com s.tribalfusion.com	2 KB
3	google.de adservice.google.de	1 KB
3	googleadservices.com partner.googleadservices.com	769 B
3	sharethrough.com btlr.sharethrough.com	343 B
3	criteo.com gum.criteo.com dis.criteo.com	963 B
2	gstatic.com fonts.gstatic.com	32 KB
2	medialead.de 2 redirects pv.medialead.de	2 KB
2	zemanta.com 2 redirects b1sync.zemanta.com	1 KB
2	bidtheatre.com 2 redirects match.adsby.bidtheatre.com	1 KB
2	sitescout.com 2 redirects pixel-sync.sitescout.com	947 B
2	mfadsrvr.com 2 redirects rtb.mfadsrvr.com	1 KB
2	simpli.fi 1 redirects um.simpli.fi	1 KB
2	zeotap.com 1 redirects spl.zeotap.com mwzeom.zeotap.com	904 B
2	crwdcntrl.net 2 redirects sync.crwdcntrl.net	1 KB
2	taboola.com 1 redirects trc.taboola.com match.taboola.com	558 B
2	1rx.io 2 redirects sync.1rx.io	1 KB
2	de17a.com 2 redirects d5p.de17a.com	637 B
2	facebook.net connect.facebook.net	77 KB
2	googletagmanager.com www.googletagmanager.com	72 KB
1	ad-server.eu ad-server.eu	312 B
1	office-partner.de adv.office-partner.de	1 KB
1	media01.eu pb.media01.eu	629 B
1	o2online.de portal.o2online.de	609 B
1	rfihub.com 1 redirects a.rfihub.com	1 KB
1	gumgum.com rtb.gumgum.com	238 B
1	playground.xyz 1 redirects ads.playground.xyz	487 B
1	turn.com 1 redirects ad.turn.com	518 B
1	dotomi.com pubmatic-match.dotomi.com	104 B
1	deepintent.com match.deepintent.com	44 B
1	adgrx.com cm.adgrx.com	408 B
1	ad4m.at ad4m.at	974 B
1	erne.co 1 redirects green.erne.co	327 B
1	unrulymedia.com 1 redirects sync.targeting.unrulymedia.com	535 B
1	loopme.me 1 redirects csync.loopme.me	217 B
1	smartadserver.com 1 redirects rtb-csync.smartadserver.com	755 B
1	contextweb.com 1 redirects bh.contextweb.com	497 B
1	adition.com 1 redirects dsp.adfarm1.adition.com	501 B
1	googletagservices.com www.googletagservices.com	38 KB
1	e-planning.net ads.us.e-planning.net	92 B
1	rlcdn.com api.rlcdn.com Failed id.rlcdn.com
1	id5-sync.com id5-sync.com	536 B
1	agkn.com aa.agkn.com
1	facebook.com graph.facebook.com	662 B
1	gravatar.com secure.gravatar.com	1 KB
1	googleapis.com fonts.googleapis.com Failed	1 KB
1	bootstrapcdn.com maxcdn.bootstrapcdn.com	6 KB
387	77

	Domain	Requested by
47	securityaffairs.co	1 redirects securityaffairs.co
29	pagead2.googlesyndication.com	cdn.pixfuture.com pagead2.googlesyndication.com googleads.g.doubleclick.net tpc.googlesyndication.com s0.2mdn.net www.googletagservices.com
25	cm.g.doubleclick.net	13 redirects eu-u.openx.net googleads.g.doubleclick.net
24	contextual.media.net	securityaffairs.co contextual.media.net cdn.pixfuture.com
17	ib.adnxs.com	2 redirects cdn.pixfuture.com acdn.adnxs.com googleads.g.doubleclick.net
15	served-by.pixfuture.com	securityaffairs.co cdn.pixfuture.com pagead2.googlesyndication.com
12	eu-u.openx.net	cdn.pixfuture.com eu-u.openx.net
11	simage2.pubmatic.com	ads.pubmatic.com
11	tpc.googlesyndication.com	pagead2.googlesyndication.com tpc.googlesyndication.com googleads.g.doubleclick.net s0.2mdn.net
10	c1.adform.net	9 redirects ads.pubmatic.com
10	lg3.media.net	securityaffairs.co contextual.media.net
9	match.adsrvr.org	3 redirects cdn.pixfuture.com eu-u.openx.net
8	image2.pubmatic.com	ads.pubmatic.com
8	us-u.openx.net	eu-u.openx.net
8	sync.mathtag.com	7 redirects securityaffairs.co
6	s0.2mdn.net	securityaffairs.co s0.2mdn.net
5	match.prod.bidr.io	5 redirects
5	pixel.quantserve.com	5 redirects
5	acdn.adnxs.com	cdn.pixfuture.com securityaffairs.co
5	ads.pubmatic.com	cdn.pixfuture.com ads.pubmatic.com
5	googleads.g.doubleclick.net	2 redirects pagead2.googlesyndication.com googleads.g.doubleclick.net
5	prebidserver.pixfuture.com	cdn.pixfuture.com
5	secure.adnxs.com	3 redirects
4	api.webgains.io	analytics.webgains.io
4	track.webgains.com	securityaffairs.co
4	hal900014.redintelligence.net	1 redirects securityaffairs.co hal900014.redintelligence.net
4	hal9000.redintelligence.net	securityaffairs.co hal900014.redintelligence.net
4	pixel.rubiconproject.com
4	dsum-sec.casalemedia.com	2 redirects googleads.g.doubleclick.net
4	sync-tm.everesttech.net	4 redirects
4	adservice.google.com	pagead2.googlesyndication.com 5994599.fls.doubleclick.net
4	apex.go.sonobi.com	cdn.pixfuture.com
4	ap.lijit.com	cdn.pixfuture.com
4	fastlane.rubiconproject.com	cdn.pixfuture.com
4	prebid.media.net	cdn.pixfuture.com
4	ssc.33across.com	cdn.pixfuture.com
4	pixfuture2-d.openx.net	cdn.pixfuture.com
4	hbopenbid.pubmatic.com	cdn.pixfuture.com
4	navvy.media.net	contextual.media.net
4	i0.wp.com	securityaffairs.co
3	fra1-ib.adnxs.com	cdn.pixfuture.com securityaffairs.co cdn.adnxs.com
3	ads.avads.net	3 redirects
3	token.rubiconproject.com	3 redirects
3	x.bidswitch.net	3 redirects
3	pixel.onaudience.com	3 redirects
3	www.google.com	tpc.googlesyndication.com
3	adservice.google.de	pagead2.googlesyndication.com
3	partner.googleadservices.com	pagead2.googlesyndication.com
3	btlr.sharethrough.com	cdn.pixfuture.com
3	cdn.pixfuture.com	served-by.pixfuture.com cdn.pixfuture.com securityaffairs.co
3	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
3	i1.wp.com	securityaffairs.co
2	fonts.gstatic.com	fonts.googleapis.com
2	5994599.fls.doubleclick.net	1 redirects securityaffairs.co
2	pv.medialead.de	2 redirects
2	tags.mathtag.com	1 redirects securityaffairs.co
2	b1sync.zemanta.com	2 redirects
2	googleads4.g.doubleclick.net	securityaffairs.co
2	match.adsby.bidtheatre.com	2 redirects
2	pixel-sync.sitescout.com	2 redirects
2	rtb.mfadsrvr.com	2 redirects
2	pr-bh.ybp.yahoo.com	1 redirects ads.pubmatic.com
2	ups.analytics.yahoo.com	2 redirects
2	um.simpli.fi	1 redirects ads.pubmatic.com
2	sync.crwdcntrl.net	2 redirects
2	image4.pubmatic.com	ads.pubmatic.com
2	a.tribalfusion.com	1 redirects googleads.g.doubleclick.net
2	sync.1rx.io	2 redirects
2	d5p.de17a.com	2 redirects
2	eus.rubiconproject.com	cdn.pixfuture.com eus.rubiconproject.com
2	c2shb.ssp.yahoo.com	cdn.pixfuture.com
2	gum.criteo.com	cdn.pixfuture.com
2	pixel.wp.com	securityaffairs.co
2	l.sharethis.com	ws.sharethis.com securityaffairs.co
2	connect.facebook.net	securityaffairs.co connect.facebook.net
2	www.googletagmanager.com	securityaffairs.co adv.office-partner.de
1	simage4.pubmatic.com	ads.pubmatic.com
1	analytics.webgains.io	track.webgains.com
1	ad-server.eu	securityaffairs.co
1	adv.office-partner.de	hal900014.redintelligence.net
1	pb.media01.eu	hal900014.redintelligence.net
1	cdn.adnxs.com	cdn.pixfuture.com
1	pixel.mathtag.com	securityaffairs.co
1	portal.o2online.de
1	a.rfihub.com	1 redirects
1	id.rlcdn.com
1	ads.yahoo.com
1	rtb.gumgum.com	ads.pubmatic.com
1	ads.playground.xyz	1 redirects
1	ad.turn.com	1 redirects
1	pubmatic-match.dotomi.com	ads.pubmatic.com
1	mwzeom.zeotap.com	ads.pubmatic.com
1	spl.zeotap.com	1 redirects
1	match.deepintent.com	ads.pubmatic.com
1	match.taboola.com	ads.pubmatic.com
1	trc.taboola.com	1 redirects
1	s.tribalfusion.com	ads.pubmatic.com
1	cm.adgrx.com	ads.pubmatic.com
1	ad4m.at	ads.pubmatic.com
1	green.erne.co	1 redirects
1	sync.targeting.unrulymedia.com	1 redirects
1	csync.loopme.me	1 redirects
1	rtb-csync.smartadserver.com	1 redirects
1	bh.contextweb.com	1 redirects
1	dsp.adfarm1.adition.com	1 redirects
1	dis.criteo.com	ads.pubmatic.com
1	hblg.media.net	contextual.media.net
1	www.googletagservices.com	googleads.g.doubleclick.net
1	image6.pubmatic.com	ads.pubmatic.com
1	ssc-cms.33across.com	cdn.pixfuture.com
1	ads.us.e-planning.net	cdn.pixfuture.com
1	id5-sync.com	cdn.pixfuture.com
1	aa.agkn.com	cdn.pixfuture.com
1	graph.facebook.com	securityaffairs.co
1	i2.wp.com	securityaffairs.co
1	secure.gravatar.com	securityaffairs.co
1	google-analytics.com	securityaffairs.co
1	buttons-config.sharethis.com	platform-api.sharethis.com
1	fonts.googleapis.com	securityaffairs.co hal900014.redintelligence.net
1	stats.wp.com	securityaffairs.co
1	platform-api.sharethis.com	securityaffairs.co
1	ws.sharethis.com	securityaffairs.co
1	maxcdn.bootstrapcdn.com	securityaffairs.co
0	api.rlcdn.com Failed	cdn.pixfuture.com
387	124

This site contains links to these domains. Also see Links.

Domain
www.pixfuture.com
oag.ca.gov
twitter.com
www.facebook.com
www.linkedin.com
www.pinterest.com
plus.google.com
www.tumblr.com
www.cssii.unifi.it

Subject Issuer	Validity	Valid
www.securityaffairs.co GeoTrust TLS DV RSA Mixed SHA256 2020 CA-1	`2021-03-24` - `2022-04-06`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-09-13` - `2021-11-20`	2 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-03-01` - `2022-02-28`	a year	crt.sh
sharethis.com Amazon	`2021-07-19` - `2022-08-17`	a year	crt.sh
*.media.net DigiCert SHA2 Secure Server CA	`2021-04-12` - `2022-04-20`	a year	crt.sh
*.pixfuture.com Sectigo RSA Domain Validation Secure Server CA	`2019-12-03` - `2021-12-02`	2 years	crt.sh
*.wp.com Sectigo RSA Domain Validation Secure Server CA	`2020-04-02` - `2022-07-05`	2 years	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2021-07-19` - `2021-10-17`	3 months	crt.sh
*.gravatar.com Sectigo RSA Domain Validation Secure Server CA	`2020-08-14` - `2022-11-16`	2 years	crt.sh
*.agkn.com RapidSSL RSA CA 2018	`2020-07-25` - `2022-09-18`	2 years	crt.sh
*.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2021-09-09` - `2021-12-07`	3 months	crt.sh
*.id5-sync.com R3	`2021-10-05` - `2022-01-03`	3 months	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2021-03-18` - `2022-04-19`	a year	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2021-03-05` - `2022-02-19`	a year	crt.sh
*.pubmatic.com DigiCert Baltimore TLS RSA SHA256 2020 CA1	`2020-12-07` - `2021-12-14`	a year	crt.sh
*.openx.net GeoTrust RSA CA 2018	`2021-07-08` - `2022-08-08`	a year	crt.sh
ssc.33across.com GTS CA 1D4	`2021-09-28` - `2021-12-27`	3 months	crt.sh
*.rubiconproject.com DigiCert TLS RSA SHA256 2020 CA1	`2021-03-30` - `2022-04-04`	a year	crt.sh
*.lijit.com Go Daddy Secure Certificate Authority - G2	`2021-03-11` - `2022-04-12`	a year	crt.sh
*.go.sonobi.com Go Daddy Secure Certificate Authority - G2	`2020-12-06` - `2022-01-07`	a year	crt.sh
*.sharethrough.com Amazon	`2021-08-13` - `2022-09-11`	a year	crt.sh
web.ssp.yahoo.com DigiCert SHA2 High Assurance Server CA	`2021-08-30` - `2022-02-23`	6 months	crt.sh
ads.us.e-planning.net R3	`2021-10-09` - `2022-01-07`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-09-13` - `2021-11-20`	2 months	crt.sh
*.googleadservices.com GTS CA 1C3	`2021-09-13` - `2021-11-20`	2 months	crt.sh
*.google.de GTS CA 1C3	`2021-09-13` - `2021-11-20`	2 months	crt.sh
*.google.com GTS CA 1C3	`2021-09-13` - `2021-11-20`	2 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2021-09-13` - `2021-11-20`	2 months	crt.sh
www.google.com GTS CA 1C3	`2021-09-13` - `2021-11-20`	2 months	crt.sh
cdn.adnxs.com GeoTrust RSA CA 2018	`2021-03-11` - `2022-02-07`	a year	crt.sh
*.33across.com Sectigo RSA Domain Validation Secure Server CA	`2021-09-23` - `2022-09-30`	a year	crt.sh
track.adform.net DigiCert TLS RSA SHA256 2020 CA1	`2021-09-06` - `2022-10-07`	a year	crt.sh
public1.adgear.com Sectigo RSA Domain Validation Secure Server CA	`2021-02-24` - `2022-03-26`	a year	crt.sh
*.taboola.com DigiCert TLS RSA SHA256 2020 CA1	`2020-11-25` - `2021-12-26`	a year	crt.sh
*.deepintent.com Go Daddy Secure Certificate Authority - G2	`2020-04-09` - `2022-06-08`	2 years	crt.sh
*.simpli.fi DigiCert SHA2 Secure Server CA	`2019-09-18` - `2021-12-12`	2 years	crt.sh
*.pbp.bf2.yahoo.com DigiCert SHA2 High Assurance Server CA	`2021-08-18` - `2021-11-17`	3 months	crt.sh
*.dotomi.com GlobalSign RSA OV SSL CA 2018	`2021-08-10` - `2022-09-11`	a year	crt.sh
*.gumgum.com Amazon	`2021-06-05` - `2022-07-04`	a year	crt.sh
san.casalemedia.com GeoTrust RSA CA 2018	`2021-02-05` - `2022-02-09`	a year	crt.sh
*.doubleclick.net GTS CA 1C3	`2021-09-13` - `2021-11-20`	2 months	crt.sh
*.ads.yahoo.com DigiCert SHA2 High Assurance Server CA	`2021-09-27` - `2021-11-17`	2 months	crt.sh
*.rlcdn.com Sectigo RSA Domain Validation Secure Server CA	`2021-02-25` - `2022-03-28`	a year	crt.sh
*.o2online.de DigiCert TLS RSA SHA256 2020 CA1	`2021-01-19` - `2022-02-19`	a year	crt.sh
redintelligence.net R3	`2021-08-20` - `2021-11-18`	3 months	crt.sh
*.mathtag.com DigiCert SHA2 Secure Server CA	`2020-04-15` - `2022-04-22`	2 years	crt.sh
pixel.mathtag.com DigiCert SHA2 Secure Server CA	`2021-06-29` - `2022-07-07`	a year	crt.sh
*.media01.eu RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1	`2021-05-27` - `2022-05-27`	a year	crt.sh
adv.office-partner.de R3	`2021-09-08` - `2021-12-07`	3 months	crt.sh
*.webgains.com Sectigo RSA Domain Validation Secure Server CA	`2021-05-20` - `2022-06-20`	a year	crt.sh
ad-server.eu R3	`2021-08-17` - `2021-11-15`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2021-09-13` - `2021-11-20`	2 months	crt.sh
*.gstatic.com GTS CA 1C3	`2021-09-13` - `2021-11-20`	2 months	crt.sh
*.webgains.io Amazon	`2021-03-12` - `2022-04-10`	a year	crt.sh

This page contains 66 frames:

Primary Page: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html
Frame ID: 41212EEB9664D9174DBD9E04A2E8C5D9
Requests: 151 HTTP requests in this frame

Frame: https://contextual.media.net/checksync.php?&gdpr=1&usp_status=0&cs=2&cv=31&cid=8CU5BD6EW&https=1&itype=CM
Frame ID: 480E4A91818B6BBCF8FF16FF9865DAF6
Requests: 1 HTTP requests in this frame

Frame: https://contextual.media.net/checksync.php?&gdpr=1&usp_status=0&cs=2&cv=31&cid=8CU5BD6EW&https=1&itype=CM
Frame ID: 6ED5923AB23BCA33B55548093D5C1296
Requests: 1 HTTP requests in this frame

Frame: https://contextual.media.net/checksync.php?&gdpr=1&usp_status=0&cs=2&cv=31&cid=8CU5BD6EW&https=1&itype=CM
Frame ID: C86ADEB2628628932431A57C193908FD
Requests: 1 HTTP requests in this frame

Frame: https://contextual.media.net/checksync.php?&gdpr=1&usp_status=0&cs=2&cv=31&cid=8CU5BD6EW&https=1&itype=CM
Frame ID: DEA4F1B4F30AE34521F97136A9D2DAE9
Requests: 1 HTTP requests in this frame

Frame: https://contextual.media.net/4a/nrrV72800.js
Frame ID: F9DC08649B40B5B3D9EAA4C7CEBD763E
Requests: 6 HTTP requests in this frame

Frame: https://contextual.media.net/4a/nrrV72800.js
Frame ID: 32EAC8D29C35CC3864E65245C50026DE
Requests: 7 HTTP requests in this frame

Frame: https://contextual.media.net/4a/nrrV72800.js
Frame ID: E6A9214787B5B72C8880B7A65024D4E8
Requests: 7 HTTP requests in this frame

Frame: https://contextual.media.net/4a/nrrV72800.js
Frame ID: 86906697E96C1EB43B413B73FCF1C3B8
Requests: 7 HTTP requests in this frame

Frame: https://ads.us.e-planning.net/uspd/1/?du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Frame ID: A51AD205E37B6EF16362816F5C301F68
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/show_ads.js
Frame ID: 462EFBB191F359F8139D51FEAE0B53F2
Requests: 8 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/show_ads.js
Frame ID: 7599EADF054B98BF4D573F1EA9DA1028
Requests: 2 HTTP requests in this frame

Frame: https://served-by.pixfuture.com/www/delivery/afr.php
Frame ID: 0C9E90A68828279EA8E294BEC5FDAC53
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/show_ads.js
Frame ID: 239C53977500A449A8453051DAD4F39B
Requests: 8 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/show_ads.js
Frame ID: 00A45FE9199642F863712C71BE352213
Requests: 8 HTTP requests in this frame

Frame: https://served-by.pixfuture.com/www/delivery/afr.php
Frame ID: 26D5BE4C0DDD8DCD4D48E9D18B9C1F2E
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=90&slotname=Internal_728x90_0.10&adk=1194620937&adf=1174745092&pi=t.ma~as.Internal_728x90_0.10&w=728&lmt=1633778162&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F123136%2Fmalware%2Fcox-media-group-ransomware.html&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1633778162262&bpp=8&bdt=109&idt=78&shv=r20211006&mjsv=m202110040101&ptt=5&saldr=sa&cookie=ID%3Df9f437f666c7ffce-22b4ae64eeca0094%3AT%3D1633778162%3ART%3D1633778162%3AS%3DALNI_MY9UAQjQQYm-0JVXJ6tr5HmuXY-PA&correlator=1204277754316&frm=21&ife=1&pv=1&ga_vid=1856466030.1633778161&ga_sid=1633778163&ga_hid=778416054&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=320&ady=518&biw=1600&bih=1200&isw=728&ish=90&ifk=2765223853&scr_x=0&scr_y=0&eid=31062949&oid=2&pvsid=824065045266497&pem=643&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.4txy29lqthuf&fsb=1&xpc=asoepayFyQ&p=https%3A//securityaffairs.co&dtd=263
Frame ID: 60920B526AE1B672475A75841D72D7AE
Requests: 14 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html
Frame ID: 8AFF3714461122FDC8F810BEF739B960
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 0365E74CA91941B6CE9C955EC5E1801C
Requests: 2 HTTP requests in this frame

Frame: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0
Frame ID: D905D5C0C8F567C64D494CC3FE279A3F
Requests: 7 HTTP requests in this frame

Frame: https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUIUMTP7&prvid=2034%2C2033%2C2011%2C3022%2C3020%2C2030%2C273%2C251%2C175%2C2009%2C255%2C178%2C3018%2C2028%2C3017%2C2027%2C3016%2C236%2C214%2C237%2C2025%2C3014%2C238%2C117%2C97%2C99%2C77%2C38%2C3012%2C3011%2C3010%2C182%2C261%2C141%2C222%2C3007%2C201%2C4%2C301%2C246%2C225%2C203%2C80%2C10000%2C9%2C108&purpose1=1&gdprconsent=0&gdpr=1&usp_status=0&usp_consent=1&itype=PREBID
Frame ID: 0489FF0BA378D1E2E78E870583EE885A
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Frame ID: E8BE7540D34FCB48BA8F3A076573D596
Requests: 24 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: D87009FECBCDECE237C82F2F0F496B38
Requests: 3 HTTP requests in this frame

Frame: https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUIUMTP7&prvid=2034%2C2033%2C2011%2C3022%2C3020%2C2030%2C273%2C251%2C175%2C2009%2C255%2C178%2C3018%2C2028%2C3017%2C2027%2C3016%2C236%2C214%2C237%2C2025%2C3014%2C238%2C117%2C97%2C99%2C77%2C38%2C3012%2C3011%2C3010%2C182%2C261%2C141%2C222%2C3007%2C201%2C4%2C301%2C246%2C225%2C203%2C80%2C10000%2C9%2C108&purpose1=1&gdprconsent=0&gdpr=1&usp_status=0&usp_consent=1&itype=PREBID
Frame ID: 13BA29C0D47A82026BD42B53B696ABF5
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Frame ID: C76A2F0B17F2B2FCBA61ACE8F637FC6A
Requests: 1 HTTP requests in this frame

Frame: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0
Frame ID: 607D40F3B3296E1BC0F829EE1075F53F
Requests: 7 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: BA9EF3A8B8EBB246387EE8C629D448AD
Requests: 3 HTTP requests in this frame

Frame: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0
Frame ID: B2A065CFF71F69B996D8747C0AF13FA1
Requests: 7 HTTP requests in this frame

Frame: https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUIUMTP7&prvid=2034%2C2033%2C2011%2C3022%2C3020%2C2030%2C273%2C251%2C175%2C2009%2C255%2C178%2C3018%2C2028%2C3017%2C2027%2C3016%2C236%2C214%2C237%2C2025%2C3014%2C238%2C117%2C97%2C99%2C77%2C38%2C3012%2C3011%2C3010%2C182%2C261%2C141%2C222%2C3007%2C201%2C4%2C301%2C246%2C225%2C203%2C80%2C10000%2C9%2C108&purpose1=1&gdprconsent=0&gdpr=1&usp_status=0&usp_consent=1&itype=PREBID
Frame ID: A1AAD79409268C2116601EE13683A38A
Requests: 2 HTTP requests in this frame

Frame: https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUIUMTP7&prvid=2034%2C2033%2C2011%2C3022%2C3020%2C2030%2C273%2C251%2C175%2C2009%2C255%2C178%2C3018%2C2028%2C3017%2C2027%2C3016%2C236%2C214%2C237%2C2025%2C3014%2C238%2C117%2C97%2C99%2C77%2C38%2C3012%2C3011%2C3010%2C182%2C261%2C141%2C222%2C3007%2C201%2C4%2C301%2C246%2C225%2C203%2C80%2C10000%2C9%2C108&purpose1=1&gdprconsent=0&gdpr=1&usp_status=0&usp_consent=1&itype=PREBID
Frame ID: 7F936DC46382735F0D34FA267FC999DB
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Frame ID: F671E70806B324FE544F8FA148F97FF3
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Frame ID: F25BCF77C588316F6AA16466EDCE0D55
Requests: 1 HTTP requests in this frame

Frame: https://ssc-cms.33across.com/ps/?m=xch&rt=html&ru=deb&id=azC7qard4r6OkMaKlId8sQ&gdpr_consent=undefined&us_privacy=undefined
Frame ID: FAC6CEF3FF37F51F29EFD432DD793526
Requests: 1 HTTP requests in this frame

Frame: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0
Frame ID: D2CB09196747FD925B5FD1752EF8E11D
Requests: 7 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html
Frame ID: 7E04D9894DEE82D8C240B936E8719569
Requests: 10 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: 033770A8888090A396789961C7912AAA
Requests: 3 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: 9DC1C02AA165C831197008880B6258DC
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html
Frame ID: 238EABD463EE2FD070AA3C9812D65F5D
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 48A3088359C8D18BEA525F4C240F3A4C
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARja4eioATAB&v=APEucNVCv7-giCXbttEyCDu2nV8ZoWG5U8Y4hHdEBb9ku-NBwMypJxr9dnoO_9GfWmQs8b7pPHVXCvL2wUD8vS5D0ztp6zikcnAmmhHdv1yZpbGnfNzh3IfdSIiy_JI1RtYbgw7HqZ1_xZ55egCQ_pM-IlZ9Ygoyqoy7VMRPZft9jG21-uE4eYe4RI958Y0-KFGde2wWIgBo8Wa8PoZmMs63ZIHiePXP0g
Frame ID: CECC4BB005E0FEE114F6955FC6D405F4
Requests: 5 HTTP requests in this frame

Frame: https://c1.adform.net/serving/cookie/match?party=14&cid=1AA3EFCE-E4AC-4781-97A6-48DDABCFC96F
Frame ID: 3D4D2299DC3A2F08BE171676E0B1DCE3
Requests: 1 HTTP requests in this frame

Frame: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=7140338647569015128
Frame ID: D6AAA88D171650328770D1D0494CF63A
Requests: 1 HTTP requests in this frame

Frame: https://dis.criteo.com/dis/usersync.aspx?r=3&p=4&cp=pubmaticUS&cu=1&&gdpr=0&gdpr_consent=&url=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCookie=uid:@@CRITEO_USERID@@
Frame ID: 5FB8EF31E7A34B9097C9BF36A89F9E25
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA=&piggybackCookie=7017023779005855887
Frame ID: B3E384559B21C3989C90D3B88D002B92
Requests: 1 HTTP requests in this frame

Frame: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyOTcmdGw9MTI5NjAw&piggybackCookie=AADxZE7CwvQAABTBqaEewA
Frame ID: 86C912A5F64958BEC9A78AAD5952FBBF
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode&gdpr_consent=null&piggybackCookie={device_id}&gdpr=0
Frame ID: 6A798757119DD8B9473D9135BE62E34E
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=RX-f6363479-2ca0-4c56-9532-fc8569775f81-003
Frame ID: 443356EF8C22CCBDD992EE6CE7CC3FE5
Requests: 1 HTTP requests in this frame

Frame: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4ODQmdGw9MTI5NjAw&piggybackCookie=WaIEHjm6hM6lSEKGqJqvXniE
Frame ID: A4F727CE7F78F2CFAA4D86F052116FA0
Requests: 1 HTTP requests in this frame

Frame: https://ad4m.at/ad/dpe?b=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjkmdGw9MTI5NjAw&piggybackCookie=$UID
Frame ID: B1C8389967704B577E0171005796863D
Requests: 1 HTTP requests in this frame

Frame: https://cm.adgrx.com/bridge?AG_PID=pubmatic&AG_SETCOOKIE&gdpr=0&gdpr_consent=
Frame ID: 71994960145D295E75594104D69FAACA
Requests: 1 HTTP requests in this frame

Frame: https://s.tribalfusion.com/z/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID}
Frame ID: CBDC1F529F98368CDAC7F2DDD452A730
Requests: 1 HTTP requests in this frame

Frame: https://match.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&tbid=ba4bdfc4-d0d9-4bba-b6e7-037579143302-tuct85aff73&query=taboola_hm%3D1%26redir%3Dhttps%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw%26piggybackCookie%3Duid%3A%24UID&isDirect=0
Frame ID: 4281FCDBE138CC7DE40713248BF9B20D
Requests: 1 HTTP requests in this frame

Frame: https://match.deepintent.com/usersync/141?gdpr=0&gdpr_consent=
Frame ID: 42DEE049CEA478AD8C49F254F022C0E4
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: DD20BBD5EF2F2625A26E9A3D017B4C63
Requests: 9 HTTP requests in this frame

Frame: https://s0.2mdn.net/ads/richmedia/studio/pv2/61693036/20210611045033582/728x090.html?e=69&leftOffset=0&topOffset=0&c=WpEtDZxH9t&t=1&renderingType=2
Frame ID: 3000B5043795541A538C9C942A26BEB1
Requests: 8 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 816789DB7B488110FBA295A9B6D889BD
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html
Frame ID: 57458A44D0965F90D0560F983E27387A
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: DB665593B07CD941714BC75FC50B2A6F
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/Op0h1o4bLATv4Gekw87wLIhuIhk3mUgQ1PXLVSVUXpk.js
Frame ID: E10845F01CF4459059BC7702DE9B0D35
Requests: 1 HTTP requests in this frame

Frame: https://hal9000.redintelligence.net/zone/j7ljeqx6jfhz?subid=&gdpr=%5BBID_ATTR.gdpr_flag%5D&gdpr_consent=%5BBID_ATTR.gdpr_str%5D&rnd=8512998400995185129&extVar[]=DOUBLEBORDER:1&extVar[]=MMA_SSP:apn&redirectClick=http%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fmt_aid%3D8512998400995185129%26mt_id%3D6622395%26mt_adid%3D216536%26redirect%3D
Frame ID: 165FD758A7232152E955C4F7844863A5
Requests: 17 HTTP requests in this frame

Frame: https://cdn.pixfuture.com/banners/320x50.png
Frame ID: D5FD30801D319FB0FCC344875ED81691
Requests: 1 HTTP requests in this frame

Frame: https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=58020000051987000951425011742014&actionid=731824&produktid=businessgiro&dt_url=
Frame ID: 185B96C88C792035A2AE00B9D9C4BD73
Requests: 1 HTTP requests in this frame

Frame: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains
Frame ID: 56277164C3D9EC123D78E169B1BBC672
Requests: 2 HTTP requests in this frame

Frame: https://5994599.fls.doubleclick.net/activityi;dc_pre=CLLv9_iZvfMCFQ2IUQodBDEGzQ;src=5994599;type=invmedia;cat=wieh99wc;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=4456980229706.606
Frame ID: A29FF1A1D278F879B1247ED1B1FA382A
Requests: 2 HTTP requests in this frame

Frame: https://hal900014.redintelligence.net/request_content.php?s=58020000051987000951425011742014&a=5114acf7
Frame ID: C02C3BB49C6AFDA849459B5874EBB82B
Requests: 8 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html?gdpr=0&seller_id=9982&pub_id=1433950
Frame ID: 2F431A16DF4E54A2575F50FA663263DE
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Cox Media Group took down broadcasts after a ransomware attackSecurity Affairs

Page URL History Show full URLs

https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html/u003ehttps://t.co/t... HTTP 301
https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html Page URL

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

<link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
/wp-(?:content|includes)/

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css

Yoast SEO (SEO) Expand

Overall confidence: 100%
Detected patterns

<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

DoubleClick Ad Exchange (AdX) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/pagead/show_ads\.js

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js
googletagmanager\.com/gtm\.js

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

Prebid (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.com/[^"]*(?:prebid|/pb\.js)

PubMatic (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.pubmatic\.com

Rubicon Project (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.rubiconproject\.com

TrackJs (Analytics) Expand

Overall confidence: 100%
Detected patterns

tracker\.js

Twitter Emoji (Twemoji) (Miscellaneous) Expand

Overall confidence: 100%
Detected patterns

twemoji(?:\.min)?\.js

Webgains (Affiliate programs) Expand

Overall confidence: 100%
Detected patterns

analytics\.webgains\.io

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery Migrate (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

Page Statistics

387
Requests

98 %
HTTPS

0 %
IPv6

77
Domains

124
Subdomains

88
IPs

11
Countries

3987 kB
Transfer

7114 kB
Size

114
Cookies

15 Outgoing links

These are links going to different origins than the main page.

URL: https://www.pixfuture.com/advertisers/?id0348293521d
Title: Powered by pixfuture

Search URL Search Domain Scan URL

URL: https://oag.ca.gov/ecrime/databreach/reports/sb24-546236
Title: breach notification

Search URL Search Domain Scan URL

URL: https://twitter.com/securityaffairs
Title: @securityaffairs

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sec.affairs
Title: Facebook

Search URL Search Domain Scan URL

URL: http://www.linkedin.com/pub/pierluigi-paganini/b/742/559
Title: Pierluigi Paganini

Search URL Search Domain Scan URL

URL: http://www.facebook.com/sharer.php?u=https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html
Title: Facebook

Search URL Search Domain Scan URL

URL: http://twitter.com/share?url=https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html&text=Cox%20Media%20Group%20took%20down%20broadcasts%20after%20a%20ransomware%20attack%20
Title: Twitter

Search URL Search Domain Scan URL

URL: http://www.linkedin.com/shareArticle?mini=true&url=https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html
Title: Linkedin

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F123136%2Fmalware%2Fcox-media-group-ransomware.html

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?original_referer=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F123136%2Fmalware%2Fcox-media-group-ransomware.html&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F123136%2Fmalware%2Fcox-media-group-ransomware.html

Search URL Search Domain Scan URL

URL: http://www.pinterest.com/pin/create/button/?url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F123136%2Fmalware%2Fcox-media-group-ransomware.html&media=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2Fwp-includes%2Fimages%2Fmedia%2Fdefault.png

Search URL Search Domain Scan URL

URL: https://plus.google.com/share?url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F123136%2Fmalware%2Fcox-media-group-ransomware.html

Search URL Search Domain Scan URL

URL: http://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F123136%2Fmalware%2Fcox-media-group-ransomware.html

Search URL Search Domain Scan URL

URL: http://www.tumblr.com/share/link?url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F123136%2Fmalware%2Fcox-media-group-ransomware.html

Search URL Search Domain Scan URL

URL: https://www.cssii.unifi.it/vp-89-il-center.html

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html/u003ehttps://t.co/t3IqLxdqrl/u003c/e/u003e HTTP 301
https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 128

https://secure.adnxs.com/seg?add=27578926%2C27578926&t=1 HTTP 307
https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D27578926%252C27578926%26t%3D1

Request Chain 129

https://secure.adnxs.com/seg?add=27578935%2C27578935&t=1 HTTP 307
https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D27578935%252C27578935%26t%3D1

Request Chain 184

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=250&slotname=Internal_300x250_0.20&adk=3926499402&adf=1480696190&pi=t.ma~as.Internal_300x250_0._&w=300&lmt=1633778162&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F123136%2Fmalware%2Fcox-media-group-ransomware.html&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1633778161912&bpp=14&bdt=137&idt=138&shv=r20211006&mjsv=m202110040101&ptt=5&saldr=sa&correlator=1204277754316&frm=21&ife=1&pv=2&ga_vid=1856466030.1633778161&ga_sid=1633778162&ga_hid=198858459&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=320&ady=2414&biw=1600&bih=1200&isw=300&ish=250&ifk=559665121&scr_x=0&scr_y=0&eid=31063007%2C31062930&oid=2&pvsid=1664643238917587&pem=643&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C250&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.mkavpnracde0&btvi=1&fsb=1&xpc=bcmds396xt&p=https%3A//securityaffairs.co&dtd=153 HTTP 302
https://served-by.pixfuture.com/www/delivery/afr.php

Request Chain 193

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=50&slotname=Internal_320x50_0.10&adk=468307373&adf=1174745095&pi=t.ma~as.Internal_320x50_0.10&w=320&lmt=1633778162&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F123136%2Fmalware%2Fcox-media-group-ransomware.html&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1633778162137&bpp=12&bdt=65&idt=90&shv=r20211006&mjsv=m202110060101&ptt=5&saldr=sa&cookie=ID%3Df9f437f666c7ffce-22b4ae64eeca0094%3AT%3D1633778162%3ART%3D1633778162%3AS%3DALNI_MY9UAQjQQYm-0JVXJ6tr5HmuXY-PA&correlator=1204277754316&frm=21&ife=1&pv=1&ga_vid=1856466030.1633778161&ga_sid=1633778162&ga_hid=311919251&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=320&ady=844&biw=1600&bih=1200&isw=320&ish=50&ifk=2766189974&scr_x=0&scr_y=0&eid=31062938%2C31063076%2C31062949&oid=2&pvsid=3654491880084665&pem=643&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.q95zxfjxc4x7&fsb=1&xpc=vO6nrrJTtQ&p=https%3A//securityaffairs.co&dtd=105 HTTP 302
https://served-by.pixfuture.com/www/delivery/afr.php

Request Chain 226

https://sync.mathtag.com/sync/img?mt_exid=5&redir=https%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D536872786%26val%3D%5BMM_UUID%5D HTTP 302
https://eu-u.openx.net/w/1.0/sd?id=536872786&val=50b16161-79f2-4500-873a-3dd77c9a1fa9

Request Chain 227

https://pixel.quantserve.com/pixel/p-25CIknq_eSg16.gif?idmatch=0&gdpr=0 HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072956&gdpr=0&val=6c5ncujGN3HymjMg6J58e76eZyLynjV1784qNzt_

Request Chain 228

https://c1.adform.net/serving/cookie/match?party=22 HTTP 302
https://c1.adform.net/serving/cookie/match?CC=1&party=22 HTTP 302
https://eu-u.openx.net/w/1.0/sd?id=537113484&val=3086423681240197753

Request Chain 231

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEIU50-LRb2CQeAd8O6G1ZnI&google_cver=1

Request Chain 233

https://sync.mathtag.com/sync/img?mt_exid=5&redir=https%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D536872786%26val%3D%5BMM_UUID%5D HTTP 302
https://eu-u.openx.net/w/1.0/sd?id=536872786&val=92566161-79f2-4d00-a08d-d2a061f89f14

Request Chain 234

https://pixel.quantserve.com/pixel/p-25CIknq_eSg16.gif?idmatch=0&gdpr=0 HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072956&gdpr=0&val=DPLK4w36muAXpp62CKXR5Aj2nbYXopiwD6Cfz0mA

Request Chain 235

https://c1.adform.net/serving/cookie/match?party=22 HTTP 302
https://c1.adform.net/serving/cookie/match?CC=1&party=22 HTTP 302
https://eu-u.openx.net/w/1.0/sd?id=537113484&val=3123134156047603100

Request Chain 238

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEIU50-LRb2CQeAd8O6G1ZnI&google_cver=1

Request Chain 241

https://sync.mathtag.com/sync/img?mt_exid=5&redir=https%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D536872786%26val%3D%5BMM_UUID%5D HTTP 302
https://eu-u.openx.net/w/1.0/sd?id=536872786&val=085f6161-79f2-4900-9c4b-1d917cc76724

Request Chain 242

https://pixel.quantserve.com/pixel/p-25CIknq_eSg16.gif?idmatch=0&gdpr=0 HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072956&gdpr=0&val=DPLK4w36muAXpp62CKXR5Aj2nbYXopiwD6Cfz0mA

Request Chain 243

https://c1.adform.net/serving/cookie/match?party=22 HTTP 302
https://c1.adform.net/serving/cookie/match?CC=1&party=22 HTTP 302
https://eu-u.openx.net/w/1.0/sd?id=537113484&val=4937380131954696192

Request Chain 246

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEIU50-LRb2CQeAd8O6G1ZnI&google_cver=1

Request Chain 247

https://sync.mathtag.com/sync/img?mt_exid=5&redir=https%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D536872786%26val%3D%5BMM_UUID%5D HTTP 302
https://eu-u.openx.net/w/1.0/sd?id=536872786&val=19456161-79f2-4100-bb55-9f4b376f8410

Request Chain 248

https://pixel.quantserve.com/pixel/p-25CIknq_eSg16.gif?idmatch=0&gdpr=0 HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072956&gdpr=0&val=DPLK4w36muAXpp62CKXR5Aj2nbYXopiwD6Cfz0mA

Request Chain 249

https://c1.adform.net/serving/cookie/match?party=22 HTTP 302
https://c1.adform.net/serving/cookie/match?CC=1&party=22 HTTP 302
https://eu-u.openx.net/w/1.0/sd?id=537113484&val=1252148025849401815

Request Chain 252

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEIU50-LRb2CQeAd8O6G1ZnI&google_cver=1

Request Chain 267

https://d5p.de17a.com/getuid/pubmatic?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID HTTP 302
https://d5p.de17a.com/getuid/pubmatic;c?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=7140338647569015128

Request Chain 269

https://dsp.adfarm1.adition.com/cookie/?ssp=9 HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA=&piggybackCookie=7017023779005855887

Request Chain 270

https://match.prod.bidr.io/cookie-sync/pm&gdpr=0&gdpr_consent= HTTP 303
https://match.prod.bidr.io/cookie-sync/pm&gdpr=0&gdpr_consent=?_bee_ppp=1 HTTP 303
https://cm.g.doubleclick.net/pixel?google_nid=beeswaxio&google_sc=&google_hm=QUFEeFpFN0N3dlFBQUJUQnFhRWV3QQ&bee_sync_partners=pp%2Csas%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&bee_sync_hop_count=1 HTTP 302
https://match.prod.bidr.io/cookie-sync/adx?bee_sync_partners=pp%2Csas%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&bee_sync_hop_count=1 HTTP 303
https://bh.contextweb.com/bh/rtset?do=add&pid=558502&ev=AADxZE7CwvQAABTBqaEewA&rurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dsas%252Cpm%26bee_sync_current_partner%3Dpp%26bee_sync_initiator%3Dadx%26bee_sync_hop_count%3D2 HTTP 302
https://match.prod.bidr.io/cookie-sync?bee_sync_partners=sas%2Cpm&bee_sync_current_partner=pp&bee_sync_initiator=adx&bee_sync_hop_count=2&ev=AADxZE7CwvQAABTBqaEewA&pid=558502&do=add HTTP 303
https://rtb-csync.smartadserver.com/redir?partnerid=127&partneruserid=AADxZE7CwvQAABTBqaEewA&redirurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dpm%26bee_sync_current_partner%3Dsas%26bee_sync_initiator%3Dadx%26bee_sync_hop_count%3D3%26userid%3DSMART_USER_ID HTTP 302
https://match.prod.bidr.io/cookie-sync?bee_sync_partners=pm&bee_sync_current_partner=sas&bee_sync_initiator=adx&bee_sync_hop_count=3&userid=182685407676859629 HTTP 303
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyOTcmdGw9MTI5NjAw&piggybackCookie=AADxZE7CwvQAABTBqaEewA

Request Chain 271

https://csync.loopme.me/?redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzImdGw9MTI5NjAw&piggybackCookie={device_id}&gdpr=0&gdpr_consent= HTTP 307
https://simage2.pubmatic.com/AdServer/Pug?vcode&gdpr_consent=null&piggybackCookie={device_id}&gdpr=0

Request Chain 272

https://sync.1rx.io/usersync2/pubmatic&gdpr=0&gdpr_consent= HTTP 302
https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=6602234288 HTTP 302
https://sync.1rx.io/usersync/tradedesk/82274d85-387b-48ad-b835-767006364a0c HTTP 302
https://sync.targeting.unrulymedia.com/csync/RX-f6363479-2ca0-4c56-9532-fc8569775f81-003?redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA%3D%26piggybackCookie%3DRX-f6363479-2ca0-4c56-9532-fc8569775f81-003 HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=RX-f6363479-2ca0-4c56-9532-fc8569775f81-003

Request Chain 273

https://green.erne.co/pubmatic/cm HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4ODQmdGw9MTI5NjAw&piggybackCookie=WaIEHjm6hM6lSEKGqJqvXniE

Request Chain 276

https://a.tribalfusion.com/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID} HTTP 302
https://s.tribalfusion.com/z/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID}

Request Chain 277

https://trc.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw&piggybackCookie=uid:$UID HTTP 302
https://match.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&tbid=ba4bdfc4-d0d9-4bba-b6e7-037579143302-tuct85aff73&query=taboola_hm%3D1%26redir%3Dhttps%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw%26piggybackCookie%3Duid%3A%24UID&isDirect=0

Request Chain 279

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=GqPvzuSsR4GXpkjdq8_Jbw%3D%3D HTTP 302
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=

Request Chain 280

https://sync.mathtag.com/sync/img?mt_exid=3&redir=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3FpartnerID%3D27%26partnerUID%3D%5BMM_UUID%5D HTTP 302
https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=19456161-79f2-4100-bb55-9f4b376f8410

Request Chain 281

https://pixel.onaudience.com/?partner=214&mapped=1AA3EFCE-E4AC-4781-97A6-48DDABCFC96F HTTP 302
https://match.adsrvr.org/track/cmf/generic?ttd_pid=xksw9la&ttd_tpi=1 HTTP 302
https://pixel.onaudience.com/?partner=147&mapped=82274d85-387b-48ad-b835-767006364a0c&icm HTTP 302
https://sync.crwdcntrl.net/map/c=8587/tp=CLOD?https%3A%2F%2Fpixel.onaudience.com%2F%3Fpartner%3D104%26icm%26cver%26mapped%3D%24%7Bprofile_id%7D HTTP 302
https://sync.crwdcntrl.net/map/ct=y/c=8587/tp=CLOD?https%3A%2F%2Fpixel.onaudience.com%2F%3Fpartner%3D104%26icm%26cver%26mapped%3D%24%7Bprofile_id%7D HTTP 302
https://pixel.onaudience.com/?partner=104&icm&cver&mapped=e41660fc5e3b215ca4490ca56b31a7ce HTTP 302
https://spl.zeotap.com/?zdid=1332&zcluid=da94984a679036bf HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=zeotap_ddp&google_cm&zpartnerid=1&env=mWeb&eventType=map&id_mid_4=c5c0b978-1dd9-440e-5381-fbdb67b5647a&reqId=5b671c37-6d89-4360-7485-d6ba2aaed54e&zcluid=da94984a679036bf&zdid=1332 HTTP 302
https://mwzeom.zeotap.com/mw?google_gid=CAESEFm8OxY_NF3i-qD2Aqrp_9Y&google_cver=1&zpartnerid=1&env=mWeb&eventType=map&id_mid_4=c5c0b978-1dd9-440e-5381-fbdb67b5647a&reqId=5b671c37-6d89-4360-7485-d6ba2aaed54e&zcluid=da94984a679036bf&zdid=1332

Request Chain 282

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=MUFBM0VGQ0UtRTRBQy00NzgxLTk3QTYtNDhEREFCQ0ZDOTZG&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=

Request Chain 283

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm&google_sc&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEEWbvGxHY5Gu6U_3mYHC-OM&google_cver=1

Request Chain 285

https://match.adsrvr.org/track/cmf/generic?ttd_pid=pubmatic&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=82274d85-387b-48ad-b835-767006364a0c

Request Chain 286

https://c1.adform.net/serving/cookie/match?party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COOKIES%20HERE]&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=4937380131954696192

Request Chain 287

https://sync.mathtag.com/sync/img?mt_exid=3&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA%3D%3D%26piggybackCookie%3Duid%3A%5BMM_UUID%5D HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA==&piggybackCookie=uid:19456161-79f2-4100-bb55-9f4b376f8410&gdpr=0&gdpr_consent=

Request Chain 288

https://ib.adnxs.com/getuid?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=$UID&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=361885755173608966&gdpr=0&gdpr_consent=

Request Chain 289

https://pixel.quantserve.com/pixel/p-5aWVS_roA1dVM.gif?idmatch=0&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=KKL4ZSmqqGYz9qwwLPXjYiymrzAz8qo2K_DcmwV1

Request Chain 290

https://ups.analytics.yahoo.com/ups/58292/sync?_origin=1&uid=1AA3EFCE-E4AC-4781-97A6-48DDABCFC96F&redir=true&gdpr=0&gdpr_consent= HTTP 302
https://ups.analytics.yahoo.com/ups/58292/sync?_origin=1&uid=1AA3EFCE-E4AC-4781-97A6-48DDABCFC96F&redir=true&gdpr=0&gdpr_consent=&verify=true HTTP 302
https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-FeSEWh9E2uXge0LXU.dtaesbwCpUAk4-~A&gdpr=0&gdpr_consent=

Request Chain 292

https://x.bidswitch.net/sync?ssp=pubmatic&gdpr=0&gdpr_consent= HTTP 302
https://x.bidswitch.net/ul_cb/sync?ssp=pubmatic&gdpr=0&gdpr_consent= HTTP 302
https://rtb.mfadsrvr.com/sync?ssp=bidswitch&bidswitch_ssp_id=pubmatic&bsw_user_id=caa73cde-4789-4340-af13-3e28019b1b82 HTTP 302
https://rtb.mfadsrvr.com/ul_cb/sync?ssp=bidswitch&bidswitch_ssp_id=pubmatic&bsw_user_id=caa73cde-4789-4340-af13-3e28019b1b82 HTTP 302
https://x.bidswitch.net/sync?dsp_id=250&expires=14&user_id=307a5f5c-3cd9-4de8-ae76-f909dcc642bd&ssp=pubmatic HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=caa73cde-4789-4340-af13-3e28019b1b82&gdpr=&gdpr_consent=&gdpr_pd=

Request Chain 293

https://sync-tm.everesttech.net/upi/pid/b9pj45k4?redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%7D%26gdpr%3D0%26gdpr_consent%3D HTTP 302
https://sync-tm.everesttech.net/ct/upi/pid/b9pj45k4?redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%7D%26gdpr%3D0%26gdpr_consent%3D&_test=YWF58wAHu0g07wAR HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=YWF58wAHu0g07wAR&gdpr=0&gdpr_consent=&_test=YWF58wAHu0g07wAR

Request Chain 295

https://pixel-sync.sitescout.com/dmp/pixelSync?nid=3&gdpr=0&gdpr_consent= HTTP 302
https://pixel-sync.sitescout.com/dmp/pixelSync?cookieQ=1&nid=3&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5NjkmdGw9MjU5MjAw=&piggybackCookie=cd29895b-fe88-4c5e-bcc5-026a88f946c6-616179f3-5553&gdpr=0&gdpr_consent=

Request Chain 296

https://ad.turn.com/r/cs?pid=1&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=3249253400770129919&gdpr=0&gdpr_consent=&us_privacy=

Request Chain 297

https://match.adsby.bidtheatre.com/pubmaticmatch?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?piggybackCookie=uid:38dfeb8f-709e-4b05-a52e-55c96511e93f&vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw

Request Chain 298

https://ads.playground.xyz/usersync/apn?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=$UID HTTP 302
https://secure.adnxs.com/getuid?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=$UID HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=361885755173608966

Request Chain 301

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDoI-s2w-yfuoKWyejv3_88&google_cver=1

Request Chain 302

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YWF586vTKbaTQr25os40xAAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDoI-s2w-yfuoKWyejv3_88&google_cver=1

Request Chain 303

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEEpZnxNQdkh0idig6iqRiPQ&google_cver=1

Request Chain 304

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzYxODg1NzU1MTczNjA4OTY2

Request Chain 309

https://token.rubiconproject.com/token?pid=25470 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1VKUEMxRE4tMU0tQUgzUQ==

Request Chain 311

https://token.rubiconproject.com/token?pid=26594 HTTP 302
https://ads.yahoo.com/cms/v1?nwid=10000010181&eid=KUJPC1DN-1M-AH3Q&sigv=1&esig=2~641ea9d46d6dc588b9e1b96c99aca680f5e5d69a

Request Chain 312

https://token.rubiconproject.com/token?pid=2974&pt=n&a=1 HTTP 302
https://pr-bh.ybp.yahoo.com/sync/rubicon/A-qOglJ_YxEewTGgbjqPHcn5EUdSAgOZEtemQ7w0kco?csrc= HTTP 302
https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=1746246494692015619

Request Chain 314

https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm&google_sc HTTP 302
https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEL-AMvn9JThrjZiHnqVnQak&google_cver=1

Request Chain 315

https://sync.mathtag.com/sync/img?mt_exid=9&redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D4222%26nid%3D1512%26put%3D%5BMM_UUID%5D HTTP 302
https://pixel.rubiconproject.com/tap.php?v=4222&nid=1512&put=19456161-79f2-4100-bb55-9f4b376f8410&expires=28

Request Chain 316

https://sync-tm.everesttech.net/upi/pid/btu4jd3a?redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D191940%26nid%3D3778%26put%3D%24%7BUSER_ID%7D HTTP 302
https://sync-tm.everesttech.net/ct/upi/pid/btu4jd3a?redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D191940%26nid%3D3778%26put%3D%24%7BUSER_ID%7D&_test=YWF58wAHxJdfEQAT HTTP 302
https://pixel.rubiconproject.com/tap.php?v=191940&nid=3778&put=YWF58wAHxJdfEQAT&_test=YWF58wAHxJdfEQAT

Request Chain 324

https://um.simpli.fi/gp_match?google_gid=CAESECV85y5KXEqMPyHhIKiUqRo&google_cver=1&google_push=AYg5qPJJzw-feCMOfCFveWEsn2W7GPrChWKb3Cz4KlBciGk787vVAMOnf6pEy1W6KolUnWby4aEmJMnpDzI_BFW03f44d07RzO0 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=12D10C4A30C8472EA17F3188AE806124&google_push=AYg5qPJJzw-feCMOfCFveWEsn2W7GPrChWKb3Cz4KlBciGk787vVAMOnf6pEy1W6KolUnWby4aEmJMnpDzI_BFW03f44d07RzO0

Request Chain 325

https://match.adsby.bidtheatre.com/adxcookie?id=&google_gid=CAESENeME6KRPVTvlmLmm1SYdeo&google_cver=1&google_push=AYg5qPLgm9Zf_BPHYBJstIblul5TPQ6qf93sClkS7ArglMRV3QT0eeD0KQXweUXPgo1f87-eJxlR2JG1J-aCi8V7XOYpiEKGpNs HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=bt&google_push=AYg5qPLgm9Zf_BPHYBJstIblul5TPQ6qf93sClkS7ArglMRV3QT0eeD0KQXweUXPgo1f87-eJxlR2JG1J-aCi8V7XOYpiEKGpNs

Request Chain 326

https://b1sync.zemanta.com/usersync/googleadx/?google_gid=CAESEEKNkqfqCC28Dr2jbDETxXQ&google_cver=1&google_push=AYg5qPJJlqBzj6xNOSBUqH0F-EXArPp8r4-C74II6kMcOI_Sl6Eo-RFpMZoh8phX3yOd4V9mdo7oxJkVR3PJhxwF83fZSKwtQ2k HTTP 302
https://b1sync.zemanta.com/usersync/googleadx/?google_cver=1&google_gid=CAESEEKNkqfqCC28Dr2jbDETxXQ&google_push=AYg5qPJJlqBzj6xNOSBUqH0F-EXArPp8r4-C74II6kMcOI_Sl6Eo-RFpMZoh8phX3yOd4V9mdo7oxJkVR3PJhxwF83fZSKwtQ2k&s=2 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=zemanta&google_push=AYg5qPJJlqBzj6xNOSBUqH0F-EXArPp8r4-C74II6kMcOI_Sl6Eo-RFpMZoh8phX3yOd4V9mdo7oxJkVR3PJhxwF83fZSKwtQ2k&google_hm=Y0tGWVJybDVpTnlpQndFVjhmV3g=

Request Chain 327

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEGU3tEPg1WBw1WFgeD1wcYA&google_cver=1&google_push=AYg5qPKCpjknaIQCi169xPYfKwjIJUszPvuo8ERESsfBZF6QVDSwQnotzb9U5oeFYHc0DNJgqANg0IiXW9vQBF-V8NVktkoQ3A HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWF586vTKbaTQr25os40xAAABJ8AAAAB&google_cver=1&google_push=AYg5qPKCpjknaIQCi169xPYfKwjIJUszPvuo8ERESsfBZF6QVDSwQnotzb9U5oeFYHc0DNJgqANg0IiXW9vQBF-V8NVktkoQ3A&google_gid=CAESEGU3tEPg1WBw1WFgeD1wcYA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWF586vTKbaTQr25os40xAAABJ8AAAAB&google_cver=1&google_push=AYg5qPKCpjknaIQCi169xPYfKwjIJUszPvuo8ERESsfBZF6QVDSwQnotzb9U5oeFYHc0DNJgqANg0IiXW9vQBF-V8NVktkoQ3A&google_gid=CAESEGU3tEPg1WBw1WFgeD1wcYA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWF586vTKbaTQr25os40xAAABJ8AAAAB&google_cver=1&google_push=AYg5qPKCpjknaIQCi169xPYfKwjIJUszPvuo8ERESsfBZF6QVDSwQnotzb9U5oeFYHc0DNJgqANg0IiXW9vQBF-V8NVktkoQ3A&google_gid=CAESEGU3tEPg1WBw1WFgeD1wcYA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWF586vTKbaTQr25os40xAAABJ8AAAAB&google_cver=1&google_push=AYg5qPKCpjknaIQCi169xPYfKwjIJUszPvuo8ERESsfBZF6QVDSwQnotzb9U5oeFYHc0DNJgqANg0IiXW9vQBF-V8NVktkoQ3A&google_gid=CAESEGU3tEPg1WBw1WFgeD1wcYA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWF586vTKbaTQr25os40xAAABJ8AAAAB&google_cver=1&google_push=AYg5qPKCpjknaIQCi169xPYfKwjIJUszPvuo8ERESsfBZF6QVDSwQnotzb9U5oeFYHc0DNJgqANg0IiXW9vQBF-V8NVktkoQ3A&google_gid=CAESEGU3tEPg1WBw1WFgeD1wcYA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWF586vTKbaTQr25os40xAAABJ8AAAAB&google_cver=1&google_push=AYg5qPKCpjknaIQCi169xPYfKwjIJUszPvuo8ERESsfBZF6QVDSwQnotzb9U5oeFYHc0DNJgqANg0IiXW9vQBF-V8NVktkoQ3A&google_gid=CAESEGU3tEPg1WBw1WFgeD1wcYA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWF586vTKbaTQr25os40xAAABJ8AAAAB&google_cver=1&google_push=AYg5qPKCpjknaIQCi169xPYfKwjIJUszPvuo8ERESsfBZF6QVDSwQnotzb9U5oeFYHc0DNJgqANg0IiXW9vQBF-V8NVktkoQ3A&google_gid=CAESEGU3tEPg1WBw1WFgeD1wcYA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWF586vTKbaTQr25os40xAAABJ8AAAAB&google_cver=1&google_push=AYg5qPKCpjknaIQCi169xPYfKwjIJUszPvuo8ERESsfBZF6QVDSwQnotzb9U5oeFYHc0DNJgqANg0IiXW9vQBF-V8NVktkoQ3A&google_gid=CAESEGU3tEPg1WBw1WFgeD1wcYA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWF586vTKbaTQr25os40xAAABJ8AAAAB&google_cver=1&google_push=AYg5qPKCpjknaIQCi169xPYfKwjIJUszPvuo8ERESsfBZF6QVDSwQnotzb9U5oeFYHc0DNJgqANg0IiXW9vQBF-V8NVktkoQ3A&google_gid=CAESEGU3tEPg1WBw1WFgeD1wcYA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWF586vTKbaTQr25os40xAAABJ8AAAAB&google_cver=1&google_push=AYg5qPKCpjknaIQCi169xPYfKwjIJUszPvuo8ERESsfBZF6QVDSwQnotzb9U5oeFYHc0DNJgqANg0IiXW9vQBF-V8NVktkoQ3A&google_gid=CAESEGU3tEPg1WBw1WFgeD1wcYA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWF586vTKbaTQr25os40xAAABJ8AAAAB&google_cver=1&google_push=AYg5qPKCpjknaIQCi169xPYfKwjIJUszPvuo8ERESsfBZF6QVDSwQnotzb9U5oeFYHc0DNJgqANg0IiXW9vQBF-V8NVktkoQ3A&google_gid=CAESEGU3tEPg1WBw1WFgeD1wcYA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWF586vTKbaTQr25os40xAAABJ8AAAAB&google_cver=1&google_push=AYg5qPKCpjknaIQCi169xPYfKwjIJUszPvuo8ERESsfBZF6QVDSwQnotzb9U5oeFYHc0DNJgqANg0IiXW9vQBF-V8NVktkoQ3A&google_gid=CAESEGU3tEPg1WBw1WFgeD1wcYA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWF586vTKbaTQr25os40xAAABJ8AAAAB&google_cver=1&google_push=AYg5qPKCpjknaIQCi169xPYfKwjIJUszPvuo8ERESsfBZF6QVDSwQnotzb9U5oeFYHc0DNJgqANg0IiXW9vQBF-V8NVktkoQ3A&google_gid=CAESEGU3tEPg1WBw1WFgeD1wcYA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWF586vTKbaTQr25os40xAAABJ8AAAAB&google_cver=1&google_push=AYg5qPKCpjknaIQCi169xPYfKwjIJUszPvuo8ERESsfBZF6QVDSwQnotzb9U5oeFYHc0DNJgqANg0IiXW9vQBF-V8NVktkoQ3A&google_gid=CAESEGU3tEPg1WBw1WFgeD1wcYA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWF586vTKbaTQr25os40xAAABJ8AAAAB&google_cver=1&google_push=AYg5qPKCpjknaIQCi169xPYfKwjIJUszPvuo8ERESsfBZF6QVDSwQnotzb9U5oeFYHc0DNJgqANg0IiXW9vQBF-V8NVktkoQ3A&google_gid=CAESEGU3tEPg1WBw1WFgeD1wcYA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWF586vTKbaTQr25os40xAAABJ8AAAAB&google_cver=1&google_push=AYg5qPKCpjknaIQCi169xPYfKwjIJUszPvuo8ERESsfBZF6QVDSwQnotzb9U5oeFYHc0DNJgqANg0IiXW9vQBF-V8NVktkoQ3A&google_gid=CAESEGU3tEPg1WBw1WFgeD1wcYA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWF586vTKbaTQr25os40xAAABJ8AAAAB&google_cver=1&google_push=AYg5qPKCpjknaIQCi169xPYfKwjIJUszPvuo8ERESsfBZF6QVDSwQnotzb9U5oeFYHc0DNJgqANg0IiXW9vQBF-V8NVktkoQ3A&google_gid=CAESEGU3tEPg1WBw1WFgeD1wcYA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWF586vTKbaTQr25os40xAAABJ8AAAAB&google_cver=1&google_push=AYg5qPKCpjknaIQCi169xPYfKwjIJUszPvuo8ERESsfBZF6QVDSwQnotzb9U5oeFYHc0DNJgqANg0IiXW9vQBF-V8NVktkoQ3A&google_gid=CAESEGU3tEPg1WBw1WFgeD1wcYA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWF586vTKbaTQr25os40xAAABJ8AAAAB&google_cver=1&google_push=AYg5qPKCpjknaIQCi169xPYfKwjIJUszPvuo8ERESsfBZF6QVDSwQnotzb9U5oeFYHc0DNJgqANg0IiXW9vQBF-V8NVktkoQ3A&google_gid=CAESEGU3tEPg1WBw1WFgeD1wcYA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWF586vTKbaTQr25os40xAAABJ8AAAAB&google_cver=1&google_push=AYg5qPKCpjknaIQCi169xPYfKwjIJUszPvuo8ERESsfBZF6QVDSwQnotzb9U5oeFYHc0DNJgqANg0IiXW9vQBF-V8NVktkoQ3A&google_gid=CAESEGU3tEPg1WBw1WFgeD1wcYA

Request Chain 328

https://a.rfihub.com/cm?pub=445&in=1&google_gid=CAESEMcO3kCLh43j0lnYvABmyiQ&google_cver=1&google_push=AYg5qPKEKqAIrcbqOHZzvu5xaPeRIRkiXBcu_bJ9lc3m0tOJHnx2SWSXttWj8NPBXHVyS1sawWHHXsMe_m2unQ89hmf8JSpHxD_h HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=zeta_interactive&google_push=AYg5qPKEKqAIrcbqOHZzvu5xaPeRIRkiXBcu_bJ9lc3m0tOJHnx2SWSXttWj8NPBXHVyS1sawWHHXsMe_m2unQ89hmf8JSpHxD_h&google_hm=MTk4NDM2Njk1MDM4NDQ2Mjk2OQ==

Request Chain 329

https://ads.avads.net/sync/ggl?google_gid=CAESEMpN20RJbWj6GgFmKcIjouY&google_cver=1&google_push=AYg5qPJ8vN7Lld5BhP1-tLlOPJLHg8hUiE4oUs67g-Dpqf8MC-QBz4XSB-QQQ2KFiaoHo0u5Mt0mWUavwFDjrPL7pKrLQ6aH2V1e HTTP 302
https://ads.avads.net/sync/ggl?google_gid=CAESEMpN20RJbWj6GgFmKcIjouY&google_cver=1&google_push=AYg5qPJ8vN7Lld5BhP1-tLlOPJLHg8hUiE4oUs67g-Dpqf8MC-QBz4XSB-QQQ2KFiaoHo0u5Mt0mWUavwFDjrPL7pKrLQ6aH2V1e&av_tc=True HTTP 302
https://ads.avads.net/sync/ggl?google_gid=CAESEMpN20RJbWj6GgFmKcIjouY&google_cver=1&google_push=AYg5qPJ8vN7Lld5BhP1-tLlOPJLHg8hUiE4oUs67g-Dpqf8MC-QBz4XSB-QQQ2KFiaoHo0u5Mt0mWUavwFDjrPL7pKrLQ6aH2V1e HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=antvoice&google_hm=NGI3MDk5NjYtM2M3NS00MDhjLTk0N2UtNTE2N2RlZmVmYTY4&google_push=AYg5qPJ8vN7Lld5BhP1-tLlOPJLHg8hUiE4oUs67g-Dpqf8MC-QBz4XSB-QQQ2KFiaoHo0u5Mt0mWUavwFDjrPL7pKrLQ6aH2V1e

Request Chain 350

https://tags.mathtag.com/notify/img?exch=apn&s_exch=apn&id=5aW95q2jLzIzLyAvTWpCbVlXRTFaR1F0TkRVMFlpMWhZVFZoTFRBd01EQXRNREF3TURBd01EQXdNREF3Lzg1MTI5OTg0MDA5OTUxODUxMjkvNjYyMjM5NS80NTYyMzEyLzEzL2NJUzVjNmFvZi10Uy1RVGVBVmFiVVVSbUhfUnlKdGFFTUJ1a3k5Sm1zNVkvMS8xMy8wLzAvOTU2ODAzLzM2MzI0OTI0NjIvMjE2NTM2LzY1MTg3MS8xLzAvMC9NREF3TURBd01EQXRNREF3TUMwd01EQXdMVEF3TURBdE1EQXdNREF3TURBd01EQXcvMC8wLzAvMC8wLzg1MTI5OTg0MDA5OTUxODUxMjkvYW1zLzAvMTA1Ny81NS85OTkvMzIyLzIxNi4xMzEuMTExLjAvMC4wMDAvMTYzMzc3ODE2MS8xNjMzNzkwNzYxLzEzLzk5ODIv/lupX3irSmP23bh3D0gcmKnAUvm8&nodeid=1610&group=cdg&auctionid=8512998400995185129&shardkey=8512998400995185129&sid=4562312&cid=6622395&bp=a_bgafhj&nfy_act=LD5wew&bfip=185.29.132.98&type=imp&client=c2s HTTP 302
https://sync.mathtag.com/sync/img?sync=auto&source=bidder&mt_lim=1&type=1,2

Request Chain 359

https://hal900014.redintelligence.net/request.php?zone=j7ljeqx6jfhz&nw=20&renderingType=javascript&namespace=689ff1ad6d&subid=&uid=cbe92eb6d0a4c440&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&extVar[]=MMA_SSP%3Aapn&envData=&gdpr=%5BBID_ATTR.gdpr_flag%5D&gdpr_consent=%5BBID_ATTR.gdpr_str%5D&ud=&redirectClick=http%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fmt_aid%3D8512998400995185129%26mt_id%3D6622395%26mt_adid%3D216536%26redirect%3D&documentReferer=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F123136%2Fmalware%2Fcox-media-group-ransomware.html&ancestorOrigins=https%3A%2F%2Fsecurityaffairs.co&random=7691552050377&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0 HTTP 302
https://hal900014.redintelligence.net/request.php?zone=j7ljeqx6jfhz&nw=20&renderingType=javascript&namespace=689ff1ad6d&subid=&uid=cbe92eb6d0a4c440&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&extVar[]=MMA_SSP%3Aapn&envData=&gdpr=%5BBID_ATTR.gdpr_flag%5D&gdpr_consent=%5BBID_ATTR.gdpr_str%5D&ud=&redirectClick=http%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fmt_aid%3D8512998400995185129%26mt_id%3D6622395%26mt_adid%3D216536%26redirect%3D&documentReferer=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F123136%2Fmalware%2Fcox-media-group-ransomware.html&ancestorOrigins=https%3A%2F%2Fsecurityaffairs.co&random=7691552050377&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1

Request Chain 365

https://pv.medialead.de/trck/epv/e99aace94e6e5873830a7df8deda4aa6?subid=58020000051987000951425011742014&t=htlp HTTP 301
https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=58020000051987000951425011742014&actionid=731824&produktid=businessgiro&dt_url=

Request Chain 369

https://5994599.fls.doubleclick.net/activityi;src=5994599;type=invmedia;cat=wieh99wc;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=4456980229706.606 HTTP 302
https://5994599.fls.doubleclick.net/activityi;dc_pre=CLLv9_iZvfMCFQ2IUQodBDEGzQ;src=5994599;type=invmedia;cat=wieh99wc;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=4456980229706.606

Request Chain 371

https://pv.medialead.de/trck/eview/e99aace94e6e5873830a7df8deda4aa6?subid=58020000051987000951425011742014 HTTP 301
https://ad-server.eu/wm/pb/native.png

387 HTTP transactions
9 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request cox-media-group-ransomware.html Show response
securityaffairs.co/wordpress/123136/malware/
Redirect Chain

https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html/u003ehttps://t.co/t3IqLxdqrl/u003c/e/u003e
https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html

91 KB
24 KB

915ms
915ms

Document
text/html

217.160.0.146
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 217.160.0.146 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS: 217-160-0-146.elastic-ssl.ui-r.com
Software: Apache /
Resource Hash: 7cea7dbd2bc506bba6519b6faa5ea9bc523c7b023cf1da951185571512c6f517

Request headers

:method: GET
:authority: securityaffairs.co
:scheme: https
:path: /wordpress/123136/malware/cox-media-group-ransomware.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

content-type: text/html; charset=UTF-8
date: Sat, 09 Oct 2021 11:15:58 GMT
server: Apache
x-pingback: https://securityaffairs.co/wordpress/xmlrpc.php
link: <https://securityaffairs.co/wordpress/wp-json/>; rel="https://api.w.org/", <https://securityaffairs.co/wordpress/wp-json/wp/v2/posts/123136>; rel="alternate"; type="application/json", <https://securityaffairs.co/wordpress/?p=123136>; rel=shortlink
content-encoding: gzip

Redirect headers

content-type: text/html; charset=UTF-8
location: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html
date: Sat, 09 Oct 2021 11:15:58 GMT
server: Apache
x-pingback: https://securityaffairs.co/wordpress/xmlrpc.php
x-redirect-by: WordPress

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 97 KB
39 KB 85ms
33ms Script
application/javascript 142.250.74.200
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-59069958-1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.74.200 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s02-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

6f36b69df2c08c4d47f210ca0d258120c359821f7ba751bd8461eef481e902ba

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 09 Oct 2021 11:15:59 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 39160
x-xss-protection: 0
last-modified: Sat, 09 Oct 2021 09:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sat, 09 Oct 2021 11:15:59 GMT

GET
H2 200 style.css
securityaffairs.co/wordpress/wp-includes/css/dist/block-library/ 91 KB
91 KB 40ms
35ms Stylesheet
text/css 217.160.0.146
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-includes/css/dist/block-library/style.css?ver=4e9fb397a60a1f94ccb51524dee6bbf2
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 217.160.0.146 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS: 217-160-0-146.elastic-ssl.ui-r.com
Software: Apache /
Resource Hash: 175437ab2d5703d39c01d0f479b19f9b1569bfb2cf43dca8cbf30ff962f0f48b

Request headers

:path: /wordpress/wp-includes/css/dist/block-library/style.css?ver=4e9fb397a60a1f94ccb51524dee6bbf2
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: securityaffairs.co
referer: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 09 Oct 2021 11:15:59 GMT
last-modified: Fri, 23 Jul 2021 22:11:52 GMT
server: Apache
accept-ranges: bytes
etag: "16cb1-5c7d1b0db415e"
content-length: 93361
content-type: text/css

GET
H2 200 mediaelementplayer-legacy.min.css
securityaffairs.co/wordpress/wp-includes/js/mediaelement/ 11 KB
11 KB 30ms
26ms Stylesheet
text/css 217.160.0.146
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css?ver=4.2.16
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 217.160.0.146 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS: 217-160-0-146.elastic-ssl.ui-r.com
Software: Apache /
Resource Hash: b7908a015a567ec2363011df2475368dbff34360e9da3fdff50604d6395fb646

Request headers

:path: /wordpress/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css?ver=4.2.16
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: securityaffairs.co
referer: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 09 Oct 2021 11:15:59 GMT
last-modified: Wed, 09 Dec 2020 23:31:00 GMT
server: Apache
accept-ranges: bytes
etag: "2bf8-5b61073af996a"
content-length: 11256
content-type: text/css

GET
H2 200 wp-mediaelement.css
securityaffairs.co/wordpress/wp-includes/js/mediaelement/ 5 KB
5 KB 57ms
53ms Stylesheet
text/css 217.160.0.146
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-includes/js/mediaelement/wp-mediaelement.css?ver=4e9fb397a60a1f94ccb51524dee6bbf2
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 217.160.0.146 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS: 217-160-0-146.elastic-ssl.ui-r.com
Software: Apache /
Resource Hash: 6d9f061cba81145d9bab0964192d66cb2e13a71591482cdfaf5b718341171da1

Request headers

:path: /wordpress/wp-includes/js/mediaelement/wp-mediaelement.css?ver=4e9fb397a60a1f94ccb51524dee6bbf2
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: securityaffairs.co
referer: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 09 Oct 2021 11:15:59 GMT
last-modified: Wed, 13 Nov 2019 23:52:08 GMT
server: Apache
accept-ranges: bytes
etag: "1360-597430d7ee92b"
content-length: 4960
content-type: text/css

GET
H2 200 cookie-law-info-public.css
securityaffairs.co/wordpress/wp-content/plugins/cookie-law-info/public/css/ 3 KB
3 KB 26ms
22ms Stylesheet
text/css 217.160.0.146
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/plugins/cookie-law-info/public/css/cookie-law-info-public.css?ver=2.0.6
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 217.160.0.146 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS: 217-160-0-146.elastic-ssl.ui-r.com
Software: Apache /
Resource Hash: b8fa20af264fcdd99621fc4e3a770927452b0fe382599e0d890a3bfa31152f80

Request headers

:path: /wordpress/wp-content/plugins/cookie-law-info/public/css/cookie-law-info-public.css?ver=2.0.6
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: securityaffairs.co
referer: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 09 Oct 2021 11:15:59 GMT
last-modified: Wed, 29 Sep 2021 22:16:12 GMT
server: Apache
accept-ranges: bytes
etag: "c25-5cd29ad8a380c"
content-length: 3109
content-type: text/css

GET
H2 200 cookie-law-info-gdpr.css
securityaffairs.co/wordpress/wp-content/plugins/cookie-law-info/public/css/ 28 KB
28 KB 34ms
30ms Stylesheet
text/css 217.160.0.146
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/plugins/cookie-law-info/public/css/cookie-law-info-gdpr.css?ver=2.0.6
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 217.160.0.146 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS: 217-160-0-146.elastic-ssl.ui-r.com
Software: Apache /
Resource Hash: 1523ddaa632d195a1240668fb5c6870519e3cdfeabd5a346141bcbb03222e2e7

Request headers

:path: /wordpress/wp-content/plugins/cookie-law-info/public/css/cookie-law-info-gdpr.css?ver=2.0.6
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: securityaffairs.co
referer: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 09 Oct 2021 11:15:59 GMT
last-modified: Wed, 29 Sep 2021 22:16:12 GMT
server: Apache
accept-ranges: bytes
etag: "7045-5cd29ad8a380c"
content-length: 28741
content-type: text/css

GET
H2 200 font-awesome.min.css
maxcdn.bootstrapcdn.com/font-awesome/4.3.0/css/ 23 KB
6 KB 43ms
18ms Stylesheet
text/css 104.18.11.207
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://maxcdn.bootstrapcdn.com/font-awesome/4.3.0/css/font-awesome.min.css?ver=4e9fb397a60a1f94ccb51524dee6bbf2

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.11.207 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

541ac58217a8ade1a5e292a65a0661dc9db7a49ae13654943817a4fbc6761afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 09 Oct 2021 11:15:59 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
cdn-edgestorageid: 632, 617, 617
age: 2594552
cdn-cachedat: 2021-06-08 21:08:57
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
timing-allow-origin: *
access-control-allow-origin: *
last-modified: Mon, 25 Jan 2021 22:04:54 GMT
server: cloudflare
cdn-requestpullcode: 200
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
cdn-cache: HIT
vary: Accept-Encoding
cache-control: public, max-age=31919000
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestid: b034e617fbf9c231f9166f3690415fc1
cf-ray: 69b731babc0c21bd-DUS
cdn-requestcountrycode: DE
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 custom.css
securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/jqueryui/ 19 KB
20 KB 42ms
39ms Stylesheet
text/css 217.160.0.146
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/jqueryui/custom.css?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 217.160.0.146 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS: 217-160-0-146.elastic-ssl.ui-r.com
Software: Apache /
Resource Hash: e89bbc7723c5114f9cf138c6019bbca4e4f5e13f6b9febaa38c92c4c3584a964

Request headers

:path: /wordpress/wp-content/themes/rigel_old/css/jqueryui/custom.css?ver=1.4.1
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: securityaffairs.co
referer: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 09 Oct 2021 11:15:59 GMT
last-modified: Wed, 16 Dec 2015 13:54:59 GMT
server: Apache
accept-ranges: bytes
etag: "4d92-52704407f72c0"
content-length: 19858
content-type: text/css

GET
H2 200 tipsy.css
securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/ 539 B
683 B 57ms
54ms Stylesheet
text/css 217.160.0.146
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/tipsy.css?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 217.160.0.146 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS: 217-160-0-146.elastic-ssl.ui-r.com
Software: Apache /
Resource Hash: 8d732b3483eb44546a848a82cc9d6a584c81860aae7255f7ac589dcb3f130535

Request headers

:path: /wordpress/wp-content/themes/rigel_old/css/tipsy.css?ver=1.4.1
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: securityaffairs.co
referer: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 09 Oct 2021 11:15:59 GMT
last-modified: Wed, 16 Dec 2015 06:58:04 GMT
server: Apache
accept-ranges: bytes
etag: "21b-526fe6d7cd700"
content-length: 539
content-type: text/css

GET
H2 200 flexslider.css
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/flexslider/ 6 KB
6 KB 38ms
35ms Stylesheet
text/css 217.160.0.146
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/flexslider/flexslider.css?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 217.160.0.146 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS: 217-160-0-146.elastic-ssl.ui-r.com
Software: Apache /
Resource Hash: 759949fb0ffaa47eb3755d704adfee7be3ab4fd3d3fa2f37381ca6ea8b9506b1

Request headers

:path: /wordpress/wp-content/themes/rigel_old/js/flexslider/flexslider.css?ver=1.4.1
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: securityaffairs.co
referer: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 09 Oct 2021 11:15:59 GMT
last-modified: Wed, 16 Dec 2015 13:55:09 GMT
server: Apache
accept-ranges: bytes
etag: "1851-5270441180940"
content-length: 6225
content-type: text/css

GET
H2 200 animation.css
securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/ 2 KB
2 KB 57ms
32ms Stylesheet
text/css 217.160.0.146
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/animation.css?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 217.160.0.146 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS: 217-160-0-146.elastic-ssl.ui-r.com
Software: Apache /
Resource Hash: 2333802e4a0c86b4cc4c71b376fc0aedc3b03039bfc777d96105f82231215732

Request headers

:path: /wordpress/wp-content/themes/rigel_old/css/animation.css?ver=1.4.1
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: securityaffairs.co
referer: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 09 Oct 2021 11:15:59 GMT
last-modified: Wed, 16 Dec 2015 06:58:02 GMT
server: Apache
accept-ranges: bytes
etag: "6b4-526fe6d5e5280"
content-length: 1716
content-type: text/css

GET
H2 200 font-awesome.min.css
securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/ 17 KB
18 KB 58ms
28ms Stylesheet
text/css 217.160.0.146
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/font-awesome.min.css?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 217.160.0.146 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS: 217-160-0-146.elastic-ssl.ui-r.com
Software: Apache /
Resource Hash: b12c1cd811f54d11bfdcb5e235e73934a8b8a7a85eafb8529117f9a5bb64ccf8

Request headers

:path: /wordpress/wp-content/themes/rigel_old/css/font-awesome.min.css?ver=1.4.1
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: securityaffairs.co
referer: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 09 Oct 2021 11:15:59 GMT
last-modified: Wed, 16 Dec 2015 06:58:02 GMT
server: Apache
accept-ranges: bytes
etag: "4574-526fe6d5e5280"
content-length: 17780
content-type: text/css

GET
H2 200 swipebox.css
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/ 4 KB
5 KB 63ms
26ms Stylesheet
text/css 217.160.0.146
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/swipebox.css?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 217.160.0.146 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS: 217-160-0-146.elastic-ssl.ui-r.com
Software: Apache /
Resource Hash: 9a47abcc220084cd32dd51bd76f84ff7839e2dbf1a132fb970e8a1437f03726b

Request headers

:path: /wordpress/wp-content/themes/rigel_old/js/swipebox.css?ver=1.4.1
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: securityaffairs.co
referer: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 09 Oct 2021 11:15:59 GMT
last-modified: Wed, 16 Dec 2015 06:58:18 GMT
server: Apache
accept-ranges: bytes
etag: "118d-526fe6e527680"
content-length: 4493
content-type: text/css

GET
H2 200 jquery.circliful.css
securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/ 334 B
478 B 60ms
21ms Stylesheet
text/css 217.160.0.146
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/jquery.circliful.css?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 217.160.0.146 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS: 217-160-0-146.elastic-ssl.ui-r.com
Software: Apache /
Resource Hash: 7478123ab457a28ecf9df78f2832fbdbefc205eaef0930b4f6666903e756be46

Request headers

:path: /wordpress/wp-content/themes/rigel_old/css/jquery.circliful.css?ver=1.4.1
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: securityaffairs.co
referer: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 09 Oct 2021 11:15:59 GMT
last-modified: Wed, 16 Dec 2015 06:58:02 GMT
server: Apache
accept-ranges: bytes
etag: "14e-526fe6d5e5280"
content-length: 334
content-type: text/css

GET
H2 200 screen.css
securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/ 110 KB
110 KB 73ms
30ms Stylesheet
text/css 217.160.0.146
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/screen.css?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 217.160.0.146 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS: 217-160-0-146.elastic-ssl.ui-r.com
Software: Apache /
Resource Hash: 13b61826fde5b78966364a0bfe1f2309da1f0ccd75923528a5014978b7276742

Request headers

:path: /wordpress/wp-content/themes/rigel_old/css/screen.css?ver=1.4.1
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: securityaffairs.co
referer: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 09 Oct 2021 11:15:59 GMT
last-modified: Wed, 16 Dec 2015 06:58:04 GMT
server: Apache
accept-ranges: bytes
etag: "1b844-526fe6d7cd700"
content-length: 112708
content-type: text/css

GET
H2 200 custom-css.php
securityaffairs.co/wordpress/wp-content/themes/rigel_old/templates/ 12 KB
12 KB 128ms
70ms Stylesheet
text/css 217.160.0.146
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/templates/custom-css.php?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 217.160.0.146 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS: 217-160-0-146.elastic-ssl.ui-r.com
Software: Apache /
Resource Hash: 18d61b5ee68a57bd7a4733f776f9f8aa5c353e7f35a420881523b6edbf7c6b19

Request headers

:path: /wordpress/wp-content/themes/rigel_old/templates/custom-css.php?ver=1.4.1
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: securityaffairs.co
referer: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 09 Oct 2021 11:15:59 GMT
content-type: text/css; charset: UTF-8;charset=UTF-8
server: Apache

GET
H2 200 grid.css
securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/ 49 KB
50 KB 87ms
29ms Stylesheet
text/css 217.160.0.146
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/grid.css?ver=4e9fb397a60a1f94ccb51524dee6bbf2
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 217.160.0.146 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS: 217-160-0-146.elastic-ssl.ui-r.com
Software: Apache /
Resource Hash: 00d534b6d1d7adf2faa7861ce9557403c3c08304e2791fd4301029b0e142c286

Request headers

:path: /wordpress/wp-content/themes/rigel_old/css/grid.css?ver=4e9fb397a60a1f94ccb51524dee6bbf2
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: securityaffairs.co
referer: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 09 Oct 2021 11:15:59 GMT
last-modified: Wed, 16 Dec 2015 06:58:03 GMT
server: Apache
accept-ranges: bytes
etag: "c5f2-526fe6d6d94c0"
content-length: 50674
content-type: text/css

GET
H2 200 sharing.css
securityaffairs.co/wordpress/wp-content/plugins/jetpack/modules/sharedaddy/ 19 KB
19 KB 86ms
29ms Stylesheet
text/css 217.160.0.146
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/plugins/jetpack/modules/sharedaddy/sharing.css?ver=10.2
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 217.160.0.146 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS: 217-160-0-146.elastic-ssl.ui-r.com
Software: Apache /
Resource Hash: 8e6479cd4913a87170eb62978960f57a2966a67fe1ce10ece3cbf9ee4097aa70

Request headers

:path: /wordpress/wp-content/plugins/jetpack/modules/sharedaddy/sharing.css?ver=10.2
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: securityaffairs.co
referer: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 09 Oct 2021 11:15:59 GMT
last-modified: Wed, 06 Oct 2021 04:54:29 GMT
server: Apache
accept-ranges: bytes
etag: "4cb9-5cda7f0f3d183"
content-length: 19641
content-type: text/css

GET
H2 200 social-logos.css
securityaffairs.co/wordpress/wp-content/plugins/jetpack/_inc/social-logos/ 12 KB
12 KB 85ms
28ms Stylesheet
text/css 217.160.0.146
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/plugins/jetpack/_inc/social-logos/social-logos.css?ver=10.2
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 217.160.0.146 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS: 217-160-0-146.elastic-ssl.ui-r.com
Software: Apache /
Resource Hash: 4cdecc62f5b2c8e9f7cf7b14b9fd42e0c4787d912c1b71426cdfbe0144cede46

Request headers

:path: /wordpress/wp-content/plugins/jetpack/_inc/social-logos/social-logos.css?ver=10.2
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: securityaffairs.co
referer: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 09 Oct 2021 11:15:59 GMT
last-modified: Wed, 06 Oct 2021 04:54:27 GMT
server: Apache
accept-ranges: bytes
etag: "312f-5cda7f0d5e937"
content-length: 12591
content-type: text/css

GET
H2 200 frontend-gtag.js Show response
securityaffairs.co/wordpress/wp-content/plugins/google-analytics-dashboard-for-wp/assets/js/ 28 KB
28 KB 90ms
33ms Script
application/javascript 217.160.0.146
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/plugins/google-analytics-dashboard-for-wp/assets/js/frontend-gtag.js?ver=1633778159
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 217.160.0.146 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS: 217-160-0-146.elastic-ssl.ui-r.com
Software: Apache /
Resource Hash: b0534210815c3c9ee7e1df828e0916d2997bf39db55466c2cb7353e423db4499

Request headers

:path: /wordpress/wp-content/plugins/google-analytics-dashboard-for-wp/assets/js/frontend-gtag.js?ver=1633778159
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: securityaffairs.co
referer: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 09 Oct 2021 11:15:59 GMT
last-modified: Wed, 29 Sep 2021 22:16:15 GMT
server: Apache
accept-ranges: bytes
etag: "6ffc-5cd29adbd0faf"
content-length: 28668
content-type: application/javascript

GET
H2 200 jquery.js Show response
securityaffairs.co/wordpress/wp-includes/js/jquery/ 282 KB
282 KB 91ms
31ms Script
application/javascript 217.160.0.146
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-includes/js/jquery/jquery.js?ver=3.6.0
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 217.160.0.146 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS: 217-160-0-146.elastic-ssl.ui-r.com
Software: Apache /
Resource Hash: 8c3010509fc7480b59413a90d69e9fafcb3d5aa202faf7862466f6bb8be1a335

Request headers

:path: /wordpress/wp-includes/js/jquery/jquery.js?ver=3.6.0
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: securityaffairs.co
referer: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 09 Oct 2021 11:15:59 GMT
last-modified: Fri, 23 Jul 2021 22:11:53 GMT
server: Apache
accept-ranges: bytes
etag: "46758-5c7d1b0e12d00"
content-length: 288600
content-type: application/javascript

GET
H2 200 jquery-migrate.js Show response
securityaffairs.co/wordpress/wp-includes/js/jquery/ 25 KB
25 KB 88ms
26ms Script
application/javascript 217.160.0.146
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-includes/js/jquery/jquery-migrate.js?ver=3.3.2
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 217.160.0.146 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS: 217-160-0-146.elastic-ssl.ui-r.com
Software: Apache /
Resource Hash: 9c062d10663416484b5a59bb47a0308526bec56cc69e9f3499fa087d8eae5c7a

Request headers

:path: /wordpress/wp-includes/js/jquery/jquery-migrate.js?ver=3.3.2
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: securityaffairs.co
referer: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 09 Oct 2021 11:15:59 GMT
last-modified: Wed, 09 Dec 2020 23:31:00 GMT
server: Apache
accept-ranges: bytes
etag: "62d4-5b61073af5aea"
content-length: 25300
content-type: application/javascript

GET
H2 200 cookie-law-info-public.js Show response
securityaffairs.co/wordpress/wp-content/plugins/cookie-law-info/public/js/ 34 KB
35 KB 103ms
27ms Script
application/javascript 217.160.0.146
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/plugins/cookie-law-info/public/js/cookie-law-info-public.js?ver=2.0.6
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 217.160.0.146 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS: 217-160-0-146.elastic-ssl.ui-r.com
Software: Apache /
Resource Hash: 7739eefcdee8afcb00fbe9a35cc795fff0cff7092b10d56c4190484d42892433

Request headers

:path: /wordpress/wp-content/plugins/cookie-law-info/public/js/cookie-law-info-public.js?ver=2.0.6
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: securityaffairs.co
referer: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 09 Oct 2021 11:15:59 GMT
last-modified: Wed, 29 Sep 2021 22:16:12 GMT
server: Apache
accept-ranges: bytes
etag: "8960-5cd29ad8a47ac"
content-length: 35168
content-type: application/javascript

GET
H2 200 medianetAdInjector.js Show response
securityaffairs.co/wordpress/wp-content/plugins/media-net-ads-manager/js/ 562 B
716 B 108ms
23ms Script
application/javascript 217.160.0.146
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/plugins/media-net-ads-manager/js/medianetAdInjector.js?ver=2.10.13
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 217.160.0.146 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS: 217-160-0-146.elastic-ssl.ui-r.com
Software: Apache /
Resource Hash: 37d925559381e9d5388c4a096fe1383570546b7b11548d7d6a7e560adcc24e5d

Request headers

:path: /wordpress/wp-content/plugins/media-net-ads-manager/js/medianetAdInjector.js?ver=2.10.13
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: securityaffairs.co
referer: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 09 Oct 2021 11:15:59 GMT
last-modified: Sat, 08 May 2021 23:27:41 GMT
server: Apache
accept-ranges: bytes
etag: "232-5c1d9e407bb22"
content-length: 562
content-type: application/javascript

GET
H2 200 st_insights.js Show response
ws.sharethis.com/button/ 25 KB
8 KB 25ms
7ms Script
application/javascript 13.224.193.69
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ws.sharethis.com/button/st_insights.js?publisher=4d48b7c5-0ae3-43d4-bfbe-3ff8c17a8ae6&product=simpleshare
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.193.69 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-193-69.fra2.r.cloudfront.net
Software: nginx/1.20.1 /
Resource Hash: 5c8bd0c2f891239145b9a187e6490a89c8af9f6b5224cea83884f6c5662d1b48

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Fri, 08 Oct 2021 17:14:02 GMT
content-encoding: gzip
server: nginx/1.20.1
age: 64918
etag: W/"612ef1c2-63db"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 3b02f73dccc5077f1ad544a27a475ed6.cloudfront.net (CloudFront)
cache-control: max-age=259200
x-amz-cf-pop: FRA2-C1
x-robots-tag: noindex, nofollow
content-length: 7318
x-amz-cf-id: ZAInnQ2v5IS7-QZM6kRzu3pW5WySt33NNp79gB9_5HMjJade_sg-Jw==
expires: Mon, 11 Oct 2021 17:14:01 GMT

GET
H2 200 sharethis.js Show response
platform-api.sharethis.com/js/ 183 KB
41 KB 26ms
7ms Script
text/javascript 13.224.193.25
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://platform-api.sharethis.com/js/sharethis.js
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.193.25 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-193-25.fra2.r.cloudfront.net
Software: /
Resource Hash: b3dca6992b4f8770bc3dba5f82f6325a82d2adabf685da88d950f6fe87b16716

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 09 Oct 2021 11:07:47 GMT
content-encoding: gzip
age: 492
etag: W/"2dcf1-RQaJcGO9+DuZ32kDJGMESLkOoPg"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript; charset=utf-8
via: 1.1 430fc75cac3bdd04869a39405c45fba2.cloudfront.net (CloudFront)
edge-control: cache-maxage=60m,downstream-ttl=60m
cache-control: max-age=600, public
x-amz-cf-pop: FRA2-C1
x-amz-cf-id: X_f-PSSlEoyM6s9RZPtIPci0l8S_nJ2w5m6cJ5mLPzb7wwqL6jIacA==

GET
H2 200 dmedianet.js Show response
contextual.media.net/ 158 KB
53 KB 86ms
69ms Script
text/javascript 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/dmedianet.js?cid=8CU5BD6EW

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

f21fba159ea10f7f44c7eee2dfa58ddcb8383529dd0def5dc14bc5495b64dad7

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-mnt-h: 10-5
content-encoding: gzip
server: Apache
p3p: CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
etag: "c805e8a31c9b3163f5c77d9323bc6179"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
cache-control: max-age=300
date: Sat, 09 Oct 2021 11:16:00 GMT
strict-transport-security: max-age=604800
x-mnt-w: 8-16
expires: Sat, 09 Oct 2021 11:21:00 GMT

GET
H2 200 logo_SecurityAffairs.png
securityaffairs.co/wordpress/wp-content/uploads/2015/12/ 44 KB
44 KB 26ms
26ms Image
image/png 217.160.0.146
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securityaffairs.co/wordpress/wp-content/uploads/2015/12/logo_SecurityAffairs.png
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 217.160.0.146 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS: 217-160-0-146.elastic-ssl.ui-r.com
Software: Apache /
Resource Hash: 00f28fdb987ce0f9edc935ffe381123a2e1f79fcc0f55759a7bb4a83b4a88584

Request headers

:path: /wordpress/wp-content/uploads/2015/12/logo_SecurityAffairs.png
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: securityaffairs.co
referer: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 09 Oct 2021 11:16:00 GMT
last-modified: Wed, 16 Dec 2015 17:30:42 GMT
server: Apache
accept-ranges: bytes
etag: "b0e9-5270743f5f480"
content-length: 45289
content-type: image/png

GET
H2 200 headerbid.js Show response
served-by.pixfuture.com/www/delivery/ 973 B
1 KB 275ms
92ms Script
application/javascript 68.183.31.14
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://served-by.pixfuture.com/www/delivery/headerbid.js
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.10.3 (Ubuntu) /
Resource Hash: d490f2efc64637640a21c5282a89dd22344e58974641bc7bbbfa4c7e4dc8648e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 09 Oct 2021 11:16:00 GMT
last-modified: Tue, 02 Mar 2021 20:36:48 GMT
server: nginx/1.10.3 (Ubuntu)
etag: "603ea1e0-3cd"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=172800, public, no-transform
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 973
expires: Mon, 11 Oct 2021 11:16:00 GMT

GET
H2 200 facebook.png
i0.wp.com/securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/ 830 B
1 KB 22ms
6ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/facebook.png?ssl=1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

4c6b4ef22f4c5dd8fd6e17ab6706d8c55d236824c20b3d8dcd310f7de744def6

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Sat, 09 Oct 2021 11:16:00 GMT
x-content-type-options: nosniff
last-modified: Wed, 10 Jun 2020 20:34:29 GMT
server: nginx
etag: "509a053c355d6394"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <https://securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/facebook.png>; rel="canonical"
content-length: 830
expires: Sat, 11 Jun 2022 08:34:29 GMT

GET
H2 200 twitter.png
i1.wp.com/securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/ 1 KB
1 KB 9ms
6ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i1.wp.com/securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/twitter.png?ssl=1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

650868ebc4c00b2ea4ea72747f655f8a0552ba53c9b5b55defd9457be75f1aa9

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-nc: HIT hhn 4
date: Sat, 09 Oct 2021 11:16:00 GMT
x-content-type-options: nosniff
last-modified: Thu, 05 Nov 2020 08:12:40 GMT
server: nginx
etag: "fbafb4fa36d9fc66"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <https://securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/twitter.png>; rel="canonical"
content-length: 1082
expires: Sat, 05 Nov 2022 20:12:40 GMT

GET
H2 200 linkedin.png
i1.wp.com/securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/ 1 KB
1 KB 9ms
6ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i1.wp.com/securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/linkedin.png?ssl=1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

b97d80b9eedfeb29936f0d7f89afbdd425ef8d930d09fa1f98030ceb8b26cabd

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-nc: HIT hhn 4
date: Sat, 09 Oct 2021 11:16:00 GMT
x-content-type-options: nosniff
last-modified: Thu, 05 Nov 2020 08:12:40 GMT
server: nginx
etag: "8daaaf021369fdba"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <https://securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/linkedin.png>; rel="canonical"
content-length: 1184
expires: Sat, 05 Nov 2022 20:12:40 GMT

GET
H2 200 The-Netherlands-flag.jpg
securityaffairs.co/wordpress/wp-content/uploads/2021/10/ 99 KB
100 KB 31ms
28ms Image
image/jpeg 217.160.0.146
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securityaffairs.co/wordpress/wp-content/uploads/2021/10/The-Netherlands-flag.jpg
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 217.160.0.146 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS: 217-160-0-146.elastic-ssl.ui-r.com
Software: Apache /
Resource Hash: 843f77ef599ca3177f3b2750a31e08e3d2e3eddfcc535756cfde8f6016724d90

Request headers

:path: /wordpress/wp-content/uploads/2021/10/The-Netherlands-flag.jpg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: securityaffairs.co
referer: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 09 Oct 2021 11:16:00 GMT
last-modified: Fri, 08 Oct 2021 11:30:19 GMT
server: Apache
accept-ranges: bytes
etag: "18d1a-5cdd5b448a369"
content-length: 101658
content-type: image/jpeg

GET
H2 200 Gmail-alert.jpg
securityaffairs.co/wordpress/wp-content/uploads/2021/10/ 73 KB
73 KB 29ms
27ms Image
image/jpeg 217.160.0.146
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securityaffairs.co/wordpress/wp-content/uploads/2021/10/Gmail-alert.jpg
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 217.160.0.146 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS: 217-160-0-146.elastic-ssl.ui-r.com
Software: Apache /
Resource Hash: b84ddaf19d3b0119177885ed3dc6b4437d400dd0255aa9d76288070beb3a9041

Request headers

:path: /wordpress/wp-content/uploads/2021/10/Gmail-alert.jpg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: securityaffairs.co
referer: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 09 Oct 2021 11:16:00 GMT
last-modified: Fri, 08 Oct 2021 09:04:24 GMT
server: Apache
accept-ranges: bytes
etag: "12438-5cdd3aa6df0bb"
content-length: 74808
content-type: image/jpeg

GET
H2 200 sdk.js Show response
connect.facebook.net/en_US/ 3 KB
2 KB 23ms
7ms Script
application/x-javascript 157.240.236.1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/sdk.js

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

157.240.236.1 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-02-frx5.fbcdn.net

Software

Resource Hash

d72374132784a29267811313b03e07a7482761d0f654fe22befa169a467ab40d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: aILmDFjwMQUUTwjzUr+MKA==
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 1687
x-fb-rlafr: 0
x-fb-debug: mJ8GAD6K/FNZ8V0lmHV2l0fR2h+ae/Wle+J71s2sxbIehNPmxsXV4uaVpAOklRPt+X8w6qNMyY+sa1kOXX3hcQ==
x-fb-trip-id: 917726464
x-fb-content-md5: e4118f4b2a90ce4774beb4a969df824f
x-frame-options: DENY
date: Sat, 09 Oct 2021 11:16:00 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=1200,stale-while-revalidate=3600
etag: "68444a0a1f440e2a9a125e1b0ad10bae"
timing-allow-origin: *
priority: u=3,i
expires: Sat, 09 Oct 2021 11:29:04 GMT

GET
H2 200 Russia-linked-nation-state-actor.jpg
i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2021/10/ 11 KB
11 KB 9ms
6ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2021/10/Russia-linked-nation-state-actor.jpg?resize=300%2C300&ssl=1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

5d0074cbdb9785fbf7a269393a3466e1f2764ebf191469851f1dcee6b4eb0885

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Sat, 09 Oct 2021 11:16:00 GMT
x-content-type-options: nosniff
last-modified: Sat, 09 Oct 2021 08:31:47 GMT
server: nginx
etag: "0f4e6c794ef2af37"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <https://securityaffairs.co/wordpress/wp-content/uploads/2021/10/Russia-linked-nation-state-actor.jpg>; rel="canonical"
content-length: 11212
expires: Mon, 09 Oct 2023 20:31:47 GMT

GET
H2 200 ssba.css
securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/css/ 156 KB
157 KB 25ms
25ms Stylesheet
text/css 217.160.0.146
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/css/ssba.css?ver=4e9fb397a60a1f94ccb51524dee6bbf2
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 217.160.0.146 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS: 217-160-0-146.elastic-ssl.ui-r.com
Software: Apache /
Resource Hash: 1cc4f4c92b087dcaf73fae7b25faeb55c5b3399e5ccf1d8ac5dbc01231fdb61a

Request headers

:path: /wordpress/wp-content/plugins/simple-share-buttons-adder/css/ssba.css?ver=4e9fb397a60a1f94ccb51524dee6bbf2
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: securityaffairs.co
referer: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 09 Oct 2021 11:15:59 GMT
last-modified: Wed, 06 Oct 2021 04:54:36 GMT
server: Apache
accept-ranges: bytes
etag: "2719b-5cda7f1621c10"
content-length: 160155
content-type: text/css

GET
H2 200 photon.js Show response
securityaffairs.co/wordpress/wp-content/plugins/jetpack/modules/photon/ 2 KB
2 KB 26ms
26ms Script
application/javascript 217.160.0.146
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/plugins/jetpack/modules/photon/photon.js?ver=20191001
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 217.160.0.146 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS: 217-160-0-146.elastic-ssl.ui-r.com
Software: Apache /
Resource Hash: e2dc35b0dbaa16b45d96eb3691927df48e091f4983ed2cc079568b789f9559da

Request headers

:path: /wordpress/wp-content/plugins/jetpack/modules/photon/photon.js?ver=20191001
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: securityaffairs.co
referer: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 09 Oct 2021 11:15:59 GMT
last-modified: Wed, 06 Oct 2021 04:54:29 GMT
server: Apache
accept-ranges: bytes
etag: "6e0-5cda7f0ef7c22"
content-length: 1760
content-type: application/javascript

GET
H2 200 jquery.adrotate.clicktracker.js Show response
securityaffairs.co/wordpress/wp-content/plugins/adrotate/library/ 365 B
519 B 25ms
25ms Script
application/javascript 217.160.0.146
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/plugins/adrotate/library/jquery.adrotate.clicktracker.js
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 217.160.0.146 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS: 217-160-0-146.elastic-ssl.ui-r.com
Software: Apache /
Resource Hash: 65cfa6801a0886fab249b224e8a6982b4740fe7879fce99ff13ddaac9aaca01a

Request headers

:path: /wordpress/wp-content/plugins/adrotate/library/jquery.adrotate.clicktracker.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: securityaffairs.co
referer: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 09 Oct 2021 11:15:59 GMT
last-modified: Sun, 05 Sep 2021 22:22:00 GMT
server: Apache
accept-ranges: bytes
etag: "16d-5cb46f619b099"
content-length: 365
content-type: application/javascript

GET
H2 200 ssba.js Show response
securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/js/ 2 KB
2 KB 25ms
24ms Script
application/javascript 217.160.0.146
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/js/ssba.js?ver=4e9fb397a60a1f94ccb51524dee6bbf2
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 217.160.0.146 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS: 217-160-0-146.elastic-ssl.ui-r.com
Software: Apache /
Resource Hash: 76a18f5f0637e0d73ce1afece898ce8b0fa75bb6b1c1990ae4a7ac6b083045ce

Request headers

:path: /wordpress/wp-content/plugins/simple-share-buttons-adder/js/ssba.js?ver=4e9fb397a60a1f94ccb51524dee6bbf2
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: securityaffairs.co
referer: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 09 Oct 2021 11:15:59 GMT
last-modified: Wed, 06 Oct 2021 04:54:36 GMT
server: Apache
accept-ranges: bytes
etag: "792-5cda7f1635491"
content-length: 1938
content-type: application/javascript

GET
H2 200 hint.js Show response
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/ 987 B
1 KB 28ms
28ms Script
application/javascript 217.160.0.146
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/hint.js?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 217.160.0.146 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS: 217-160-0-146.elastic-ssl.ui-r.com
Software: Apache /
Resource Hash: d99ea9db1da8549489666d36c9e3fb717842550eed1554e96860af8d30c3b008

Request headers

:path: /wordpress/wp-content/themes/rigel_old/js/hint.js?ver=1.4.1
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: securityaffairs.co
referer: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 09 Oct 2021 11:16:00 GMT
last-modified: Wed, 16 Dec 2015 06:58:17 GMT
server: Apache
accept-ranges: bytes
etag: "3db-526fe6e433440"
content-length: 987
content-type: application/javascript

GET
H2 200 jquery.tipsy.js Show response
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/ 4 KB
4 KB 26ms
26ms Script
application/javascript 217.160.0.146
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/jquery.tipsy.js?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 217.160.0.146 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS: 217-160-0-146.elastic-ssl.ui-r.com
Software: Apache /
Resource Hash: 0e53466218d7ff174e0a083ecce89b1c090c67ccbe55775eddca03e930ff9e35

Request headers

:path: /wordpress/wp-content/themes/rigel_old/js/jquery.tipsy.js?ver=1.4.1
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: securityaffairs.co
referer: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 09 Oct 2021 11:16:00 GMT
last-modified: Wed, 16 Dec 2015 06:58:17 GMT
server: Apache
accept-ranges: bytes
etag: "1113-526fe6e433440"
content-length: 4371
content-type: application/javascript

GET
H2 200 jquery.easing.js Show response
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/ 8 KB
8 KB 27ms
27ms Script
application/javascript 217.160.0.146
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/jquery.easing.js?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 217.160.0.146 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS: 217-160-0-146.elastic-ssl.ui-r.com
Software: Apache /
Resource Hash: 0757f7ff6e5f6a581922a5e2d42c5e0cf7475d880885a9802e8bdd5e4188dd34

Request headers

:path: /wordpress/wp-content/themes/rigel_old/js/jquery.easing.js?ver=1.4.1
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: securityaffairs.co
referer: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 09 Oct 2021 11:16:00 GMT
last-modified: Wed, 16 Dec 2015 06:58:17 GMT
server: Apache
accept-ranges: bytes
etag: "1fa1-526fe6e433440"
content-length: 8097
content-type: application/javascript

GET
H2 200 browser.js Show response
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/ 3 KB
3 KB 29ms
29ms Script
application/javascript 217.160.0.146
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/browser.js?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 217.160.0.146 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS: 217-160-0-146.elastic-ssl.ui-r.com
Software: Apache /
Resource Hash: 1aaab3c3d6f974416ae34893cebe3a544aea17931439b2449ec392061d11ec82

Request headers

:path: /wordpress/wp-content/themes/rigel_old/js/browser.js?ver=1.4.1
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: securityaffairs.co
referer: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 09 Oct 2021 11:16:00 GMT
last-modified: Wed, 16 Dec 2015 06:58:16 GMT
server: Apache
accept-ranges: bytes
etag: "a36-526fe6e33f200"
content-length: 2614
content-type: application/javascript

GET
H2 200 jquery.flexslider-min.js Show response
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/flexslider/ 21 KB
21 KB 22ms
22ms Script
application/javascript 217.160.0.146
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/flexslider/jquery.flexslider-min.js?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 217.160.0.146 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS: 217-160-0-146.elastic-ssl.ui-r.com
Software: Apache /
Resource Hash: 45185c8f6cd2f9b42e3a02b78af40edc7d61328fac3167a0490c9c69bbecaaa6

Request headers

:path: /wordpress/wp-content/themes/rigel_old/js/flexslider/jquery.flexslider-min.js?ver=1.4.1
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: securityaffairs.co
referer: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 09 Oct 2021 11:16:00 GMT
last-modified: Wed, 16 Dec 2015 13:55:10 GMT
server: Apache
accept-ranges: bytes
etag: "53ae-5270441274b80"
content-length: 21422
content-type: application/javascript

GET
H2 200 waypoints.min.js Show response
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/ 8 KB
8 KB 21ms
21ms Script
application/javascript 217.160.0.146
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/waypoints.min.js?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 217.160.0.146 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS: 217-160-0-146.elastic-ssl.ui-r.com
Software: Apache /
Resource Hash: a0fded691aed767f851011cd3185b928619298a21a0fbdad4808a9e88b490833

Request headers

:path: /wordpress/wp-content/themes/rigel_old/js/waypoints.min.js?ver=1.4.1
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: securityaffairs.co
referer: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 09 Oct 2021 11:16:00 GMT
last-modified: Wed, 16 Dec 2015 06:58:18 GMT
server: Apache
accept-ranges: bytes
etag: "1f6c-526fe6e527680"
content-length: 8044
content-type: application/javascript

GET
H2 200 mediaelement-and-player.min.js Show response
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/mediaelement/ 69 KB
70 KB 25ms
25ms Script
application/javascript 217.160.0.146
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/mediaelement/mediaelement-and-player.min.js?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 217.160.0.146 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS: 217-160-0-146.elastic-ssl.ui-r.com
Software: Apache /
Resource Hash: f0c6d2d27de284102b03e30cd74be808801ec53ca49f30b4d15620ee84ea39f5

Request headers

:path: /wordpress/wp-content/themes/rigel_old/js/mediaelement/mediaelement-and-player.min.js?ver=1.4.1
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: securityaffairs.co
referer: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 09 Oct 2021 11:16:00 GMT
last-modified: Wed, 16 Dec 2015 13:55:14 GMT
server: Apache
accept-ranges: bytes
etag: "11571-5270441645480"
content-length: 71025
content-type: application/javascript

GET
H2 200 jquery.swipebox.min.js Show response
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/ 11 KB
11 KB 31ms
31ms Script
application/javascript 217.160.0.146
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/jquery.swipebox.min.js?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 217.160.0.146 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS: 217-160-0-146.elastic-ssl.ui-r.com
Software: Apache /
Resource Hash: 2199990352edbb7ec586e01d26e2f6a7010a2fce1517711019b614dcec353ba3

Request headers

:path: /wordpress/wp-content/themes/rigel_old/js/jquery.swipebox.min.js?ver=1.4.1
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: securityaffairs.co
referer: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 09 Oct 2021 11:16:00 GMT
last-modified: Wed, 16 Dec 2015 06:58:17 GMT
server: Apache
accept-ranges: bytes
etag: "2a67-526fe6e433440"
content-length: 10855
content-type: application/javascript

GET
H2 200 jquery.circliful.min.js Show response
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/ 3 KB
3 KB 26ms
26ms Script
application/javascript 217.160.0.146
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/jquery.circliful.min.js?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 217.160.0.146 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS: 217-160-0-146.elastic-ssl.ui-r.com
Software: Apache /
Resource Hash: 1832a6ee34745b08b1fcae42c24468086358b43071d7679a738951aa7dc243ea

Request headers

:path: /wordpress/wp-content/themes/rigel_old/js/jquery.circliful.min.js?ver=1.4.1
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: securityaffairs.co
referer: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 09 Oct 2021 11:16:00 GMT
last-modified: Wed, 16 Dec 2015 06:58:17 GMT
server: Apache
accept-ranges: bytes
etag: "c18-526fe6e433440"
content-length: 3096
content-type: application/javascript

GET
H2 200 jquery.smarticker.min.js Show response
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/ 13 KB
13 KB 24ms
24ms Script
application/javascript 217.160.0.146
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/jquery.smarticker.min.js?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 217.160.0.146 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS: 217-160-0-146.elastic-ssl.ui-r.com
Software: Apache /
Resource Hash: 5525d57ced576560de8777ea78e4bc0c9d55396c0b668a7563b354de9c165aee

Request headers

:path: /wordpress/wp-content/themes/rigel_old/js/jquery.smarticker.min.js?ver=1.4.1
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: securityaffairs.co
referer: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 09 Oct 2021 11:16:00 GMT
last-modified: Wed, 16 Dec 2015 06:58:17 GMT
server: Apache
accept-ranges: bytes
etag: "3225-526fe6e433440"
content-length: 12837
content-type: application/javascript

GET
H2 200 custom.js Show response
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/ 12 KB
13 KB 24ms
23ms Script
application/javascript 217.160.0.146
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/custom.js?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 217.160.0.146 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS: 217-160-0-146.elastic-ssl.ui-r.com
Software: Apache /
Resource Hash: 0c27a9c1aee9eacb73655f930a6bbf9ec721006695e5c38405296081cdbcb878

Request headers

:path: /wordpress/wp-content/themes/rigel_old/js/custom.js?ver=1.4.1
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: securityaffairs.co
referer: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 09 Oct 2021 11:16:00 GMT
last-modified: Wed, 16 Dec 2015 06:58:16 GMT
server: Apache
accept-ranges: bytes
etag: "31d4-526fe6e33f200"
content-length: 12756
content-type: application/javascript

GET
H2 200 wp-embed.js Show response
securityaffairs.co/wordpress/wp-includes/js/ 3 KB
3 KB 25ms
24ms Script
application/javascript 217.160.0.146
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-includes/js/wp-embed.js?ver=4e9fb397a60a1f94ccb51524dee6bbf2
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 217.160.0.146 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS: 217-160-0-146.elastic-ssl.ui-r.com
Software: Apache /
Resource Hash: d931ba2089021a1357761939c18bcc09aa856d39be2a707ea450333f5b3443c4

Request headers

:path: /wordpress/wp-includes/js/wp-embed.js?ver=4e9fb397a60a1f94ccb51524dee6bbf2
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: securityaffairs.co
referer: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 09 Oct 2021 11:16:00 GMT
last-modified: Thu, 21 Feb 2019 22:56:38 GMT
server: Apache
accept-ranges: bytes
etag: "c8e-5826f6315ef61"
content-length: 3214
content-type: application/javascript

GET
H2 200 sharing.js Show response
securityaffairs.co/wordpress/wp-content/plugins/jetpack/modules/sharedaddy/ 23 KB
23 KB 24ms
24ms Script
application/javascript 217.160.0.146
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/plugins/jetpack/modules/sharedaddy/sharing.js?ver=10.2
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 217.160.0.146 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS: 217-160-0-146.elastic-ssl.ui-r.com
Software: Apache /
Resource Hash: bc29c34d0738c5cb3f96585219667566799d9e142699e982f9406d5b04fa9794

Request headers

:path: /wordpress/wp-content/plugins/jetpack/modules/sharedaddy/sharing.js?ver=10.2
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: securityaffairs.co
referer: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 09 Oct 2021 11:16:00 GMT
last-modified: Wed, 06 Oct 2021 04:54:29 GMT
server: Apache
accept-ranges: bytes
etag: "5a9e-5cda7f0f3d183"
content-length: 23198
content-type: application/javascript

GET
H2 200 e-202140.js Show response
stats.wp.com/ 9 KB
3 KB 22ms
6ms Script
application/javascript 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.wp.com/e-202140.js
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 0ebbc7fba9a50d36ef5422345f624431710db4528f25749d1d438c2c10bb69f2

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-nc: HIT hhn
date: Sat, 09 Oct 2021 11:16:00 GMT
content-encoding: gzip
server: nginx
etag: W/"5c6340e3-350a"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
expires: Wed, 21 Sep 2022 02:00:41 GMT

GET
H2 200 twemoji.js Show response
securityaffairs.co/wordpress/wp-includes/js/ 31 KB
31 KB 29ms
27ms Script
application/javascript 217.160.0.146
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-includes/js/twemoji.js?ver=4e9fb397a60a1f94ccb51524dee6bbf2
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 217.160.0.146 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS: 217-160-0-146.elastic-ssl.ui-r.com
Software: Apache /
Resource Hash: f9fae20d30474c95bf8745df26cfa5c62803462a9ee57dd710c8266d7ece3f3e

Request headers

:path: /wordpress/wp-includes/js/twemoji.js?ver=4e9fb397a60a1f94ccb51524dee6bbf2
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: securityaffairs.co
referer: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 09 Oct 2021 11:16:00 GMT
last-modified: Fri, 23 Jul 2021 22:11:53 GMT
server: Apache
accept-ranges: bytes
etag: "7cdc-5c7d1b0e301c1"
content-length: 31964
content-type: application/javascript

GET
H2 200 wp-emoji.js Show response
securityaffairs.co/wordpress/wp-includes/js/ 9 KB
9 KB 32ms
30ms Script
application/javascript 217.160.0.146
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-includes/js/wp-emoji.js?ver=4e9fb397a60a1f94ccb51524dee6bbf2
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 217.160.0.146 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS: 217-160-0-146.elastic-ssl.ui-r.com
Software: Apache /
Resource Hash: e503c59c36fc19803b2e9572b10e7c06236bda692aebd97f29e2a5a96f9aa5b6

Request headers

:path: /wordpress/wp-includes/js/wp-emoji.js?ver=4e9fb397a60a1f94ccb51524dee6bbf2
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: securityaffairs.co
referer: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 09 Oct 2021 11:16:00 GMT
last-modified: Tue, 31 Mar 2020 22:49:14 GMT
server: Apache
accept-ranges: bytes
etag: "231d-5a22e608152f1"
content-length: 8989
content-type: application/javascript

GET css
fonts.googleapis.com/ 0
0

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 48 KB
20 KB 69ms
20ms Script
text/javascript 142.250.185.174
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-59069958-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.174 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f14.1e100.net

Software

Golfe2 /

Resource Hash

fd222137f245c06ddb4c4d44db41f12138dad6cf8ef5d4d4a5e500f38f0c8c62

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 11 Aug 2021 00:32:57 GMT
server: Golfe2
age: 1743
date: Sat, 09 Oct 2021 10:46:57 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19747
expires: Sat, 09 Oct 2021 12:46:57 GMT

GET
H/1.1 204
No Content pview Show response
l.sharethis.com/ 0
340 B 30ms
8ms XHR
text/plain 3.124.181.115
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://l.sharethis.com/pview?event=pview&version=st_insights.js&lang=en&sessionID=1633778160520.12382&hostname=securityaffairs.co&location=%2Fwordpress%2F123136%2Fmalware%2Fcox-media-group-ransomware.html&product=simpleshare&fcmp=false&fcmpv2=false&publisher=4d48b7c5-0ae3-43d4-bfbe-3ff8c17a8ae6&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F123136%2Fmalware%2Fcox-media-group-ransomware.html&title=Cox%20Media%20Group%20took%20down%20broadcasts%20after%20a%20ransomware%20attackSecurity%20Affairs&sop=false&description=American%20media%20conglomerate%20Cox%20Media%20Group%20(CMG)%20was%20hit%20by%20a%20ransomware%20attack%20that%20took%20down%20live%20TV%20and%20radio%20broadcast%20streams%20in%20June%202021.%20The%20American%20media%20conglomerate%20Cox%20Media%20Group%20(CMG)%20announced%20it%20was%20hit%20by%20a%20ransomware%20attack%20that%20caused%20the%20interruption%20of%20the%20live%20TV%20and%20radio%20broadcast%20streams%20in%20June%20%5B%E2%80%A6%5D
Requested by: Host: ws.sharethis.com
URL: https://ws.sharethis.com/button/st_insights.js?publisher=4d48b7c5-0ae3-43d4-bfbe-3ff8c17a8ae6&product=simpleshare
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.124.181.115 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-124-181-115.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Sat, 09 Oct 2021 11:16:00 GMT
Access-Control-Max-Age: 1728000
Access-Control-Allow-Origin: https://securityaffairs.co
Access-Control-Expose-Headers: stid
Cache-Control: no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: *

GET
H2 200 5b71b64b04b9a500117b1015.js Show response
buttons-config.sharethis.com/js/ 30 B
380 B 26ms
7ms Script
text/javascript 13.224.193.81
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://buttons-config.sharethis.com/js/5b71b64b04b9a500117b1015.js
Requested by: Host: platform-api.sharethis.com
URL: https://platform-api.sharethis.com/js/sharethis.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.193.81 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-193-81.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 2c29defe29114d0e8b948e78d50ebb281035df53a9167089deb1e77e801bbd2f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 09 Oct 2021 11:15:14 GMT
via: 1.1 1d67a4c00b06651cb6daa95ec3f21f9b.cloudfront.net (CloudFront)
last-modified: Mon, 13 Aug 2018 16:48:12 GMT
server: AmazonS3
age: 47
etag: "e6e1643313740711175f51662a65b42f"
x-cache: Hit from cloudfront
content-type: text/javascript
cache-control: max-age=60,public
x-amz-cf-pop: FRA2-C1
accept-ranges: bytes
content-length: 30
x-amz-cf-id: GZeTADYyo008COkUtDpWpycSHXsXqqZV08DWK0ol9yqy0oo149xUBw==

GET
H2 200 analytics.js Show response
google-analytics.com/ 48 KB
20 KB 78ms
24ms Script
text/javascript 142.250.184.196
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://google-analytics.com/analytics.js

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.196 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f4.1e100.net

Software

Golfe2 /

Resource Hash

fd222137f245c06ddb4c4d44db41f12138dad6cf8ef5d4d4a5e500f38f0c8c62

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 11 Aug 2021 00:32:57 GMT
server: Golfe2
age: 5290
date: Sat, 09 Oct 2021 09:47:50 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19747
expires: Sat, 09 Oct 2021 11:47:50 GMT

GET
H2 200 fontawesome-webfont.woff
securityaffairs.co/wordpress/wp-content/themes/rigel_old/fonts/ 43 KB
44 KB 25ms
25ms Font
application/font-woff 217.160.0.146
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/fonts/fontawesome-webfont.woff?v=4.0.3
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/font-awesome.min.css?ver=1.4.1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 217.160.0.146 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS: 217-160-0-146.elastic-ssl.ui-r.com
Software: Apache /
Resource Hash: 0fd28fece9ebd606b8b071460ebd3fc2ed7bc7a66ef91c8834f11dfacab4a849

Request headers

:path: /wordpress/wp-content/themes/rigel_old/fonts/fontawesome-webfont.woff?v=4.0.3
pragma: no-cache
origin: https://securityaffairs.co
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: cors
accept: */*
cache-control: no-cache
sec-fetch-dest: font
:authority: securityaffairs.co
referer: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/font-awesome.min.css?ver=1.4.1
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/font-awesome.min.css?ver=1.4.1
Origin: https://securityaffairs.co
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 09 Oct 2021 11:16:00 GMT
last-modified: Wed, 16 Dec 2015 06:58:09 GMT
server: Apache
accept-ranges: bytes
etag: "ad90-526fe6dc92240"
content-length: 44432
content-type: application/font-woff

GET
H/1.1 204
No Content pview
l.sharethis.com/ 0
315 B 8ms
7ms Image
text/plain 3.124.181.115
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://l.sharethis.com/pview?event=pview&version=st_insights.js&lang=en&sessionID=1633778160520.12382&hostname=securityaffairs.co&location=%2Fwordpress%2F123136%2Fmalware%2Fcox-media-group-ransomware.html&product=simpleshare&fcmp=false&fcmpv2=false&publisher=4d48b7c5-0ae3-43d4-bfbe-3ff8c17a8ae6&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F123136%2Fmalware%2Fcox-media-group-ransomware.html&title=Cox%20Media%20Group%20took%20down%20broadcasts%20after%20a%20ransomware%20attackSecurity%20Affairs&sop=false&description=American%20media%20conglomerate%20Cox%20Media%20Group%20(CMG)%20was%20hit%20by%20a%20ransomware%20attack%20that%20took%20down%20live%20TV%20and%20radio%20broadcast%20streams%20in%20June%202021.%20The%20American%20media%20conglomerate%20Cox%20Media%20Group%20(CMG)%20announced%20it%20was%20hit%20by%20a%20ransomware%20attack%20that%20caused%20the%20interruption%20of%20the%20live%20TV%20and%20radio%20broadcast%20streams%20in%20June%20%5B%E2%80%A6%5D&description=American%20media%20conglomerate%20Cox%20Media%20Group%20(CMG)%20was%20hit%20by%20a%20ransomware%20attack%20that%20took%20down%20live%20TV%20and%20radio%20broadcast%20streams%20in%20June%202021.%20The%20American%20media%20conglomerate%20Cox%20Media%20Group%20(CMG)%20announced%20it%20was%20hit%20by%20a%20ransomware%20attack%20that%20caused%20the%20interruption%20of%20the%20live%20TV%20and%20radio%20broadcast%20streams%20in%20June%20%5B%E2%80%A6%5D&img_pview=true
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.124.181.115 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-124-181-115.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Sat, 09 Oct 2021 11:16:00 GMT
Access-Control-Max-Age: 1728000
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: stid
Cache-Control: no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: *

GET
H2 200 fcmain.js Show response
contextual.media.net/1017354394/ 74 KB
24 KB 244ms
244ms Script
text/javascript 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/1017354394/fcmain.js?cb=window._mNDetails.initAd&&gdpr=1&cid=8CU5BD6EW&cpcd=RlAcVccC-RdUYIl-LjF9ag%3D%3D&crid=816788371&size=300x250&cc=DE&https=1&vif=1&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F123136%2Fmalware%2Fcox-media-group-ransomware.html&nse=5&vi=1633778160798066206&lw=1&ugd=4&nb=1

Requested by

Host: contextual.media.net
URL: https://contextual.media.net/dmedianet.js?cid=8CU5BD6EW

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

890104920faf086fe9218e738c8e6778754b99e541be90e355288d0564e93ccc

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=604800
content-encoding: gzip
server: Apache
x-mnt-hl2: 10-6
vary: Accept-Encoding
content-type: text/javascript
cache-control: max-age=0, no-cache, no-store
date: Sat, 09 Oct 2021 11:16:00 GMT
x-mnt-w: 8-33, 8-33
content-length: 24291
expires: Sat, 09 Oct 2021 11:16:00 GMT

GET
H2 200 checksync.php Show response
contextual.media.net/ Frame 480E 15 KB
6 KB 113ms
113ms Document
text/html 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/checksync.php?&gdpr=1&usp_status=0&cs=2&cv=31&cid=8CU5BD6EW&https=1&itype=CM

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

35b68a4a6b135e744e7eb4808a90da92cefff01e96c9e78b83b1268fd578e40a

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

:method: GET
:authority: contextual.media.net
:scheme: https
:path: /checksync.php?&gdpr=1&usp_status=0&cs=2&cv=31&cid=8CU5BD6EW&https=1&itype=CM
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://securityaffairs.co/
accept-encoding: gzip, deflate, br
cookie: gdpr_status=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/

Response headers

server: Apache
content-type: text/html; charset=UTF-8
set-cookie: gdpr_status=1; Expires=Tue, 12 Apr 2022 11:16:00 GMT; domain=.media.net; Path=/; sameSite=none; secure=true
x-mnet-hl2: E
strict-transport-security: max-age=604800
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=172800
expires: Mon, 11 Oct 2021 11:16:00 GMT
date: Sat, 09 Oct 2021 11:16:00 GMT
content-length: 5705

GET
H2 200 bping.php
lg3.media.net/ 35 B
189 B 54ms
54ms Image
image/gif 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lg3.media.net/bping.php?&gdpr=1&prid=8PRHGG6T9&cid=8CU5BD6EW&crid=816788371&vi=1633778160798066206&ugd=4&lf=6&cc=DE&sc=HE&lper=100&wsip=2886781008&r=1633778160615&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F123136%2Fmalware%2Fcox-media-group-ransomware.html&vgd_l2type=setting&vgd_sbSup=1&vgd_is_amp=0&vgd_asn=62651&vgd_rakh=1633778160111034931&vgd_l1rhst=contextual.media.net&vgd_rpth=%2Fdmedianet.js&vgd_pgid=p056649247t202110091116&vgd_pgids=1&vgd_uspa=0&hvsid=00001633778160611036324922889363&gdpr=1&vgd_end=1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

0915fad60bc9b61b6dcd82d05da7ec4bc0232a647e75b8507c3cba6d4d6602f9

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=21600
server: Apache
date: Sat, 09 Oct 2021 11:16:00 GMT
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
content-length: 35
expires: Sat, 09 Oct 2021 11:16:00 GMT

GET
H2 200 fcmain.js Show response
contextual.media.net/1017354394/ 74 KB
24 KB 202ms
202ms Script
text/javascript 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: contextual.media.net
URL: https://contextual.media.net/dmedianet.js?cid=8CU5BD6EW

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

afa7a0fd1240256862b4a27153fba691db8f15cb53b8c517cd4ed03985f24f36

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=604800
content-encoding: gzip
server: Apache
x-mnt-hl2: 10-6
vary: Accept-Encoding
content-type: text/javascript
cache-control: max-age=0, no-cache, no-store
date: Sat, 09 Oct 2021 11:16:00 GMT
x-mnt-w: 8-32, 8-33
content-length: 24206
expires: Sat, 09 Oct 2021 11:16:00 GMT

GET
H2 200 checksync.php Show response
contextual.media.net/ Frame 6ED5 15 KB
6 KB 160ms
160ms Document
text/html 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/checksync.php?&gdpr=1&usp_status=0&cs=2&cv=31&cid=8CU5BD6EW&https=1&itype=CM

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

35b68a4a6b135e744e7eb4808a90da92cefff01e96c9e78b83b1268fd578e40a

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

:method: GET
:authority: contextual.media.net
:scheme: https
:path: /checksync.php?&gdpr=1&usp_status=0&cs=2&cv=31&cid=8CU5BD6EW&https=1&itype=CM
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://securityaffairs.co/
accept-encoding: gzip, deflate, br
cookie: gdpr_status=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/

Response headers

server: Apache
content-type: text/html; charset=UTF-8
set-cookie: gdpr_status=1; Expires=Tue, 12 Apr 2022 11:16:00 GMT; domain=.media.net; Path=/; sameSite=none; secure=true
x-mnet-hl2: E
strict-transport-security: max-age=604800
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=172800
expires: Mon, 11 Oct 2021 11:16:00 GMT
date: Sat, 09 Oct 2021 11:16:00 GMT
content-length: 5705

GET
H2 200 bping.php
lg3.media.net/ 35 B
189 B 62ms
62ms Image
image/gif 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lg3.media.net/bping.php?&gdpr=1&prid=8PRHGG6T9&cid=8CU5BD6EW&crid=816788371&vi=1633778160806578092&ugd=4&lf=6&cc=DE&sc=HE&lper=100&wsip=2886781008&r=1633778160641&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F123136%2Fmalware%2Fcox-media-group-ransomware.html&vgd_l2type=setting&vgd_sbSup=1&vgd_is_amp=0&vgd_asn=62651&vgd_rakh=1633778160111034931&vgd_l1rhst=contextual.media.net&vgd_rpth=%2Fdmedianet.js&vgd_pgid=p056649247t202110091116&vgd_pgids=2&vgd_uspa=0&hvsid=00001633778160611036324922889363&gdpr=1&vgd_end=1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

0915fad60bc9b61b6dcd82d05da7ec4bc0232a647e75b8507c3cba6d4d6602f9

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=21600
server: Apache
date: Sat, 09 Oct 2021 11:16:00 GMT
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
content-length: 35
expires: Sat, 09 Oct 2021 11:16:00 GMT

GET
H2 200 f00db26378ef7df7c440a8ee60ead62b
secure.gravatar.com/avatar/ 1 KB
1 KB 25ms
6ms Image
image/jpeg 192.0.73.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure.gravatar.com/avatar/f00db26378ef7df7c440a8ee60ead62b?s=60&d=mm&r=g
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.73.2 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 5cbf31f01d7d1ce4853bcd6cc64dbfd103d412ec14d8bcc4ebca3b35dc3f3b74

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Sat, 09 Oct 2021 11:16:00 GMT
last-modified: Wed, 11 Jan 1984 08:00:00 GMT
server: nginx
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=300
content-disposition: inline; filename="f00db26378ef7df7c440a8ee60ead62b.png"
accept-ranges: bytes
link: <https://www.gravatar.com/avatar/f00db26378ef7df7c440a8ee60ead62b?s=60&d=mm&r=g>; rel="canonical"
content-length: 1186
expires: Sat, 09 Oct 2021 11:21:00 GMT

GET
H2 200 fcmain.js Show response
contextual.media.net/1017354394/ 75 KB
24 KB 211ms
211ms Script
text/javascript 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/1017354394/fcmain.js?cb=window._mNDetails.initAd&&gdpr=1&cid=8CU5BD6EW&cpcd=RlAcVccC-RdUYIl-LjF9ag%3D%3D&crid=184323154&size=300x250&cc=DE&https=1&vif=1&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F123136%2Fmalware%2Fcox-media-group-ransomware.html&nse=5&vi=1633778160556117438&lw=1&ugd=4&nb=1

Requested by

Host: contextual.media.net
URL: https://contextual.media.net/dmedianet.js?cid=8CU5BD6EW

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

2709b0fbb2769245b0c10e8ecc73146c20a2dc63fb1ec2c3e752cc133770ea8d

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=604800
content-encoding: gzip
server: Apache
x-mnt-hl2: 10-6
vary: Accept-Encoding
content-type: text/javascript
cache-control: max-age=0, no-cache, no-store
date: Sat, 09 Oct 2021 11:16:00 GMT
x-mnt-w: 8-19, 8-11
content-length: 24367
expires: Sat, 09 Oct 2021 11:16:00 GMT

GET
H2 200 checksync.php Show response
contextual.media.net/ Frame C86A 15 KB
6 KB 123ms
123ms Document
text/html 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/checksync.php?&gdpr=1&usp_status=0&cs=2&cv=31&cid=8CU5BD6EW&https=1&itype=CM

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

35b68a4a6b135e744e7eb4808a90da92cefff01e96c9e78b83b1268fd578e40a

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

:method: GET
:authority: contextual.media.net
:scheme: https
:path: /checksync.php?&gdpr=1&usp_status=0&cs=2&cv=31&cid=8CU5BD6EW&https=1&itype=CM
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://securityaffairs.co/
accept-encoding: gzip, deflate, br
cookie: gdpr_status=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/

Response headers

server: Apache
content-type: text/html; charset=UTF-8
set-cookie: gdpr_status=1; Expires=Tue, 12 Apr 2022 11:16:00 GMT; domain=.media.net; Path=/; sameSite=none; secure=true
x-mnet-hl2: E
strict-transport-security: max-age=604800
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=172800
expires: Mon, 11 Oct 2021 11:16:00 GMT
date: Sat, 09 Oct 2021 11:16:00 GMT
content-length: 5705

GET
H2 200 bping.php
lg3.media.net/ 35 B
189 B 51ms
51ms Image
image/gif 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lg3.media.net/bping.php?&gdpr=1&prid=8PRHGG6T9&cid=8CU5BD6EW&crid=184323154&vi=1633778160556117438&ugd=4&lf=6&cc=DE&sc=HE&wsip=2886781008&r=1633778160671&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F123136%2Fmalware%2Fcox-media-group-ransomware.html&vgd_l2type=setting&vgd_sbSup=1&vgd_is_amp=0&vgd_asn=62651&vgd_rakh=1633778160111034931&vgd_l1rhst=contextual.media.net&vgd_rpth=%2Fdmedianet.js&vgd_pgid=p056649247t202110091116&vgd_pgids=2&vgd_uspa=0&hvsid=00001633778160669036324922887187&gdpr=1&vgd_end=1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

0915fad60bc9b61b6dcd82d05da7ec4bc0232a647e75b8507c3cba6d4d6602f9

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=21600
server: Apache
date: Sat, 09 Oct 2021 11:16:00 GMT
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
content-length: 35
expires: Sat, 09 Oct 2021 11:16:00 GMT

GET
H2 200 fcmain.js Show response
contextual.media.net/1017354394/ 74 KB
24 KB 190ms
190ms Script
text/javascript 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/1017354394/fcmain.js?cb=window._mNDetails.initAd&&gdpr=1&cid=8CU5BD6EW&cpcd=RlAcVccC-RdUYIl-LjF9ag%3D%3D&crid=647633027&size=300x250&cc=DE&https=1&vif=1&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F123136%2Fmalware%2Fcox-media-group-ransomware.html&nse=5&vi=1633778160811231184&lw=1&ugd=4&nb=1

Requested by

Host: contextual.media.net
URL: https://contextual.media.net/dmedianet.js?cid=8CU5BD6EW

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

7db640a19af372b98387a4dd7e775f82e7d8a628600a5f51cc657f45195b8f69

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=604800
content-encoding: gzip
server: Apache
x-mnt-hl2: 10-6
vary: Accept-Encoding
content-type: text/javascript
cache-control: max-age=0, no-cache, no-store
date: Sat, 09 Oct 2021 11:16:00 GMT
x-mnt-w: 8-9, 8-20
content-length: 24256
expires: Sat, 09 Oct 2021 11:16:00 GMT

GET
H2 200 checksync.php Show response
contextual.media.net/ Frame DEA4 15 KB
6 KB 132ms
132ms Document
text/html 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/checksync.php?&gdpr=1&usp_status=0&cs=2&cv=31&cid=8CU5BD6EW&https=1&itype=CM

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

35b68a4a6b135e744e7eb4808a90da92cefff01e96c9e78b83b1268fd578e40a

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

:method: GET
:authority: contextual.media.net
:scheme: https
:path: /checksync.php?&gdpr=1&usp_status=0&cs=2&cv=31&cid=8CU5BD6EW&https=1&itype=CM
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://securityaffairs.co/
accept-encoding: gzip, deflate, br
cookie: gdpr_status=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/

Response headers

server: Apache
content-type: text/html; charset=UTF-8
set-cookie: gdpr_status=1; Expires=Tue, 12 Apr 2022 11:16:00 GMT; domain=.media.net; Path=/; sameSite=none; secure=true
x-mnet-hl2: E
strict-transport-security: max-age=604800
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=172800
expires: Mon, 11 Oct 2021 11:16:00 GMT
date: Sat, 09 Oct 2021 11:16:00 GMT
content-length: 5705

GET
H2 200 bping.php
lg3.media.net/ 35 B
189 B 73ms
73ms Image
image/gif 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lg3.media.net/bping.php?&gdpr=1&prid=8PRHGG6T9&cid=8CU5BD6EW&crid=647633027&vi=1633778160811231184&ugd=4&lf=6&cc=DE&sc=HE&lper=100&wsip=2886781008&r=1633778160684&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F123136%2Fmalware%2Fcox-media-group-ransomware.html&vgd_l2type=setting&vgd_sbSup=1&vgd_is_amp=0&vgd_asn=62651&vgd_rakh=1633778160111034931&vgd_l1rhst=contextual.media.net&vgd_rpth=%2Fdmedianet.js&vgd_pgid=p056649247t202110091116&vgd_pgids=2&vgd_uspa=0&hvsid=00001633778160682036324922889364&gdpr=1&vgd_end=1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

0915fad60bc9b61b6dcd82d05da7ec4bc0232a647e75b8507c3cba6d4d6602f9

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=21600
server: Apache
date: Sat, 09 Oct 2021 11:16:00 GMT
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
content-length: 35
expires: Sat, 09 Oct 2021 11:16:00 GMT

GET
H2 200 Digging-The-Deep-Web.png
i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2018/03/ 6 KB
6 KB 8ms
8ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2018/03/Digging-The-Deep-Web.png?resize=236%2C300&ssl=1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

ba716187f8cc8c54806f5b9de46d1d94bec574ddf31c82f68532cd181e242b7f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-nc: HIT hhn 3
date: Sat, 09 Oct 2021 11:16:00 GMT
x-content-type-options: nosniff
last-modified: Thu, 05 Nov 2020 08:12:40 GMT
server: nginx
etag: "156244085faab7d3"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <https://securityaffairs.co/wordpress/wp-content/uploads/2018/03/Digging-The-Deep-Web.png>; rel="canonical"
content-length: 6414
expires: Sat, 05 Nov 2022 20:12:40 GMT

GET
H2 200 securityaffairs-best-european-blog2.png
i2.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2020/06/ 10 KB
10 KB 10ms
10ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i2.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2020/06/securityaffairs-best-european-blog2.png?resize=300%2C217&ssl=1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

e8caad51a19c5667e4fc7ae6a3b9bf8a23559bb64b09b0c6e90cad6d24083ea6

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 09 Oct 2021 11:16:00 GMT
x-content-type-options: nosniff
x-bytes-saved: 103276
content-length: 10314
x-nc: HIT hhn 2
last-modified: Tue, 02 Jun 2020 21:29:55 GMT
server: nginx
etag: "c8c3d7b06b174426"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <https://securityaffairs.co/wordpress/wp-content/uploads/2020/06/securityaffairs-best-european-blog2.png>; rel="canonical"
expires: Fri, 03 Jun 2022 09:29:55 GMT

GET
H2 200 logo-center-for-cybersecurity.jpg
i1.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2020/10/ 7 KB
7 KB 8ms
8ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i1.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2020/10/logo-center-for-cybersecurity.jpg?resize=290%2C300&ssl=1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

73cadf4725483d9a9290b8ea3ad87fe2afc746de5f70e89f088a3df9996bd8dd

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Sat, 09 Oct 2021 11:16:00 GMT
x-content-type-options: nosniff
last-modified: Thu, 05 Nov 2020 08:12:40 GMT
server: nginx
etag: "312ff21e46f29f3d"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <https://securityaffairs.co/wordpress/wp-content/uploads/2020/10/logo-center-for-cybersecurity.jpg>; rel="canonical"
content-length: 7482
expires: Sat, 05 Nov 2022 20:12:40 GMT

GET
H2 200 newsletter.png
i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2015/03/ 6 KB
6 KB 9ms
9ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2015/03/newsletter.png?resize=300%2C207&ssl=1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

40bc46248d8f8d5fbea7678bd0c0031327e206daaf99f3bf6723b9a70f665f7f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-nc: HIT hhn 4
date: Sat, 09 Oct 2021 11:16:00 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Dec 2020 07:29:12 GMT
server: nginx
etag: "a6fb49f7a00a0498"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <https://securityaffairs.co/wordpress/wp-content/uploads/2015/03/newsletter.png>; rel="canonical"
content-length: 6336
expires: Thu, 15 Dec 2022 19:29:12 GMT

GET
H2 200 g.gif
pixel.wp.com/ 50 B
92 B 9ms
8ms Image
image/gif 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.wp.com/g.gif?v=ext&j=1%3A10.2&blog=29506073&post=123136&tz=0&srv=securityaffairs.co&host=securityaffairs.co&ref=&fcp=2542&rand=0.519849155377732
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 09 Oct 2021 11:16:00 GMT
cache-control: no-cache
server: nginx
content-length: 50
content-type: image/gif

GET
H2 200 / Show response
graph.facebook.com/ 244 B
662 B 52ms
37ms Script
text/javascript 157.240.236.15
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://graph.facebook.com/?callback=WPCOMSharing.update_facebook_count&ids=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F123136%2Fmalware%2Fcox-media-group-ransomware.html

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/wp-content/plugins/jetpack/modules/sharedaddy/sharing.js?ver=10.2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

157.240.236.15 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

edge-star-shv-02-frx5.facebook.com

Software

Resource Hash

0188dad421209cf114490d5707942b740bfb080f80412435ce9eb1e5b798dbfb

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security: max-age=15552000; preload
content-encoding: br
www-authenticate: OAuth "Facebook Platform" "invalid_request" "(#2) Service temporarily unavailable"
x-fb-rev: 1004529132
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 182
x-fb-rlafr: 0
pragma: no-cache
x-fb-debug: wVXbTvFPq4BJi6Z6IpHt4iXSazo0gdna6GkzsyrKtB1Bjuw1CzSsLceKYp4D0nM3WjC65jMdotKvOS3RB8Xtxw==
x-fb-trace-id: Gex/K+V09Pp
date: Sat, 09 Oct 2021 11:16:00 GMT
vary: Origin, Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
x-fb-request-id: AQRwYo7QPQk7tlxowPPQFa6
cache-control: no-store
facebook-api-version: v4.0
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 g.gif
pixel.wp.com/ 50 B
74 B 7ms
7ms Image
image/gif 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.wp.com/g.gif?v=wpcom-no-pv&x_sharing-count-request=facebook&r=0.7748520671056454
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 09 Oct 2021 11:16:00 GMT
cache-control: no-cache
server: nginx
content-length: 50
content-type: image/gif

GET
H3 200 sdk.js Show response
connect.facebook.net/en_US/ 264 KB
74 KB 20ms
9ms Script
application/x-javascript 157.240.236.1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/sdk.js?hash=8ca56be6b023695c0950313c14ba4e9f

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js

Protocol

Security

QUIC, , AES_128_GCM

Server

157.240.236.1 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-02-frx5.fbcdn.net

Software

Resource Hash

d4508c1b731b876250e8eeca005948d415eb2453d92213d89aef775c153b3f3a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://securityaffairs.co/
Origin: https://securityaffairs.co
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: CQDn4O6zPPKHQ3eX8CEUhQ==
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 76084
x-fb-rlafr: 0
x-fb-debug: 8MXHNjgSVQ9hfNL0tuDmqqGDlQOp3p0H+mBqPjCiOrgP2fotB/9uKsn3TaH12vYlofXhCyl/HHEgCJLPcRFpHQ==
x-fb-content-md5: 7c3c34e630c2b9ca9343580ab59b0eba
x-frame-options: DENY
date: Sat, 09 Oct 2021 11:16:00 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
etag: "e83c90931f6d76a90c55964a70e56d91"
timing-allow-origin: *
priority: u=3,i
expires: Sun, 09 Oct 2022 10:23:31 GMT

POST
H3 200 collect Show response
www.google-analytics.com/j/ 1 B
21 B 64ms
31ms XHR
text/plain 142.250.185.174
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j93&a=1749162991&t=pageview&_s=1&dl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F123136%2Fmalware%2Fcox-media-group-ransomware.html&ul=en-us&de=UTF-8&dt=Cox%20Media%20Group%20took%20down%20broadcasts%20after%20a%20ransomware%20attackSecurity%20Affairs&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAUABAAAAAC~&jid=1435637901&gjid=1587851718&cid=1856466030.1633778161&tid=UA-59069958-1&_gid=1899131108.1633778161&_r=1&gtm=2oua60&did=dNDMyYj&z=1204478806

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.174 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f14.1e100.net

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sat, 09 Oct 2021 11:16:00 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://securityaffairs.co
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 59ms
30ms XHR
text/plain 142.250.185.174
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j93&a=1749162991&t=pageview&_s=1&dl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F123136%2Fmalware%2Fcox-media-group-ransomware.html&ul=en-us&de=UTF-8&dt=Cox%20Media%20Group%20took%20down%20broadcasts%20after%20a%20ransomware%20attackSecurity%20Affairs&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEDAAUABAAAAAC~&jid=2032005566&gjid=1380507750&cid=1856466030.1633778161&tid=UA-59069958-1&_gid=1899131108.1633778161&_r=1&_slc=1&z=12361229

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.174 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f14.1e100.net

Software

Golfe2 /

Resource Hash

a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sat, 09 Oct 2021 11:16:00 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://securityaffairs.co
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 hb_v2.js Show response
cdn.pixfuture.com/ 33 KB
34 KB 61ms
25ms Script
application/javascript 172.67.70.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.pixfuture.com/hb_v2.js
Requested by: Host: served-by.pixfuture.com
URL: https://served-by.pixfuture.com/www/delivery/headerbid.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.70.113 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 45df10c585e01c07a3602ed16c1c6842d2572d6b15bceff9cb1f58256d330e31

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 09 Oct 2021 11:16:00 GMT
cf-cache-status: HIT
last-modified: Tue, 28 Sep 2021 15:09:43 GMT
server: cloudflare
age: 72363
etag: W/"61533037-84f5"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=v1Xjdpilu5i%2FYYGJDJmI6TKjR07NOOqs6KMN6u6aowmlV1WrBwmLVUwJSVZp8Q8Imcbj2o5LD%2FD8pmTWp%2BBjtFFkagpwmZaBcDPE4ibt1wx%2By4oFLyMzPH%2BRMat%2FroBZbjrU"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
expires: Sun, 10 Oct 2021 15:09:56 GMT
cache-control: public, max-age=2678400, no-transform
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 69b731c16d733b43-CDG
cf-bgj: minify

GET
H2 200 nrrV72800.js Show response
contextual.media.net/4a/ Frame F9DC 91 KB
30 KB 64ms
64ms Script
text/javascript 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/4a/nrrV72800.js

Requested by

Host: contextual.media.net
URL: https://contextual.media.net/dmedianet.js?cid=8CU5BD6EW

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

b4fa3f78fd5de15328ba71f880dc61f00fb0b26013deeb115cf2865347be1851

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: max-age=2592000
strict-transport-security: max-age=604800
content-encoding: gzip
server: Apache
etag: "6886442ba24a2b87df682d7c632eab66"
vary: Accept-Encoding
x-mnet-h: 8-12
content-type: text/javascript; charset=utf-8
cache-control: max-age=1209600
date: Sat, 09 Oct 2021 11:16:00 GMT
content-length: 30050
expires: Sat, 23 Oct 2021 11:16:00 GMT

GET
DATA 200
OK truncated
/ Frame F9DC 4 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 326c32d7ffbd04762a10cf5bb37441d418397959381d3893c9e9a48217aa5347

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame F9DC 2 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b00af338864761a37a208806e2e8815b46327a5e7e47bf141f4fbdf6d1fd3bcc

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 bullet3.woff
contextual.media.net/__media__/fonts/bullet3/ Frame F9DC 2 KB
2 KB 54ms
39ms Font
application/font-woff 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/__media__/fonts/bullet3/bullet3.woff

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

0bf3f6e79af33723b0c1a822f59a484a35583303ab76fa9227b694b1e719364f

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Referer: https://securityaffairs.co/
Origin: https://securityaffairs.co
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 09 Oct 2021 11:16:00 GMT
last-modified: Mon, 16 May 2016 10:39:41 GMT
server: Apache
strict-transport-security: max-age=604800
content-type: application/font-woff
access-control-allow-origin: *
cache-control: max-age=86400
accept-ranges: bytes
content-length: 1688
expires: Sun, 10 Oct 2021 11:16:00 GMT

GET
H2 200 nrrV72800.js Show response
contextual.media.net/4a/ Frame 32EA 91 KB
30 KB 64ms
63ms Script
text/javascript 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/4a/nrrV72800.js

Requested by

Host: contextual.media.net
URL: https://contextual.media.net/dmedianet.js?cid=8CU5BD6EW

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

b4fa3f78fd5de15328ba71f880dc61f00fb0b26013deeb115cf2865347be1851

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: max-age=2592000
strict-transport-security: max-age=604800
content-encoding: gzip
server: Apache
etag: "6886442ba24a2b87df682d7c632eab66"
vary: Accept-Encoding
x-mnet-h: 8-12
content-type: text/javascript; charset=utf-8
cache-control: max-age=1209600
date: Sat, 09 Oct 2021 11:16:00 GMT
content-length: 30050
expires: Sat, 23 Oct 2021 11:16:00 GMT

GET
H2 200 1x1.gif
contextual.media.net/__media__/pics/800028474/ Frame 32EA 42 B
205 B 24ms
24ms Image
image/gif 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://contextual.media.net/__media__/pics/800028474/1x1.gif

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 09 Oct 2021 11:16:00 GMT
last-modified: Mon, 04 Jun 2018 10:04:19 GMT
server: Apache
strict-transport-security: max-age=604800
content-type: image/gif
cache-control: max-age=1157022
accept-ranges: bytes
content-length: 42
expires: Fri, 22 Oct 2021 20:39:42 GMT

GET
DATA 200
OK truncated
/ Frame 32EA 4 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 326c32d7ffbd04762a10cf5bb37441d418397959381d3893c9e9a48217aa5347

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 32EA 2 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b00af338864761a37a208806e2e8815b46327a5e7e47bf141f4fbdf6d1fd3bcc

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 bullet13.woff
contextual.media.net/__media__/fonts/bullet13/ Frame 32EA 2 KB
2 KB 36ms
36ms Font
application/font-woff 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/__media__/fonts/bullet13/bullet13.woff

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

6139b4d0af528ec1d0e26ae865c1ca04ac061d844ffa6ccc9e4adaa3af93a2f7

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Referer: https://securityaffairs.co/
Origin: https://securityaffairs.co
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 09 Oct 2021 11:16:00 GMT
last-modified: Mon, 16 May 2016 10:39:41 GMT
server: Apache
strict-transport-security: max-age=604800
content-type: application/font-woff
access-control-allow-origin: *
cache-control: max-age=86400
accept-ranges: bytes
content-length: 1692
expires: Sun, 10 Oct 2021 11:16:00 GMT

GET
H2 200 nrrV72800.js Show response
contextual.media.net/4a/ Frame E6A9 91 KB
30 KB 43ms
43ms Script
text/javascript 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/4a/nrrV72800.js

Requested by

Host: contextual.media.net
URL: https://contextual.media.net/dmedianet.js?cid=8CU5BD6EW

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

b4fa3f78fd5de15328ba71f880dc61f00fb0b26013deeb115cf2865347be1851

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: max-age=2592000
strict-transport-security: max-age=604800
content-encoding: gzip
server: Apache
etag: "6886442ba24a2b87df682d7c632eab66"
vary: Accept-Encoding
x-mnet-h: 8-12
content-type: text/javascript; charset=utf-8
cache-control: max-age=1209600
date: Sat, 09 Oct 2021 11:16:00 GMT
content-length: 30050
expires: Sat, 23 Oct 2021 11:16:00 GMT

GET
H2 200 1x1.gif
contextual.media.net/__media__/pics/800028474/ Frame E6A9 42 B
205 B 22ms
22ms Image
image/gif 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://contextual.media.net/__media__/pics/800028474/1x1.gif

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 09 Oct 2021 11:16:00 GMT
last-modified: Mon, 04 Jun 2018 10:04:19 GMT
server: Apache
strict-transport-security: max-age=604800
content-type: image/gif
cache-control: max-age=1157022
accept-ranges: bytes
content-length: 42
expires: Fri, 22 Oct 2021 20:39:42 GMT

GET
DATA 200
OK truncated
/ Frame E6A9 4 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 326c32d7ffbd04762a10cf5bb37441d418397959381d3893c9e9a48217aa5347

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame E6A9 2 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b00af338864761a37a208806e2e8815b46327a5e7e47bf141f4fbdf6d1fd3bcc

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 bullet13.woff
contextual.media.net/__media__/fonts/bullet13/ Frame E6A9 2 KB
2 KB 17ms
17ms Font
application/font-woff 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/__media__/fonts/bullet13/bullet13.woff

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

6139b4d0af528ec1d0e26ae865c1ca04ac061d844ffa6ccc9e4adaa3af93a2f7

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Referer: https://securityaffairs.co/
Origin: https://securityaffairs.co
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 09 Oct 2021 11:16:00 GMT
last-modified: Mon, 16 May 2016 10:39:41 GMT
server: Apache
strict-transport-security: max-age=604800
content-type: application/font-woff
access-control-allow-origin: *
cache-control: max-age=86400
accept-ranges: bytes
content-length: 1692
expires: Sun, 10 Oct 2021 11:16:00 GMT

GET
H2 200 nrrV72800.js Show response
contextual.media.net/4a/ Frame 8690 91 KB
30 KB 29ms
29ms Script
text/javascript 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/4a/nrrV72800.js

Requested by

Host: contextual.media.net
URL: https://contextual.media.net/dmedianet.js?cid=8CU5BD6EW

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

b4fa3f78fd5de15328ba71f880dc61f00fb0b26013deeb115cf2865347be1851

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: max-age=2592000
strict-transport-security: max-age=604800
content-encoding: gzip
server: Apache
etag: "6886442ba24a2b87df682d7c632eab66"
vary: Accept-Encoding
x-mnet-h: 8-12
content-type: text/javascript; charset=utf-8
cache-control: max-age=1209600
date: Sat, 09 Oct 2021 11:16:00 GMT
content-length: 30050
expires: Sat, 23 Oct 2021 11:16:00 GMT

GET
H2 200 pbix.js Show response
cdn.pixfuture.com/ 423 KB
424 KB 25ms
25ms Script
application/javascript 172.67.70.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.pixfuture.com/pbix.js
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.70.113 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 536386f4e5a08dcde004ad0d24c4ea816a2054ba53f5da25ebb12fa4493f693f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 09 Oct 2021 11:16:00 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 77498
cf-polished: origSize=433266
cf-bgj: minify
last-modified: Mon, 23 Aug 2021 13:19:22 GMT
server: cloudflare
etag: W/"6123a05a-69c72"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tj7LgfdUfXitzjpKtvhQlOICSpWQX1rHg18vLhO73ri%2BIemcRyO7Yk9KJgP02zylKKVtH0kkSfk5M4tD1Fq53vWGGJGmb%2BbeuBWfyG7oQNETH8hG4%2BozSpg9UzhjJ9XnRgd6"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=2678400, no-transform
cf-ray: 69b731c1ce0e3b43-CDG
expires: Sun, 10 Oct 2021 13:44:09 GMT

GET
H2 400 r.js
aa.agkn.com/adscores/ 0
0 63ms
18ms Script
text/plain 18.169.90.17
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://aa.agkn.com/adscores/r.js?sid=9112309848
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.169.90.17 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-169-90-17.eu-west-2.compute.amazonaws.com
Software: AAWebServer /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 09 Oct 2021 11:16:00 GMT
server: AAWebServer
content-type: text/plain
content-length: 22
p3p: policyref="https://www.agkn.com/p3p/p3p.xml",CP="NOI NID"

GET
H2 200 hb_v2.php Show response
served-by.pixfuture.com/www/delivery/ 9 KB
9 KB 374ms
191ms XHR
text/javascript 68.183.31.14
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://served-by.pixfuture.com/www/delivery/hb_v2.php?dat=24272x320x50x4142x_ADSLOT1&keywords=cox,media,group,took,down,broadcasts,after,ransomware,attacksecurity,affairs&refUrl=&refresh=false&innerWidth=1600
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.10.3 (Ubuntu) /
Resource Hash: 4a7fc41d3a93b893035ad7c9fde8beefd1ba77a7cd79de000d1555e86e2272dc

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 09 Oct 2021 11:16:01 GMT
server: nginx/1.10.3 (Ubuntu)
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=172800, public, no-transform
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
expires: Mon, 11 Oct 2021 11:16:01 GMT

GET
H2 200 hb_v2.php Show response
served-by.pixfuture.com/www/delivery/ 9 KB
9 KB 374ms
192ms XHR
text/javascript 68.183.31.14
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://served-by.pixfuture.com/www/delivery/hb_v2.php?dat=24270x300x250x4142x_ADSLOT1&keywords=cox,media,group,took,down,broadcasts,after,ransomware,attacksecurity,affairs&refUrl=&refresh=false&innerWidth=1600
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.10.3 (Ubuntu) /
Resource Hash: bb21755bd14ce34bcb9ef440e59e48aed5d442ff889787e8061be82b1122ac90

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 09 Oct 2021 11:16:01 GMT
server: nginx/1.10.3 (Ubuntu)
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=172800, public, no-transform
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
expires: Mon, 11 Oct 2021 11:16:01 GMT

GET
H2 200 hb_v2.php Show response
served-by.pixfuture.com/www/delivery/ 9 KB
9 KB 285ms
103ms XHR
text/javascript 68.183.31.14
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://served-by.pixfuture.com/www/delivery/hb_v2.php?dat=24272x320x50x4142x_ADSLOT1&keywords=cox,media,group,took,down,broadcasts,after,ransomware,attacksecurity,affairs&refUrl=&refresh=false&innerWidth=1600
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.10.3 (Ubuntu) /
Resource Hash: 4a7fc41d3a93b893035ad7c9fde8beefd1ba77a7cd79de000d1555e86e2272dc

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 09 Oct 2021 11:16:01 GMT
server: nginx/1.10.3 (Ubuntu)
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=172800, public, no-transform
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
expires: Mon, 11 Oct 2021 11:16:01 GMT

GET
H2 200 hb_v2.php Show response
served-by.pixfuture.com/www/delivery/ 11 KB
11 KB 447ms
266ms XHR
text/javascript 68.183.31.14
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://served-by.pixfuture.com/www/delivery/hb_v2.php?dat=24274x728x90x4142x_ADSLOT1&keywords=cox,media,group,took,down,broadcasts,after,ransomware,attacksecurity,affairs&refUrl=&refresh=false&innerWidth=1600
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.10.3 (Ubuntu) /
Resource Hash: 13d0e1dd4f7c5edd26e3ff420ef4ea62954a33c88db4371829d91ceb76958ac4

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 09 Oct 2021 11:16:01 GMT
server: nginx/1.10.3 (Ubuntu)
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=172800, public, no-transform
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
expires: Mon, 11 Oct 2021 11:16:01 GMT

GET
DATA 200
OK truncated
/ Frame 8690 4 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 326c32d7ffbd04762a10cf5bb37441d418397959381d3893c9e9a48217aa5347

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 8690 2 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b00af338864761a37a208806e2e8815b46327a5e7e47bf141f4fbdf6d1fd3bcc

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 Lato-Regular.woff
contextual.media.net/__media__/fonts/Lato-Regular/ Frame 8690 37 KB
38 KB 144ms
143ms Font
font/woff 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/__media__/fonts/Lato-Regular/Lato-Regular.woff

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

b7c2309c6e08de495b618ca1d7325a767ce1f1921447efad9eb29fb42824d611

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Referer: https://securityaffairs.co/
Origin: https://securityaffairs.co
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 09 Oct 2021 11:16:01 GMT
last-modified: Mon, 16 May 2016 10:39:41 GMT
server: Apache
strict-transport-security: max-age=604800
content-type: font/woff
access-control-allow-origin: *
cache-control: max-age=86400
accept-ranges: bytes
content-length: 38240
expires: Sun, 10 Oct 2021 11:16:01 GMT

GET
H2 200 bullet16.woff
contextual.media.net/__media__/fonts/bullet16/ Frame 8690 2 KB
2 KB 22ms
22ms Font
application/font-woff 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/__media__/fonts/bullet16/bullet16.woff

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

6c567f5f0ea4a8f2b5ef941a4b6b4d4d616e8198a96b6fab88df74a5bc3b5dce

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Referer: https://securityaffairs.co/
Origin: https://securityaffairs.co
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 09 Oct 2021 11:16:00 GMT
last-modified: Mon, 16 May 2016 10:39:41 GMT
server: Apache
strict-transport-security: max-age=604800
content-type: application/font-woff
access-control-allow-origin: *
cache-control: max-age=86400
accept-ranges: bytes
content-length: 2000
expires: Sun, 10 Oct 2021 11:16:00 GMT

GET
H2 200 bql.php Show response
lg3.media.net/ Frame F9DC 15 B
216 B 13ms
13ms Script
text/javascript 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://lg3.media.net/bql.php?&vgd_l2type=setting&v=1&gdpr=1&hvsid=00001633778160611036324922889363&geo=50.12|8.68&dlper=25&lper=100&fp=EIMN-ehR7Pps_CSyS_Yzo-2i1OixKc5bcJvKkD7oNWATQGXYvCMCRDO-3ihF_2MSXfJQLiPDA5odoOeL3VmQrkqJQkdvD5ABiNdcyn7XUYYr9oBh5eRYueay1wd-kuxI&lpid=&tsid=1&q=&prv=&type=&ps=&cme=XVK9LqZbwBjjqHCSPVgqGXUlu3Ri2S-xIxIfNTUVnDnycgWioLefMcMT2Mw0el7Kg4fieJMBapvIzvIm7P0TjBsslj1XsStgYiwMtxxrxs0S1ZqaNA0DewsSgKvQm7nGeza1dAsNmhCqR8atP6Vp3g5wgR046hTdzCiNvjelUZbo7_JLHlAuCFrAoPKya-AMZLr7RfSCn5fhbFO0A7X43LZqW-68IewhGWJ3u0eu3CI%3D%7C%7CNDHRnZ9Gz3KXlI-i9OnZqQ%3D%3D%7C5gDUJdTGiJzedmq9hanWYg%3D%3D%7CsRBSg3CPSiQ%3D%7C-nrsaAT2Xj1LE8q9GFkBJefl-gSPkLwEjBRdi3hR1Hq79XbB9dJ6_Xll_kX2syjwtpLtgM7k1NdA8VINCKMeKg8mcNbPdYvE15QF7jBsH_c%3D%7CN7fu2vKt8_s%3D%7CSugUF8l65Xf7fXjPUAL0NlOoiB0sbImL414FC7F2SwjJRGweNAbhRos-AinAVfkyis6MyRDyoB33v8E79fVMjjIg93zUIGdUuCxaRHZ1EgoQvCrgKsMxoGBxZJgo28nHozpf1BeBGvVvHD7p5vIpouPaV4Kz7a3t_DP18lTSse2S2p5IK6kRP9Gexf4e5gyiEPzkh8VuZHK-wg7W8JDQ-Q%3D%3D%7C&hint=&td=&cc=DE&wsip=2886995206&bca=0&ugd=4&vgd_chost=contextual.media.net&vgd_fcic=1&vgde_kbbh=WoNWNY&vgde_setid=NW&&rc=0&ksu=207&fdkt=439&kwd[]=Tips%20to%20Prevent%20Ransomware&kwt[]=439&kbc[]=1261626550&kwp[]=1&kid[]=329660538&kbc2[]=clust%3D1%7C%7Ccomputers%20%26%20electronics%20%3E%20computer%20security%7C%7Cdiff%3D1%7C%7Csetid%3D3%7C%7Cps%3D0.966%7C%7Crpc%3D0.56%7C%7Clvl%3D1.00&ktd[]=864693602373472512&kwd[]=Top%20Anti%20-%20Ransomware%20Software&kwt[]=439&kbc[]=1261626550&kwp[]=2&kid[]=330150788&kbc2[]=clust%3D1%7C%7Ccomputers%20%26%20electronics%20%3E%20computer%20security%7C%7Cdiff%3D1%7C%7Csetid%3D3%7C%7Cps%3D0.966%7C%7Crpc%3D0.29%7C%7Clvl%3D1.00&ktd[]=864693602373472512&kwd[]=Malware%20Detection%20Software&kwt[]=439&kbc[]=1261626550&kwp[]=3&kid[]=118382350&kbc2[]=clust%3D1%7C%7Ccomputers%20%26%20electronics%20%3E%20computer%20security%7C%7Cdiff%3D1%7C%7Csetid%3D7%7C%7Cps%3D0.966%7C%7Crpc%3D0.03%7C%7Clvl%3D1.00&ktd[]=2017615106980319488&kwd[]=Best%20Anti-Ransomware%20Software&kwt[]=439&kbc[]=1261626550&kwp[]=4&kid[]=326729916&kbc2[]=clust%3D1%7C%7Ccomputers%20%26%20electronics%20%3E%20computer%20security%7C%7Cdiff%3D1%7C%7Csetid%3D4%7C%7Cps%3D0.966%7C%7Crpc%3D0.12%7C%7Clvl%3D2.25&ktd[]=1152923978525184256&kwd[]=Ransomeware%20Virus%20Removal%20Tool&kwt[]=439&kbc[]=1261626550&kwp[]=5&kid[]=329867252&kbc2[]=clust%3D1%7C%7Ccomputers%20%26%20electronics%20%3E%20computer%20security%7C%7Cdiff%3D1%7C%7Csetid%3D5%7C%7Cps%3D0.966%7C%7Crpc%3D0.05%7C%7Clvl%3D1.00&ktd[]=1441154354676896000&rand=1633778160950&cid=8CU5BD6EW&vwid=1633778160806578092&vi=1633778160806578092&l3ch=1&slnkp=no&tdAdd[]=ib=0&vgd_uspa=0&vgd_sc=HE&vgd_l1rakh=1633778160111034931&vgd_l1rhst=contextual.media.net&vgd_lhl=953&tdAdd[]=%7C%40%7Csde%3D1%7C%40%7Cadepth%3D2%7C%40%7Cddepth%3D1%7C%40%7Cfsap%3D0&vgd_ifrmode=00&sttm=1633778160640&upk=1633778161.28902&hvsid=00001633778160611036324922889363&verid=4121199&kbbq=%26sde%3D1%26adepth%3D2%26ddepth%3D1%26asn%3D62651&vgd_isiolc=1&npgv=1&pid=8PO9OT5EW&katen=1&pc=18&vgd_pgid=p056649247t202110091116&matm=1633778160956&vgd_ltime=319&vgd_ltimesrc=2&abpl=2&tdAdd[]=nw%3DNone&tdAdd[]=nwType%3DNone&tdAdd[]=asnum%3D62651&tdAdd[]=proxy%3DNone&tdAdd[]=comp%3DNone&vgd_l3_sc=HE&vgd_l1ch=1&vgd_katid=807619797&vgd_katbid=-21&vgd_kals=ttype%3D10002%7C%7Cpc%3D18&vgd_kasts=tstype%3D-10408%7C%7Cgbid%3D-1&vgd_altbql=sb&vgd_pdtid=1&vgd_implt=3&vgd_sbSup=1&vgd_l2wsip=2886994110&vgd_nrrsf=nrr&vgd_nrrv=72800&vgd_nrrs=72800&vgd_nrrmf=4a&vgd_cntrdt=AS%7CDIV-816788371%7CDIV&vgd_x_pos=325&vgd_y_pos=1784&vgd_ren_page_h=3975&vgd_cty=FRANKFURT&vgd_l1hcsd=N5%7C6737&vgd_sethcsd=N6%7C6640&vgd_cfud=200313&vgd_is_amp=0&vgd_icat=608&vgd_spcat=500434&vgd_optout=0&vgd_l2ch=1&vgd_ect=4g&vgd_rensize=610_250&vgd_scr_h=1200&vgd_scr_w=1600&vgd_mbr=1&vgd_l1rpth=%2Fdmedianet.js&vgd_pgids=2&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F123136%2Fmalware%2Fcox-media-group-ransomware.html&oRurl=http%3A%2F%2Fcdn3%2Fmediamain.html%3F%26nb%3D1%26settings%3D1%26%26cc%3DDE%26isOffice%3D0%26fvips%3D0%26vi%3D1633777768379676904%26lw%3D1%26esi%3D1%26size%3D300x250%26crid%3D816788371%26vpf%3D000%26cid%3D8CU5BD6EW%26ugd%3D4%26chost%3Dcontextual.media.net%26vif%3D1%26blacpfl%3D1%26https%3D1%26blapd%3D0%26nse%3D5%26baeFlag%3D1%26cpcd%3DRlAcVccC-RdUYIl-LjF9ag%253d%253d%26nb%3D1%26cb%3Dwindow._mNDetails.initAd%26gdpr%3D1%26pid%3D8PO9OT5EW%26requrl%3Dhttps%253a%252f%252fsecurityaffairs.co%252fwordpress%252f123136%252fmalware%252fcox-media-group-ransomware.html%26%26katid%3D807619797%26katen%3D1%26katbid%3D-21&tdAdd[]=uiparams%3D%3Brend_w%3A610%3Brend_h%3A250%3Bwin_w%3A1600%3Bwin_h%3A1200%3Bkwd_scnt%3A5&vgd_end=1

Requested by

Host: contextual.media.net
URL: https://contextual.media.net/4a/nrrV72800.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

c787e9dd6dc8ea3c935f5f0f30e3b9e4a3e066b4619bb244f569883f8e318a24

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=21600
server: Apache
date: Sat, 09 Oct 2021 11:16:00 GMT
ntcoent-length: 15
vary: Accept-Encoding
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
content-length: 15
expires: Sat, 09 Oct 2021 11:16:00 GMT

POST
H2 200 log
navvy.media.net/ Frame F9DC 35 B
207 B 196ms
159ms Ping
image/gif 34.102.149.62
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://navvy.media.net/log
Requested by: Host: contextual.media.net
URL: https://contextual.media.net/4a/nrrV72800.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.102.149.62 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 62.149.102.34.bc.googleusercontent.com
Software: Jetty(9.4.7.v20170914) /
Resource Hash: 796c46ec10bc9105545f6f90d51593921b69956bd9087eb72bee83f40ad86f90

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Sat, 09 Oct 2021 11:16:01 GMT
via: 1.1 google
server: Jetty(9.4.7.v20170914)
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=0, no-cache,no-store
alt-svc: clear
content-length: 35
expires: Sat, 09 Oct 2021 11:16:01 GMT

GET
H2 200 bql.php Show response
lg3.media.net/ Frame 32EA 15 B
216 B 11ms
10ms Script
text/javascript 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://lg3.media.net/bql.php?&vgd_l2type=setting&v=1&gdpr=1&hvsid=00001633778160611036324922889363&geo=50.12|8.68&dlper=25&lper=100&fp=EIMN-ehR7Pps_CSyS_Yzo-2i1OixKc5bcJvKkD7oNWATQGXYvCMCRD34auNiG8JEPPa-sm5Rppa6WI4Qt4I1BoHEB-5EZOQimuricaBQpf6Dn4eT2n3ye5jK0bH1h_I41cXNXQqwOJY%3D&lpid=&tsid=1&q=&prv=&type=&ps=&cme=RSBTMsOkPqwnLHErsmfFGVYEF4xbhxO0C-OMXYktqgf-m-bM91zJGiwO2Dfrcxxvim5Yg5UW0i2XICYifTFrEnpOUyhEcYc65W7cspNztknI0hT5rzbP2x7hIXuixIcplUtnBmILLLks2EGXPMqTE5N48xOEdUsa6rdJWaMtANOWI7ezTYOKgsgeghhoghT7S8np3iB3V0bYmmPsW2uh7kEnDsPGUvlD7JnWDlZWQHo%3D%7C%7CNDHRnZ9Gz3KXlI-i9OnZqQ%3D%3D%7C5gDUJdTGiJzedmq9hanWYg%3D%3D%7CsRBSg3CPSiQ%3D%7C-nrsaAT2Xj1LE8q9GFkBJefl-gSPkLwEjBRdi3hR1Hq79XbB9dJ6_Xll_kX2syjwtpLtgM7k1NdA8VINCKMeKg8mcNbPdYvE15QF7jBsH_c%3D%7CN7fu2vKt8_s%3D%7CuZz04jJB8q9F03jAyHDOz9d1F6I3EHxjsiYSYaEZZxgIEWzF1nuXjHme2wKHIdFyT3wB38p4j8AEJXkMqcRX52v8GjyEgQaqBzVoigpmoHcIbE_7WUQwr8vHO5I7XZsfMwCTBQP8Iy3JEV41IViZPt1v5Dl6tBBBb6SYDHjCi2q99vJfbVK8FCXgTITZzGdpyCaaLvFKJLULGLtYQ1M9JeUtxeuE5Xyb%7C&hint=&td=&cc=DE&wsip=2886994110&bca=0&ugd=4&vgd_chost=contextual.media.net&vgd_fcic=1&vgde_kbbh=WoNWNY&vgde_setid=NW&&rc=0&ksu=207&fdkt=439&kwd[]=Tips%20to%20Prevent%20Ransomware&kwt[]=439&kbc[]=1261626550&kwp[]=1&kid[]=329660538&kbc2[]=clust%3D1%7C%7Ccomputers%20%26%20electronics%20%3E%20computer%20security%7C%7Cdiff%3D1%7C%7Csetid%3D3%7C%7Cps%3D0.966%7C%7Crpc%3D0.56%7C%7Clvl%3D1.00&ktd[]=864693602373472512&kwd[]=Top%20Anti%20-%20Ransomware%20Software&kwt[]=439&kbc[]=1261626550&kwp[]=2&kid[]=330150788&kbc2[]=clust%3D1%7C%7Ccomputers%20%26%20electronics%20%3E%20computer%20security%7C%7Cdiff%3D1%7C%7Csetid%3D3%7C%7Cps%3D0.966%7C%7Crpc%3D0.29%7C%7Clvl%3D1.00&ktd[]=864693602373472512&kwd[]=Ransomeware%20Virus%20Removal%20Tool&kwt[]=439&kbc[]=1261626550&kwp[]=3&kid[]=329867252&kbc2[]=clust%3D1%7C%7Ccomputers%20%26%20electronics%20%3E%20computer%20security%7C%7Cdiff%3D1%7C%7Csetid%3D5%7C%7Cps%3D0.966%7C%7Crpc%3D0.05%7C%7Clvl%3D1.00&ktd[]=1441154354676896000&kwd[]=Best%20Anti-Ransomware%20Software&kwt[]=439&kbc[]=1261626550&kwp[]=4&kid[]=326729916&kbc2[]=clust%3D1%7C%7Ccomputers%20%26%20electronics%20%3E%20computer%20security%7C%7Cdiff%3D1%7C%7Csetid%3D4%7C%7Cps%3D0.966%7C%7Crpc%3D0.12%7C%7Clvl%3D2.25&ktd[]=1152923978525184256&kwd[]=Best%20Ransomware%20Protection%20Tools&kwt[]=439&kbc[]=1261626550&kwp[]=5&kid[]=330029440&kbc2[]=clust%3D1%7C%7Ccomputers%20%26%20electronics%20%3E%20computer%20security%7C%7Cdiff%3D1%7C%7Csetid%3D3%7C%7Cps%3D0.966%7C%7Crpc%3D0.49%7C%7Clvl%3D1.17&ktd[]=864693602373472512&rand=1633778160964&cid=8CU5BD6EW&vwid=1633778160798066206&vi=1633778160798066206&l3ch=1&slnkp=no&tdAdd[]=ib=0&vgd_uspa=0&vgd_sc=HE&vgd_l1rakh=1633778160111034931&vgd_l1rhst=contextual.media.net&vgd_lhl=946&tdAdd[]=%7C%40%7Csde%3D1%7C%40%7Cadepth%3D1%7C%40%7Cddepth%3D1%7C%40%7Cfsap%3D0&vgd_ifrmode=00&sttm=1633778160611&upk=1633778161.28902&hvsid=00001633778160611036324922889363&verid=4121199&kbbq=%26sde%3D1%26adepth%3D1%26ddepth%3D1%26asn%3D62651&vgd_isiolc=1&pid=8PO9OT5EW&katen=1&pc=49&vgd_pgid=p056649247t202110091116&matm=1633778160967&vgd_ltime=361&vgd_ltimesrc=2&abpl=2&tdAdd[]=nw%3DNone&tdAdd[]=nwType%3DNone&tdAdd[]=asnum%3D62651&tdAdd[]=proxy%3DNone&tdAdd[]=comp%3DNone&vgd_l3_sc=HE&vgd_l1ch=1&vgd_katid=807056982&vgd_katbid=-21&vgd_kals=ttype%3D10007%7C%7Cpc%3D49&vgd_kasts=tstype%3D-10408%7C%7Cgbid%3D-1&vgd_altbql=sb&vgd_pdtid=1&vgd_implt=3&vgd_sbSup=1&vgd_l2wsip=2886994110&vgd_nrrsf=nrr&vgd_nrrv=72800&vgd_nrrs=72800&vgd_nrrmf=4a&vgd_cntrdt=AS%7CDIV-816788371%7CDIV&vgd_x_pos=325&vgd_y_pos=2041&vgd_ren_page_h=3975&vgd_cty=FRANKFURT&vgd_l1hcsd=N5%7C6737&vgd_sethcsd=N6%7C6640&vgd_cfud=200219&vgd_is_amp=0&vgd_optout=0&vgd_l2ch=1&vgd_ect=4g&vgd_rensize=610_250&vgd_scr_h=1200&vgd_scr_w=1600&vgd_mbr=1&vgd_l1rpth=%2Fdmedianet.js&vgd_pgids=1&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F123136%2Fmalware%2Fcox-media-group-ransomware.html&oRurl=http%3A%2F%2Fcdn3%2Fmediamain.html%3F%26nb%3D1%26settings%3D1%26%26cc%3DDE%26isOffice%3D0%26fvips%3D0%26vi%3D1633777671229752147%26lw%3D1%26esi%3D1%26size%3D300x250%26crid%3D816788371%26vpf%3D000%26cid%3D8CU5BD6EW%26ugd%3D4%26chost%3Dcontextual.media.net%26vif%3D1%26blacpfl%3D1%26https%3D1%26blapd%3D0%26nse%3D5%26baeFlag%3D1%26cpcd%3DRlAcVccC-RdUYIl-LjF9ag%253d%253d%26nb%3D1%26cb%3Dwindow._mNDetails.initAd%26gdpr%3D1%26pid%3D8PO9OT5EW%26requrl%3Dhttps%253a%252f%252fsecurityaffairs.co%252fwordpress%252f123136%252fmalware%252fcox-media-group-ransomware.html%26%26katid%3D807056982%26katen%3D1%26katbid%3D-21&tdAdd[]=uiparams%3D%3Brend_w%3A610%3Brend_h%3A250%3Bwin_w%3A1600%3Bwin_h%3A1200%3Bkwd_scnt%3A5&vgd_end=1

Requested by

Host: contextual.media.net
URL: https://contextual.media.net/4a/nrrV72800.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

c787e9dd6dc8ea3c935f5f0f30e3b9e4a3e066b4619bb244f569883f8e318a24

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=21600
server: Apache
date: Sat, 09 Oct 2021 11:16:00 GMT
ntcoent-length: 15
vary: Accept-Encoding
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
content-length: 15
expires: Sat, 09 Oct 2021 11:16:00 GMT

POST
H2 200 log
navvy.media.net/ Frame 32EA 35 B
97 B 197ms
170ms Ping
image/gif 34.102.149.62
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://navvy.media.net/log
Requested by: Host: contextual.media.net
URL: https://contextual.media.net/4a/nrrV72800.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.102.149.62 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 62.149.102.34.bc.googleusercontent.com
Software: Jetty(9.4.7.v20170914) /
Resource Hash: 796c46ec10bc9105545f6f90d51593921b69956bd9087eb72bee83f40ad86f90

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Sat, 09 Oct 2021 11:16:01 GMT
via: 1.1 google
server: Jetty(9.4.7.v20170914)
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=0, no-cache,no-store
alt-svc: clear
content-length: 35
expires: Sat, 09 Oct 2021 11:16:01 GMT

GET
H2 200 bql.php Show response
lg3.media.net/ Frame E6A9 15 B
216 B 17ms
16ms Script
text/javascript 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://lg3.media.net/bql.php?&vgd_l2type=setting&v=1&gdpr=1&hvsid=00001633778160682036324922889364&geo=50.12|8.68&dlper=25&lper=100&fp=EIMN-ehR7Pps_CSyS_Yzo-2i1OixKc5bcJvKkD7oNWATQGXYvCMCRD34auNiG8JEPPa-sm5Rppa6WI4Qt4I1BoHEB-5EZOQimuricaBQpf4tFXNlGjEL4ilT_QEeT4pk59xGX2Tf_dA%3D&lpid=&tsid=1&q=&prv=&type=&ps=&cme=-qkzMpzS_SI-XQF9i2HJLddRxGVhVGVn8ODnL6VOBWCQDjiE8GgA1ctQmWZ7sxmpNt3FdMKwi6WAndz3qa3XoSm9hLLH8mnsskg_O5suy6aJSze_tdmxJnbhTzbR4Bi0rZbSw1bGuGXAhbNJ-P8Gj_m2smk0b5gqSfQozAdL82j4RDMUH29X2SQP9hagaf7ecPQOcnyxNDZTL8ZUUCRCUXIfnhgYcHv08nDmpZ1jOVY%3D%7C%7CNDHRnZ9Gz3KXlI-i9OnZqQ%3D%3D%7C5gDUJdTGiJzedmq9hanWYg%3D%3D%7CsRBSg3CPSiQ%3D%7C-nrsaAT2Xj1LE8q9GFkBJefl-gSPkLwEjBRdi3hR1Hq79XbB9dJ6_Xll_kX2syjwtpLtgM7k1NdA8VINCKMeKg8mcNbPdYvE15QF7jBsH_c%3D%7CN7fu2vKt8_s%3D%7C5g_NE0sT80KnmmUMQgex_tUf0TlsYVspHSzLnL7-6FQyZsW0u0PRJQ8K1u9xn9AFlWBnmHdimxcK6WZAo2wvxlGQcZmZeHmOb4YQ_fmk8qDBsgWm_N6KMGj4wBUmsi13h5hMt3x200b8_1sT4T8U8JdEbPqWLp2MvOx_FuCM4JjpNlKAU9DKFcerr-B2zR4fYLooGZ9vFBOxUJmwKmkTkg%3D%3D%7C&hint=&td=&cc=DE&wsip=2886781035&bca=0&ugd=4&vgd_chost=contextual.media.net&vgd_fcic=1&vgde_kbbh=WoNWNY&vgde_setid=NW&&rc=0&ksu=207&fdkt=439&kwd[]=Best%20Anti-Ransomware%20Software&kwt[]=439&kbc[]=1261626550&kwp[]=1&kid[]=326729916&kbc2[]=clust%3D1%7C%7Ccomputers%20%26%20electronics%20%3E%20computer%20security%7C%7Cdiff%3D1%7C%7Csetid%3D4%7C%7Cps%3D0.966%7C%7Crpc%3D0.12%7C%7Clvl%3D2.25&ktd[]=1152923978524852480&kwd[]=Best%20Ransomware%20Protection%20Tools&kwt[]=439&kbc[]=1261626550&kwp[]=2&kid[]=330029440&kbc2[]=clust%3D1%7C%7Ccomputers%20%26%20electronics%20%3E%20computer%20security%7C%7Cdiff%3D1%7C%7Csetid%3D3%7C%7Cps%3D0.966%7C%7Crpc%3D0.49%7C%7Clvl%3D1.17&ktd[]=864693602373140736&kwd[]=Tips%20to%20Prevent%20Ransomware&kwt[]=439&kbc[]=1261626550&kwp[]=3&kid[]=329660538&kbc2[]=clust%3D1%7C%7Ccomputers%20%26%20electronics%20%3E%20computer%20security%7C%7Cdiff%3D1%7C%7Csetid%3D3%7C%7Cps%3D0.966%7C%7Crpc%3D0.56%7C%7Clvl%3D1.00&ktd[]=864693602373140736&kwd[]=Top%20Anti%20-%20Ransomware%20Software&kwt[]=439&kbc[]=1261626550&kwp[]=4&kid[]=330150788&kbc2[]=clust%3D1%7C%7Ccomputers%20%26%20electronics%20%3E%20computer%20security%7C%7Cdiff%3D1%7C%7Csetid%3D3%7C%7Cps%3D0.966%7C%7Crpc%3D0.29%7C%7Clvl%3D1.00&ktd[]=864693602373140736&kwd[]=Ransomeware%20Virus%20Removal%20Tool&kwt[]=439&kbc[]=1261626550&kwp[]=5&kid[]=329867252&kbc2[]=clust%3D1%7C%7Ccomputers%20%26%20electronics%20%3E%20computer%20security%7C%7Cdiff%3D1%7C%7Csetid%3D5%7C%7Cps%3D0.966%7C%7Crpc%3D0.05%7C%7Clvl%3D1.00&ktd[]=1441154354676564224&rand=1633778160980&cid=8CU5BD6EW&vwid=1633778160811231184&vi=1633778160811231184&l3ch=1&slnkp=no&tdAdd[]=ib=0&vgd_uspa=0&vgd_sc=HE&vgd_l1rakh=1633778160111034931&vgd_l1rhst=contextual.media.net&vgd_lhl=953&tdAdd[]=%7C%40%7Csde%3D1%7C%40%7Cadepth%3D1%7C%40%7Cddepth%3D1%7C%40%7Cfsap%3D0&vgd_ifrmode=00&sttm=1633778160682&upk=1633778161.28902&hvsid=00001633778160682036324922889364&verid=3121199&kbbq=%26sde%3D1%26adepth%3D1%26ddepth%3D1%26asn%3D62651&vgd_isiolc=1&npgv=1&pid=8PO9OT5EW&katen=1&pc=16&vgd_pgid=p056649247t202110091116&matm=1633778160983&vgd_ltime=303&vgd_ltimesrc=2&abpl=2&tdAdd[]=nw%3DNone&tdAdd[]=nwType%3DNone&tdAdd[]=asnum%3D62651&tdAdd[]=proxy%3DNone&tdAdd[]=comp%3DNone&vgd_l3_sc=HE&vgd_l1ch=1&vgd_katid=807056982&vgd_katbid=-21&vgd_kals=ttype%3D10007%7C%7Cpc%3D16&vgd_kasts=tstype%3D-10408%7C%7Cgbid%3D-1&vgd_altbql=sb&vgd_pdtid=1&vgd_implt=3&vgd_sbSup=1&vgd_l2wsip=2886781337&vgd_nrrsf=nrr&vgd_nrrv=72800&vgd_nrrs=72800&vgd_nrrmf=4a&vgd_cntrdt=AS%7CDIV-647633027%7CDIV&vgd_x_pos=980&vgd_y_pos=723&vgd_ren_page_h=3975&vgd_cty=FRANKFURT&vgd_l1hcsd=N5%7C6737&vgd_sethcsd=N6%7C6640&vgd_cfud=200219&vgd_is_amp=0&vgd_optout=0&vgd_l2ch=1&vgd_ect=4g&vgd_rensize=300_250&vgd_scr_h=1200&vgd_scr_w=1600&vgd_mbr=1&vgd_l1rpth=%2Fdmedianet.js&vgd_pgids=2&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F123136%2Fmalware%2Fcox-media-group-ransomware.html&oRurl=http%3A%2F%2Fcdn3%2Fmediamain.html%3F%26nb%3D1%26settings%3D1%26%26cc%3DDE%26isOffice%3D0%26fvips%3D0%26vi%3D1633777671503314681%26lw%3D1%26esi%3D1%26size%3D300x250%26crid%3D647633027%26vpf%3D000%26cid%3D8CU5BD6EW%26ugd%3D4%26chost%3Dcontextual.media.net%26vif%3D1%26blacpfl%3D1%26https%3D1%26blapd%3D0%26nse%3D5%26baeFlag%3D1%26cpcd%3DRlAcVccC-RdUYIl-LjF9ag%253d%253d%26nb%3D1%26cb%3Dwindow._mNDetails.initAd%26gdpr%3D1%26pid%3D8PO9OT5EW%26requrl%3Dhttps%253a%252f%252fsecurityaffairs.co%252fwordpress%252f123136%252fmalware%252fcox-media-group-ransomware.html%26%26katid%3D807056982%26katen%3D1%26katbid%3D-21&tdAdd[]=uiparams%3D%3Brend_w%3A300%3Brend_h%3A250%3Bwin_w%3A1600%3Bwin_h%3A1200%3Bkwd_scnt%3A5&vgd_end=1

Requested by

Host: contextual.media.net
URL: https://contextual.media.net/4a/nrrV72800.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

c787e9dd6dc8ea3c935f5f0f30e3b9e4a3e066b4619bb244f569883f8e318a24

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=21600
server: Apache
date: Sat, 09 Oct 2021 11:16:00 GMT
ntcoent-length: 15
vary: Accept-Encoding
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
content-length: 15
expires: Sat, 09 Oct 2021 11:16:00 GMT

POST
H2 200 log
navvy.media.net/ Frame E6A9 35 B
97 B 179ms
168ms Ping
image/gif 34.102.149.62
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://navvy.media.net/log
Requested by: Host: contextual.media.net
URL: https://contextual.media.net/4a/nrrV72800.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.102.149.62 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 62.149.102.34.bc.googleusercontent.com
Software: Jetty(9.4.7.v20170914) /
Resource Hash: 796c46ec10bc9105545f6f90d51593921b69956bd9087eb72bee83f40ad86f90

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Sat, 09 Oct 2021 11:16:01 GMT
via: 1.1 google
server: Jetty(9.4.7.v20170914)
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=0, no-cache,no-store
alt-svc: clear
content-length: 35
expires: Sat, 09 Oct 2021 11:16:01 GMT

GET
H2 200 bql.php Show response
lg3.media.net/ Frame 8690 15 B
216 B 12ms
11ms Script
text/javascript 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://lg3.media.net/bql.php?&vgd_l2type=setting&v=1&gdpr=1&hvsid=00001633778160669036324922887187&geo=50.12|8.68&dlper=25&lper=100&fp=EIMN-ehR7Pps_CSyS_Yzo-2i1OixKc5bcJvKkD7oNWATQGXYvCMCRM1GYrg9pa4oAlz-QFUMFWUEcTdcVFE7_4Pzg8TXDH3juagvmeOxaXYKn_St-znxhyuxwvYSTBf6dkj_18RT4FA%3D&lpid=&tsid=1&q=&prv=&type=&ps=&cme=-qkzMpzS_SL13muOchH1dq_9-3DF69YUVdoGsq91pcKO4C132IYC4L6WzzzhbzAqNaz6KSOByFPVxX6RiQIb7KxCxsePbCboDW5xt5QdB2toqjOjOJQH7XaiA87mJon8vgnDduAPJSMyslJKVMqQuX4rQHHRcMKubavdvx1EtyoQF0IGNxrQ9y76MTZhayLG6gGvTttUOOB1v3UUGEzInO05d-8vzsiAk6yM3RjYY9I%3D%7C%7CNDHRnZ9Gz3KXlI-i9OnZqQ%3D%3D%7C5gDUJdTGiJzedmq9hanWYg%3D%3D%7CsRBSg3CPSiQ%3D%7C-nrsaAT2Xj1LE8q9GFkBJefl-gSPkLwEjBRdi3hR1Hq79XbB9dJ6_Xll_kX2syjwtpLtgM7k1NdA8VINCKMeKg8mcNbPdYvE15QF7jBsH_c%3D%7CN7fu2vKt8_s%3D%7CG9p_T8SVnpn4mVEvMRJbuo5kkUxSOb02p_p2iAvdKQeRES4rBOrA3j32Uek9p5GHXUxXKPxlliTBE2UpOvDWq_HizPrRBhSloMpvpS9wNrfXKxJ_lA7ut6A6NvkqBTjKLUjEb6yCpW1Hf3BWeM9ISK94_Ya5BbwCi5wo-9anszqa7D_O7oQi8_Djc6l1XjEepm4oqZVfGkeCCjqapD4qyZZNqbbX7jqK%7C&hint=&td=&cc=DE&wsip=2886781336&bca=0&ugd=4&vgd_chost=contextual.media.net&vgd_fcic=1&vgde_kbbh=WoNWNY&vgde_setid=NW&&rc=0&ksu=207&fdkt=439&kwd[]=Tips%20to%20Prevent%20Ransomware&kwt[]=439&kbc[]=1261626550&kwp[]=1&kid[]=329660538&kbc2[]=clust%3D1%7C%7Ccomputers%20%26%20electronics%20%3E%20computer%20security%7C%7Cdiff%3D1%7C%7Csetid%3D3%7C%7Cps%3D0.966%7C%7Crpc%3D0.56%7C%7Clvl%3D1.00&ktd[]=864693602373472512&kwd[]=Top%20Anti%20-%20Ransomware%20Software&kwt[]=439&kbc[]=1261626550&kwp[]=2&kid[]=330150788&kbc2[]=clust%3D1%7C%7Ccomputers%20%26%20electronics%20%3E%20computer%20security%7C%7Cdiff%3D1%7C%7Csetid%3D3%7C%7Cps%3D0.966%7C%7Crpc%3D0.29%7C%7Clvl%3D1.00&ktd[]=864693602373472512&kwd[]=Best%20Ransomware%20Protection%20Tools&kwt[]=439&kbc[]=1261626550&kwp[]=3&kid[]=330029440&kbc2[]=clust%3D1%7C%7Ccomputers%20%26%20electronics%20%3E%20computer%20security%7C%7Cdiff%3D1%7C%7Csetid%3D3%7C%7Cps%3D0.966%7C%7Crpc%3D0.49%7C%7Clvl%3D1.17&ktd[]=864693602373472512&kwd[]=Malware%20Detection%20Software&kwt[]=439&kbc[]=1261626550&kwp[]=4&kid[]=118382350&kbc2[]=clust%3D1%7C%7Ccomputers%20%26%20electronics%20%3E%20computer%20security%7C%7Cdiff%3D1%7C%7Csetid%3D7%7C%7Cps%3D0.966%7C%7Crpc%3D0.03%7C%7Clvl%3D1.00&ktd[]=2017615106980319488&kwd[]=Best%20Anti-Ransomware%20Software&kwt[]=439&kbc[]=1261626550&kwp[]=5&kid[]=326729916&kbc2[]=clust%3D1%7C%7Ccomputers%20%26%20electronics%20%3E%20computer%20security%7C%7Cdiff%3D1%7C%7Csetid%3D4%7C%7Cps%3D0.966%7C%7Crpc%3D0.12%7C%7Clvl%3D2.25&ktd[]=1152923978525184256&rand=1633778160975&cid=8CU5BD6EW&vwid=1633778160556117438&vi=1633778160556117438&l3ch=1&slnkp=no&tdAdd[]=ib=0&vgd_uspa=0&vgd_sc=HE&vgd_l1rakh=1633778160111034931&vgd_l1rhst=contextual.media.net&vgd_lhl=951&tdAdd[]=%7C%40%7Csde%3D1%7C%40%7Cadepth%3D1%7C%40%7Cddepth%3D1%7C%40%7Cfsap%3D0&vgd_ifrmode=00&sttm=1633778160669&upk=1633778161.28902&hvsid=00001633778160669036324922887187&verid=3121199&kbbq=%26sde%3D1%26adepth%3D1%26ddepth%3D1%26asn%3D62651&vgd_isiolc=1&npgv=1&pid=8PO9OT5EW&katen=1&pc=9&vgd_pgid=p056649247t202110091116&matm=1633778160978&vgd_ltime=408&vgd_ltimesrc=2&abpl=2&tdAdd[]=nw%3DNone&tdAdd[]=nwType%3DNone&tdAdd[]=asnum%3D62651&tdAdd[]=proxy%3DNone&tdAdd[]=comp%3DNone&vgd_l3_sc=HE&vgd_l1ch=1&vgd_katid=801338178&vgd_katbid=-21&vgd_kals=ttype%3D10002%7C%7Cpc%3D9&vgd_kasts=tstype%3D-10408%7C%7Cgbid%3D-1&vgd_altbql=sb&vgd_pdtid=1&vgd_implt=3&vgd_sbSup=1&vgd_l2wsip=2886781042&vgd_nrrsf=nrr&vgd_nrrv=72800&vgd_nrrs=72800&vgd_nrrmf=4a&vgd_cntrdt=AS%7CDIV-184323154%7CDIV&vgd_x_pos=980&vgd_y_pos=413&vgd_ren_page_h=3975&vgd_cty=FRANKFURT&vgd_l1hcsd=N5%7C6737&vgd_sethcsd=N6%7C6640&vgd_cfud=200309&vgd_is_amp=0&vgd_icat=608&vgd_spcat=500434&vgd_optout=0&vgd_l2ch=1&vgd_ect=4g&vgd_rensize=300_250&vgd_scr_h=1200&vgd_scr_w=1600&vgd_mbr=1&vgd_l1rpth=%2Fdmedianet.js&vgd_pgids=2&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F123136%2Fmalware%2Fcox-media-group-ransomware.html&oRurl=http%3A%2F%2Fcdn3%2Fmediamain.html%3F%26nb%3D1%26settings%3D1%26%26cc%3DDE%26isOffice%3D0%26fvips%3D0%26vi%3D1633778036924363107%26lw%3D1%26esi%3D1%26size%3D300x250%26crid%3D184323154%26vpf%3D000%26cid%3D8CU5BD6EW%26ugd%3D4%26chost%3Dcontextual.media.net%26vif%3D1%26blacpfl%3D1%26https%3D1%26blapd%3D0%26nse%3D5%26baeFlag%3D1%26cpcd%3DRlAcVccC-RdUYIl-LjF9ag%253d%253d%26nb%3D1%26cb%3Dwindow._mNDetails.initAd%26gdpr%3D1%26pid%3D8PO9OT5EW%26requrl%3Dhttps%253a%252f%252fsecurityaffairs.co%252fwordpress%252f123136%252fmalware%252fcox-media-group-ransomware.html%26%26katid%3D801338178%26katen%3D1%26katbid%3D-21&tdAdd[]=uiparams%3D%3Brend_w%3A300%3Brend_h%3A250%3Bwin_w%3A1600%3Bwin_h%3A1200%3Bkwd_scnt%3A5&vgd_end=1

Requested by

Host: contextual.media.net
URL: https://contextual.media.net/4a/nrrV72800.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

c787e9dd6dc8ea3c935f5f0f30e3b9e4a3e066b4619bb244f569883f8e318a24

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=21600
server: Apache
date: Sat, 09 Oct 2021 11:16:01 GMT
ntcoent-length: 15
vary: Accept-Encoding
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
content-length: 15
expires: Sat, 09 Oct 2021 11:16:01 GMT

POST
H2 200 log
navvy.media.net/ Frame 8690 35 B
97 B 163ms
162ms Ping
image/gif 34.102.149.62
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://navvy.media.net/log
Requested by: Host: contextual.media.net
URL: https://contextual.media.net/4a/nrrV72800.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.102.149.62 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 62.149.102.34.bc.googleusercontent.com
Software: Jetty(9.4.7.v20170914) /
Resource Hash: 796c46ec10bc9105545f6f90d51593921b69956bd9087eb72bee83f40ad86f90

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Sat, 09 Oct 2021 11:16:01 GMT
via: 1.1 google
server: Jetty(9.4.7.v20170914)
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=0, no-cache,no-store
alt-svc: clear
content-length: 35
expires: Sat, 09 Oct 2021 11:16:01 GMT

OPTIONS
H2 200 json
gum.criteo.com/sid/ Frame 0
0 41ms
14ms Preflight
application/json 178.250.2.146
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fsecurityaffairs.co%2F&domain=securityaffairs.co&cw=1&lsw=1

Protocol

Server

178.250.2.146 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Origin: https://securityaffairs.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
content-type: application/json; charset=utf-8
expires: 0
strict-transport-security: max-age=31536000
access-control-allow-origin: https://securityaffairs.co
access-control-allow-headers: content-type
access-control-allow-credentials: true
access-control-allow-methods: GET
server-processing-duration-in-ticks: 1457
date: Sat, 09 Oct 2021 11:16:00 GMT
content-encoding: gzip
vary: Accept-Encoding

GET
H2 200 json Show response
gum.criteo.com/sid/ 350 B
628 B 39ms
14ms XHR
application/json 178.250.2.146
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fsecurityaffairs.co%2F&domain=securityaffairs.co&cw=1&lsw=1

Requested by

Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.146 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

cf55a0918df240c8622a21e40a5ee1c34f59bf622d72c2abfe7f5b6d3d9b0cc7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: application/json

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000
content-encoding: gzip
date: Sat, 09 Oct 2021 11:16:00 GMT
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: https://securityaffairs.co
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 2381
expires: 0

POST
H/1.1 200 529.json Show response
id5-sync.com/g/v2/ 213 B
536 B 35ms
9ms XHR
application/json 51.89.7.110
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://id5-sync.com/g/v2/529.json

Requested by

Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

51.89.7.110 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

p23.id5-sync.com

Software

Resource Hash

4d9bfe5ae41b72e251f8cc8ce961cb76cf67142be8bc650fdec8fd371cb08112

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: https://securityaffairs.co
Date: Sat, 09 Oct 2021 11:15:50 GMT
Access-Control-Allow-Credentials: true
Vary: Origin
Transfer-Encoding: chunked
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
Content-Type: application/json;charset=UTF-8

GET envelope
api.rlcdn.com/api/identity/ 0
0

GET
H2 200 rid Show response
match.adsrvr.org/track/ 109 B
545 B 102ms
33ms XHR
application/json 13.248.242.197
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://match.adsrvr.org/track/rid?ttd_pid=yoni5uv&fmt=json
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.248.242.197 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a97adde81b00f2ca4.awsglobalaccelerator.com
Software: /
Resource Hash: 8f6e645d8cfd2330848cac2ca5c0ce84d2a4940b7c00ef559076bc71148063c3

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

date: Sat, 09 Oct 2021 11:16:01 GMT
x-aspnet-version: 4.0.30319
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://securityaffairs.co
cache-control: private
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Content-Length, Content-Encoding, Vary, Cache-Control, Accept
content-length: 109
expires: Mon, 08 Nov 2021 11:16:01 GMT

GET
H/1.1

200
OK

bounce Show response
secure.adnxs.com/
Redirect Chain

https://secure.adnxs.com/seg?add=27578926%2C27578926&t=1
https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D27578926%252C27578926%26t%3D1

0
1008 B

8ms
8ms

Script
application/javascript

37.252.172.38
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D27578926%252C27578926%26t%3D1

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.172.38 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

690.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 09 Oct 2021 11:16:01 GMT
X-Proxy-Origin: 216.131.111.174; 216.131.111.174; 690.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid: 77453dad-d67c-4c8f-b39f-a4f5ca2b39d1
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/javascript; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Sat, 09 Oct 2021 11:16:01 GMT
X-Proxy-Origin: 216.131.111.174; 216.131.111.174; 690.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid: 1aff0a74-ba33-4503-a355-e5d041efdfdc
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D27578926%252C27578926%26t%3D1
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200
OK

bounce Show response
secure.adnxs.com/
Redirect Chain

https://secure.adnxs.com/seg?add=27578935%2C27578935&t=1
https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D27578935%252C27578935%26t%3D1

0
1009 B

8ms
7ms

Script
application/javascript

37.252.172.38
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D27578935%252C27578935%26t%3D1

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.172.38 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

690.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 09 Oct 2021 11:16:01 GMT
X-Proxy-Origin: 216.131.111.174; 216.131.111.174; 690.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid: 642de8c7-29cc-4c39-b08a-62aa8114a50f
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/javascript; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Sat, 09 Oct 2021 11:16:01 GMT
X-Proxy-Origin: 216.131.111.174; 216.131.111.174; 690.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid: 42915458-577e-4f1a-b5fe-f71ecc577d26
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D27578935%252C27578935%26t%3D1
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H/1.1 200
OK cookie_sync Show response
prebidserver.pixfuture.com/ 288 B
660 B 274ms
93ms XHR
application/json 157.245.94.128
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://prebidserver.pixfuture.com/cookie_sync
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 157.245.94.128 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: f7a761c71e69933698cdf0bbe387fbeebeb3de97c36e692f1f924cdeadce993b

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Sat, 09 Oct 2021 11:16:01 GMT
Server: nginx/1.14.0 (Ubuntu)
Vary: Origin
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://securityaffairs.co
Cache-Control: no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 288
Expires: 0

POST
H/1.1 200
OK auction Show response
prebidserver.pixfuture.com/openrtb2/ 229 B
586 B 770ms
590ms XHR
application/json 157.245.94.128
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://prebidserver.pixfuture.com/openrtb2/auction
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 157.245.94.128 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: 2195c22fcc88cf1182fcc92704ee62f6558c79387b007cb61e7ac8914522302f

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Sat, 09 Oct 2021 11:16:02 GMT
Server: nginx/1.14.0 (Ubuntu)
Vary: Origin
Content-Type: application/json
Access-Control-Allow-Origin: https://securityaffairs.co
Cache-Control: no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 229
Expires: 0

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ 0
61 B 42ms
14ms XHR
text/plain 185.64.189.112
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://securityaffairs.co
date: Sat, 09 Oct 2021 11:16:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 144 B
1 KB 108ms
93ms XHR
application/json 37.252.172.45
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.172.45 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

693.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

f1d5c3c3460d4656b5a8d6c42a1f4351a508274e35b0ba2f2876790ffe43b514

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Sat, 09 Oct 2021 11:16:01 GMT
X-Proxy-Origin: 216.131.111.174; 216.131.111.174; 693.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid: b70e75ce-487f-44ff-88f5-a4014b8b30fb
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://securityaffairs.co
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 144
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 arj Show response
pixfuture2-d.openx.net/w/1.0/ 173 B
360 B 77ms
49ms XHR
application/json 34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://pixfuture2-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F123136%2Fmalware%2Fcox-media-group-ransomware.html&ch=UTF-8&res=1600x1200x24&ifr=false&tz=0&tws=1600x1200&be=1&bc=hb_pb_3.0.3&dddid=1ab976b8-9026-4e3a-ab8b-3a802726e7c6&nocache=1633778161302&pubcid=42ee46b4-a353-4941-86cb-eb97c0e98720&schain=1.0%2C1!pixfuture.com%2C4142%2C1%2C%2C%2C&aus=320x50&divids=24272x320x50x4142x_ADSLOT1&aucs=&auid=540580841&tps=bXlrZXl3b3JkPWNveCxtZWRpYSxncm91cCx0b29rLGRvd24sYnJvYWRjYXN0cyxhZnRlcixyYW5zb213YXJlLGF0dGFja3NlY3VyaXR5LGFmZmFpcnMmbXlvdGhlcmtleXdvcmQ9Y294LG1lZGlhLGdyb3VwLHRvb2ssZG93bixicm9hZGNhc3RzLGFmdGVyLHJhbnNvbXdhcmUsYXR0YWNrc2VjdXJpdHksYWZmYWlycw%3D%3D
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/16.216.4 /
Resource Hash: 4197f3d1b5e63b9a4de73e357e0631c0fb1777d4a81e4c96cc6f2d52e20866b3

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sat, 09 Oct 2021 11:16:01 GMT
content-encoding: gzip
server: OXGW/16.216.4
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: https://securityaffairs.co
cache-control: private, max-age=0, no-cache
access-control-allow-credentials: true
content-type: application/json
alt-svc: clear
content-length: 164
via: 1.1 google
expires: Mon, 26 Jul 1997 05:00:00 GMT

POST
H2 200 hb Show response
ssc.33across.com/api/v1/ 66 B
158 B 137ms
106ms XHR
application/json 34.149.20.76
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://ssc.33across.com/api/v1/hb?guid=azC7qard4r6OkMaKlId8sQ
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.149.20.76 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 76.20.149.34.bc.googleusercontent.com
Software: / 33Across
Resource Hash: cdebd1e02f876608de43594c404dd01c6c3be9f08e0e09da23503ceb4bddb35c

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

date: Sat, 09 Oct 2021 11:16:01 GMT
content-encoding: gzip
status: 200 OK
x-powered-by: 33Across
vary: Accept-Encoding, Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://securityaffairs.co
access-control-allow-credentials: true
alt-svc: clear
via: 1.1 google

POST
H2 200 prebid Show response
prebid.media.net/rtb/ 1 KB
803 B 60ms
30ms XHR
application/json 34.107.148.139
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.media.net/rtb/prebid?cid=8CUIUMTP7
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.107.148.139 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 139.148.107.34.bc.googleusercontent.com
Software: nginx /
Resource Hash: 2db485570fc77a7d1553e2422a810f100bfcd0edec9eff9e950ccd60871c8c4f

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sat, 09 Oct 2021 11:16:01 GMT
content-encoding: gzip
server: nginx
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://securityaffairs.co
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
alt-svc: clear
via: 1.1 google

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 241 B
1 KB 101ms
79ms XHR
application/json 69.173.144.143
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=23564&site_id=378734&zone_id=2094440&size_id=43&p_pos=atf&rp_schain=1.0,1!pixfuture.com,4142,1,,,&rf=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F123136%2Fmalware%2Fcox-media-group-ransomware.html&tk_flint=pbjs_lite_v5.9.0-pre&x_source.tid=1ab976b8-9026-4e3a-ab8b-3a802726e7c6&p_screen_res=1600x1200&rp_floor=0.1&rp_secure=1&rp_maxbids=1&slots=1&rand=0.34714954913705975
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 69.173.144.143 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.16.0 /
Resource Hash: 9e4ccd704e2071c0e1ba212934540af4ec8c36975d1127349b760bde99c8c7bb

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Sat, 09 Oct 2021 11:16:01 GMT
Server: nginx/1.16.0
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://securityaffairs.co
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Content-Length: 241
Expires: Wed, 17 Sep 1975 21:32:10 GMT

POST
H/1.1 200
OK bid Show response
ap.lijit.com/rtb/ 24 B
650 B 464ms
156ms XHR
application/json 63.251.14.14
SINGLEHOP-LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://ap.lijit.com/rtb/bid?src=prebid_prebid_5.9.0-pre
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 63.251.14.14 , United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
Software: /
Resource Hash: 133a7caae9bf65879965c923cdc7de628263d65c7312d61d078f13c4de676fce

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

Date: Sat, 09 Oct 2021 11:16:01 GMT
Vary: Accept-Encoding, User-Agent
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Content-Type: application/json
Access-Control-Allow-Origin: https://securityaffairs.co
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap1sea1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 24

GET
H/1.1 200
OK trinity.json Show response
apex.go.sonobi.com/ 94 B
732 B 92ms
38ms XHR
application/json 178.162.133.150
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL

https://apex.go.sonobi.com/trinity.json?key_maker=%7B%221848fe9c417ee9%22%3A%22277a716b3c3b01668abf%7C320x50%7Cf%3D0.3%22%7D&ref=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F123136%2Fmalware%2Fcox-media-group-ransomware.html&s=aed6d071-3244-4adb-b6f1-44057c43c612&pv=c2ed527c-3c6b-44df-b911-362f77c75059&vp=desktop&lib_name=prebid&lib_v=5.9.0-pre&us=0&ius=1&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22pixfuture.com%22%2C%22sid%22%3A%224142%22%2C%22hp%22%3A1%7D%5D%7D&kw=cox%2Cmedia%2Cgroup%2Ctook%2Cdown%2Cbroadcasts%2Cafter%2Cransomware%2Cattacksecurity%2Caffairs&coppa=0

Requested by

Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.150 Rotterdam, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

ams-1-apex.go.sonobi.com

Software

sonobi-go /

Resource Hash

b7550b81db2af20587eec40614b9fa25b3aa00cb368e173d4d6e2daddc4e944d

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Sat, 09 Oct 2021 11:16:01 GMT
Content-Encoding: gzip
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: apex-ams-1-6-9
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin: https://securityaffairs.co
Cache-Control: no-cache, no-store, private
Access-Control-Allow-Credentials: true
Tcn: Choice
Content-Type: application/json
Content-Length: 119
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

POST
H2 204 v1 Show response
btlr.sharethrough.com/WYu2BXv1/ 0
115 B 91ms
73ms XHR
text/plain 35.157.16.220
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/WYu2BXv1/v1
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.157.16.220 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-157-16-220.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://securityaffairs.co
date: Sat, 09 Oct 2021 11:16:01 GMT
access-control-allow-credentials: true
vary: Origin

POST
H/1.1 200
OK auction Show response
prebidserver.pixfuture.com/openrtb2/ 154 B
511 B 301ms
122ms XHR
application/json 157.245.94.128
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://prebidserver.pixfuture.com/openrtb2/auction
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 157.245.94.128 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: 163a8b5849ab57c8d73527839fa9a10457c47fa14df4be89742e1f729d42c20b

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Sat, 09 Oct 2021 11:16:01 GMT
Server: nginx/1.14.0 (Ubuntu)
Vary: Origin
Content-Type: application/json
Access-Control-Allow-Origin: https://securityaffairs.co
Cache-Control: no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 154
Expires: 0

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ 0
117 B 31ms
14ms XHR
text/plain 185.64.189.112
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://securityaffairs.co
date: Sat, 09 Oct 2021 11:15:59 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true

POST
H2 200 hb Show response
ssc.33across.com/api/v1/ 66 B
290 B 128ms
104ms XHR
application/json 34.149.20.76
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://ssc.33across.com/api/v1/hb?guid=azC7qard4r6OkMaKlId8sQ
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.149.20.76 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 76.20.149.34.bc.googleusercontent.com
Software: / 33Across
Resource Hash: 8ba3dea1787caa48ddce2eb19b7db92e6cddb0dd4c547763775d3fbcb98c22e2

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

date: Sat, 09 Oct 2021 11:16:01 GMT
content-encoding: gzip
status: 200 OK
x-powered-by: 33Across
vary: Accept-Encoding, Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://securityaffairs.co
access-control-allow-credentials: true
alt-svc: clear
via: 1.1 google

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 15 KB
8 KB 129ms
115ms XHR
application/json 37.252.172.45
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.172.45 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

693.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

1179651121207094233fc04893419bdbc6b92c1bd01939772d5cb4fe9ac74ca4

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

Date: Sat, 09 Oct 2021 11:16:01 GMT
Content-Encoding: gzip
Transfer-Encoding: chunked
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 216.131.111.174; 216.131.111.174; 693.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: 6118e583-031e-4164-8ec1-bf393052639a
Server: nginx/1.17.9
Vary: Accept-Encoding
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://securityaffairs.co
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 arj Show response
pixfuture2-d.openx.net/w/1.0/ 173 B
562 B 54ms
35ms XHR
application/json 34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://pixfuture2-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F123136%2Fmalware%2Fcox-media-group-ransomware.html&ch=UTF-8&res=1600x1200x24&ifr=false&tz=0&tws=1600x1200&be=1&bc=hb_pb_3.0.3&dddid=30cd6d4f-07f3-46af-abba-d278f90a4b15&nocache=1633778161312&pubcid=42ee46b4-a353-4941-86cb-eb97c0e98720&schain=1.0%2C1!pixfuture.com%2C4142%2C1%2C%2C%2C&aus=300x250&divids=24270x300x250x4142x_ADSLOT1&aucs=&auid=540580840&tps=bXlrZXl3b3JkPWNveCxtZWRpYSxncm91cCx0b29rLGRvd24sYnJvYWRjYXN0cyxhZnRlcixyYW5zb213YXJlLGF0dGFja3NlY3VyaXR5LGFmZmFpcnMmbXlvdGhlcmtleXdvcmQ9Y294LG1lZGlhLGdyb3VwLHRvb2ssZG93bixicm9hZGNhc3RzLGFmdGVyLHJhbnNvbXdhcmUsYXR0YWNrc2VjdXJpdHksYWZmYWlycw%3D%3D
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/16.216.4 /
Resource Hash: 11d1a2e9664a8e39637c4c6b5576d5b75f1721b8195c1a5378b00979110ab3cd

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sat, 09 Oct 2021 11:16:01 GMT
content-encoding: gzip
server: OXGW/16.216.4
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: https://securityaffairs.co
cache-control: private, max-age=0, no-cache
access-control-allow-credentials: true
content-type: application/json
alt-svc: clear
content-length: 165
via: 1.1 google
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H/1.1 200
OK trinity.json Show response
apex.go.sonobi.com/ 95 B
735 B 94ms
39ms XHR
application/json 178.162.133.150
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL

https://apex.go.sonobi.com/trinity.json?key_maker=%7B%2233fbec2eb71a5da%22%3A%22833199e4bd4003904bc3%7C300x250%7Cf%3D0.3%22%7D&ref=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F123136%2Fmalware%2Fcox-media-group-ransomware.html&s=2b864e8d-1383-4c52-af36-d13409ad942b&pv=c2ed527c-3c6b-44df-b911-362f77c75059&vp=desktop&lib_name=prebid&lib_v=5.9.0-pre&us=0&ius=1&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22pixfuture.com%22%2C%22sid%22%3A%224142%22%2C%22hp%22%3A1%7D%5D%7D&kw=cox%2Cmedia%2Cgroup%2Ctook%2Cdown%2Cbroadcasts%2Cafter%2Cransomware%2Cattacksecurity%2Caffairs&coppa=0

Requested by

Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.150 Rotterdam, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

ams-1-apex.go.sonobi.com

Software

sonobi-go /

Resource Hash

9a77ca5e8c19cfb4cb2d17938084ceea2917151c4aee3cfbd4950d026fe08d67

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Sat, 09 Oct 2021 11:16:01 GMT
Content-Encoding: gzip
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: apex-ams-1-6-10
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin: https://securityaffairs.co
Cache-Control: no-cache, no-store, private
Access-Control-Allow-Credentials: true
Tcn: Choice
Content-Type: application/json
Content-Length: 120
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

GET
H/1.1 200
OK bidRequest Show response
c2shb.ssp.yahoo.com/ 62 B
478 B 35ms
18ms XHR
application/json 18.156.195.47
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a969105017575db4f32dc2eda5c0067&pos=pixfuture_network_news_300x250&cmd=bid&secure=1
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 18.156.195.47 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-156-195-47.eu-central-1.compute.amazonaws.com
Software: ATS/7.1.2.138 /
Resource Hash: 475aced7cfbc2ecfeb311a3a89e8565678b7704c5228b2b716dade8e649244ab

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

Date: Sat, 09 Oct 2021 11:16:01 GMT
Server: ATS/7.1.2.138
Age: 0
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Methods: POST,GET,HEAD,OPTIONS
Content-Type: application/json;charset=utf-8
Access-Control-Allow-Origin: https://securityaffairs.co
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 62

POST
H/1.1 200
OK bid Show response
ap.lijit.com/rtb/ 24 B
650 B 457ms
154ms XHR
application/json 63.251.14.14
SINGLEHOP-LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://ap.lijit.com/rtb/bid?src=prebid_prebid_5.9.0-pre
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 63.251.14.14 , United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
Software: /
Resource Hash: 95726387adff132b92b204994b55ae2bf3697e85c11b1118b7b1f5cd49f127e3

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

Date: Sat, 09 Oct 2021 11:16:01 GMT
Vary: Accept-Encoding, User-Agent
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Content-Type: application/json
Access-Control-Allow-Origin: https://securityaffairs.co
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap1sea1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 24

POST
H2 200 prebid Show response
prebid.media.net/rtb/ 1 KB
665 B 52ms
30ms XHR
application/json 34.107.148.139
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.media.net/rtb/prebid?cid=8CUIUMTP7
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.107.148.139 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 139.148.107.34.bc.googleusercontent.com
Software: nginx /
Resource Hash: 731ede6ad20c2ba4fdca4a75fffa85e43d67174fd67167356bfbd969b478e52e

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sat, 09 Oct 2021 11:16:01 GMT
content-encoding: gzip
server: nginx
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://securityaffairs.co
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
alt-svc: clear
via: 1.1 google

POST
H2 204 v1 Show response
btlr.sharethrough.com/WYu2BXv1/ 0
114 B 108ms
97ms XHR
text/plain 35.157.16.220
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/WYu2BXv1/v1
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.157.16.220 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-157-16-220.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://securityaffairs.co
date: Sat, 09 Oct 2021 11:16:01 GMT
access-control-allow-credentials: true
vary: Origin

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 241 B
1 KB 114ms
93ms XHR
application/json 69.173.144.143
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=23564&site_id=378734&zone_id=2094440&size_id=15&p_pos=atf&rp_schain=1.0,1!pixfuture.com,4142,1,,,&rf=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F123136%2Fmalware%2Fcox-media-group-ransomware.html&tk_flint=pbjs_lite_v5.9.0-pre&x_source.tid=30cd6d4f-07f3-46af-abba-d278f90a4b15&p_screen_res=1600x1200&rp_floor=0.1&rp_secure=1&rp_maxbids=1&slots=1&rand=0.21521071185205365
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 69.173.144.143 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.16.0 /
Resource Hash: e116609c20b9b93216ad0a073d9aa20251d1cf5983ef60a92cd00a11f6d647f7

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Sat, 09 Oct 2021 11:16:01 GMT
Server: nginx/1.16.0
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://securityaffairs.co
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Content-Length: 241
Expires: Wed, 17 Sep 1975 21:32:10 GMT

POST
H/1.1 200
OK auction Show response
prebidserver.pixfuture.com/openrtb2/ 229 B
586 B 770ms
591ms XHR
application/json 157.245.94.128
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://prebidserver.pixfuture.com/openrtb2/auction
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 157.245.94.128 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: dc80f51f58c62e1c322629569a1b55c702c3b4f0529ddecb1d1d9f30256e6586

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Sat, 09 Oct 2021 11:16:02 GMT
Server: nginx/1.14.0 (Ubuntu)
Vary: Origin
Content-Type: application/json
Access-Control-Allow-Origin: https://securityaffairs.co
Cache-Control: no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 229
Expires: 0

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 240 B
1 KB 100ms
79ms XHR
application/json 69.173.144.143
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=23564&site_id=378734&zone_id=2094440&size_id=2&p_pos=atf&rp_schain=1.0,1!pixfuture.com,4142,1,,,&eid_id5-sync.com=0%5E1%5E&rf=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F123136%2Fmalware%2Fcox-media-group-ransomware.html&tk_flint=pbjs_lite_v5.9.0-pre&x_source.tid=705d3faa-c584-4435-bb86-8f5dbb8c333c&p_screen_res=1600x1200&rp_floor=0.1&rp_secure=1&rp_maxbids=1&slots=1&rand=0.4507123137156954
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 69.173.144.143 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.16.0 /
Resource Hash: 457a26545c0daff606eef16c32b04da69d389a7d94eec68d86dd10a1e2d91560

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Sat, 09 Oct 2021 11:16:01 GMT
Server: nginx/1.16.0
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://securityaffairs.co
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Content-Length: 240
Expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H/1.1 200
OK trinity.json Show response
apex.go.sonobi.com/ 95 B
733 B 63ms
39ms XHR
application/json 178.162.133.150
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL

https://apex.go.sonobi.com/trinity.json?key_maker=%7B%2250d7c2d03e4e3a6%22%3A%22951d83dd852c9348161e%7C728x90%7Cf%3D0.3%22%7D&ref=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F123136%2Fmalware%2Fcox-media-group-ransomware.html&s=299d50f1-63c9-471e-acf8-a5c378d10e0a&pv=c2ed527c-3c6b-44df-b911-362f77c75059&vp=desktop&lib_name=prebid&lib_v=5.9.0-pre&us=0&ius=1&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22pixfuture.com%22%2C%22sid%22%3A%224142%22%2C%22hp%22%3A1%7D%5D%7D&userid=%7B%22id5id%22%3A%220%22%7D&eids=%5B%7B%22source%22%3A%22id5-sync.com%22%2C%22uids%22%3A%5B%7B%22id%22%3A%220%22%2C%22atype%22%3A1%2C%22ext%22%3A%7B%22linkType%22%3A0%7D%7D%5D%7D%5D&kw=cox%2Cmedia%2Cgroup%2Ctook%2Cdown%2Cbroadcasts%2Cafter%2Cransomware%2Cattacksecurity%2Caffairs&coppa=0

Requested by

Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.150 Rotterdam, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

ams-1-apex.go.sonobi.com

Software

sonobi-go /

Resource Hash

88c00fe3c54c2f411ba5adb5f3916514e1589403f8a0b6f2300bc563d8c175a6

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Sat, 09 Oct 2021 11:16:01 GMT
Content-Encoding: gzip
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: apex-ams-1-6-8
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin: https://securityaffairs.co
Cache-Control: no-cache, no-store, private
Access-Control-Allow-Credentials: true
Tcn: Choice
Content-Type: application/json
Content-Length: 120
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

POST
H/1.1 200
OK bid Show response
ap.lijit.com/rtb/ 24 B
650 B 459ms
156ms XHR
application/json 63.251.14.14
SINGLEHOP-LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://ap.lijit.com/rtb/bid?src=prebid_prebid_5.9.0-pre
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 63.251.14.14 , United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
Software: /
Resource Hash: cf25c80a4a645fec21d7172574f492a6569e833c853298d3de9887f08829a47c

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

Date: Sat, 09 Oct 2021 11:16:01 GMT
Vary: Accept-Encoding, User-Agent
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Content-Type: application/json
Access-Control-Allow-Origin: https://securityaffairs.co
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap1sea1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 24

POST
H2 200 hb Show response
ssc.33across.com/api/v1/ 66 B
158 B 107ms
107ms XHR
application/json 34.149.20.76
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://ssc.33across.com/api/v1/hb?guid=azC7qard4r6OkMaKlId8sQ
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.149.20.76 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 76.20.149.34.bc.googleusercontent.com
Software: / 33Across
Resource Hash: 14627da2b98b4778be3e9b5a8f88024df648c23be8565001726af6ad0d97991a

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

date: Sat, 09 Oct 2021 11:16:01 GMT
content-encoding: gzip
status: 200 OK
x-powered-by: 33Across
vary: Accept-Encoding, Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://securityaffairs.co
access-control-allow-credentials: true
alt-svc: clear
via: 1.1 google

GET
H2 200 arj Show response
pixfuture2-d.openx.net/w/1.0/ 173 B
356 B 36ms
36ms XHR
application/json 34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://pixfuture2-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F123136%2Fmalware%2Fcox-media-group-ransomware.html&ch=UTF-8&res=1600x1200x24&ifr=false&tz=0&tws=1600x1200&be=1&bc=hb_pb_3.0.3&dddid=705d3faa-c584-4435-bb86-8f5dbb8c333c&nocache=1633778161376&id5id=0&pubcid=42ee46b4-a353-4941-86cb-eb97c0e98720&schain=1.0%2C1!pixfuture.com%2C4142%2C1%2C%2C%2C&aus=728x90&divids=24274x728x90x4142x_ADSLOT1&aucs=&auid=540580842&tps=bXlrZXl3b3JkPWNveCxtZWRpYSxncm91cCx0b29rLGRvd24sYnJvYWRjYXN0cyxhZnRlcixyYW5zb213YXJlLGF0dGFja3NlY3VyaXR5LGFmZmFpcnMmbXlvdGhlcmtleXdvcmQ9Y294LG1lZGlhLGdyb3VwLHRvb2ssZG93bixicm9hZGNhc3RzLGFmdGVyLHJhbnNvbXdhcmUsYXR0YWNrc2VjdXJpdHksYWZmYWlycw%3D%3D
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/16.216.4 /
Resource Hash: a4e85e908fe8110b176a4a10ba645d9ae99bd07a4759ac26005eb08c380de403

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sat, 09 Oct 2021 11:16:01 GMT
content-encoding: gzip
server: OXGW/16.216.4
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: https://securityaffairs.co
cache-control: private, max-age=0, no-cache
access-control-allow-credentials: true
content-type: application/json
alt-svc: clear
content-length: 164
via: 1.1 google
expires: Mon, 26 Jul 1997 05:00:00 GMT

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ 0
61 B 14ms
14ms XHR
text/plain 185.64.189.112
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://securityaffairs.co
date: Sat, 09 Oct 2021 11:15:59 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true

GET
H/1.1 200
OK bidRequest Show response
c2shb.ssp.yahoo.com/ 62 B
478 B 14ms
14ms XHR
application/json 18.156.195.47
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a969105017575db4f32dc2eda5c0067&pos=pixfuture_network_news_728x90&cmd=bid&eidid5-sync.com=0&secure=1
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 18.156.195.47 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-156-195-47.eu-central-1.compute.amazonaws.com
Software: ATS/7.1.2.138 /
Resource Hash: 3da60cad690052dfd9be535b7a5db8d6a791090acd1d7bf7a966c7bc1ac373e2

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

Date: Sat, 09 Oct 2021 11:16:01 GMT
Server: ATS/7.1.2.138
Age: 0
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Methods: POST,GET,HEAD,OPTIONS
Content-Type: application/json;charset=utf-8
Access-Control-Allow-Origin: https://securityaffairs.co
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 62

POST
H2 200 prebid Show response
prebid.media.net/rtb/ 1 KB
665 B 26ms
26ms XHR
application/json 34.107.148.139
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.media.net/rtb/prebid?cid=8CUIUMTP7
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.107.148.139 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 139.148.107.34.bc.googleusercontent.com
Software: nginx /
Resource Hash: f6aab3dccaf9faefc9fa1f665de243f21a27ba55bbe74eeabeab8dccd6d3b707

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sat, 09 Oct 2021 11:16:01 GMT
content-encoding: gzip
server: nginx
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://securityaffairs.co
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
alt-svc: clear
via: 1.1 google

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 145 B
1 KB 117ms
104ms XHR
application/json 37.252.172.45
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.172.45 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

693.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

72dfb9789b78ac9ad84abfc6c4ed9cc91cc18b1b9cd1a66bd0b230f7f2a56a62

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Sat, 09 Oct 2021 11:16:01 GMT
X-Proxy-Origin: 216.131.111.174; 216.131.111.174; 693.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid: b6be8703-d152-4b6c-a52a-70425ea9e8ff
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://securityaffairs.co
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 145
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H/1.1 200
OK auction Show response
prebidserver.pixfuture.com/openrtb2/ 153 B
510 B 283ms
100ms XHR
application/json 157.245.94.128
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://prebidserver.pixfuture.com/openrtb2/auction
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 157.245.94.128 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: f8ca822d90df0cbfce05340cc7ee92fd65e4d1bc2cce345524d493b6f8a5d8dd

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Sat, 09 Oct 2021 11:16:01 GMT
Server: nginx/1.14.0 (Ubuntu)
Vary: Origin
Content-Type: application/json
Access-Control-Allow-Origin: https://securityaffairs.co
Cache-Control: no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 153
Expires: 0

GET
H/1.1 200
OK trinity.json Show response
apex.go.sonobi.com/ 95 B
737 B 56ms
38ms XHR
application/json 178.162.133.150
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL

https://apex.go.sonobi.com/trinity.json?key_maker=%7B%226955f45cbc23e75%22%3A%22277a716b3c3b01668abf%7C320x50%7Cf%3D0.3%22%7D&ref=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F123136%2Fmalware%2Fcox-media-group-ransomware.html&s=2e6c159b-8bb0-4f0c-bb5f-e4f61badc8cd&pv=c2ed527c-3c6b-44df-b911-362f77c75059&vp=desktop&lib_name=prebid&lib_v=5.9.0-pre&us=0&ius=1&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22pixfuture.com%22%2C%22sid%22%3A%224142%22%2C%22hp%22%3A1%7D%5D%7D&userid=%7B%22id5id%22%3A%220%22%7D&eids=%5B%7B%22source%22%3A%22id5-sync.com%22%2C%22uids%22%3A%5B%7B%22id%22%3A%220%22%2C%22atype%22%3A1%2C%22ext%22%3A%7B%22linkType%22%3A0%7D%7D%5D%7D%5D&kw=cox%2Cmedia%2Cgroup%2Ctook%2Cdown%2Cbroadcasts%2Cafter%2Cransomware%2Cattacksecurity%2Caffairs&coppa=0

Requested by

Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.150 Rotterdam, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

ams-1-apex.go.sonobi.com

Software

sonobi-go /

Resource Hash

b9829a3a6d56d1ea1ded4c5d3afb5417560d59e69e8e292ea70864c1b35002d2

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Sat, 09 Oct 2021 11:16:01 GMT
Content-Encoding: gzip
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: apex-ams-1-6-128
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin: https://securityaffairs.co
Cache-Control: no-cache, no-store, private
Access-Control-Allow-Credentials: true
Tcn: Choice
Content-Type: application/json
Content-Length: 120
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

POST
H2 200 hb Show response
ssc.33across.com/api/v1/ 66 B
158 B 107ms
106ms XHR
application/json 34.149.20.76
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://ssc.33across.com/api/v1/hb?guid=azC7qard4r6OkMaKlId8sQ
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.149.20.76 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 76.20.149.34.bc.googleusercontent.com
Software: / 33Across
Resource Hash: 0ef5d0e6b6304d16341eeb8b1e418cb9541aa10b3415ec7e1593753baf6b6591

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

date: Sat, 09 Oct 2021 11:16:01 GMT
content-encoding: gzip
status: 200 OK
x-powered-by: 33Across
vary: Accept-Encoding, Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://securityaffairs.co
access-control-allow-credentials: true
alt-svc: clear
via: 1.1 google

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 145 B
1 KB 138ms
126ms XHR
application/json 37.252.172.45
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.172.45 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

693.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

d5516f9486f45cfc8dbb22499478302f84c1098928700297f31d7bdc1397c6e6

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Sat, 09 Oct 2021 11:16:01 GMT
X-Proxy-Origin: 216.131.111.174; 216.131.111.174; 693.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid: 59dbe442-8d5e-44bd-8184-0b1db4a39a4b
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://securityaffairs.co
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 145
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ 0
61 B 15ms
14ms XHR
text/plain 185.64.189.112
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://securityaffairs.co
date: Sat, 09 Oct 2021 11:16:01 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true

POST
H/1.1 200
OK bid Show response
ap.lijit.com/rtb/ 24 B
650 B 459ms
155ms XHR
application/json 63.251.14.14
SINGLEHOP-LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://ap.lijit.com/rtb/bid?src=prebid_prebid_5.9.0-pre
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 63.251.14.14 , United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
Software: /
Resource Hash: b1fe2e60726a8ac60f323eb91604d2075d4d73f419ac542a35d52960d3a07523

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

Date: Sat, 09 Oct 2021 11:16:01 GMT
Vary: Accept-Encoding, User-Agent
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Content-Type: application/json
Access-Control-Allow-Origin: https://securityaffairs.co
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap1sea1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 24

GET
H2 200 arj Show response
pixfuture2-d.openx.net/w/1.0/ 173 B
356 B 37ms
37ms XHR
application/json 34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://pixfuture2-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F123136%2Fmalware%2Fcox-media-group-ransomware.html&ch=UTF-8&res=1600x1200x24&ifr=false&tz=0&tws=1600x1200&be=1&bc=hb_pb_3.0.3&dddid=c2c4e28c-8041-4705-8b58-da269b8ea418&nocache=1633778161393&id5id=0&pubcid=42ee46b4-a353-4941-86cb-eb97c0e98720&schain=1.0%2C1!pixfuture.com%2C4142%2C1%2C%2C%2C&aus=320x50&divids=24272x320x50x4142x_ADSLOT1&aucs=&auid=540580841&tps=bXlrZXl3b3JkPWNveCxtZWRpYSxncm91cCx0b29rLGRvd24sYnJvYWRjYXN0cyxhZnRlcixyYW5zb213YXJlLGF0dGFja3NlY3VyaXR5LGFmZmFpcnMmbXlvdGhlcmtleXdvcmQ9Y294LG1lZGlhLGdyb3VwLHRvb2ssZG93bixicm9hZGNhc3RzLGFmdGVyLHJhbnNvbXdhcmUsYXR0YWNrc2VjdXJpdHksYWZmYWlycw%3D%3D
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/16.216.4 /
Resource Hash: b079d821f5ef57e7af92940191b9bd35b4c019a0c26c9ad865cf07ff8e456f54

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sat, 09 Oct 2021 11:16:01 GMT
content-encoding: gzip
server: OXGW/16.216.4
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: https://securityaffairs.co
cache-control: private, max-age=0, no-cache
access-control-allow-credentials: true
content-type: application/json
alt-svc: clear
content-length: 164
via: 1.1 google
expires: Mon, 26 Jul 1997 05:00:00 GMT

POST
H2 204 v1 Show response
btlr.sharethrough.com/WYu2BXv1/ 0
114 B 81ms
81ms XHR
text/plain 35.157.16.220
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/WYu2BXv1/v1
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.157.16.220 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-157-16-220.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://securityaffairs.co
date: Sat, 09 Oct 2021 11:16:01 GMT
access-control-allow-credentials: true
vary: Origin

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 241 B
1 KB 74ms
60ms XHR
application/json 69.173.144.143
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=23564&site_id=378734&zone_id=2094440&size_id=43&p_pos=atf&rp_schain=1.0,1!pixfuture.com,4142,1,,,&eid_id5-sync.com=0%5E1%5E&rf=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F123136%2Fmalware%2Fcox-media-group-ransomware.html&tk_flint=pbjs_lite_v5.9.0-pre&x_source.tid=c2c4e28c-8041-4705-8b58-da269b8ea418&p_screen_res=1600x1200&rp_floor=0.1&rp_secure=1&rp_maxbids=1&slots=1&rand=0.8027779673782325
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 69.173.144.143 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.16.0 /
Resource Hash: 7aad7acc2e32d25e741477b07414433730fc445d02bd3760bc78a8dbb0cb2d43

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Sat, 09 Oct 2021 11:16:01 GMT
Server: nginx/1.16.0
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://securityaffairs.co
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Content-Length: 241
Expires: Wed, 17 Sep 1975 21:32:10 GMT

POST
H2 200 prebid Show response
prebid.media.net/rtb/ 1 KB
665 B 28ms
28ms XHR
application/json 34.107.148.139
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.media.net/rtb/prebid?cid=8CUIUMTP7
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.107.148.139 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 139.148.107.34.bc.googleusercontent.com
Software: nginx /
Resource Hash: 0d5ec876ef1ea640143663087ce31ac9ef725fe2dad968e1b4602331af0a73b1

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sat, 09 Oct 2021 11:16:01 GMT
content-encoding: gzip
server: nginx
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://securityaffairs.co
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
alt-svc: clear
via: 1.1 google

GET
H2 200 / Show response
ads.us.e-planning.net/uspd/1/ Frame A51A 13 B
92 B 52ms
14ms Document
text/html 5.178.65.246
SERVERIUS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.us.e-planning.net/uspd/1/?du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 5.178.65.246 Woerden, Netherlands, ASN50673 (SERVERIUS-AS, NL),
Reverse DNS: ads.us.e-planning.net
Software: openresty /
Resource Hash: b633a587c652d02386c4f16f8c6f6aab7352d97f16367c3c40576214372dd628

Request headers

:method: GET
:authority: ads.us.e-planning.net
:scheme: https
:path: /uspd/1/?du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://securityaffairs.co/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/

Response headers

server: openresty
date: Sat, 09 Oct 2021 11:16:01 GMT
content-type: text/html
content-length: 13
x-sid: AMS-605

GET
H2 200 show_ads.js Show response
pagead2.googlesyndication.com/pagead/ Frame 462E 114 KB
40 KB 90ms
39ms Script
text/javascript 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/show_ads.js

Requested by

Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

4ad6ae36b0eea3069ef5e85dcf59966781624c70222a3f8475c969b2d116f153

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 09 Oct 2021 11:16:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 40775
x-xss-protection: 0
server: cafe
etag: 14695541022875487868
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Sat, 09 Oct 2021 11:16:01 GMT

POST
H2 204 tracking.php Show response
served-by.pixfuture.com/www/headerbid/library/tracking/ 0
309 B 90ms
90ms XHR
text/plain 68.183.31.14
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://served-by.pixfuture.com/www/headerbid/library/tracking/tracking.php
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.10.3 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

pragma: no-cache
date: Sat, 09 Oct 2021 11:16:01 GMT
server: nginx/1.10.3 (Ubuntu)
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: max-age=172800
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
expires: Mon, 11 Oct 2021 11:16:01 GMT

GET
H2 200 show_ads.js Show response
pagead2.googlesyndication.com/pagead/ Frame 7599 114 KB
40 KB 46ms
46ms Script
text/javascript 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/show_ads.js

Requested by

Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

3920733615a2937b99295783734d99a7a3d1a8b824a19f8e09a2b9ec85c820dd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 09 Oct 2021 11:16:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 40893
x-xss-protection: 0
server: cafe
etag: 4549090380087642120
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Sat, 09 Oct 2021 11:16:01 GMT

POST
H2 204 tracking.php Show response
served-by.pixfuture.com/www/headerbid/library/tracking/ 0
309 B 92ms
92ms XHR
text/plain 68.183.31.14
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://served-by.pixfuture.com/www/headerbid/library/tracking/tracking.php
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.10.3 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

pragma: no-cache
date: Sat, 09 Oct 2021 11:16:01 GMT
server: nginx/1.10.3 (Ubuntu)
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: max-age=172800
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
expires: Mon, 11 Oct 2021 11:16:01 GMT

GET
H3 200 show_ads_impl_with_ama_fy2019.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202110040101/ Frame 462E 257 KB
95 KB 73ms
45ms Script
text/javascript 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202110040101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1575911585432548&plah=securityaffairs.co

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/show_ads.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

a2f3c118bd591281d5d16ba63d77ab8c6ab5fb10cf4d24a8f8f6522df6174318

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 09 Oct 2021 11:16:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 97116
x-xss-protection: 0
server: cafe
etag: 5245556918410880553
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Sat, 09 Oct 2021 11:16:01 GMT

GET
H2 200 bqi.php
lg3.media.net/ 15 B
15 B 9ms
8ms Image
text/javascript 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lg3.media.net/bqi.php?lf=3&&vgd_l2type=setting&pid=8PO9OT5EW&katid=807056982&kals=ttype%3D10007%7C%7Cpc%3D16&katen=1&pc=16&kata=aton&katbid=-21&kasts=tstype%3D-10408%7C%7Cgbid%3D-1&cme=-qkzMpzS_SI-XQF9i2HJLddRxGVhVGVn8ODnL6VOBWCQDjiE8GgA1ctQmWZ7sxmpNt3FdMKwi6WAndz3qa3XoSm9hLLH8mnsskg_O5suy6aJSze_tdmxJnbhTzbR4Bi0rZbSw1bGuGXAhbNJ-P8Gj_m2smk0b5gqSfQozAdL82j4RDMUH29X2SQP9hagaf7ecPQOcnyxNDZTL8ZUUCRCUXIfnhgYcHv08nDmpZ1jOVY=||NDHRnZ9Gz3KXlI-i9OnZqQ==|5gDUJdTGiJzedmq9hanWYg==|sRBSg3CPSiQ=|-nrsaAT2Xj1LE8q9GFkBJefl-gSPkLwEjBRdi3hR1Hq79XbB9dJ6_Xll_kX2syjwtpLtgM7k1NdA8VINCKMeKg8mcNbPdYvE15QF7jBsH_c=|N7fu2vKt8_s=|5g_NE0sT80KnmmUMQgex_tUf0TlsYVspHSzLnL7-6FQyZsW0u0PRJQ8K1u9xn9AFlWBnmHdimxcK6WZAo2wvxlGQcZmZeHmOb4YQ_fmk8qDBsgWm_N6KMGj4wBUmsi13h5hMt3x200b8_1sT4T8U8JdEbPqWLp2MvOx_FuCM4JjpNlKAU9DKFcerr-B2zR4fYLooGZ9vFBOxUJmwKmkTkg==|&gdpr=1&prid=8PRHGG6T9&cid=8CU5BD6EW&crid=647633027&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F123136%2Fmalware%2Fcox-media-group-ransomware.html&vi=1633778160811231184&ugd=4&cc=DE&sc=HE&startTime=1633778160681&l2type=setting&vgd_l1rakh=1633778160111034931&l1ch=1&sttm=1633778160682&upk=1633778161.28902&hvsid=00001633778160682036324922889364&verid=3121199&vgd_sc=HE&tdAdd[]=%7C%40%7Csde%3D1%7C%40%7Cadepth%3D1%7C%40%7Cddepth%3D1%7C%40%7Cfsap%3D0&kbbq=%26sde%3D1%26adepth%3D1%26ddepth%3D1&l1hcsd=l1!N5|6737&vgd_l1rhst=contextual.media.net&vgd_uspa=0&vgd_isiolc=1&npgv=1&clp=%7B%7D&cl=%7B%7D&l2ch=1&l2wsip=2886781337&sethcsd=set!N6%7C6640&vgd_pgid=p056649247t202110091116&vgd_pgids=2

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=21600
server: Apache
date: Sat, 09 Oct 2021 11:16:01 GMT
ntcoent-length: 15
vary: Accept-Encoding
content-type: text/javascript;charset=UTF-8
cache-control: max-age=0, no-cache, no-store
content-length: 15
expires: Sat, 09 Oct 2021 11:16:01 GMT

GET
H3 200 show_ads_impl_with_ama_fy2019.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202110070201/ Frame 7599 272 KB
98 KB 70ms
59ms Script
text/javascript 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202110070201/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1575911585432548&plah=securityaffairs.co&bust=31063089

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/show_ads.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

7e71af7270901cc03b17ab3ad5382e669f1a65ca19a13f3224e5f474ebeb0bc7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 09 Oct 2021 11:16:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 99875
x-xss-protection: 0
server: cafe
etag: 12629088024443799852
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Sat, 09 Oct 2021 11:16:01 GMT

GET
H2 200 bqi.php
lg3.media.net/ 15 B
15 B 11ms
10ms Image
text/javascript 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lg3.media.net/bqi.php?lf=3&&vgd_l2type=setting&pid=8PO9OT5EW&katid=801338178&kals=ttype%3D10002%7C%7Cpc%3D9&katen=1&pc=9&kata=aton&katbid=-21&kasts=tstype%3D-10408%7C%7Cgbid%3D-1&cme=-qkzMpzS_SL13muOchH1dq_9-3DF69YUVdoGsq91pcKO4C132IYC4L6WzzzhbzAqNaz6KSOByFPVxX6RiQIb7KxCxsePbCboDW5xt5QdB2toqjOjOJQH7XaiA87mJon8vgnDduAPJSMyslJKVMqQuX4rQHHRcMKubavdvx1EtyoQF0IGNxrQ9y76MTZhayLG6gGvTttUOOB1v3UUGEzInO05d-8vzsiAk6yM3RjYY9I=||NDHRnZ9Gz3KXlI-i9OnZqQ==|5gDUJdTGiJzedmq9hanWYg==|sRBSg3CPSiQ=|-nrsaAT2Xj1LE8q9GFkBJefl-gSPkLwEjBRdi3hR1Hq79XbB9dJ6_Xll_kX2syjwtpLtgM7k1NdA8VINCKMeKg8mcNbPdYvE15QF7jBsH_c=|N7fu2vKt8_s=|G9p_T8SVnpn4mVEvMRJbuo5kkUxSOb02p_p2iAvdKQeRES4rBOrA3j32Uek9p5GHXUxXKPxlliTBE2UpOvDWq_HizPrRBhSloMpvpS9wNrfXKxJ_lA7ut6A6NvkqBTjKLUjEb6yCpW1Hf3BWeM9ISK94_Ya5BbwCi5wo-9anszqa7D_O7oQi8_Djc6l1XjEepm4oqZVfGkeCCjqapD4qyZZNqbbX7jqK|&gdpr=1&prid=8PRHGG6T9&cid=8CU5BD6EW&crid=184323154&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F123136%2Fmalware%2Fcox-media-group-ransomware.html&vi=1633778160556117438&ugd=4&cc=DE&sc=HE&startTime=1633778160667&l2type=setting&vgd_l1rakh=1633778160111034931&l1ch=1&sttm=1633778160669&upk=1633778161.28902&hvsid=00001633778160669036324922887187&verid=3121199&vgd_sc=HE&tdAdd[]=%7C%40%7Csde%3D1%7C%40%7Cadepth%3D1%7C%40%7Cddepth%3D1%7C%40%7Cfsap%3D0&kbbq=%26sde%3D1%26adepth%3D1%26ddepth%3D1&l1hcsd=l1!N5|6737&vgd_l1rhst=contextual.media.net&vgd_uspa=0&vgd_isiolc=1&npgv=1&clp=%7B%7D&cl=%7B%7D&l2ch=1&l2wsip=2886781042&sethcsd=set!N6%7C6640&vgd_pgid=p056649247t202110091116&vgd_pgids=2

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=21600
server: Apache
date: Sat, 09 Oct 2021 11:16:01 GMT
ntcoent-length: 15
vary: Accept-Encoding
content-type: text/javascript;charset=UTF-8
cache-control: max-age=0, no-cache, no-store
content-length: 15
expires: Sat, 09 Oct 2021 11:16:01 GMT

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ Frame 462E 208 B
663 B 87ms
32ms Script
text/javascript 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=securityaffairs.co&callback=_gfp_s_&client=ca-pub-1575911585432548

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202110040101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1575911585432548&plah=securityaffairs.co

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

7f56dd811a561fa2a2e54a3e5481d218365ae000cf7efce0de2761d749840fc7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 09 Oct 2021 11:16:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 197
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ Frame 462E 107 B
853 B 82ms
33ms Script
application/javascript 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=securityaffairs.co

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 09 Oct 2021 11:16:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ Frame 462E 107 B
570 B 89ms
33ms Script
application/javascript 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=securityaffairs.co

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 09 Oct 2021 11:16:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2

200

afr.php Show response
served-by.pixfuture.com/www/delivery/ Frame 0C9E
Redirect Chain

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=250&slotname=Internal_300x250_0.20&adk=3926499402&adf=1480696190&pi=t.ma~as.Internal_300x250_0._&w=300&lm...
https://served-by.pixfuture.com/www/delivery/afr.php

1 KB
1 KB

94ms
93ms

Document
text/html

68.183.31.14
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://served-by.pixfuture.com/www/delivery/afr.php
Requested by: Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202110040101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1575911585432548&plah=securityaffairs.co
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.10.3 (Ubuntu) /
Resource Hash: 64c41a6752147d6209ab9377bd28d1970be83a0a8d8617dfa4ea8dddf0516194

Request headers

:method: GET
:authority: served-by.pixfuture.com
:scheme: https
:path: /www/delivery/afr.php
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://securityaffairs.co/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/

Response headers

server: nginx/1.10.3 (Ubuntu)
date: Sat, 09 Oct 2021 11:16:02 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: max-age=172800 public, no-transform
pragma: no-cache
expires: Mon, 11 Oct 2021 11:16:02 GMT
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-encoding: gzip

Redirect headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
location: https://served-by.pixfuture.com/www/delivery/afr.php
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Sat, 09 Oct 2021 11:16:02 GMT
server: cafe
content-length: 46
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Sat, 09-Oct-2021 11:31:02 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 show_ads.js Show response
pagead2.googlesyndication.com/pagead/ Frame 239C 114 KB
40 KB 48ms
48ms Script
text/javascript 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/show_ads.js

Requested by

Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

6a230091f2c37d71c0612029ca0f64a9667ff62afe3c49ac32a35104e1ad93cb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 09 Oct 2021 11:16:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 40898
x-xss-protection: 0
server: cafe
etag: 9845503017215084348
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Sat, 09 Oct 2021 11:16:02 GMT

POST
H2 204 tracking.php Show response
served-by.pixfuture.com/www/headerbid/library/tracking/ 0
309 B 90ms
89ms XHR
text/plain 68.183.31.14
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://served-by.pixfuture.com/www/headerbid/library/tracking/tracking.php
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.10.3 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

pragma: no-cache
date: Sat, 09 Oct 2021 11:16:02 GMT
server: nginx/1.10.3 (Ubuntu)
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: max-age=172800
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
expires: Mon, 11 Oct 2021 11:16:02 GMT

GET
H3 200 show_ads_impl_with_ama_fy2019.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202110060101/ Frame 239C 272 KB
97 KB 50ms
50ms Script
text/javascript 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202110060101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1575911585432548&plah=securityaffairs.co&bust=31063076

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/show_ads.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

7afaa70cd390947aa9a7cbc9381a4cae87445da63d1af057998f60f606863e91

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 09 Oct 2021 11:16:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 99709
x-xss-protection: 0
server: cafe
etag: 16871093981385614315
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Sat, 09 Oct 2021 11:16:02 GMT

GET
H3 200 show_ads.js Show response
pagead2.googlesyndication.com/pagead/ Frame 00A4 114 KB
40 KB 73ms
73ms Script
text/javascript 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/show_ads.js

Requested by

Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

4ad6ae36b0eea3069ef5e85dcf59966781624c70222a3f8475c969b2d116f153

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 09 Oct 2021 11:16:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 40775
x-xss-protection: 0
server: cafe
etag: 14695541022875487868
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Sat, 09 Oct 2021 11:16:02 GMT

POST
H2 204 tracking.php Show response
served-by.pixfuture.com/www/headerbid/library/tracking/ 0
309 B 90ms
90ms XHR
text/plain 68.183.31.14
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://served-by.pixfuture.com/www/headerbid/library/tracking/tracking.php
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.10.3 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

pragma: no-cache
date: Sat, 09 Oct 2021 11:16:02 GMT
server: nginx/1.10.3 (Ubuntu)
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: max-age=172800
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
expires: Mon, 11 Oct 2021 11:16:02 GMT

GET
H3 200 cookie.js Show response
partner.googleadservices.com/gampad/ Frame 239C 12 B
53 B 60ms
32ms Script
text/javascript 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=securityaffairs.co&callback=_gfp_s_&client=ca-pub-1575911585432548&cookie=ID%3Df9f437f666c7ffce-22b4ae64eeca0094%3AT%3D1633778162%3ART%3D1633778162%3AS%3DALNI_MY9UAQjQQYm-0JVXJ6tr5HmuXY-PA

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202110060101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1575911585432548&plah=securityaffairs.co&bust=31063076

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

daa795332e5dbcf893adf2d5f3349f02b8c1cb957ff3b5f4c11b742e33c3376f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 09 Oct 2021 11:16:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 32
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ Frame 239C 107 B
122 B 63ms
33ms Script
application/javascript 142.250.74.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=securityaffairs.co

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.74.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s02-in-f2.1e100.net

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 09 Oct 2021 11:16:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ Frame 239C 107 B
122 B 75ms
30ms Script
application/javascript 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=securityaffairs.co

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 09 Oct 2021 11:16:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2

200

afr.php Show response
served-by.pixfuture.com/www/delivery/ Frame 26D5
Redirect Chain

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=50&slotname=Internal_320x50_0.10&adk=468307373&adf=1174745095&pi=t.ma~as.Internal_320x50_0.10&w=320&lmt=1...
https://served-by.pixfuture.com/www/delivery/afr.php

1 KB
1 KB

92ms
91ms

Document
text/html

68.183.31.14
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://served-by.pixfuture.com/www/delivery/afr.php
Requested by: Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202110060101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1575911585432548&plah=securityaffairs.co&bust=31063076
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.10.3 (Ubuntu) /
Resource Hash: 64c41a6752147d6209ab9377bd28d1970be83a0a8d8617dfa4ea8dddf0516194

Request headers

:method: GET
:authority: served-by.pixfuture.com
:scheme: https
:path: /www/delivery/afr.php
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://securityaffairs.co/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/

Response headers

server: nginx/1.10.3 (Ubuntu)
date: Sat, 09 Oct 2021 11:16:02 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: max-age=172800 public, no-transform
pragma: no-cache
expires: Mon, 11 Oct 2021 11:16:02 GMT
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-encoding: gzip

Redirect headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
location: https://served-by.pixfuture.com/www/delivery/afr.php
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Sat, 09 Oct 2021 11:16:02 GMT
server: cafe
content-length: 46
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Sat, 09-Oct-2021 11:31:02 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 show_ads_impl_with_ama_fy2019.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202110040101/ Frame 00A4 257 KB
95 KB 46ms
45ms Script
text/javascript 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202110040101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1575911585432548&plah=securityaffairs.co

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/show_ads.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

a2f3c118bd591281d5d16ba63d77ab8c6ab5fb10cf4d24a8f8f6522df6174318

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 09 Oct 2021 11:16:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 97116
x-xss-protection: 0
server: cafe
etag: 5245556918410880553
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Sat, 09 Oct 2021 11:16:02 GMT

GET
H3 200 cookie.js Show response
partner.googleadservices.com/gampad/ Frame 00A4 12 B
53 B 36ms
36ms Script
text/javascript 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

daa795332e5dbcf893adf2d5f3349f02b8c1cb957ff3b5f4c11b742e33c3376f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 09 Oct 2021 11:16:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 32
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ Frame 00A4 107 B
122 B 35ms
35ms Script
application/javascript 142.250.74.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=securityaffairs.co

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.74.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s02-in-f2.1e100.net

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 09 Oct 2021 11:16:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ Frame 00A4 107 B
122 B 29ms
29ms Script
application/javascript 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=securityaffairs.co

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 09 Oct 2021 11:16:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 6092 15 KB
9 KB 349ms
319ms Document
text/html 142.250.74.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=90&slotname=Internal_728x90_0.10&adk=1194620937&adf=1174745092&pi=t.ma~as.Internal_728x90_0.10&w=728&lmt=1633778162&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F123136%2Fmalware%2Fcox-media-group-ransomware.html&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1633778162262&bpp=8&bdt=109&idt=78&shv=r20211006&mjsv=m202110040101&ptt=5&saldr=sa&cookie=ID%3Df9f437f666c7ffce-22b4ae64eeca0094%3AT%3D1633778162%3ART%3D1633778162%3AS%3DALNI_MY9UAQjQQYm-0JVXJ6tr5HmuXY-PA&correlator=1204277754316&frm=21&ife=1&pv=1&ga_vid=1856466030.1633778161&ga_sid=1633778163&ga_hid=778416054&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=320&ady=518&biw=1600&bih=1200&isw=728&ish=90&ifk=2765223853&scr_x=0&scr_y=0&eid=31062949&oid=2&pvsid=824065045266497&pem=643&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.4txy29lqthuf&fsb=1&xpc=asoepayFyQ&p=https%3A//securityaffairs.co&dtd=263

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.74.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s02-in-f2.1e100.net

Software

cafe /

Resource Hash

b09dc328cea60d0eaf04754ae9acf4f233289d3389c8e0b3861f866775dbb14f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-1575911585432548&output=html&h=90&slotname=Internal_728x90_0.10&adk=1194620937&adf=1174745092&pi=t.ma~as.Internal_728x90_0.10&w=728&lmt=1633778162&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F123136%2Fmalware%2Fcox-media-group-ransomware.html&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1633778162262&bpp=8&bdt=109&idt=78&shv=r20211006&mjsv=m202110040101&ptt=5&saldr=sa&cookie=ID%3Df9f437f666c7ffce-22b4ae64eeca0094%3AT%3D1633778162%3ART%3D1633778162%3AS%3DALNI_MY9UAQjQQYm-0JVXJ6tr5HmuXY-PA&correlator=1204277754316&frm=21&ife=1&pv=1&ga_vid=1856466030.1633778161&ga_sid=1633778163&ga_hid=778416054&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=320&ady=518&biw=1600&bih=1200&isw=728&ish=90&ifk=2765223853&scr_x=0&scr_y=0&eid=31062949&oid=2&pvsid=824065045266497&pem=643&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.4txy29lqthuf&fsb=1&xpc=asoepayFyQ&p=https%3A//securityaffairs.co&dtd=263
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://securityaffairs.co/
accept-encoding: gzip, deflate, br
cookie: test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Sat, 09 Oct 2021 11:16:02 GMT
server: cafe
content-length: 8939
x-xss-protection: 0
set-cookie: IDE=AHWqTUnvNDi8pOBDnvFZXHgvXGGNB6-J9zEmeimt1bkykhqjXatjopfOLc8JFQrabb8; expires=Thu, 03-Nov-2022 11:16:02 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none test_cookie=; expires=Fri, 01-Aug-2008 22:45:55 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sat, 09 Oct 2021 11:16:02 GMT
cache-control: private

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 462E 11 KB
8 KB 66ms
35ms XHR
application/json 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20211006&st=env

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

38f06dd6ba47f72f294d49d7f183816c544812d9ea2eaabeac47fb9248f4740a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 09 Oct 2021 11:16:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8499
x-xss-protection: 0

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 239C 11 KB
8 KB 46ms
41ms XHR
application/json 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20211006&st=env

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

1c745d92d28ca29bd6f7d8ddeb320fcbbf975e57f640fe39d75df6cad4e6359f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 09 Oct 2021 11:16:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8516
x-xss-protection: 0

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 462E 17 KB
7 KB 67ms
26ms Script
text/javascript 172.217.16.129
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.129 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s06-in-f129.1e100.net

Software

sffe /

Resource Hash

a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 09 Oct 2021 11:16:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1624308425655142"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6467
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
expires: Sat, 09 Oct 2021 11:16:02 GMT

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 239C 17 KB
6 KB 89ms
51ms Script
text/javascript 172.217.16.129
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.129 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s06-in-f129.1e100.net

Software

sffe /

Resource Hash

a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 09 Oct 2021 11:16:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1624308425655142"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6467
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
expires: Sat, 09 Oct 2021 11:16:02 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/224/ Frame 8AFF 12 KB
5 KB 44ms
14ms Document
text/html 172.217.16.129
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.129 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s06-in-f129.1e100.net

Software

sffe /

Resource Hash

4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/224/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://securityaffairs.co/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5029
date: Sat, 09 Oct 2021 11:11:31 GMT
expires: Sun, 09 Oct 2022 11:11:31 GMT
last-modified: Wed, 02 Jun 2021 17:09:45 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 271
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 0365 783 B
1 KB 95ms
30ms Document
text/html 142.250.185.68
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.68 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f4.1e100.net

Software

GSE /

Resource Hash

e8bd28b00231d308d2bb5f188cad157efb996fe34767aa67c4691e414b889bdf

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-hCUnZ4wzqNIKdjj2bYc2ZA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/aframe
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://securityaffairs.co/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Sat, 09 Oct 2021 11:16:02 GMT
date: Sat, 09 Oct 2021 11:16:02 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-hCUnZ4wzqNIKdjj2bYc2ZA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 514
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 pd Show response
eu-u.openx.net/w/1.0/ Frame D905 668 B
730 B 28ms
27ms Document
text/html 34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/16.216.4 /
Resource Hash: 313c42445d902991c696177cf17f4720b65166723b35b898f665f0a1e18c3c9f

Request headers

:method: GET
:authority: eu-u.openx.net
:scheme: https
:path: /w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://securityaffairs.co/
accept-encoding: gzip, deflate, br
cookie: i=42ee46b4-a353-4941-86cb-eb97c0e98720|1633778161
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/

Response headers

vary: Accept, Accept-Encoding
set-cookie: i=42ee46b4-a353-4941-86cb-eb97c0e98720|1633778161; Version=1; Expires=Sun, 09-Oct-2022 11:16:02 GMT; Max-Age=31536000; Secure; Domain=.openx.net; Path=/; SameSite=None pd=v2|1633778162|gekin0vNiygu; Version=1; Expires=Sun, 24-Oct-2021 11:16:02 GMT; Max-Age=1296000; Secure; Domain=.openx.net; Path=/; SameSite=None
server: OXGW/16.216.4
p3p: CP="CUR ADM OUR NOR STA NID"
date: Sat, 09 Oct 2021 11:16:02 GMT
content-type: text/html
content-length: 419
content-encoding: gzip
via: 1.1 google
alt-svc: clear

GET
H2 200 checksync.php Show response
contextual.media.net/ Frame 0489 22 KB
8 KB 100ms
99ms Document
text/html 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUIUMTP7&prvid=2034%2C2033%2C2011%2C3022%2C3020%2C2030%2C273%2C251%2C175%2C2009%2C255%2C178%2C3018%2C2028%2C3017%2C2027%2C3016%2C236%2C214%2C237%2C2025%2C3014%2C238%2C117%2C97%2C99%2C77%2C38%2C3012%2C3011%2C3010%2C182%2C261%2C141%2C222%2C3007%2C201%2C4%2C301%2C246%2C225%2C203%2C80%2C10000%2C9%2C108&purpose1=1&gdprconsent=0&gdpr=1&usp_status=0&usp_consent=1&itype=PREBID

Requested by

Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

a67342b4b62fa902745ca8919de8545ea4f0e7276941902ea33c1845de9bd6fd

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

:method: GET
:authority: contextual.media.net
:scheme: https
:path: /checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUIUMTP7&prvid=2034%2C2033%2C2011%2C3022%2C3020%2C2030%2C273%2C251%2C175%2C2009%2C255%2C178%2C3018%2C2028%2C3017%2C2027%2C3016%2C236%2C214%2C237%2C2025%2C3014%2C238%2C117%2C97%2C99%2C77%2C38%2C3012%2C3011%2C3010%2C182%2C261%2C141%2C222%2C3007%2C201%2C4%2C301%2C246%2C225%2C203%2C80%2C10000%2C9%2C108&purpose1=1&gdprconsent=0&gdpr=1&usp_status=0&usp_consent=1&itype=PREBID
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://securityaffairs.co/
accept-encoding: gzip, deflate, br
cookie: gdpr_status=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/

Response headers

server: Apache
content-type: text/html; charset=UTF-8
set-cookie: gdpr_status=1; Expires=Tue, 12 Apr 2022 11:16:02 GMT; domain=.media.net; Path=/; sameSite=none; secure=true
x-mnet-hl2: E
strict-transport-security: max-age=604800
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=172800
expires: Mon, 11 Oct 2021 11:16:02 GMT
date: Sat, 09 Oct 2021 11:16:02 GMT
content-length: 8158

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame E8BE 14 KB
5 KB 31ms
8ms Document
text/html 2.18.233.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 2295c7a89c8ac4a19e2641283109be472d8f58bd78e42a38a0d16e34203e4bba

Request headers

:method: GET
:authority: ads.pubmatic.com
:scheme: https
:path: /AdServer/js/user_sync.html?kdntuid=1&p=158127
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://securityaffairs.co/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/

Response headers

last-modified: Tue, 15 Jun 2021 06:08:03 GMT
etag: "1300708-3945-5c4c7cc02bd56"
server: Apache/2.2.15 (CentOS)
accept-ranges: bytes
content-encoding: gzip
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 5054
content-type: text/html; charset=UTF-8
cache-control: max-age=100787
expires: Sun, 10 Oct 2021 15:15:49 GMT
date: Sat, 09 Oct 2021 11:16:02 GMT
vary: Accept-Encoding

GET
H/1.1 200
OK async_usersync.html Show response
acdn.adnxs.com/dmp/ Frame D870 52 KB
17 KB 31ms
9ms Document
text/html 2.18.232.130
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.232.130 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-232-130.deploy.static.akamaitechnologies.com
Software: nginx/1.13.10 /
Resource Hash: 3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Host: acdn.adnxs.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://securityaffairs.co/
Accept-Encoding: gzip, deflate, br
Cookie: anj=dTM7k!M4/8CxrEQF']wIg2In9L4x0>!@wnf-Te9(>wL5L!!'RC$g4pu; icu=ChgI3sJXEAoYASABKAEw8fOFiwY4AUABSAEQ8fOFiwYYAA..; uuid2=361885755173608966
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/

Response headers

Last-Modified: Wed, 02 Dec 2020 20:56:47 GMT
ETag: "5fc7ff8f-cf34"
Server: nginx/1.13.10
Access-Control-Allow-Origin: *
Content-Type: text/html
Content-Encoding: gzip
Content-Length: 17053
Cache-Control: max-age=86402
Expires: Sun, 10 Oct 2021 11:16:04 GMT
Date: Sat, 09 Oct 2021 11:16:02 GMT
Connection: keep-alive
Vary: Accept-Encoding

GET
H2 200 checksync.php Show response
contextual.media.net/ Frame 13BA 22 KB
8 KB 97ms
96ms Document
text/html 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

a67342b4b62fa902745ca8919de8545ea4f0e7276941902ea33c1845de9bd6fd

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

:method: GET
:authority: contextual.media.net
:scheme: https
:path: /checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUIUMTP7&prvid=2034%2C2033%2C2011%2C3022%2C3020%2C2030%2C273%2C251%2C175%2C2009%2C255%2C178%2C3018%2C2028%2C3017%2C2027%2C3016%2C236%2C214%2C237%2C2025%2C3014%2C238%2C117%2C97%2C99%2C77%2C38%2C3012%2C3011%2C3010%2C182%2C261%2C141%2C222%2C3007%2C201%2C4%2C301%2C246%2C225%2C203%2C80%2C10000%2C9%2C108&purpose1=1&gdprconsent=0&gdpr=1&usp_status=0&usp_consent=1&itype=PREBID
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://securityaffairs.co/
accept-encoding: gzip, deflate, br
cookie: gdpr_status=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/

Response headers

server: Apache
content-type: text/html; charset=UTF-8
set-cookie: gdpr_status=1; Expires=Tue, 12 Apr 2022 11:16:02 GMT; domain=.media.net; Path=/; sameSite=none; secure=true
x-mnet-hl2: E
strict-transport-security: max-age=604800
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=172800
expires: Mon, 11 Oct 2021 11:16:02 GMT
date: Sat, 09 Oct 2021 11:16:02 GMT
content-length: 8158

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame C76A 14 KB
5 KB 28ms
9ms Document
text/html 2.18.233.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 2295c7a89c8ac4a19e2641283109be472d8f58bd78e42a38a0d16e34203e4bba

Request headers

:method: GET
:authority: ads.pubmatic.com
:scheme: https
:path: /AdServer/js/user_sync.html?kdntuid=1&p=158127
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://securityaffairs.co/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/

Response headers

last-modified: Tue, 15 Jun 2021 06:08:03 GMT
etag: "1300708-3945-5c4c7cc02bd56"
server: Apache/2.2.15 (CentOS)
accept-ranges: bytes
content-encoding: gzip
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 5054
content-type: text/html; charset=UTF-8
cache-control: max-age=100787
expires: Sun, 10 Oct 2021 15:15:49 GMT
date: Sat, 09 Oct 2021 11:16:02 GMT
vary: Accept-Encoding

GET
H2 200 pd Show response
eu-u.openx.net/w/1.0/ Frame 607D 668 B
718 B 25ms
24ms Document
text/html 34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/16.216.4 /
Resource Hash: 313c42445d902991c696177cf17f4720b65166723b35b898f665f0a1e18c3c9f

Request headers

:method: GET
:authority: eu-u.openx.net
:scheme: https
:path: /w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://securityaffairs.co/
accept-encoding: gzip, deflate, br
cookie: i=42ee46b4-a353-4941-86cb-eb97c0e98720|1633778161
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/

Response headers

vary: Accept, Accept-Encoding
set-cookie: i=42ee46b4-a353-4941-86cb-eb97c0e98720|1633778161; Version=1; Expires=Sun, 09-Oct-2022 11:16:02 GMT; Max-Age=31536000; Secure; Domain=.openx.net; Path=/; SameSite=None pd=v2|1633778162|gekin0vNiygu; Version=1; Expires=Sun, 24-Oct-2021 11:16:02 GMT; Max-Age=1296000; Secure; Domain=.openx.net; Path=/; SameSite=None
server: OXGW/16.216.4
p3p: CP="CUR ADM OUR NOR STA NID"
date: Sat, 09 Oct 2021 11:16:02 GMT
content-type: text/html
content-length: 419
content-encoding: gzip
via: 1.1 google
alt-svc: clear

GET
H/1.1 200
OK async_usersync.html Show response
acdn.adnxs.com/dmp/ Frame BA9E 52 KB
17 KB 24ms
9ms Document
text/html 2.18.232.130
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.232.130 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-232-130.deploy.static.akamaitechnologies.com
Software: nginx/1.13.10 /
Resource Hash: 3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Host: acdn.adnxs.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://securityaffairs.co/
Accept-Encoding: gzip, deflate, br
Cookie: anj=dTM7k!M4/8CxrEQF']wIg2In9L4x0>!@wnf-Te9(>wL5L!!'RC$g4pu; icu=ChgI3sJXEAoYASABKAEw8fOFiwY4AUABSAEQ8fOFiwYYAA..; uuid2=361885755173608966
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/

Response headers

Last-Modified: Wed, 02 Dec 2020 20:56:47 GMT
ETag: "5fc7ff8f-cf34"
Server: nginx/1.13.10
Access-Control-Allow-Origin: *
Content-Type: text/html
Content-Encoding: gzip
Content-Length: 17053
Cache-Control: max-age=86402
Expires: Sun, 10 Oct 2021 11:16:04 GMT
Date: Sat, 09 Oct 2021 11:16:02 GMT
Connection: keep-alive
Vary: Accept-Encoding

GET
H2 200 pd Show response
eu-u.openx.net/w/1.0/ Frame B2A0 668 B
718 B 25ms
23ms Document
text/html 34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/16.216.4 /
Resource Hash: 313c42445d902991c696177cf17f4720b65166723b35b898f665f0a1e18c3c9f

Request headers

:method: GET
:authority: eu-u.openx.net
:scheme: https
:path: /w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://securityaffairs.co/
accept-encoding: gzip, deflate, br
cookie: i=42ee46b4-a353-4941-86cb-eb97c0e98720|1633778161
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/

Response headers

vary: Accept, Accept-Encoding
set-cookie: i=42ee46b4-a353-4941-86cb-eb97c0e98720|1633778161; Version=1; Expires=Sun, 09-Oct-2022 11:16:02 GMT; Max-Age=31536000; Secure; Domain=.openx.net; Path=/; SameSite=None pd=v2|1633778162|gekin0vNiygu; Version=1; Expires=Sun, 24-Oct-2021 11:16:02 GMT; Max-Age=1296000; Secure; Domain=.openx.net; Path=/; SameSite=None
server: OXGW/16.216.4
p3p: CP="CUR ADM OUR NOR STA NID"
date: Sat, 09 Oct 2021 11:16:02 GMT
content-type: text/html
content-length: 419
content-encoding: gzip
via: 1.1 google
alt-svc: clear

GET
H2 200 checksync.php Show response
contextual.media.net/ Frame A1AA 22 KB
8 KB 110ms
108ms Document
text/html 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

a67342b4b62fa902745ca8919de8545ea4f0e7276941902ea33c1845de9bd6fd

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

:method: GET
:authority: contextual.media.net
:scheme: https
:path: /checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUIUMTP7&prvid=2034%2C2033%2C2011%2C3022%2C3020%2C2030%2C273%2C251%2C175%2C2009%2C255%2C178%2C3018%2C2028%2C3017%2C2027%2C3016%2C236%2C214%2C237%2C2025%2C3014%2C238%2C117%2C97%2C99%2C77%2C38%2C3012%2C3011%2C3010%2C182%2C261%2C141%2C222%2C3007%2C201%2C4%2C301%2C246%2C225%2C203%2C80%2C10000%2C9%2C108&purpose1=1&gdprconsent=0&gdpr=1&usp_status=0&usp_consent=1&itype=PREBID
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://securityaffairs.co/
accept-encoding: gzip, deflate, br
cookie: gdpr_status=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/

Response headers

server: Apache
content-type: text/html; charset=UTF-8
set-cookie: gdpr_status=1; Expires=Tue, 12 Apr 2022 11:16:02 GMT; domain=.media.net; Path=/; sameSite=none; secure=true
x-mnet-hl2: E
strict-transport-security: max-age=604800
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=172800
expires: Mon, 11 Oct 2021 11:16:02 GMT
date: Sat, 09 Oct 2021 11:16:02 GMT
content-length: 8158

GET
H2 200 checksync.php Show response
contextual.media.net/ Frame 7F93 22 KB
8 KB 74ms
72ms Document
text/html 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

a67342b4b62fa902745ca8919de8545ea4f0e7276941902ea33c1845de9bd6fd

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

:method: GET
:authority: contextual.media.net
:scheme: https
:path: /checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUIUMTP7&prvid=2034%2C2033%2C2011%2C3022%2C3020%2C2030%2C273%2C251%2C175%2C2009%2C255%2C178%2C3018%2C2028%2C3017%2C2027%2C3016%2C236%2C214%2C237%2C2025%2C3014%2C238%2C117%2C97%2C99%2C77%2C38%2C3012%2C3011%2C3010%2C182%2C261%2C141%2C222%2C3007%2C201%2C4%2C301%2C246%2C225%2C203%2C80%2C10000%2C9%2C108&purpose1=1&gdprconsent=0&gdpr=1&usp_status=0&usp_consent=1&itype=PREBID
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://securityaffairs.co/
accept-encoding: gzip, deflate, br
cookie: gdpr_status=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/

Response headers

server: Apache
content-type: text/html; charset=UTF-8
set-cookie: gdpr_status=1; Expires=Tue, 12 Apr 2022 11:16:02 GMT; domain=.media.net; Path=/; sameSite=none; secure=true
x-mnet-hl2: E
strict-transport-security: max-age=604800
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=172800
expires: Mon, 11 Oct 2021 11:16:02 GMT
date: Sat, 09 Oct 2021 11:16:02 GMT
content-length: 8158

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame F671 14 KB
5 KB 22ms
12ms Document
text/html 2.18.233.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 2295c7a89c8ac4a19e2641283109be472d8f58bd78e42a38a0d16e34203e4bba

Request headers

:method: GET
:authority: ads.pubmatic.com
:scheme: https
:path: /AdServer/js/user_sync.html?kdntuid=1&p=158127
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://securityaffairs.co/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/

Response headers

last-modified: Tue, 15 Jun 2021 06:08:03 GMT
etag: "1300708-3945-5c4c7cc02bd56"
server: Apache/2.2.15 (CentOS)
accept-ranges: bytes
content-encoding: gzip
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 5054
content-type: text/html; charset=UTF-8
cache-control: max-age=100787
expires: Sun, 10 Oct 2021 15:15:49 GMT
date: Sat, 09 Oct 2021 11:16:02 GMT
vary: Accept-Encoding

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame F25B 14 KB
5 KB 18ms
10ms Document
text/html 2.18.233.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 2295c7a89c8ac4a19e2641283109be472d8f58bd78e42a38a0d16e34203e4bba

Request headers

:method: GET
:authority: ads.pubmatic.com
:scheme: https
:path: /AdServer/js/user_sync.html?kdntuid=1&p=158127
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://securityaffairs.co/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/

Response headers

last-modified: Tue, 15 Jun 2021 06:08:03 GMT
etag: "1300708-3945-5c4c7cc02bd56"
server: Apache/2.2.15 (CentOS)
accept-ranges: bytes
content-encoding: gzip
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 5054
content-type: text/html; charset=UTF-8
cache-control: max-age=100787
expires: Sun, 10 Oct 2021 15:15:49 GMT
date: Sat, 09 Oct 2021 11:16:02 GMT
vary: Accept-Encoding

GET
H2 204 /
ssc-cms.33across.com/ps/ Frame FAC6 0
0 321ms
106ms Document
text/plain 208.100.17.178
STEADFAST

General

Check archive.org

Show headers Download Go to

Full URL: https://ssc-cms.33across.com/ps/?m=xch&rt=html&ru=deb&id=azC7qard4r6OkMaKlId8sQ&gdpr_consent=undefined&us_privacy=undefined
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 208.100.17.178 , United States, ASN32748 (STEADFAST, US),
Reverse DNS: ip178.208-100-17.static.steadfastdns.net
Software: 33XP005 /
Resource Hash

Request headers

:method: GET
:authority: ssc-cms.33across.com
:scheme: https
:path: /ps/?m=xch&rt=html&ru=deb&id=azC7qard4r6OkMaKlId8sQ&gdpr_consent=undefined&us_privacy=undefined
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://securityaffairs.co/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/

Response headers

x-33x-status: 200000000000000002000208
server: 33XP005
date: Sat, 09 Oct 2021 11:16:02 GMT

GET
H2 200 pd Show response
eu-u.openx.net/w/1.0/ Frame D2CB 668 B
718 B 27ms
27ms Document
text/html 34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/16.216.4 /
Resource Hash: 313c42445d902991c696177cf17f4720b65166723b35b898f665f0a1e18c3c9f

Request headers

:method: GET
:authority: eu-u.openx.net
:scheme: https
:path: /w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://securityaffairs.co/
accept-encoding: gzip, deflate, br
cookie: i=42ee46b4-a353-4941-86cb-eb97c0e98720|1633778161
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/

Response headers

vary: Accept, Accept-Encoding
set-cookie: i=42ee46b4-a353-4941-86cb-eb97c0e98720|1633778161; Version=1; Expires=Sun, 09-Oct-2022 11:16:02 GMT; Max-Age=31536000; Secure; Domain=.openx.net; Path=/; SameSite=None pd=v2|1633778162|gekin0vNiygu; Version=1; Expires=Sun, 24-Oct-2021 11:16:02 GMT; Max-Age=1296000; Secure; Domain=.openx.net; Path=/; SameSite=None
server: OXGW/16.216.4
p3p: CP="CUR ADM OUR NOR STA NID"
date: Sat, 09 Oct 2021 11:16:02 GMT
content-type: text/html
content-length: 419
content-encoding: gzip
via: 1.1 google
alt-svc: clear

GET
H/1.1 200
OK usync.html Show response
eus.rubiconproject.com/ Frame 7E04 281 B
554 B 40ms
9ms Document
text/html 23.37.42.132
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.37.42.132 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-37-42-132.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Host: eus.rubiconproject.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://securityaffairs.co/
Accept-Encoding: gzip, deflate, br
Cookie: rsid=1|HsGqLFsFr/vVSy6g0MQzNQWiuYBcZJvAvCF6IsCkVVYgwYaQOmrhQqqdY7qJ5+fKRB+v2jLGFGeoFyjBXEn+RTT+pWw62G0J5h4qb83eS0hKp2u2D6IxNbX7Tc/cWQrERdSf+hE=; khaos=KUJPC1DN-1M-AH3Q; audit=1|hLZGFuTafB26qsuPnHyO6H9gGwySY5IoBkZriXr0d3lICQF5fjPUgwqbF9i1EU5J751PgjmsPd3gcRgjl6EitQhJSJ8nY+hF3OlDu/ORdD8=
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/

Response headers

Server: Apache/2.2.15 (CentOS)
Last-Modified: Thu, 30 Sep 2021 18:24:26 GMT
ETag: "403b8-119-5cd3a8e7e6a80"
Accept-Ranges: bytes
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Sat, 09 Oct 2021 11:16:02 GMT
Connection: keep-alive
Vary: Accept-Encoding

GET
H/1.1 200
OK async_usersync.html Show response
acdn.adnxs.com/dmp/ Frame 0337 52 KB
17 KB 26ms
7ms Document
text/html 2.18.232.130
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.232.130 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-232-130.deploy.static.akamaitechnologies.com
Software: nginx/1.13.10 /
Resource Hash: 3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Host: acdn.adnxs.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://securityaffairs.co/
Accept-Encoding: gzip, deflate, br
Cookie: anj=dTM7k!M4/8CxrEQF']wIg2In9L4x0>!@wnf-Te9(>wL5L!!'RC$g4pu; icu=ChgI3sJXEAoYASABKAEw8fOFiwY4AUABSAEQ8fOFiwYYAA..; uuid2=361885755173608966
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/

Response headers

Last-Modified: Wed, 02 Dec 2020 20:56:47 GMT
ETag: "5fc7ff8f-cf34"
Server: nginx/1.13.10
Access-Control-Allow-Origin: *
Content-Type: text/html
Content-Encoding: gzip
Content-Length: 17053
Cache-Control: max-age=86402
Expires: Sun, 10 Oct 2021 11:16:04 GMT
Date: Sat, 09 Oct 2021 11:16:02 GMT
Connection: keep-alive
Vary: Accept-Encoding

GET
H/1.1 200
OK async_usersync.html Show response
acdn.adnxs.com/dmp/ Frame 9DC1 52 KB
17 KB 26ms
7ms Document
text/html 2.18.232.130
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.232.130 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-232-130.deploy.static.akamaitechnologies.com
Software: nginx/1.13.10 /
Resource Hash: 3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Host: acdn.adnxs.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://securityaffairs.co/
Accept-Encoding: gzip, deflate, br
Cookie: anj=dTM7k!M4/8CxrEQF']wIg2In9L4x0>!@wnf-Te9(>wL5L!!'RC$g4pu; icu=ChgI3sJXEAoYASABKAEw8fOFiwY4AUABSAEQ8fOFiwYYAA..; uuid2=361885755173608966
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/

Response headers

Last-Modified: Wed, 02 Dec 2020 20:56:47 GMT
ETag: "5fc7ff8f-cf34"
Server: nginx/1.13.10
Access-Control-Allow-Origin: *
Content-Type: text/html
Content-Encoding: gzip
Content-Length: 17053
Cache-Control: max-age=86402
Expires: Sun, 10 Oct 2021 11:16:04 GMT
Date: Sat, 09 Oct 2021 11:16:02 GMT
Connection: keep-alive
Vary: Accept-Encoding

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/224/ Frame 238E 12 KB
5 KB 19ms
19ms Document
text/html 172.217.16.129
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.129 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s06-in-f129.1e100.net

Software

sffe /

Resource Hash

4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/224/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://securityaffairs.co/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5029
date: Sat, 09 Oct 2021 11:11:31 GMT
expires: Sun, 09 Oct 2022 11:11:31 GMT
last-modified: Wed, 02 Jun 2021 17:09:45 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 271
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 48A3 783 B
740 B 56ms
33ms Document
text/html 142.250.185.68
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.68 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f4.1e100.net

Software

GSE /

Resource Hash

b7b1bdf29b8aed3a55ec59523e0209aea62bac649e20289d902c774004d00f1c

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-yu02Oc7dZqyuHfh4+hVP4g' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/aframe
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://securityaffairs.co/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Sat, 09 Oct 2021 11:16:02 GMT
date: Sat, 09 Oct 2021 11:16:02 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-yu02Oc7dZqyuHfh4+hVP4g' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 512
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H2 204 vtr.php Show response
served-by.pixfuture.com/www/headerbid/library/tracking/ 0
309 B 90ms
90ms XHR
text/plain 68.183.31.14
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://served-by.pixfuture.com/www/headerbid/library/tracking/vtr.php
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.10.3 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

pragma: no-cache
date: Sat, 09 Oct 2021 11:16:02 GMT
server: nginx/1.10.3 (Ubuntu)
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: max-age=172800
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
expires: Mon, 11 Oct 2021 11:16:02 GMT

GET
H2

200

sd
eu-u.openx.net/w/1.0/ Frame D905
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=5&redir=https%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D536872786%26val%3D%5BMM_UUID%5D
https://eu-u.openx.net/w/1.0/sd?id=536872786&val=50b16161-79f2-4500-873a-3dd77c9a1fa9

43 B
106 B

23ms
23ms

Image
image/gif

34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eu-u.openx.net/w/1.0/sd?id=536872786&val=50b16161-79f2-4500-873a-3dd77c9a1fa9
Requested by: Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/16.216.4 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eu-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 09 Oct 2021 11:16:03 GMT
via: 1.1 google
server: OXGW/16.216.4
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

Date: Sat, 09 Oct 2021 11:16:02 GMT
Server: MT3 3984 0e3af3b master cdg-pixel-x4 config:1.0.0
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://eu-u.openx.net/w/1.0/sd?id=536872786&val=50b16161-79f2-4500-873a-3dd77c9a1fa9
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Sat, 09 Oct 2021 11:16:01 GMT

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame D905
Redirect Chain

https://pixel.quantserve.com/pixel/p-25CIknq_eSg16.gif?idmatch=0&gdpr=0
https://us-u.openx.net/w/1.0/sd?id=537072956&gdpr=0&val=6c5ncujGN3HymjMg6J58e76eZyLynjV1784qNzt_

43 B
106 B

25ms
23ms

Image
image/gif

34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072956&gdpr=0&val=6c5ncujGN3HymjMg6J58e76eZyLynjV1784qNzt_
Requested by: Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/16.216.4 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eu-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 09 Oct 2021 11:16:03 GMT
via: 1.1 google
server: OXGW/16.216.4
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 09 Oct 2021 11:16:02 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
location: https://us-u.openx.net/w/1.0/sd?id=537072956&gdpr=0&val=6c5ncujGN3HymjMg6J58e76eZyLynjV1784qNzt_
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 0
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2

200

sd
eu-u.openx.net/w/1.0/ Frame D905
Redirect Chain

https://c1.adform.net/serving/cookie/match?party=22
https://c1.adform.net/serving/cookie/match?CC=1&party=22
https://eu-u.openx.net/w/1.0/sd?id=537113484&val=3086423681240197753

43 B
106 B

30ms
29ms

Image
image/gif

34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eu-u.openx.net/w/1.0/sd?id=537113484&val=3086423681240197753
Requested by: Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/16.216.4 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eu-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 09 Oct 2021 11:16:03 GMT
via: 1.1 google
server: OXGW/16.216.4
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 09 Oct 2021 11:16:03 GMT
server: nginx
location: https://eu-u.openx.net/w/1.0/sd?id=537113484&val=3086423681240197753
access-control-max-age: 86400
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H2 200 openx
match.adsrvr.org/track/cmf/ Frame D905 70 B
264 B 32ms
31ms Image
image/gif 13.248.242.197
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/openx?oxid=914279ed-0ad4-76b6-dc1d-237fa4ceb4dd&gdpr=0
Requested by: Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.248.242.197 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a97adde81b00f2ca4.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eu-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 09 Oct 2021 11:16:02 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H2 200 pixel
cm.g.doubleclick.net/ Frame D905 170 B
243 B 81ms
30ms Image
image/png 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=YmQyZGFhMjctYzNhMy0yODEyLWM5ZmQtNzljNjZlMmM3YWJk

Requested by

Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eu-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 09 Oct 2021 11:16:03 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame D905
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEIU50-LRb2CQeAd8O6G1ZnI&google_cver=1

43 B
106 B

24ms
23ms

Image
image/gif

34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEIU50-LRb2CQeAd8O6G1ZnI&google_cver=1
Requested by: Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/16.216.4 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eu-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 09 Oct 2021 11:16:03 GMT
via: 1.1 google
server: OXGW/16.216.4
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 09 Oct 2021 11:16:03 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEIU50-LRb2CQeAd8O6G1ZnI&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 PugMaster Show response
image6.pubmatic.com/AdServer/ Frame E8BE 5 KB
6 KB 44ms
13ms Script
text/html 185.64.189.115
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=79590350&p=158127&s=0&a=0&ptask=ALL&np=0&fp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.115 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: 8fa99b2f80aa1e7ca2287fbc2881371e5fa59e00b62893c8a91a9f159aa8e54d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 09 Oct 2021 11:16:02 GMT
content-type: text/html; charset=UTF-8
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

GET
H2

200

sd
eu-u.openx.net/w/1.0/ Frame 607D
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=5&redir=https%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D536872786%26val%3D%5BMM_UUID%5D
https://eu-u.openx.net/w/1.0/sd?id=536872786&val=92566161-79f2-4d00-a08d-d2a061f89f14

43 B
106 B

27ms
26ms

Image
image/gif

34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eu-u.openx.net/w/1.0/sd?id=536872786&val=92566161-79f2-4d00-a08d-d2a061f89f14
Requested by: Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/16.216.4 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eu-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 09 Oct 2021 11:16:03 GMT
via: 1.1 google
server: OXGW/16.216.4
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

Date: Sat, 09 Oct 2021 11:16:03 GMT
Server: MT3 3984 0e3af3b master cdg-pixel-x3 config:1.0.0
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://eu-u.openx.net/w/1.0/sd?id=536872786&val=92566161-79f2-4d00-a08d-d2a061f89f14
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Sat, 09 Oct 2021 11:16:02 GMT

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame 607D
Redirect Chain

https://pixel.quantserve.com/pixel/p-25CIknq_eSg16.gif?idmatch=0&gdpr=0
https://us-u.openx.net/w/1.0/sd?id=537072956&gdpr=0&val=DPLK4w36muAXpp62CKXR5Aj2nbYXopiwD6Cfz0mA

43 B
122 B

24ms
22ms

Image
image/gif

34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072956&gdpr=0&val=DPLK4w36muAXpp62CKXR5Aj2nbYXopiwD6Cfz0mA
Requested by: Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/16.216.4 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eu-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 09 Oct 2021 11:16:03 GMT
via: 1.1 google
server: OXGW/16.216.4
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 09 Oct 2021 11:16:02 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
location: https://us-u.openx.net/w/1.0/sd?id=537072956&gdpr=0&val=DPLK4w36muAXpp62CKXR5Aj2nbYXopiwD6Cfz0mA
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 0
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2

200

sd
eu-u.openx.net/w/1.0/ Frame 607D
Redirect Chain

https://c1.adform.net/serving/cookie/match?party=22
https://c1.adform.net/serving/cookie/match?CC=1&party=22
https://eu-u.openx.net/w/1.0/sd?id=537113484&val=3123134156047603100

43 B
106 B

23ms
22ms

Image
image/gif

34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eu-u.openx.net/w/1.0/sd?id=537113484&val=3123134156047603100
Requested by: Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/16.216.4 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eu-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 09 Oct 2021 11:16:03 GMT
via: 1.1 google
server: OXGW/16.216.4
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 09 Oct 2021 11:16:03 GMT
server: nginx
location: https://eu-u.openx.net/w/1.0/sd?id=537113484&val=3123134156047603100
access-control-max-age: 86400
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H2 200 openx
match.adsrvr.org/track/cmf/ Frame 607D 70 B
264 B 34ms
33ms Image
image/gif 13.248.242.197
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/openx?oxid=914279ed-0ad4-76b6-dc1d-237fa4ceb4dd&gdpr=0
Requested by: Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.248.242.197 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a97adde81b00f2ca4.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eu-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 09 Oct 2021 11:16:02 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H2 200 pixel
cm.g.doubleclick.net/ Frame 607D 170 B
232 B 73ms
38ms Image
image/png 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=YmQyZGFhMjctYzNhMy0yODEyLWM5ZmQtNzljNjZlMmM3YWJk

Requested by

Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eu-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 09 Oct 2021 11:16:03 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame 607D
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEIU50-LRb2CQeAd8O6G1ZnI&google_cver=1

43 B
106 B

24ms
23ms

Image
image/gif

34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEIU50-LRb2CQeAd8O6G1ZnI&google_cver=1
Requested by: Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/16.216.4 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eu-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 09 Oct 2021 11:16:03 GMT
via: 1.1 google
server: OXGW/16.216.4
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 09 Oct 2021 11:16:03 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEIU50-LRb2CQeAd8O6G1ZnI&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame D870 0
580 B 10ms
10ms Script
text/html 37.252.172.45
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.172.45 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

693.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 09 Oct 2021 11:16:02 GMT
X-Proxy-Origin: 216.131.111.174; 216.131.111.174; 693.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid: 0a0c0015-71ad-4377-84bf-f9a510377653
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame BA9E 0
580 B 8ms
8ms Script
text/html 37.252.172.45
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.172.45 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

693.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 09 Oct 2021 11:16:02 GMT
X-Proxy-Origin: 216.131.111.174; 216.131.111.174; 693.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid: 5d693d23-e71c-4001-9e21-589992d0d1b1
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

sd
eu-u.openx.net/w/1.0/ Frame B2A0
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=5&redir=https%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D536872786%26val%3D%5BMM_UUID%5D
https://eu-u.openx.net/w/1.0/sd?id=536872786&val=085f6161-79f2-4900-9c4b-1d917cc76724

43 B
106 B

22ms
22ms

Image
image/gif

34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eu-u.openx.net/w/1.0/sd?id=536872786&val=085f6161-79f2-4900-9c4b-1d917cc76724
Requested by: Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/16.216.4 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eu-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 09 Oct 2021 11:16:03 GMT
via: 1.1 google
server: OXGW/16.216.4
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

Date: Sat, 09 Oct 2021 11:16:03 GMT
Server: MT3 3984 0e3af3b master cdg-pixel-x31 config:1.0.0
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://eu-u.openx.net/w/1.0/sd?id=536872786&val=085f6161-79f2-4900-9c4b-1d917cc76724
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Sat, 09 Oct 2021 11:16:02 GMT

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame B2A0
Redirect Chain

https://pixel.quantserve.com/pixel/p-25CIknq_eSg16.gif?idmatch=0&gdpr=0
https://us-u.openx.net/w/1.0/sd?id=537072956&gdpr=0&val=DPLK4w36muAXpp62CKXR5Aj2nbYXopiwD6Cfz0mA

43 B
106 B

54ms
54ms

Image
image/gif

34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072956&gdpr=0&val=DPLK4w36muAXpp62CKXR5Aj2nbYXopiwD6Cfz0mA
Requested by: Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/16.216.4 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eu-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 09 Oct 2021 11:16:03 GMT
via: 1.1 google
server: OXGW/16.216.4
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

location: https://us-u.openx.net/w/1.0/sd?id=537072956&gdpr=0&val=DPLK4w36muAXpp62CKXR5Aj2nbYXopiwD6Cfz0mA
pragma: no-cache
date: Sat, 09 Oct 2021 11:16:02 GMT
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 0
strict-transport-security: max-age=86400
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2

200

sd
eu-u.openx.net/w/1.0/ Frame B2A0
Redirect Chain

https://c1.adform.net/serving/cookie/match?party=22
https://c1.adform.net/serving/cookie/match?CC=1&party=22
https://eu-u.openx.net/w/1.0/sd?id=537113484&val=4937380131954696192

43 B
106 B

23ms
23ms

Image
image/gif

34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eu-u.openx.net/w/1.0/sd?id=537113484&val=4937380131954696192
Requested by: Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/16.216.4 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eu-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 09 Oct 2021 11:16:03 GMT
via: 1.1 google
server: OXGW/16.216.4
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 09 Oct 2021 11:16:03 GMT
server: nginx
location: https://eu-u.openx.net/w/1.0/sd?id=537113484&val=4937380131954696192
access-control-max-age: 86400
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H2 200 openx
match.adsrvr.org/track/cmf/ Frame B2A0 70 B
264 B 33ms
32ms Image
image/gif 13.248.242.197
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/openx?oxid=914279ed-0ad4-76b6-dc1d-237fa4ceb4dd&gdpr=0
Requested by: Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.248.242.197 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a97adde81b00f2ca4.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eu-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 09 Oct 2021 11:16:03 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H2 200 pixel
cm.g.doubleclick.net/ Frame B2A0 170 B
232 B 45ms
38ms Image
image/png 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=YmQyZGFhMjctYzNhMy0yODEyLWM5ZmQtNzljNjZlMmM3YWJk

Requested by

Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eu-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 09 Oct 2021 11:16:03 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame B2A0
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEIU50-LRb2CQeAd8O6G1ZnI&google_cver=1

43 B
106 B

23ms
23ms

Image
image/gif

34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEIU50-LRb2CQeAd8O6G1ZnI&google_cver=1
Requested by: Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/16.216.4 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eu-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 09 Oct 2021 11:16:03 GMT
via: 1.1 google
server: OXGW/16.216.4
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 09 Oct 2021 11:16:03 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEIU50-LRb2CQeAd8O6G1ZnI&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

sd
eu-u.openx.net/w/1.0/ Frame D2CB
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=5&redir=https%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D536872786%26val%3D%5BMM_UUID%5D
https://eu-u.openx.net/w/1.0/sd?id=536872786&val=19456161-79f2-4100-bb55-9f4b376f8410

43 B
106 B

24ms
23ms

Image
image/gif

34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eu-u.openx.net/w/1.0/sd?id=536872786&val=19456161-79f2-4100-bb55-9f4b376f8410
Requested by: Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/16.216.4 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eu-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 09 Oct 2021 11:16:03 GMT
via: 1.1 google
server: OXGW/16.216.4
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

Date: Sat, 09 Oct 2021 11:16:03 GMT
Server: MT3 3984 0e3af3b master cdg-pixel-x26 config:1.0.0
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://eu-u.openx.net/w/1.0/sd?id=536872786&val=19456161-79f2-4100-bb55-9f4b376f8410
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Sat, 09 Oct 2021 11:16:02 GMT

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame D2CB
Redirect Chain

https://pixel.quantserve.com/pixel/p-25CIknq_eSg16.gif?idmatch=0&gdpr=0
https://us-u.openx.net/w/1.0/sd?id=537072956&gdpr=0&val=DPLK4w36muAXpp62CKXR5Aj2nbYXopiwD6Cfz0mA

43 B
106 B

22ms
22ms

Image
image/gif

34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072956&gdpr=0&val=DPLK4w36muAXpp62CKXR5Aj2nbYXopiwD6Cfz0mA
Requested by: Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/16.216.4 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eu-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 09 Oct 2021 11:16:03 GMT
via: 1.1 google
server: OXGW/16.216.4
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

location: https://us-u.openx.net/w/1.0/sd?id=537072956&gdpr=0&val=DPLK4w36muAXpp62CKXR5Aj2nbYXopiwD6Cfz0mA
pragma: no-cache
date: Sat, 09 Oct 2021 11:16:02 GMT
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 0
strict-transport-security: max-age=86400
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2

200

sd
eu-u.openx.net/w/1.0/ Frame D2CB
Redirect Chain

https://c1.adform.net/serving/cookie/match?party=22
https://c1.adform.net/serving/cookie/match?CC=1&party=22
https://eu-u.openx.net/w/1.0/sd?id=537113484&val=1252148025849401815

43 B
106 B

23ms
22ms

Image
image/gif

34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eu-u.openx.net/w/1.0/sd?id=537113484&val=1252148025849401815
Requested by: Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/16.216.4 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eu-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 09 Oct 2021 11:16:03 GMT
via: 1.1 google
server: OXGW/16.216.4
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 09 Oct 2021 11:16:03 GMT
server: nginx
location: https://eu-u.openx.net/w/1.0/sd?id=537113484&val=1252148025849401815
access-control-max-age: 86400
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H2 200 openx
match.adsrvr.org/track/cmf/ Frame D2CB 70 B
264 B 32ms
31ms Image
image/gif 13.248.242.197
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/openx?oxid=914279ed-0ad4-76b6-dc1d-237fa4ceb4dd&gdpr=0
Requested by: Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.248.242.197 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a97adde81b00f2ca4.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eu-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 09 Oct 2021 11:16:03 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H2 200 pixel
cm.g.doubleclick.net/ Frame D2CB 170 B
232 B 45ms
39ms Image
image/png 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=YmQyZGFhMjctYzNhMy0yODEyLWM5ZmQtNzljNjZlMmM3YWJk

Requested by

Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eu-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 09 Oct 2021 11:16:03 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame D2CB
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEIU50-LRb2CQeAd8O6G1ZnI&google_cver=1

43 B
106 B

22ms
21ms

Image
image/gif

34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEIU50-LRb2CQeAd8O6G1ZnI&google_cver=1
Requested by: Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/16.216.4 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eu-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 09 Oct 2021 11:16:03 GMT
via: 1.1 google
server: OXGW/16.216.4
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 09 Oct 2021 11:16:03 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEIU50-LRb2CQeAd8O6G1ZnI&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame 0337 0
580 B 8ms
7ms Script
text/html 37.252.172.45
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.172.45 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

693.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 09 Oct 2021 11:16:02 GMT
X-Proxy-Origin: 216.131.111.174; 216.131.111.174; 693.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid: 5c753a1e-2ab9-460b-8abf-e719db7ab9d1
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame 9DC1 0
580 B 7ms
7ms Script
text/html 37.252.172.45
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.172.45 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

693.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 09 Oct 2021 11:16:02 GMT
X-Proxy-Origin: 216.131.111.174; 216.131.111.174; 693.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid: abb09207-a1ea-417e-87aa-e08aee84c8c2
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK usync.js Show response
eus.rubiconproject.com/ Frame 7E04 31 KB
9 KB 7ms
7ms Script
text/html 23.37.42.132
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.37.42.132 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-37-42-132.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: 273282a153ded9e3bf56932b20e17408048ddd0d3edf359ebc52e1312a927c4e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/usync.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Sat, 09 Oct 2021 11:16:02 GMT
Content-Encoding: gzip
Last-Modified: Thu, 30 Sep 2021 18:24:26 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control: max-age=51187
Connection: keep-alive
Content-Type: text/html; charset=UTF-8
Content-Length: 9275
Expires: Sun, 10 Oct 2021 01:29:09 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 6092 42 B
63 B 53ms
53ms Image
image/gif 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-CCUeiRDcXyaEXhxsoiJ2ui33GGSvn51bSsFoyxZeSk-MnlGq7AXM5HpPkjzwJFQWsYZ4FMZzP8V6PWYcbm1dROrZ6LzzQA-GPUyZzob5gCSOVMA8I

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=90&slotname=Internal_728x90_0.10&adk=1194620937&adf=1174745092&pi=t.ma~as.Internal_728x90_0.10&w=728&lmt=1633778162&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F123136%2Fmalware%2Fcox-media-group-ransomware.html&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1633778162262&bpp=8&bdt=109&idt=78&shv=r20211006&mjsv=m202110040101&ptt=5&saldr=sa&cookie=ID%3Df9f437f666c7ffce-22b4ae64eeca0094%3AT%3D1633778162%3ART%3D1633778162%3AS%3DALNI_MY9UAQjQQYm-0JVXJ6tr5HmuXY-PA&correlator=1204277754316&frm=21&ife=1&pv=1&ga_vid=1856466030.1633778161&ga_sid=1633778163&ga_hid=778416054&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=320&ady=518&biw=1600&bih=1200&isw=728&ish=90&ifk=2765223853&scr_x=0&scr_y=0&eid=31062949&oid=2&pvsid=824065045266497&pem=643&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.4txy29lqthuf&fsb=1&xpc=asoepayFyQ&p=https%3A//securityaffairs.co&dtd=263

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 09 Oct 2021 11:16:03 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211006/r20110914/client/ Frame 6092 3 KB
1 KB 14ms
14ms Script
text/javascript 172.217.16.129
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211006/r20110914/client/window_focus_fy2019.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.129 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s06-in-f129.1e100.net

Software

cafe /

Resource Hash

5120f35e394e169ac0839405dbd6e680163a4e02f060f5a6a833ebfacf35d966

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 09 Oct 2021 11:12:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 232
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1344
x-xss-protection: 0
server: cafe
etag: 10107448882299530629
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 23 Oct 2021 11:12:11 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 6092 123 KB
38 KB 85ms
35ms Script
text/javascript 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

sffe /

Resource Hash

e96cb07afdac92a8c77fbd5b9bb721e548070f4657f4f1e71329d2fd9032be47

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 09 Oct 2021 11:16:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37898
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1633547226118934"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sat, 09 Oct 2021 11:16:03 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211006/r20110914/client/ Frame 6092 14 KB
6 KB 14ms
14ms Script
text/javascript 172.217.16.129
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211006/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.129 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s06-in-f129.1e100.net

Software

cafe /

Resource Hash

51896cb4e932803b983cf59d85b20c705f42a891fa0c9c408e3cb267b5bb949c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 09 Oct 2021 11:09:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 402
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6219
x-xss-protection: 0
server: cafe
etag: 4041254270185007295
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 23 Oct 2021 11:09:21 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame CECC 624 B
297 B 32ms
32ms Document
text/html 142.250.74.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARja4eioATAB&v=APEucNVCv7-giCXbttEyCDu2nV8ZoWG5U8Y4hHdEBb9ku-NBwMypJxr9dnoO_9GfWmQs8b7pPHVXCvL2wUD8vS5D0ztp6zikcnAmmhHdv1yZpbGnfNzh3IfdSIiy_JI1RtYbgw7HqZ1_xZ55egCQ_pM-IlZ9Ygoyqoy7VMRPZft9jG21-uE4eYe4RI958Y0-KFGde2wWIgBo8Wa8PoZmMs63ZIHiePXP0g

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.74.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s02-in-f2.1e100.net

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /xbbe/pixel?d=CPvjgQEQ_aOOARja4eioATAB&v=APEucNVCv7-giCXbttEyCDu2nV8ZoWG5U8Y4hHdEBb9ku-NBwMypJxr9dnoO_9GfWmQs8b7pPHVXCvL2wUD8vS5D0ztp6zikcnAmmhHdv1yZpbGnfNzh3IfdSIiy_JI1RtYbgw7HqZ1_xZ55egCQ_pM-IlZ9Ygoyqoy7VMRPZft9jG21-uE4eYe4RI958Y0-KFGde2wWIgBo8Wa8PoZmMs63ZIHiePXP0g
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=90&slotname=Internal_728x90_0.10&adk=1194620937&adf=1174745092&pi=t.ma~as.Internal_728x90_0.10&w=728&lmt=1633778162&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F123136%2Fmalware%2Fcox-media-group-ransomware.html&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1633778162262&bpp=8&bdt=109&idt=78&shv=r20211006&mjsv=m202110040101&ptt=5&saldr=sa&cookie=ID%3Df9f437f666c7ffce-22b4ae64eeca0094%3AT%3D1633778162%3ART%3D1633778162%3AS%3DALNI_MY9UAQjQQYm-0JVXJ6tr5HmuXY-PA&correlator=1204277754316&frm=21&ife=1&pv=1&ga_vid=1856466030.1633778161&ga_sid=1633778163&ga_hid=778416054&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=320&ady=518&biw=1600&bih=1200&isw=728&ish=90&ifk=2765223853&scr_x=0&scr_y=0&eid=31062949&oid=2&pvsid=824065045266497&pem=643&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.4txy29lqthuf&fsb=1&xpc=asoepayFyQ&p=https%3A//securityaffairs.co&dtd=263
accept-encoding: gzip, deflate, br
cookie: IDE=AHWqTUnvNDi8pOBDnvFZXHgvXGGNB6-J9zEmeimt1bkykhqjXatjopfOLc8JFQrabb8
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=90&slotname=Internal_728x90_0.10&adk=1194620937&adf=1174745092&pi=t.ma~as.Internal_728x90_0.10&w=728&lmt=1633778162&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F123136%2Fmalware%2Fcox-media-group-ransomware.html&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1633778162262&bpp=8&bdt=109&idt=78&shv=r20211006&mjsv=m202110040101&ptt=5&saldr=sa&cookie=ID%3Df9f437f666c7ffce-22b4ae64eeca0094%3AT%3D1633778162%3ART%3D1633778162%3AS%3DALNI_MY9UAQjQQYm-0JVXJ6tr5HmuXY-PA&correlator=1204277754316&frm=21&ife=1&pv=1&ga_vid=1856466030.1633778161&ga_sid=1633778163&ga_hid=778416054&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=320&ady=518&biw=1600&bih=1200&isw=728&ish=90&ifk=2765223853&scr_x=0&scr_y=0&eid=31062949&oid=2&pvsid=824065045266497&pem=643&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.4txy29lqthuf&fsb=1&xpc=asoepayFyQ&p=https%3A//securityaffairs.co&dtd=263

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Sat, 09 Oct 2021 11:16:03 GMT
server: cafe
cache-control: private
content-length: 276
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 6092 77 KB
29 KB 101ms
99ms Script
text/javascript 142.250.74.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AIoqllpymGgoeoIEz-mrzTS3U6d4a4CYXkcMQwf-CHPHHEZLCpczzGEDjX9TT343CUK0L-JO3-iQ93i4AG5RSTEo8bQyqg825hdeepnKUtcJhW24gOXV_CdX1aq5TUdHKXHKGWNxP-Ci3A8lzGMYUGOsaujA&dbm_d=AKAmf-CXDL4azyaLjsl_dim9_0-LE6j9LDviqQmNvJR4W8Btg3Xs37aHVEvSSZ0FimX-UBgtddbXs-oY5ZvIC8zbWNVXEEbro4aPsK5LtkXC1Zx-bAt2r1Jh4j3FwG36Qj_2UZZUZ1VJjXUYKVfKKw7g1XVNsIBfB6qETsANWFue-f6-udk7Ss-wPWlEDLRaCT-G6ZGgF81EsGjMyel_VXW1VtvLSWVin1Sopfa4M_PNNs1iLQcdWVRvjpKldjXPqaBb-TtHawWqz9quN7QUsZ2c6T0V3WyS22Sg78k5M46ad124-P2YRLoiw1lnUruvDIkiqm2dR4xQAOOvIN4Gx5gnW_3rTtHVchnudnws6HlYqwDo0etlhafPDyJg_5isDl9TvE4JItwp4L0DMuNm7YRZf41dwvlCDgcYgfTyfr38qcPK7ALC4LccXlUdYMVb3dcgFAzEI0LrgBMAGZr7csqe7XuNt3MHs2cjoll7isFzaclX02r27QWUdPwT9UVn0bkE8QUDA0HTFYnv3dNGSz2F8hAaUsExyj7g2unl61Qjx8xokdejo3Z0u9KNqOFNKHBBzueBBbueTISbbMmcxn978cWhdQsGbViV6WrK3XldoN6vszdiwKtjwbNR3uNDyBlp0pSiD_UDy1HR1d7yh833BU_Zq04rDAr-mraw00jN5SKjLMku2AUN4X2OCDmt1CroE3Pg2-VvbnDYvNpBSwVYRhCnTF6DZ_PhpIJ6j9kHICwXd3L7VIP9gM67sEcr9dkrmpE5c5JhpmvMk52XOWEFf4CqMXRh0vb5O4ClLtDxzymA3fsJeMIPV81s6rGKoOQzOJJ-B7HkUUtDcYrnSHgmXOfgRmvf5F4Ksc3gZWGnrVv1fKctYRWcRPYwLAmQ3HIDkq_YjsWW0s4fSqcE_aV-E2QI9xDPjK0_Yb5sQIZQQS1iYrK3Z_ZgZfYBvOOT5ONikug6HFntnVFHovkm6a7_3u0-hmNGiU42xuqFsnTk9JtynjMe2JTransrWAR-FozOCoGmDYZJjWXx2fsXKJ9T6XPaTHtM5qhzGTizRJH9UMDRYvBdoTQbMCXMX2BY2xJwyLtYw57b-zKilZe88XhIH67oy9NETyJtrB1RcHY59CRBUUS3QctuvAHBwOqTvmSQfzHOP-5EaeOq1AIdZDkoZXwx1dhb2mHq5B3ZVRvGnrvaMQEvoGSAToairtKTpz8ZSMbY9XomtnQ3OrmBQny7r_lsLVNR8xLQz0WnX4XeIg9OHT2p0ogCyEqFRtv4Jz-ogmtlGjM-ahMy0-w7XB8xgntfERfpCxtm8u6_jhwEmeX-vbMLxB55oeUcRidZlIC8dTedPXC71Y18Gr8M0IxGMflk_PepfSDvsHHdBgNLjSzvXVXj47KwtOLi41h6RK0WeK6qmItDdVpmO_FT9w0NFpMpD5S-3SNzPM0XqznQa3G3av-Zpr7sOLpP-z33RyKU-ZF0lDZGFBrxXyHxZsApHIIAtyubEKO2ypCWr8-QTjzO88uy8y8MqxmqztBAGv47vSBVUE_DBYStv7kXAdZc3DbcgPQRIQ5JAAStgzb2ltm71BB_Yr1DariDkx4GB4TUyk_pTUInxjAyCfb-Oq5CX2ZRIwueRp4N4E46aSf3GynezBs6mFhW7-kXBbY8DBc6HyMZow3CKushNGc-_kWgk3agAC6PWPZoeGy9EFevplDXivnS8dQrMNAv0PLNS4p76bEItirn9df_yuwnHyfziDIbJGnSG3S0BZQJKs_LLEhYxq7wqgdecBgtLCfUOf7wWuRJ5S_cHpnQSqM1mixYkLiJzlljytZiF73-J2Yd_oyH8BHmtNy5evX0siGiD8e7C0-B9fiGSUc-hD6IzAvFMg8MB-dEQQrse2yfU_vPAO0uqdjOKbkvS9zl9OrkL8tUpZFoszpbbLwU-4RNAl0EflzI6znclwGhPs77Mvu4Qe_mYwvSLohgmWJ5ZnQ2XyOUggrhlytfFjKlypJY-etYkP-w-zQ85I66oOEO7OhiWjD-ITmpaBSFcKeHZnu_-GF9bQLtOIPkgDBxh34F0Ok0MDuvAvraX8glGGYlYIKasXZYGgMsYB7DEkaSTXF1t63N24xTMYQ2Nyqtw-VheJeYG7MS_QnqBoEkd3Jz5oTc5g5Wtw1HvR59WUdUscEeXIzJ9fzZlQlOL3KaalgO_Tu2wAhLkRqbybJqb4gxf-LwnJ53PoBr89brPq4dLeZMOdcVKpva9TEmqUZKqnIeYVv7IcwOXzLFpIPgufEhi7vf-i_Wjk_WKpMlkIl5yEHSFW3gBTedli1jwIrC-SksM6rjQIidO9DMM6_gCFSVN0pdaSlqwDg8j5tTqydLwR4GzqMaF_dutCh7XS76AoiUcpI1R1ZI5RhLDvKF6Pf89pkkWvgoePcwzisnjCRAQcmQYChtpJdl5Nx_R4cWY7NL6BAgpGi2RhITOHFZqxohoEEtYDysuKyixg-bNmwycq7SImGQ_dg6qZ-o3ovMt6JtpB8S3wTG-CAQiFMQcahzh-gUT8BuALCsUH40ciTeSGnJoJ0u_T5jjjJs-mPvOls8aLnF3MGHUWrMEo0WuPWafqUw7tsPD9IoHePAn0ZFxNTDhkcGKHRRy7x-kYTAt7IMgQWOHdOnrMJT9CNSe3g8w_IXQqsUbPJBhd1IZbs4LjFFLF7UR7QEtrOHb4dHZeogK1aGMNAL546A_t4RdmOLW-ilJq3HR-ywueyjhsV4F5Z4E4UYnmaSCxDlhOo_C_2A0eE9Gky0XibAVhRAc-grGsaXjHGG0JSEQLqXlnMkpLSGHhRqUKni1dEysjbzpKCW2kqtgEzuhNsek4ZCrkPaCHWvQYNvgUoIkOAm9wfD688WciwT5Apne7x2WiWeDRnfFp2kT-mor_0iQxS16JVOAzrf0R5OX1GnaVZeoXHFt_mjYHaWo0HQKOGRDdztEWi1tSPKqodWCM4oPZptQlofWd0cbMtUUeEpEKsa0CfJG6pefsagQLDb9vdRE_hubkWVOFMHLKXkQs8SNIB1TfGwiMrYHB0jGSFNXwBkWj3bb5uIk1K3CZV_ltue46cpegbZR-P_q__OwxNxsQ&cid=CAASEuRoMWyizej-9YF-zPo157sYgA&rfl=2%2Chttps%253A%252F%252Fsecurityaffairs.co%242%2Chttps%253A%252F%252Fsecurityaffairs.co%252F%240

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.74.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s02-in-f2.1e100.net

Software

cafe /

Resource Hash

e2f4d7cb2be08948d819d7b061cd08bc38dc8ba003715d1ff88d31e29143b7ba

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=90&slotname=Internal_728x90_0.10&adk=1194620937&adf=1174745092&pi=t.ma~as.Internal_728x90_0.10&w=728&lmt=1633778162&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F123136%2Fmalware%2Fcox-media-group-ransomware.html&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1633778162262&bpp=8&bdt=109&idt=78&shv=r20211006&mjsv=m202110040101&ptt=5&saldr=sa&cookie=ID%3Df9f437f666c7ffce-22b4ae64eeca0094%3AT%3D1633778162%3ART%3D1633778162%3AS%3DALNI_MY9UAQjQQYm-0JVXJ6tr5HmuXY-PA&correlator=1204277754316&frm=21&ife=1&pv=1&ga_vid=1856466030.1633778161&ga_sid=1633778163&ga_hid=778416054&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=320&ady=518&biw=1600&bih=1200&isw=728&ish=90&ifk=2765223853&scr_x=0&scr_y=0&eid=31062949&oid=2&pvsid=824065045266497&pem=643&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.4txy29lqthuf&fsb=1&xpc=asoepayFyQ&p=https%3A//securityaffairs.co&dtd=263
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 09 Oct 2021 11:16:03 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29586
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 log
hblg.media.net/ Frame A1AA 35 B
194 B 13ms
12ms Image
image/gif 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hblg.media.net/log?logid=kfk&evtid=chlog&reqId=125246306324968861633778163040&fs=2&pid=8PRW23HG5&cid=8CUIUMTP7&itype=PREBID&bs=2&bi=30000&ccs=8&svr=2021100711_166&gdpr=1&csex=0&usp_status=0&usc=1&lper=10&tr=571.9392748379646
Requested by: Host: contextual.media.net
URL: https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUIUMTP7&prvid=2034%2C2033%2C2011%2C3022%2C3020%2C2030%2C273%2C251%2C175%2C2009%2C255%2C178%2C3018%2C2028%2C3017%2C2027%2C3016%2C236%2C214%2C237%2C2025%2C3014%2C238%2C117%2C97%2C99%2C77%2C38%2C3012%2C3011%2C3010%2C182%2C261%2C141%2C222%2C3007%2C201%2C4%2C301%2C246%2C225%2C203%2C80%2C10000%2C9%2C108&purpose1=1&gdprconsent=0&gdpr=1&usp_status=0&usp_consent=1&itype=PREBID
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-235-93.deploy.static.akamaitechnologies.com
Software: Jetty(9.4.35.v20201120) /
Resource Hash: 796c46ec10bc9105545f6f90d51593921b69956bd9087eb72bee83f40ad86f90

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://contextual.media.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 09 Oct 2021 11:16:03 GMT
server: Jetty(9.4.35.v20201120)
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
content-length: 35
expires: Sat, 09 Oct 2021 11:16:03 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 0365 0
0 74ms
74ms Image
text/html 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=224&li=gda_r20211006&jk=1664643238917587&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.186.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra24s06-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 48A3 0
0 73ms
73ms Image
text/html 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=224&li=gda_r20211006&jk=3654491880084665&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.186.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra24s06-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

GET
H3 200 Op0h1o4bLATv4Gekw87wLIhuIhk3mUgQ1PXLVSVUXpk.js Show response
pagead2.googlesyndication.com/bg/ Frame 8AFF 35 KB
13 KB 25ms
23ms Script
text/javascript 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Op0h1o4bLATv4Gekw87wLIhuIhk3mUgQ1PXLVSVUXpk.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

sffe /

Resource Hash

3a9d21d68e1b2c04efe067a4c3cef02c886e221937994810d4f5cb5525545e99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 09 Oct 2021 08:48:37 GMT
content-encoding: br
x-content-type-options: nosniff
age: 8846
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13306
x-xss-protection: 0
last-modified: Tue, 05 Oct 2021 11:38:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="botguard-scs"
expires: Sun, 09 Oct 2022 08:48:37 GMT

GET
H2 200 match Show response
c1.adform.net/serving/cookie/ Frame 3D4D 35 B
467 B 18ms
18ms Document
image/gif 37.157.2.238
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://c1.adform.net/serving/cookie/match?party=14&cid=1AA3EFCE-E4AC-4781-97A6-48DDABCFC96F

Requested by

Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.2.238 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

:method: GET
:authority: c1.adform.net
:scheme: https
:path: /serving/cookie/match?party=14&cid=1AA3EFCE-E4AC-4781-97A6-48DDABCFC96F
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ads.pubmatic.com/
accept-encoding: gzip, deflate, br
cookie: C=1; uid=4937380131954696192
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/

Response headers

server: nginx
date: Sat, 09 Oct 2021 11:16:03 GMT
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate, no-transform
pragma: no-cache
expires: -1
set-cookie: uid=4937380131954696192; expires=Wed, 08 Dec 2021 11:16:03 GMT; domain=adform.net; path=/; secure; samesite=none
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
access-control-allow-methods: GET
access-control-allow-origin: *
access-control-max-age: 86400
strict-transport-security: max-age=31536000; includeSubDomains

GET
H2

200

Pug Show response
image2.pubmatic.com/AdServer/ Frame D6AA
Redirect Chain

https://d5p.de17a.com/getuid/pubmatic?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID
https://d5p.de17a.com/getuid/pubmatic;c?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=7140338647569015128

42 B
211 B

20ms
20ms

Document
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=7140338647569015128
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

:method: GET
:authority: image2.pubmatic.com
:scheme: https
:path: /AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=7140338647569015128
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ads.pubmatic.com/
accept-encoding: gzip, deflate, br
cookie: KADUSERCOOKIE=1AA3EFCE-E4AC-4781-97A6-48DDABCFC96F; chkChromeAb67Sec=1; DPSync3=1634947200%3A201_197_219%7C1633824000%3A174; SyncRTB3=1635033600%3A35%7C1634342400%3A223_15_2%7C1634601600%3A63%7C1636329600%3A203%7C1634947200%3A22_21_222_234_71_99_88_230_220_165_189_231_13_166_55_204_7_81_3_161_56_8_176_54; KRTBCOOKIE_1101=23040-7017023779005855887; PUBMDCID=3; KRTBCOOKIE_391=22924-4937380131954696192&KRTB&23263-4937380131954696192; KRTBCOOKIE_377=6810-82274d85-387b-48ad-b835-767006364a0c&KRTB&22918-82274d85-387b-48ad-b835-767006364a0c&KRTB&23031-82274d85-387b-48ad-b835-767006364a0c; KRTBCOOKIE_27=16735-uid:19456161-79f2-4100-bb55-9f4b376f8410&KRTB&16736-uid:19456161-79f2-4100-bb55-9f4b376f8410&KRTB&23019-uid:19456161-79f2-4100-bb55-9f4b376f8410&KRTB&23114-uid:19456161-79f2-4100-bb55-9f4b376f8410; KRTBCOOKIE_57=22776-361885755173608966; PugT=1633778163; KRTBCOOKIE_409=22966-WaIEHjm6hM6lSEKGqJqvXniE; KRTBCOOKIE_153=19420-KKL4ZSmqqGYz9qwwLPXjYiymrzAz8qo2K_DcmwV1&KRTB&22979-KKL4ZSmqqGYz9qwwLPXjYiymrzAz8qo2K_DcmwV1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/

Response headers

server: nginx
date: Sat, 09 Oct 2021 11:16:03 GMT
content-type: image/gif; charset=utf-8
content-length: 42
set-cookie: KRTBCOOKIE_336=5844-7140338647569015128; domain=pubmatic.com; SameSite=None; secure; expires=Mon, 08-Nov-2021 11:16:03 GMT; path=/ PugT=1633778163; domain=pubmatic.com; SameSite=None; secure; expires=Mon, 08-Nov-2021 11:16:03 GMT; path=/ PUBMDCID=3; domain=pubmatic.com; SameSite=None; secure; expires=Fri, 07-Jan-2022 11:16:03 GMT; path=/
x-lat: lhrpug010:0:2175
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: no-store, no-cache, private

Redirect headers

location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=7140338647569015128
content-length: 0
p3p: CP=NON CURa ADMa DEVa TAIa OUR STP IND UNI COM NAV

GET
H2 200 usersync.aspx Show response
dis.criteo.com/dis/ Frame 5FB8 43 B
335 B 52ms
16ms Document
image/gif 178.250.0.163
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://dis.criteo.com/dis/usersync.aspx?r=3&p=4&cp=pubmaticUS&cu=1&&gdpr=0&gdpr_consent=&url=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCookie=uid:@@CRITEO_USERID@@
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.0.163 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: Kestrel /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

:method: GET
:authority: dis.criteo.com
:scheme: https
:path: /dis/usersync.aspx?r=3&p=4&cp=pubmaticUS&cu=1&&gdpr=0&gdpr_consent=&url=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCookie=uid:@@CRITEO_USERID@@
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ads.pubmatic.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/

Response headers

date: Sat, 09 Oct 2021 11:16:02 GMT
content-type: image/gif
server: Kestrel
cache-control: no-cache
pragma: no-cache
expires: Sat, 09 Oct 2021 00:00:00 GMT
x-errorlevel: 0
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 1351331

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame B3E3
Redirect Chain

https://dsp.adfarm1.adition.com/cookie/?ssp=9
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA=&piggybackCookie=7017023779005855887

42 B
519 B

47ms
13ms

Document
image/gif

185.64.189.110
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA=&piggybackCookie=7017023779005855887
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

:method: GET
:authority: simage2.pubmatic.com
:scheme: https
:path: /AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA=&piggybackCookie=7017023779005855887
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ads.pubmatic.com/
accept-encoding: gzip, deflate, br
cookie: KADUSERCOOKIE=1AA3EFCE-E4AC-4781-97A6-48DDABCFC96F; chkChromeAb67Sec=1; DPSync3=1634947200%3A201_197_219%7C1633824000%3A174; SyncRTB3=1635033600%3A35%7C1634342400%3A223_15_2%7C1634601600%3A63%7C1636329600%3A203%7C1634947200%3A22_21_222_234_71_99_88_230_220_165_189_231_13_166_55_204_7_81_3_161_56_8_176_54
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/

Response headers

server: nginx
date: Sat, 09 Oct 2021 11:16:02 GMT
content-type: image/gif; charset=utf-8
content-length: 42
set-cookie: KRTBCOOKIE_1101=23040-7017023779005855887; domain=pubmatic.com; SameSite=None; secure; expires=Mon, 08-Nov-2021 11:16:02 GMT; path=/ PugT=1633778162; domain=pubmatic.com; SameSite=None; secure; expires=Mon, 08-Nov-2021 11:16:02 GMT; path=/ PUBMDCID=3; domain=pubmatic.com; SameSite=None; secure; expires=Fri, 07-Jan-2022 11:16:02 GMT; path=/
x-lat: amspug016:0:352
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: no-store, no-cache, private

Redirect headers

Server: nginx
Date: Sat, 09 Oct 2021 11:16:03 GMT
Transfer-Encoding: chunked
Connection: keep-alive
p3p: policyref="http://imagesrv.adition.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"
Set-Cookie: UserID1=7017023779005855887; Max-Age=7776000; domain=.adfarm1.adition.com; Path=/; SameSite=None; Secure
Location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA=&piggybackCookie=7017023779005855887

GET
H2

200

Pug Show response
image2.pubmatic.com/AdServer/ Frame 86C9
Redirect Chain

https://match.prod.bidr.io/cookie-sync/pm&gdpr=0&gdpr_consent=
https://match.prod.bidr.io/cookie-sync/pm&gdpr=0&gdpr_consent=?_bee_ppp=1
https://cm.g.doubleclick.net/pixel?google_nid=beeswaxio&google_sc=&google_hm=QUFEeFpFN0N3dlFBQUJUQnFhRWV3QQ&bee_sync_partners=pp%2Csas%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&bee_sy...
https://match.prod.bidr.io/cookie-sync/adx?bee_sync_partners=pp%2Csas%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&bee_sync_hop_count=1
https://bh.contextweb.com/bh/rtset?do=add&pid=558502&ev=AADxZE7CwvQAABTBqaEewA&rurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dsas%252Cpm%26bee_sync_current_partner%3Dpp%2...
https://match.prod.bidr.io/cookie-sync?bee_sync_partners=sas%2Cpm&bee_sync_current_partner=pp&bee_sync_initiator=adx&bee_sync_hop_count=2&ev=AADxZE7CwvQAABTBqaEewA&pid=558502&do=add
https://rtb-csync.smartadserver.com/redir?partnerid=127&partneruserid=AADxZE7CwvQAABTBqaEewA&redirurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dpm%26bee_sync_current_part...
https://match.prod.bidr.io/cookie-sync?bee_sync_partners=pm&bee_sync_current_partner=sas&bee_sync_initiator=adx&bee_sync_hop_count=3&userid=182685407676859629
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyOTcmdGw9MTI5NjAw&piggybackCookie=AADxZE7CwvQAABTBqaEewA

42 B
370 B

18ms
18ms

Document
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyOTcmdGw9MTI5NjAw&piggybackCookie=AADxZE7CwvQAABTBqaEewA
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

:method: GET
:authority: image2.pubmatic.com
:scheme: https
:path: /AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyOTcmdGw9MTI5NjAw&piggybackCookie=AADxZE7CwvQAABTBqaEewA
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ads.pubmatic.com/
accept-encoding: gzip, deflate, br
cookie: KADUSERCOOKIE=1AA3EFCE-E4AC-4781-97A6-48DDABCFC96F; chkChromeAb67Sec=1; DPSync3=1634947200%3A201_197_219%7C1633824000%3A174; SyncRTB3=1635033600%3A35%7C1634342400%3A223_15_2%7C1634601600%3A63%7C1636329600%3A203%7C1634947200%3A22_21_222_234_71_99_88_230_220_165_189_231_13_166_55_204_7_81_3_161_56_8_176_54; KRTBCOOKIE_1101=23040-7017023779005855887; PUBMDCID=3; KRTBCOOKIE_391=22924-4937380131954696192&KRTB&23263-4937380131954696192; KRTBCOOKIE_377=6810-82274d85-387b-48ad-b835-767006364a0c&KRTB&22918-82274d85-387b-48ad-b835-767006364a0c&KRTB&23031-82274d85-387b-48ad-b835-767006364a0c; KRTBCOOKIE_27=16735-uid:19456161-79f2-4100-bb55-9f4b376f8410&KRTB&16736-uid:19456161-79f2-4100-bb55-9f4b376f8410&KRTB&23019-uid:19456161-79f2-4100-bb55-9f4b376f8410&KRTB&23114-uid:19456161-79f2-4100-bb55-9f4b376f8410; KRTBCOOKIE_57=22776-361885755173608966; KRTBCOOKIE_409=22966-WaIEHjm6hM6lSEKGqJqvXniE; KRTBCOOKIE_153=19420-KKL4ZSmqqGYz9qwwLPXjYiymrzAz8qo2K_DcmwV1&KRTB&22979-KKL4ZSmqqGYz9qwwLPXjYiymrzAz8qo2K_DcmwV1; KRTBCOOKIE_80=22987-CAESEEWbvGxHY5Gu6U_3mYHC-OM&KRTB&16514-CAESEEWbvGxHY5Gu6U_3mYHC-OM&KRTB&23025-CAESEEWbvGxHY5Gu6U_3mYHC-OM; SPugT=1633778161; KRTBCOOKIE_336=5844-7140338647569015128; KRTBCOOKIE_594=17105-RX-f6363479-2ca0-4c56-9532-fc8569775f81-003&KRTB&17107-RX-f6363479-2ca0-4c56-9532-fc8569775f81-003; KRTBCOOKIE_22=14911-3249253400770129919; KRTBCOOKIE_218=22978-YWF58wAHu0g07wAR&KRTB&23194-YWF58wAHu0g07wAR&KRTB&23209-YWF58wAHu0g07wAR&KRTB&23244-YWF58wAHu0g07wAR; KRTBCOOKIE_188=3189-cd29895b-fe88-4c5e-bcc5-026a88f946c6-616179f3-5553; KRTBCOOKIE_466=16530-caa73cde-4789-4340-af13-3e28019b1b82; PugT=1633778162
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/

Response headers

server: nginx
date: Sat, 09 Oct 2021 11:16:04 GMT
content-type: image/gif; charset=utf-8
content-length: 42
set-cookie: KRTBCOOKIE_699=22727-AADxZE7CwvQAABTBqaEewA; domain=pubmatic.com; SameSite=None; secure; expires=Mon, 08-Nov-2021 11:16:04 GMT; path=/ PugT=1633778164; domain=pubmatic.com; SameSite=None; secure; expires=Mon, 08-Nov-2021 11:16:04 GMT; path=/ PUBMDCID=3; domain=pubmatic.com; SameSite=None; secure; expires=Fri, 07-Jan-2022 11:16:04 GMT; path=/
x-lat: lhrpug009:0:523
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: no-store, no-cache, private

Redirect headers

Date: Sat, 09 Oct 2021 11:16:04 GMT
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyOTcmdGw9MTI5NjAw&piggybackCookie=AADxZE7CwvQAABTBqaEewA
Server: nginx
strict-transport-security: max-age=2592000; includeSubDomains
Content-Length: 0
Connection: keep-alive

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame 6A79
Redirect Chain

https://csync.loopme.me/?redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzImdGw9MTI5NjAw&piggybackCookie={device_id}&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?vcode&gdpr_consent=null&piggybackCookie={device_id}&gdpr=0

0
107 B

46ms
13ms

Document
text/html

185.64.189.110
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode&gdpr_consent=null&piggybackCookie={device_id}&gdpr=0
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:method: GET
:authority: simage2.pubmatic.com
:scheme: https
:path: /AdServer/Pug?vcode&gdpr_consent=null&piggybackCookie={device_id}&gdpr=0
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ads.pubmatic.com/
accept-encoding: gzip, deflate, br
cookie: KADUSERCOOKIE=1AA3EFCE-E4AC-4781-97A6-48DDABCFC96F; chkChromeAb67Sec=1; DPSync3=1634947200%3A201_197_219%7C1633824000%3A174; SyncRTB3=1635033600%3A35%7C1634342400%3A223_15_2%7C1634601600%3A63%7C1636329600%3A203%7C1634947200%3A22_21_222_234_71_99_88_230_220_165_189_231_13_166_55_204_7_81_3_161_56_8_176_54
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/

Response headers

server: nginx
date: Sat, 09 Oct 2021 11:16:01 GMT
content-type: text/html; charset=utf-8
x-lat: amspug020:2:324
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: no-store, no-cache, private
content-encoding: gzip

Redirect headers

set-cookie: viewer_token=c687f740-02e6-4187-a5a5-037921b5a531; path=/; domain=csync.loopme.me; Expires=Tue, 09-Nov-2021 11:16:03 GMT
location: https://simage2.pubmatic.com/AdServer/Pug?vcode&gdpr_consent=null&piggybackCookie={device_id}&gdpr=0
content-length: 0
date: Sat, 09 Oct 2021 11:16:03 GMT
server: _

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame 4433
Redirect Chain

https://sync.1rx.io/usersync2/pubmatic&gdpr=0&gdpr_consent=
https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=6602234288
https://sync.1rx.io/usersync/tradedesk/82274d85-387b-48ad-b835-767006364a0c
https://sync.targeting.unrulymedia.com/csync/RX-f6363479-2ca0-4c56-9532-fc8569775f81-003?redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA%...
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=RX-f6363479-2ca0-4c56-9532-fc8569775f81-003

42 B
370 B

13ms
13ms

Document
image/gif

185.64.189.110
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=RX-f6363479-2ca0-4c56-9532-fc8569775f81-003
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

:method: GET
:authority: simage2.pubmatic.com
:scheme: https
:path: /AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=RX-f6363479-2ca0-4c56-9532-fc8569775f81-003
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ads.pubmatic.com/
accept-encoding: gzip, deflate, br
cookie: KADUSERCOOKIE=1AA3EFCE-E4AC-4781-97A6-48DDABCFC96F; chkChromeAb67Sec=1; DPSync3=1634947200%3A201_197_219%7C1633824000%3A174; SyncRTB3=1635033600%3A35%7C1634342400%3A223_15_2%7C1634601600%3A63%7C1636329600%3A203%7C1634947200%3A22_21_222_234_71_99_88_230_220_165_189_231_13_166_55_204_7_81_3_161_56_8_176_54; KRTBCOOKIE_1101=23040-7017023779005855887; PUBMDCID=3; KRTBCOOKIE_391=22924-4937380131954696192&KRTB&23263-4937380131954696192; KRTBCOOKIE_377=6810-82274d85-387b-48ad-b835-767006364a0c&KRTB&22918-82274d85-387b-48ad-b835-767006364a0c&KRTB&23031-82274d85-387b-48ad-b835-767006364a0c; KRTBCOOKIE_27=16735-uid:19456161-79f2-4100-bb55-9f4b376f8410&KRTB&16736-uid:19456161-79f2-4100-bb55-9f4b376f8410&KRTB&23019-uid:19456161-79f2-4100-bb55-9f4b376f8410&KRTB&23114-uid:19456161-79f2-4100-bb55-9f4b376f8410; KRTBCOOKIE_57=22776-361885755173608966; PugT=1633778163; KRTBCOOKIE_409=22966-WaIEHjm6hM6lSEKGqJqvXniE; KRTBCOOKIE_153=19420-KKL4ZSmqqGYz9qwwLPXjYiymrzAz8qo2K_DcmwV1&KRTB&22979-KKL4ZSmqqGYz9qwwLPXjYiymrzAz8qo2K_DcmwV1; KRTBCOOKIE_80=22987-CAESEEWbvGxHY5Gu6U_3mYHC-OM&KRTB&16514-CAESEEWbvGxHY5Gu6U_3mYHC-OM&KRTB&23025-CAESEEWbvGxHY5Gu6U_3mYHC-OM; SPugT=1633778161; KRTBCOOKIE_336=5844-7140338647569015128
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/

Response headers

server: nginx
date: Sat, 09 Oct 2021 11:16:02 GMT
content-type: image/gif; charset=utf-8
content-length: 42
set-cookie: KRTBCOOKIE_594=17105-RX-f6363479-2ca0-4c56-9532-fc8569775f81-003&KRTB&17107-RX-f6363479-2ca0-4c56-9532-fc8569775f81-003; domain=pubmatic.com; SameSite=None; secure; expires=Fri, 07-Jan-2022 11:16:02 GMT; path=/ PugT=1633778162; domain=pubmatic.com; SameSite=None; secure; expires=Mon, 08-Nov-2021 11:16:02 GMT; path=/ PUBMDCID=3; domain=pubmatic.com; SameSite=None; secure; expires=Fri, 07-Jan-2022 11:16:02 GMT; path=/
x-lat: amspug018:0:354
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: no-store, no-cache, private

Redirect headers

server: Tengine
date: Sat, 09 Oct 2021 11:16:03 GMT
content-type: text/html
set-cookie: _rxuuid=%7B%22rx_uuid%22%3A%22RX-f6363479-2ca0-4c56-9532-fc8569775f81-003%22%7D; path=/; expires=Sun, 09 Oct 2022 11:16:03 GMT; domain=.targeting.unrulymedia.com; samesite=none; secure; httponly
p3p: CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=RX-f6363479-2ca0-4c56-9532-fc8569775f81-003
etag: RXf63634792ca04c569532fc8569775f81003

GET
H2

200

Pug Show response
image2.pubmatic.com/AdServer/ Frame A4F7
Redirect Chain

https://green.erne.co/pubmatic/cm?
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4ODQmdGw9MTI5NjAw&piggybackCookie=WaIEHjm6hM6lSEKGqJqvXniE

42 B
218 B

30ms
18ms

Document
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4ODQmdGw9MTI5NjAw&piggybackCookie=WaIEHjm6hM6lSEKGqJqvXniE
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

:method: GET
:authority: image2.pubmatic.com
:scheme: https
:path: /AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4ODQmdGw9MTI5NjAw&piggybackCookie=WaIEHjm6hM6lSEKGqJqvXniE
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ads.pubmatic.com/
accept-encoding: gzip, deflate, br
cookie: KADUSERCOOKIE=1AA3EFCE-E4AC-4781-97A6-48DDABCFC96F; chkChromeAb67Sec=1; DPSync3=1634947200%3A201_197_219%7C1633824000%3A174; SyncRTB3=1635033600%3A35%7C1634342400%3A223_15_2%7C1634601600%3A63%7C1636329600%3A203%7C1634947200%3A22_21_222_234_71_99_88_230_220_165_189_231_13_166_55_204_7_81_3_161_56_8_176_54
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/

Response headers

server: nginx
date: Sat, 09 Oct 2021 11:16:03 GMT
content-type: image/gif; charset=utf-8
content-length: 42
set-cookie: KRTBCOOKIE_409=22966-WaIEHjm6hM6lSEKGqJqvXniE; domain=pubmatic.com; SameSite=None; secure; expires=Mon, 08-Nov-2021 11:16:03 GMT; path=/ PugT=1633778163; domain=pubmatic.com; SameSite=None; secure; expires=Mon, 08-Nov-2021 11:16:03 GMT; path=/ PUBMDCID=3; domain=pubmatic.com; SameSite=None; secure; expires=Fri, 07-Jan-2022 11:16:03 GMT; path=/
x-lat: lhrpug019:0:583
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: no-store, no-cache, private

Redirect headers

server: openresty
date: Sat, 09 Oct 2021 11:16:03 GMT
content-length: 0
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
set-cookie: u=WaIEHjm6hM6lSEKGqJqvXniE; Max-Age=31536000; Domain=.erne.co; Path=/; Secure; SameSite=None
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4ODQmdGw9MTI5NjAw&piggybackCookie=WaIEHjm6hM6lSEKGqJqvXniE
strict-transport-security: max-age=0; includeSubDomains;

GET
H2 200 dpe Show response
ad4m.at/ad/ Frame B1C8 42 B
974 B 88ms
42ms Document
image/gif 104.26.10.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ad4m.at/ad/dpe?b=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjkmdGw9MTI5NjAw&piggybackCookie=$UID

Requested by

Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.26.10.209 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; report-to report-endpoint; report-uri https://as.ad4m.at/ad/rcv; upgrade-insecure-requests; sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox

Request headers

:method: GET
:authority: ad4m.at
:scheme: https
:path: /ad/dpe?b=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjkmdGw9MTI5NjAw&piggybackCookie=$UID
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ads.pubmatic.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/

Response headers

date: Sat, 09 Oct 2021 11:16:03 GMT
content-type: image/gif
content-length: 42
report-to: {"endpoints":[{"url":"https://as.ad4m.at/ad/vre"}],"group":"report-endpoint","max_age":86400}
nel: {"failure_fraction":"1.0","max_age":86400,"report_to":"report-endpoint","success_fraction":"0.0"}
expires: 0
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate
content-security-policy: block-all-mixed-content; report-to report-endpoint; report-uri https://as.ad4m.at/ad/rcv; upgrade-insecure-requests; sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox
feature-policy: geolocation 'none';midi 'none';sync-xhr 'none';microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';fullscreen 'none';payment 'none';accelerometer 'none';usb 'none';autoplay 'self'
referrer-policy: same-origin
pragma: no-cache
surrogate-control: no-store
x-fastcgi-cache: BYPASS
x-backend-server: adsrv-7b12
via: 1.1 google
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 69b731cfaad3407d-LHR

GET
H/1.1 200
OK bridge Show response
cm.adgrx.com/ Frame 7199 43 B
408 B 62ms
17ms Document
image/gif 63.251.232.170
VOXEL-DOT-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://cm.adgrx.com/bridge?AG_PID=pubmatic&AG_SETCOOKIE&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 63.251.232.170 , United States, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS: ams-mon-1.sys.adgear.com
Software: Cowboy /
Resource Hash: 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

Host: cm.adgrx.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://ads.pubmatic.com/
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/

Response headers

Date: Sat, 09 Oct 2021 11:16:03 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
server: Cowboy
X-RealServer-NX: ams-delivery-2
Cache-Control: no-cache, no-store, must-revalidate, proxy-revalidate
Pragma: no-cache
Expires: Thu, 23 Sep 2004 17:42:04 GMT
P3P: CP="NOI OTC OTP OUR NOR"
Access-Control-Allow-Origin: *

GET
H2

200

i.match Show response
s.tribalfusion.com/z/ Frame CBDC
Redirect Chain

https://a.tribalfusion.com/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATI...
https://s.tribalfusion.com/z/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMA...

43 B
415 B

167ms
166ms

Document
image/gif

104.18.12.5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://s.tribalfusion.com/z/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID}
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.12.5 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4f49e616d278a16d9cd55a6d5fe19c99ebd37d7d3848d14422190618b67011e0

Request headers

:method: GET
:authority: s.tribalfusion.com
:scheme: https
:path: /z/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID}
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ads.pubmatic.com/
accept-encoding: gzip, deflate, br
cookie: ANON_ID=ahnoeUm5abnAyuoEVMZdOhJZcGYQUtXP7WBgldPWNQ
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/

Response headers

date: Sat, 09 Oct 2021 11:16:03 GMT
content-type: image/gif; charset=utf-8
content-length: 43
p3p: CP="NOI DEVo TAIa OUR BUS"
x-function: 302
cache-control: no-cache private
expires: Thu, 01 Jan 1970 00:00:00 GMT
pragma: no-cache
set-cookie: ANON_ID=aqnseFmMZaE9DXqwmyCEIV7Gl6EoVuUUstaCDQ5oTZcsAT5STZcFX3oAiDJRQPqu0lHg0kfrlyZdqs49bFnTsLdb; path=/; domain=.tribalfusion.com; expires=Fri, 07-Jan-2022 11:16:03 GMT; SameSite=None; Secure; ANON_ID_old=aqnseFmMZaE9DXqwmyCEIV7Gl6EoVuUUstaCDQ5oTZcsAT5STZcFX3oAiDJRQPqu0lHg0kfrlyZdqs49bFnTsLdb; path=/; domain=.tribalfusion.com; expires=Fri, 07-Jan-2022 11:16:03 GMT;
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 69b731d0a87ffaf6-DUS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

Redirect headers

date: Sat, 09 Oct 2021 11:16:03 GMT
content-type: text/html
p3p: CP="NOI DEVo TAIa OUR BUS"
x-function: 206
x-reuse-index: 2637
cache-control: no-cache private
expires: Thu, 01 Jan 1970 00:00:00 GMT
pragma: no-cache
set-cookie: ANON_ID=ahnoeUm5abnAyuoEVMZdOhJZcGYQUtXP7WBgldPWNQ; path=/; domain=.tribalfusion.com; expires=Fri, 07-Jan-2022 11:16:03 GMT; SameSite=None; Secure; ANON_ID_old=ahnoeUm5abnAyuoEVMZdOhJZcGYQUtXP7WBgldPWNQ; path=/; domain=.tribalfusion.com; expires=Fri, 07-Jan-2022 11:16:03 GMT;
location: https://s.tribalfusion.com/z/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID}
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 69b731cf9f0cfaf6-DUS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H2

200

rtb-h Show response
match.taboola.com/sg/pubmatic-ssp-network/1/ Frame 4281
Redirect Chain

https://trc.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw&piggybackCookie=uid:$UID
https://match.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&tbid=ba4bdfc4-d0d9-4bba-b6e7-037579143302-tuct85aff73&query=taboola_hm%3D1%26redir%3Dhttps%3A%2F%2Fsimage2.pubmatic.com%2FAdSe...

0
53 B

17ms
16ms

Document
text/plain

151.101.129.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://match.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&tbid=ba4bdfc4-d0d9-4bba-b6e7-037579143302-tuct85aff73&query=taboola_hm%3D1%26redir%3Dhttps%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw%26piggybackCookie%3Duid%3A%24UID&isDirect=0
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.129.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:method: GET
:authority: match.taboola.com
:scheme: https
:path: /sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&tbid=ba4bdfc4-d0d9-4bba-b6e7-037579143302-tuct85aff73&query=taboola_hm%3D1%26redir%3Dhttps%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw%26piggybackCookie%3Duid%3A%24UID&isDirect=0
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ads.pubmatic.com/
accept-encoding: gzip, deflate, br
cookie: t_gid=ba4bdfc4-d0d9-4bba-b6e7-037579143302-tuct85aff73
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/

Response headers

server: nginx
accept-ranges: bytes
date: Sat, 09 Oct 2021 11:16:03 GMT
via: 1.1 varnish
x-served-by: cache-hhn4028-HHN
x-cache: MISS
x-cache-hits: 0
x-timer: S1633778163.146142,VS0,VE9
content-length: 0

Redirect headers

server: nginx
set-cookie: t_gid=ba4bdfc4-d0d9-4bba-b6e7-037579143302-tuct85aff73;Version=1;Path=/;Domain=.taboola.com;Expires=Sun, 09-Oct-2022 11:16:03 GMT;Max-Age=31536000;Secure;SameSite=None
location: https://match.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&tbid=ba4bdfc4-d0d9-4bba-b6e7-037579143302-tuct85aff73&query=taboola_hm%3D1%26redir%3Dhttps%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw%26piggybackCookie%3Duid%3A%24UID&isDirect=0
accept-ranges: bytes
date: Sat, 09 Oct 2021 11:16:03 GMT
via: 1.1 varnish
x-served-by: cache-hhn4028-HHN
x-cache: MISS
x-cache-hits: 0
x-timer: S1633778163.129878,VS0,VE9
x-vcl-time-ms: 9
content-length: 0

GET
H2 200 141 Show response
match.deepintent.com/usersync/ Frame 42DE 0
44 B 295ms
97ms Document
text/plain 38.91.45.7
DEEPINTENT

General

Check archive.org

Show headers Download Go to

Full URL: https://match.deepintent.com/usersync/141?gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 38.91.45.7 , United States, ASN398989 (DEEPINTENT, US),
Reverse DNS
Software: a /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:method: GET
:authority: match.deepintent.com
:scheme: https
:path: /usersync/141?gdpr=0&gdpr_consent=
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ads.pubmatic.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/

Response headers

content-length: 0
date: Sat, 09 Oct 2021 11:16:03 GMT
server: a

GET
H2

200

user_sync.html
ads.pubmatic.com/AdServer/js/ Frame E8BE
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=GqPvzuSsR4GXpkjdq8_Jbw%3D%3D
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=

14 KB
14 KB

12ms
11ms

Image
text/html

2.18.233.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 09 Oct 2021 11:16:03 GMT
content-encoding: gzip
last-modified: Tue, 15 Jun 2021 06:08:03 GMT
server: Apache/2.2.15 (CentOS)
etag: "1300708-3945-5c4c7cc02bd56"
vary: Accept-Encoding
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: max-age=100786
accept-ranges: bytes
content-type: text/html; charset=UTF-8
content-length: 5054
expires: Sun, 10 Oct 2021 15:15:49 GMT

Redirect headers

pragma: no-cache
date: Sat, 09 Oct 2021 11:16:03 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 272
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

SPug
image4.pubmatic.com/AdServer/ Frame E8BE
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=3&redir=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3FpartnerID%3D27%26partnerUID%3D%5BMM_UUID%5D
https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=19456161-79f2-4100-bb55-9f4b376f8410

0
260 B

61ms
18ms

Image
text/plain

185.64.190.81
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=19456161-79f2-4100-bb55-9f4b376f8410
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.81 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 09 Oct 2021 11:16:02 GMT
cache-control: no-store, no-cache, private
server: nginx
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Date: Sat, 09 Oct 2021 11:16:03 GMT
Server: MT3 3984 0e3af3b master cdg-pixel-x26 config:1.0.0
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=19456161-79f2-4100-bb55-9f4b376f8410
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Sat, 09 Oct 2021 11:16:02 GMT

GET
H2

200

mw
mwzeom.zeotap.com/ Frame E8BE
Redirect Chain

https://pixel.onaudience.com/?partner=214&mapped=1AA3EFCE-E4AC-4781-97A6-48DDABCFC96F
https://match.adsrvr.org/track/cmf/generic?ttd_pid=xksw9la&ttd_tpi=1
https://pixel.onaudience.com/?partner=147&mapped=82274d85-387b-48ad-b835-767006364a0c&icm
https://sync.crwdcntrl.net/map/c=8587/tp=CLOD?https%3A%2F%2Fpixel.onaudience.com%2F%3Fpartner%3D104%26icm%26cver%26mapped%3D%24%7Bprofile_id%7D
https://sync.crwdcntrl.net/map/ct=y/c=8587/tp=CLOD?https%3A%2F%2Fpixel.onaudience.com%2F%3Fpartner%3D104%26icm%26cver%26mapped%3D%24%7Bprofile_id%7D
https://pixel.onaudience.com/?partner=104&icm&cver&mapped=e41660fc5e3b215ca4490ca56b31a7ce
https://spl.zeotap.com/?zdid=1332&zcluid=da94984a679036bf
https://cm.g.doubleclick.net/pixel?google_nid=zeotap_ddp&google_cm&zpartnerid=1&env=mWeb&eventType=map&id_mid_4=c5c0b978-1dd9-440e-5381-fbdb67b5647a&reqId=5b671c37-6d89-4360-7485-d6ba2aaed54e&zclui...
https://mwzeom.zeotap.com/mw?google_gid=CAESEFm8OxY_NF3i-qD2Aqrp_9Y&google_cver=1&zpartnerid=1&env=mWeb&eventType=map&id_mid_4=c5c0b978-1dd9-440e-5381-fbdb67b5647a&reqId=5b671c37-6d89-4360-7485-d6b...

95 B
164 B

46ms
37ms

Image
image/png

104.22.25.87
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?google_gid=CAESEFm8OxY_NF3i-qD2Aqrp_9Y&google_cver=1&zpartnerid=1&env=mWeb&eventType=map&id_mid_4=c5c0b978-1dd9-440e-5381-fbdb67b5647a&reqId=5b671c37-6d89-4360-7485-d6ba2aaed54e&zcluid=da94984a679036bf&zdid=1332
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.22.25.87 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 09 Oct 2021 11:16:03 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://ads.pubmatic.com
access-control-allow-credentials: true
cf-ray: 69b731d2fae8faee-DUS
access-control-allow-headers: *
content-length: 95

Redirect headers

pragma: no-cache
date: Sat, 09 Oct 2021 11:16:03 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://mwzeom.zeotap.com/mw?google_gid=CAESEFm8OxY_NF3i-qD2Aqrp_9Y&google_cver=1&zpartnerid=1&env=mWeb&eventType=map&id_mid_4=c5c0b978-1dd9-440e-5381-fbdb67b5647a&reqId=5b671c37-6d89-4360-7485-d6ba2aaed54e&zcluid=da94984a679036bf&zdid=1332
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 469
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

Pug
image2.pubmatic.com/AdServer/ Frame E8BE
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=MUFBM0VGQ0UtRTRBQy00NzgxLTk3QTYtNDhEREFCQ0ZDOTZG&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=

42 B
110 B

18ms
18ms

Image
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 09 Oct 2021 11:16:03 GMT
cache-control: no-store, no-cache, private
x-lat: lhrpug002:0:513
server: nginx
content-type: image/gif; charset=utf-8
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma: no-cache
date: Sat, 09 Oct 2021 11:16:03 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

Pug
image2.pubmatic.com/AdServer/ Frame E8BE
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm&google_sc&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEEWbvGxHY5Gu6U_3mYHC-OM&google_cver=1

42 B
285 B

18ms
17ms

Image
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEEWbvGxHY5Gu6U_3mYHC-OM&google_cver=1
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 09 Oct 2021 11:16:03 GMT
cache-control: no-store, no-cache, private
x-lat: lhrpug006:0:384
server: nginx
content-type: image/gif; charset=utf-8
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma: no-cache
date: Sat, 09 Oct 2021 11:16:03 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEEWbvGxHY5Gu6U_3mYHC-OM&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 379
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pubmatic
um.simpli.fi/ Frame E8BE 43 B
608 B 54ms
12ms Image
image/gif 159.253.128.188
SOFTLAYER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://um.simpli.fi/pubmatic?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODA2JnRsPTUxODQwMA==&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent=

Requested by

Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

159.253.128.188 Amsterdam, Netherlands, ASN36351 (SOFTLAYER, US),

Reverse DNS

bc.80.fd9f.ip4.static.sl-reverse.com

Software

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 09 Oct 2021 11:16:03 GMT
x-content-type-options: nosniff
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
access-control-allow-methods: GET, POST, OPTIONS
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 43
expires: Fri, 08 Oct 2021 11:16:03 GMT

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/ Frame E8BE
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=pubmatic&ttd_tpi=1&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=82274d85-387b-48ad-b835-767006364a0c

42 B
294 B

27ms
14ms

Image
image/gif

185.64.189.110
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=82274d85-387b-48ad-b835-767006364a0c
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 09 Oct 2021 11:16:02 GMT
cache-control: no-store, no-cache, private
x-lat: amspug018:0:417
server: nginx
content-type: image/gif; charset=utf-8
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma: no-cache
date: Sat, 09 Oct 2021 11:16:03 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=82274d85-387b-48ad-b835-767006364a0c
cache-control: private,no-cache, must-revalidate
content-type: text/html
content-length: 313

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/ Frame E8BE
Redirect Chain

https://c1.adform.net/serving/cookie/match?party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COO...
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=4937380131954696192

42 B
388 B

31ms
14ms

Image
image/gif

185.64.189.110
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=4937380131954696192
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 09 Oct 2021 11:16:01 GMT
cache-control: no-store, no-cache, private
x-lat: amspug005:0:374
server: nginx
content-type: image/gif; charset=utf-8
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma: no-cache
date: Sat, 09 Oct 2021 11:16:03 GMT
server: nginx
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=4937380131954696192
access-control-max-age: 86400
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/ Frame E8BE
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=3&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA%3D%3D%26piggybackCookie%3...
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA==&piggybackCookie=uid:19456161-79f2-4100-bb55-9f4b376f8410&gdpr=0&gdpr_consent=

42 B
341 B

31ms
15ms

Image
image/gif

185.64.189.110
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA==&piggybackCookie=uid:19456161-79f2-4100-bb55-9f4b376f8410&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 09 Oct 2021 11:16:01 GMT
cache-control: no-store, no-cache, private
x-lat: amspug007:0:406
server: nginx
content-type: image/gif; charset=utf-8
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Date: Sat, 09 Oct 2021 11:16:03 GMT
Server: MT3 3984 0e3af3b master cdg-pixel-x30 config:1.0.0
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA==&piggybackCookie=uid:19456161-79f2-4100-bb55-9f4b376f8410&gdpr=0&gdpr_consent=
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Sat, 09 Oct 2021 11:16:02 GMT

GET
H2

200

Pug
image2.pubmatic.com/AdServer/ Frame E8BE
Redirect Chain

https://ib.adnxs.com/getuid?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=$UID&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=361885755173608966&gdpr=0&gdpr_consent=

42 B
518 B

63ms
17ms

Image
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=361885755173608966&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 09 Oct 2021 11:16:03 GMT
cache-control: no-store, no-cache, private
x-lat: lhrpug013:0:460
server: nginx
content-type: image/gif; charset=utf-8
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Pragma: no-cache
Date: Sat, 09 Oct 2021 11:16:03 GMT
X-Proxy-Origin: 216.131.111.174; 216.131.111.174; 693.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid: ecab213f-039a-45c1-8791-6176a2e51e77
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=361885755173608966&gdpr=0&gdpr_consent=
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

Pug
image2.pubmatic.com/AdServer/ Frame E8BE
Redirect Chain

https://pixel.quantserve.com/pixel/p-5aWVS_roA1dVM.gif?idmatch=0&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=KKL4ZSmqqGYz9qwwLPXjYiymrzAz8qo2K_DcmwV1

42 B
273 B

40ms
18ms

Image
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=KKL4ZSmqqGYz9qwwLPXjYiymrzAz8qo2K_DcmwV1
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 09 Oct 2021 11:16:03 GMT
cache-control: no-store, no-cache, private
x-lat: lhrpug015:0:506
server: nginx
content-type: image/gif; charset=utf-8
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma: no-cache
date: Sat, 09 Oct 2021 11:16:03 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
location: https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=KKL4ZSmqqGYz9qwwLPXjYiymrzAz8qo2K_DcmwV1
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 0
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2

200

SPug
image4.pubmatic.com/AdServer/ Frame E8BE
Redirect Chain

https://ups.analytics.yahoo.com/ups/58292/sync?_origin=1&uid=1AA3EFCE-E4AC-4781-97A6-48DDABCFC96F&redir=true&gdpr=0&gdpr_consent=
https://ups.analytics.yahoo.com/ups/58292/sync?_origin=1&uid=1AA3EFCE-E4AC-4781-97A6-48DDABCFC96F&redir=true&gdpr=0&gdpr_consent=&verify=true
https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-FeSEWh9E2uXge0LXU.dtaesbwCpUAk4-~A&gdpr=0&gdpr_consent=

0
128 B

19ms
18ms

Image
text/plain

185.64.190.81
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-FeSEWh9E2uXge0LXU.dtaesbwCpUAk4-~A&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.81 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 09 Oct 2021 11:16:01 GMT
cache-control: no-store, no-cache, private
server: nginx
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Date: Sat, 09 Oct 2021 11:16:03 GMT
Server: ATS/7.1.2.138
Age: 0
Strict-Transport-Security: max-age=31536000
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Location: https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-FeSEWh9E2uXge0LXU.dtaesbwCpUAk4-~A&gdpr=0&gdpr_consent=
Connection: keep-alive
Content-Length: 0

GET
H2 200 1AA3EFCE-E4AC-4781-97A6-48DDABCFC96F
pr-bh.ybp.yahoo.com/sync/pubmatic/ Frame E8BE 43 B
840 B 132ms
42ms Image
image/gif 212.82.100.176
YAHOO-IRD

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pr-bh.ybp.yahoo.com/sync/pubmatic/1AA3EFCE-E4AC-4781-97A6-48DDABCFC96F?gdpr=0&gdpr_consent=

Requested by

Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

212.82.100.176 Dublin, Ireland, ASN34010 (YAHOO-IRD, GB),

Reverse DNS

pr-bh-ing.pbp.vip.ir2.yahoo.com

Software

ATS /

Resource Hash

48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 09 Oct 2021 11:16:03 GMT
referrer-policy: strict-origin-when-cross-origin
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=31536000
content-type: image/gif
x-xss-protection: 1; mode=block
content-length: 43
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/ Frame E8BE
Redirect Chain

https://x.bidswitch.net/sync?ssp=pubmatic&gdpr=0&gdpr_consent=
https://x.bidswitch.net/ul_cb/sync?ssp=pubmatic&gdpr=0&gdpr_consent=
https://rtb.mfadsrvr.com/sync?ssp=bidswitch&bidswitch_ssp_id=pubmatic&bsw_user_id=caa73cde-4789-4340-af13-3e28019b1b82
https://rtb.mfadsrvr.com/ul_cb/sync?ssp=bidswitch&bidswitch_ssp_id=pubmatic&bsw_user_id=caa73cde-4789-4340-af13-3e28019b1b82
https://x.bidswitch.net/sync?dsp_id=250&expires=14&user_id=307a5f5c-3cd9-4de8-ae76-f909dcc642bd&ssp=pubmatic
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=caa73cde-4789-4340-af13-3e28019b1b82&gdpr=&gdpr_consent=&gdpr_pd=

1 B
280 B

13ms
12ms

Image
text/html

185.64.189.110
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=caa73cde-4789-4340-af13-3e28019b1b82&gdpr=&gdpr_consent=&gdpr_pd=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 09 Oct 2021 11:16:02 GMT
cache-control: no-store, no-cache, private
x-lat: amspug016:0:426
server: nginx
content-type: text/html; charset=utf-8
content-length: 1
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Location: //simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=caa73cde-4789-4340-af13-3e28019b1b82&gdpr=&gdpr_consent=&gdpr_pd=
Date: Sat, 09 Oct 2021 11:16:03 GMT
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 0

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/ Frame E8BE
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/b9pj45k4?redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%7D%...
https://sync-tm.everesttech.net/ct/upi/pid/b9pj45k4?redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%...
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=YWF58wAHu0g07wAR&gdpr=0&gdpr_consent=&_test=YWF58wAHu0g07wAR

1 B
335 B

13ms
13ms

Image
text/html

185.64.189.110
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=YWF58wAHu0g07wAR&gdpr=0&gdpr_consent=&_test=YWF58wAHu0g07wAR
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 09 Oct 2021 11:16:01 GMT
cache-control: no-store, no-cache, private
x-lat: amspug007:0:555
server: nginx
content-type: text/html; charset=utf-8
content-length: 1
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma: no-cache
date: Sat, 09 Oct 2021 11:16:03 GMT
via: 1.1 varnish
server: Varnish
x-timer: S1633778163.319694,VS0,VE0
x-served-by: cache-hhn4042-HHN
x-cache: HIT
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=YWF58wAHu0g07wAR&gdpr=0&gdpr_consent=&_test=YWF58wAHu0g07wAR
cache-control: no-cache
accept-ranges: bytes
content-length: 0
retry-after: 0
x-cache-hits: 0

GET
H2 204 current
pubmatic-match.dotomi.com/match/bounce/ Frame E8BE 0
104 B 58ms
24ms Image
text/plain 63.215.202.140
VCLK-EU-SE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pubmatic-match.dotomi.com/match/bounce/current?networkId=17100&version=1&nuid=1AA3EFCE-E4AC-4781-97A6-48DDABCFC96F&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 63.215.202.140 Amsterdam, Netherlands, ASN41041 (VCLK-EU-SE, US),
Reverse DNS: ams01-login.dotomi.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 09 Oct 2021 11:16:03 GMT
cache-control: no-cache, private, max-age=0, no-store
server: nginx
expires: 0

GET
H2

200

Pug
image2.pubmatic.com/AdServer/ Frame E8BE
Redirect Chain

https://pixel-sync.sitescout.com/dmp/pixelSync?nid=3&gdpr=0&gdpr_consent=
https://pixel-sync.sitescout.com/dmp/pixelSync?cookieQ=1&nid=3&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5NjkmdGw9MjU5MjAw=&piggybackCookie=cd29895b-fe88-4c5e-bcc5-026a88f946c6-616179f3-5553&gdpr=0&gdpr_consent=

42 B
232 B

18ms
18ms

Image
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5NjkmdGw9MjU5MjAw=&piggybackCookie=cd29895b-fe88-4c5e-bcc5-026a88f946c6-616179f3-5553&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 09 Oct 2021 11:16:03 GMT
cache-control: no-store, no-cache, private
x-lat: lhrpug010:0:444
server: nginx
content-type: image/gif; charset=utf-8
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma: no-cache
date: Sat, 09 Oct 2021 11:16:02 GMT
server: AC1.1
p3p: CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5NjkmdGw9MjU5MjAw=&piggybackCookie=cd29895b-fe88-4c5e-bcc5-026a88f946c6-616179f3-5553&gdpr=0&gdpr_consent=
cache-control: max-age=0,no-cache,no-store
content-length: 0
expires: Tue, 11 Oct 1977 12:34:56 GMT

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/ Frame E8BE
Redirect Chain

https://ad.turn.com/r/cs?pid=1&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=3249253400770129919&gdpr=0&gdpr_consent=&us_privacy=

1 B
267 B

13ms
12ms

Image
text/html

185.64.189.110
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=3249253400770129919&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 09 Oct 2021 11:16:01 GMT
cache-control: no-store, no-cache, private
x-lat: amspug014:0:422
server: nginx
content-type: text/html; charset=utf-8
content-length: 1
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=3249253400770129919&gdpr=0&gdpr_consent=&us_privacy=
pragma: no-cache
date: Sat, 09 Oct 2021 11:16:02 GMT
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length: 0
p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/ Frame E8BE
Redirect Chain

https://match.adsby.bidtheatre.com/pubmaticmatch?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?piggybackCookie=uid:38dfeb8f-709e-4b05-a52e-55c96511e93f&vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw

42 B
210 B

13ms
12ms

Image
image/gif

185.64.189.110
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?piggybackCookie=uid:38dfeb8f-709e-4b05-a52e-55c96511e93f&vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 09 Oct 2021 11:16:01 GMT
cache-control: no-store, no-cache, private
x-lat: amspug006:0:373
server: nginx
content-type: image/gif; charset=utf-8
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Location: https://simage2.pubmatic.com/AdServer/Pug?piggybackCookie=uid:38dfeb8f-709e-4b05-a52e-55c96511e93f&vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw
Date: Sat, 09 Oct 2021 11:16:03 GMT
Server: Apache/2.4.41 (Ubuntu)
Connection: Keep-Alive
Keep-Alive: timeout=5, max=3000
Content-Length: 0
P3P: policyref="/w3c/p3p.xml", CP="DSP NON LAW OUR CUR DEVo PSAo PSDo IND STA NAV COM INT"

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/ Frame E8BE
Redirect Chain

https://ads.playground.xyz/usersync/apn?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=$UID
https://secure.adnxs.com/getuid?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=$UID
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=361885755173608966

42 B
210 B

13ms
12ms

Image
image/gif

185.64.189.110
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=361885755173608966
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 09 Oct 2021 11:16:02 GMT
cache-control: no-store, no-cache, private
x-lat: amspug018:0:277
server: nginx
content-type: image/gif; charset=utf-8
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Pragma: no-cache
Date: Sat, 09 Oct 2021 11:16:03 GMT
X-Proxy-Origin: 216.131.111.174; 216.131.111.174; 690.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid: 1a01725f-303c-4e9b-a6af-4d505594deb3
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=361885755173608966
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 d1ba4609
rtb.gumgum.com/getuid/ Frame E8BE 35 B
238 B 98ms
29ms Image
image/gif 54.194.104.251
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.gumgum.com/getuid/d1ba4609?gdpr=0&gdpr_consent=&r=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzNDImdGw9MTI5NjAw%26piggybackCookie%3D
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.194.104.251 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-194-104-251.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 09 Oct 2021 11:16:03 GMT
content-type: image/gif;charset=UTF-8
server: nginx
p3p: CP="This is not a P3P policy"
cache-control: private, no-store, must-revalidate, max-age=0
timing-allow-origin: *
content-length: 35
expires: 0

GET
H3 200 Op0h1o4bLATv4Gekw87wLIhuIhk3mUgQ1PXLVSVUXpk.js Show response
pagead2.googlesyndication.com/bg/ Frame 238E 35 KB
13 KB 24ms
20ms Script
text/javascript 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Op0h1o4bLATv4Gekw87wLIhuIhk3mUgQ1PXLVSVUXpk.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

sffe /

Resource Hash

3a9d21d68e1b2c04efe067a4c3cef02c886e221937994810d4f5cb5525545e99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 09 Oct 2021 08:48:37 GMT
content-encoding: br
x-content-type-options: nosniff
age: 8846
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13306
x-xss-protection: 0
last-modified: Tue, 05 Oct 2021 11:38:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="botguard-scs"
expires: Sun, 09 Oct 2022 08:48:37 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame CECC
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDoI-s2w-yfuoKWyejv3_88&google_cver=1

43 B
894 B

26ms
15ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDoI-s2w-yfuoKWyejv3_88&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARja4eioATAB&v=APEucNVCv7-giCXbttEyCDu2nV8ZoWG5U8Y4hHdEBb9ku-NBwMypJxr9dnoO_9GfWmQs8b7pPHVXCvL2wUD8vS5D0ztp6zikcnAmmhHdv1yZpbGnfNzh3IfdSIiy_JI1RtYbgw7HqZ1_xZ55egCQ_pM-IlZ9Ygoyqoy7VMRPZft9jG21-uE4eYe4RI958Y0-KFGde2wWIgBo8Wa8PoZmMs63ZIHiePXP0g
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 09 Oct 2021 11:16:03 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Sat, 09 Oct 2021 11:16:03 GMT

Redirect headers

pragma: no-cache
date: Sat, 09 Oct 2021 11:16:03 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDoI-s2w-yfuoKWyejv3_88&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame CECC
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YWF586vTKbaTQr25os40xAAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDoI-s2w-yfuoKWyejv3_88&google_cver=1

43 B
894 B

13ms
12ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDoI-s2w-yfuoKWyejv3_88&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARja4eioATAB&v=APEucNVCv7-giCXbttEyCDu2nV8ZoWG5U8Y4hHdEBb9ku-NBwMypJxr9dnoO_9GfWmQs8b7pPHVXCvL2wUD8vS5D0ztp6zikcnAmmhHdv1yZpbGnfNzh3IfdSIiy_JI1RtYbgw7HqZ1_xZ55egCQ_pM-IlZ9Ygoyqoy7VMRPZft9jG21-uE4eYe4RI958Y0-KFGde2wWIgBo8Wa8PoZmMs63ZIHiePXP0g
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 09 Oct 2021 11:16:03 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Sat, 09 Oct 2021 11:16:03 GMT

Redirect headers

pragma: no-cache
date: Sat, 09 Oct 2021 11:16:03 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDoI-s2w-yfuoKWyejv3_88&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame CECC
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEEpZnxNQdkh0idig6iqRiPQ&google_cver=1

0
580 B

7ms
6ms

Image
text/html

37.252.172.45
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEEpZnxNQdkh0idig6iqRiPQ&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARja4eioATAB&v=APEucNVCv7-giCXbttEyCDu2nV8ZoWG5U8Y4hHdEBb9ku-NBwMypJxr9dnoO_9GfWmQs8b7pPHVXCvL2wUD8vS5D0ztp6zikcnAmmhHdv1yZpbGnfNzh3IfdSIiy_JI1RtYbgw7HqZ1_xZ55egCQ_pM-IlZ9Ygoyqoy7VMRPZft9jG21-uE4eYe4RI958Y0-KFGde2wWIgBo8Wa8PoZmMs63ZIHiePXP0g

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.172.45 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

693.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 09 Oct 2021 11:16:03 GMT
X-Proxy-Origin: 216.131.111.174; 216.131.111.174; 693.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid: 2878ae91-07df-4a3c-8093-ed83c3c2c2c4
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 09 Oct 2021 11:16:03 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEEpZnxNQdkh0idig6iqRiPQ&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame CECC
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzYxODg1NzU1MTczNjA4OTY2

170 B
188 B

34ms
34ms

Image
image/png

142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzYxODg1NzU1MTczNjA4OTY2

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 09 Oct 2021 11:16:03 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Sat, 09 Oct 2021 11:16:03 GMT
X-Proxy-Origin: 216.131.111.174; 216.131.111.174; 693.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid: 073ec9e0-4185-4b9d-812e-4945cba86d9b
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzYxODg1NzU1MTczNjA4OTY2
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 html_inpage_rendering_lib_200_273.js Show response
s0.2mdn.net/879366/ Frame 6092 169 KB
59 KB 86ms
22ms Script
text/javascript 142.250.185.70
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_273.js

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.70 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f6.1e100.net

Software

sffe /

Resource Hash

2cff7ab03cb4e476b49ea05511c6cfcc71af6d5ed20d40e9b40ee31062149e77

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Origin: https://googleads.g.doubleclick.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Fri, 08 Oct 2021 15:17:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 71900
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 59842
x-xss-protection: 0
last-modified: Wed, 30 Jun 2021 20:54:49 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 09 Oct 2021 15:17:43 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20211006/r20110914/elements/html/ Frame 6092 8 KB
3 KB 23ms
21ms Script
text/javascript 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20211006/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AIoqllpymGgoeoIEz-mrzTS3U6d4a4CYXkcMQwf-CHPHHEZLCpczzGEDjX9TT343CUK0L-JO3-iQ93i4AG5RSTEo8bQyqg825hdeepnKUtcJhW24gOXV_CdX1aq5TUdHKXHKGWNxP-Ci3A8lzGMYUGOsaujA&dbm_d=AKAmf-CXDL4azyaLjsl_dim9_0-LE6j9LDviqQmNvJR4W8Btg3Xs37aHVEvSSZ0FimX-UBgtddbXs-oY5ZvIC8zbWNVXEEbro4aPsK5LtkXC1Zx-bAt2r1Jh4j3FwG36Qj_2UZZUZ1VJjXUYKVfKKw7g1XVNsIBfB6qETsANWFue-f6-udk7Ss-wPWlEDLRaCT-G6ZGgF81EsGjMyel_VXW1VtvLSWVin1Sopfa4M_PNNs1iLQcdWVRvjpKldjXPqaBb-TtHawWqz9quN7QUsZ2c6T0V3WyS22Sg78k5M46ad124-P2YRLoiw1lnUruvDIkiqm2dR4xQAOOvIN4Gx5gnW_3rTtHVchnudnws6HlYqwDo0etlhafPDyJg_5isDl9TvE4JItwp4L0DMuNm7YRZf41dwvlCDgcYgfTyfr38qcPK7ALC4LccXlUdYMVb3dcgFAzEI0LrgBMAGZr7csqe7XuNt3MHs2cjoll7isFzaclX02r27QWUdPwT9UVn0bkE8QUDA0HTFYnv3dNGSz2F8hAaUsExyj7g2unl61Qjx8xokdejo3Z0u9KNqOFNKHBBzueBBbueTISbbMmcxn978cWhdQsGbViV6WrK3XldoN6vszdiwKtjwbNR3uNDyBlp0pSiD_UDy1HR1d7yh833BU_Zq04rDAr-mraw00jN5SKjLMku2AUN4X2OCDmt1CroE3Pg2-VvbnDYvNpBSwVYRhCnTF6DZ_PhpIJ6j9kHICwXd3L7VIP9gM67sEcr9dkrmpE5c5JhpmvMk52XOWEFf4CqMXRh0vb5O4ClLtDxzymA3fsJeMIPV81s6rGKoOQzOJJ-B7HkUUtDcYrnSHgmXOfgRmvf5F4Ksc3gZWGnrVv1fKctYRWcRPYwLAmQ3HIDkq_YjsWW0s4fSqcE_aV-E2QI9xDPjK0_Yb5sQIZQQS1iYrK3Z_ZgZfYBvOOT5ONikug6HFntnVFHovkm6a7_3u0-hmNGiU42xuqFsnTk9JtynjMe2JTransrWAR-FozOCoGmDYZJjWXx2fsXKJ9T6XPaTHtM5qhzGTizRJH9UMDRYvBdoTQbMCXMX2BY2xJwyLtYw57b-zKilZe88XhIH67oy9NETyJtrB1RcHY59CRBUUS3QctuvAHBwOqTvmSQfzHOP-5EaeOq1AIdZDkoZXwx1dhb2mHq5B3ZVRvGnrvaMQEvoGSAToairtKTpz8ZSMbY9XomtnQ3OrmBQny7r_lsLVNR8xLQz0WnX4XeIg9OHT2p0ogCyEqFRtv4Jz-ogmtlGjM-ahMy0-w7XB8xgntfERfpCxtm8u6_jhwEmeX-vbMLxB55oeUcRidZlIC8dTedPXC71Y18Gr8M0IxGMflk_PepfSDvsHHdBgNLjSzvXVXj47KwtOLi41h6RK0WeK6qmItDdVpmO_FT9w0NFpMpD5S-3SNzPM0XqznQa3G3av-Zpr7sOLpP-z33RyKU-ZF0lDZGFBrxXyHxZsApHIIAtyubEKO2ypCWr8-QTjzO88uy8y8MqxmqztBAGv47vSBVUE_DBYStv7kXAdZc3DbcgPQRIQ5JAAStgzb2ltm71BB_Yr1DariDkx4GB4TUyk_pTUInxjAyCfb-Oq5CX2ZRIwueRp4N4E46aSf3GynezBs6mFhW7-kXBbY8DBc6HyMZow3CKushNGc-_kWgk3agAC6PWPZoeGy9EFevplDXivnS8dQrMNAv0PLNS4p76bEItirn9df_yuwnHyfziDIbJGnSG3S0BZQJKs_LLEhYxq7wqgdecBgtLCfUOf7wWuRJ5S_cHpnQSqM1mixYkLiJzlljytZiF73-J2Yd_oyH8BHmtNy5evX0siGiD8e7C0-B9fiGSUc-hD6IzAvFMg8MB-dEQQrse2yfU_vPAO0uqdjOKbkvS9zl9OrkL8tUpZFoszpbbLwU-4RNAl0EflzI6znclwGhPs77Mvu4Qe_mYwvSLohgmWJ5ZnQ2XyOUggrhlytfFjKlypJY-etYkP-w-zQ85I66oOEO7OhiWjD-ITmpaBSFcKeHZnu_-GF9bQLtOIPkgDBxh34F0Ok0MDuvAvraX8glGGYlYIKasXZYGgMsYB7DEkaSTXF1t63N24xTMYQ2Nyqtw-VheJeYG7MS_QnqBoEkd3Jz5oTc5g5Wtw1HvR59WUdUscEeXIzJ9fzZlQlOL3KaalgO_Tu2wAhLkRqbybJqb4gxf-LwnJ53PoBr89brPq4dLeZMOdcVKpva9TEmqUZKqnIeYVv7IcwOXzLFpIPgufEhi7vf-i_Wjk_WKpMlkIl5yEHSFW3gBTedli1jwIrC-SksM6rjQIidO9DMM6_gCFSVN0pdaSlqwDg8j5tTqydLwR4GzqMaF_dutCh7XS76AoiUcpI1R1ZI5RhLDvKF6Pf89pkkWvgoePcwzisnjCRAQcmQYChtpJdl5Nx_R4cWY7NL6BAgpGi2RhITOHFZqxohoEEtYDysuKyixg-bNmwycq7SImGQ_dg6qZ-o3ovMt6JtpB8S3wTG-CAQiFMQcahzh-gUT8BuALCsUH40ciTeSGnJoJ0u_T5jjjJs-mPvOls8aLnF3MGHUWrMEo0WuPWafqUw7tsPD9IoHePAn0ZFxNTDhkcGKHRRy7x-kYTAt7IMgQWOHdOnrMJT9CNSe3g8w_IXQqsUbPJBhd1IZbs4LjFFLF7UR7QEtrOHb4dHZeogK1aGMNAL546A_t4RdmOLW-ilJq3HR-ywueyjhsV4F5Z4E4UYnmaSCxDlhOo_C_2A0eE9Gky0XibAVhRAc-grGsaXjHGG0JSEQLqXlnMkpLSGHhRqUKni1dEysjbzpKCW2kqtgEzuhNsek4ZCrkPaCHWvQYNvgUoIkOAm9wfD688WciwT5Apne7x2WiWeDRnfFp2kT-mor_0iQxS16JVOAzrf0R5OX1GnaVZeoXHFt_mjYHaWo0HQKOGRDdztEWi1tSPKqodWCM4oPZptQlofWd0cbMtUUeEpEKsa0CfJG6pefsagQLDb9vdRE_hubkWVOFMHLKXkQs8SNIB1TfGwiMrYHB0jGSFNXwBkWj3bb5uIk1K3CZV_ltue46cpegbZR-P_q__OwxNxsQ&cid=CAASEuRoMWyizej-9YF-zPo157sYgA&rfl=2%2Chttps%253A%252F%252Fsecurityaffairs.co%242%2Chttps%253A%252F%252Fsecurityaffairs.co%252F%240

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

67cf5c21bfc71ee46210832792237e4a6ccd99e5c7bc198b046a38c9167fd0ab

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 09 Oct 2021 11:10:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 334
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3128
x-xss-protection: 0
server: cafe
etag: 3658073882064373855
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 23 Oct 2021 11:10:29 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20211006/r20110914/ Frame 6092 23 KB
9 KB 22ms
21ms Script
text/javascript 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20211006/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

0b4cc12ccd09adacbf7695b7ae68d146a6b9bfa7a2058dbd4e58f31c14ec5e7e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 09 Oct 2021 11:12:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 203
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9203
x-xss-protection: 0
server: cafe
etag: 15223966529599630443
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 23 Oct 2021 11:12:40 GMT

POST
H2 204 vtr.php Show response
served-by.pixfuture.com/www/headerbid/library/tracking/ 0
309 B 90ms
90ms XHR
text/plain 68.183.31.14
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://served-by.pixfuture.com/www/headerbid/library/tracking/vtr.php
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.10.3 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

pragma: no-cache
date: Sat, 09 Oct 2021 11:16:03 GMT
server: nginx/1.10.3 (Ubuntu)
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: max-age=172800
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
expires: Mon, 11 Oct 2021 11:16:03 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 7E04
Redirect Chain

https://token.rubiconproject.com/token?pid=25470
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1VKUEMxRE4tMU0tQUgzUQ==

170 B
188 B

33ms
32ms

Image
image/png

142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1VKUEMxRE4tMU0tQUgzUQ==

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 09 Oct 2021 11:16:03 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1VKUEMxRE4tMU0tQUgzUQ==
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 78008fe701b681dce86a72fc23cacc40
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H2 200 rubicon
match.adsrvr.org/track/cmf/ Frame 7E04 70 B
264 B 36ms
33ms Image
image/gif 13.248.242.197
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/rubicon
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.248.242.197 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a97adde81b00f2ca4.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 09 Oct 2021 11:16:03 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H2

204

v1
ads.yahoo.com/cms/ Frame 7E04
Redirect Chain

https://token.rubiconproject.com/token?pid=26594
https://ads.yahoo.com/cms/v1?nwid=10000010181&eid=KUJPC1DN-1M-AH3Q&sigv=1&esig=2~641ea9d46d6dc588b9e1b96c99aca680f5e5d69a

0
446 B

56ms
18ms

Image
text/plain

87.248.118.23
YAHOO-DEB

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ads.yahoo.com/cms/v1?nwid=10000010181&eid=KUJPC1DN-1M-AH3Q&sigv=1&esig=2~641ea9d46d6dc588b9e1b96c99aca680f5e5d69a

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

87.248.118.23 Frankfurt am Main, Germany, ASN203220 (YAHOO-DEB, GB),

Reverse DNS

e2.ycpi.vip.deb.yahoo.com

Software

ATS /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 09 Oct 2021 11:16:03 GMT
cache-control: no-store
x-content-type-options: nosniff
server: ATS
strict-transport-security: max-age=15552000
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-xss-protection: 1; mode=block

Redirect headers

Location: https://ads.yahoo.com/cms/v1?nwid=10000010181&eid=KUJPC1DN-1M-AH3Q&sigv=1&esig=2~641ea9d46d6dc588b9e1b96c99aca680f5e5d69a
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 382e2818ca015d35b02cd449aa60881d
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H/1.1

204
No Content

tap.php
pixel.rubiconproject.com/ Frame 7E04
Redirect Chain

https://token.rubiconproject.com/token?pid=2974&pt=n&a=1
https://pr-bh.ybp.yahoo.com/sync/rubicon/A-qOglJ_YxEewTGgbjqPHcn5EUdSAgOZEtemQ7w0kco?csrc=
https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=1746246494692015619

0
239 B

138ms
100ms

Image
image/gif

69.173.151.90
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=1746246494692015619
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 69.173.151.90 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: 382e2818ca015d35b02cd449aa60881d
Content-Type: image/gif

Redirect headers

date: Sat, 09 Oct 2021 11:16:03 GMT
referrer-policy: strict-origin-when-cross-origin
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=31536000
location: https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=1746246494692015619
x-xss-protection: 1; mode=block
content-length: 0
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 451 709414.gif
id.rlcdn.com/ Frame 7E04 0
0 88ms
32ms Image
text/plain 35.244.174.68
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://id.rlcdn.com/709414.gif
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.174.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 68.174.244.35.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

GET
H/1.1

204
No Content

tap.php
pixel.rubiconproject.com/ Frame 7E04
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm&google_sc
https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEL-AMvn9JThrjZiHnqVnQak&google_cver=1

0
239 B

398ms
101ms

Image
image/gif

69.173.151.90
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEL-AMvn9JThrjZiHnqVnQak&google_cver=1
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 69.173.151.90 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: 9e7742894a018a40b59a2ed2117c85b5
Content-Type: image/gif

Redirect headers

pragma: no-cache
date: Sat, 09 Oct 2021 11:16:03 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEL-AMvn9JThrjZiHnqVnQak&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 326
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

204
No Content

tap.php
pixel.rubiconproject.com/ Frame 7E04
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=9&redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D4222%26nid%3D1512%26put%3D%5BMM_UUID%5D
https://pixel.rubiconproject.com/tap.php?v=4222&nid=1512&put=19456161-79f2-4100-bb55-9f4b376f8410&expires=28

0
239 B

386ms
100ms

Image
image/gif

69.173.151.90
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=4222&nid=1512&put=19456161-79f2-4100-bb55-9f4b376f8410&expires=28
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 69.173.151.90 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: 29af2665c43893332e84c235bac366c1
Content-Type: image/gif

Redirect headers

Date: Sat, 09 Oct 2021 11:16:03 GMT
Server: MT3 3984 0e3af3b master cdg-pixel-x12 config:1.0.0
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://pixel.rubiconproject.com/tap.php?v=4222&nid=1512&put=19456161-79f2-4100-bb55-9f4b376f8410&expires=28
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Sat, 09 Oct 2021 11:16:02 GMT

GET
H/1.1

204
No Content

tap.php
pixel.rubiconproject.com/ Frame 7E04
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/btu4jd3a?redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D191940%26nid%3D3778%26put%3D%24%7BUSER_ID%7D
https://sync-tm.everesttech.net/ct/upi/pid/btu4jd3a?redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D191940%26nid%3D3778%26put%3D%24%7BUSER_ID%7D&_test=YWF58wAHxJdfEQAT
https://pixel.rubiconproject.com/tap.php?v=191940&nid=3778&put=YWF58wAHxJdfEQAT&_test=YWF58wAHxJdfEQAT

0
239 B

383ms
98ms

Image
image/gif

69.173.151.90
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=191940&nid=3778&put=YWF58wAHxJdfEQAT&_test=YWF58wAHxJdfEQAT
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 69.173.151.90 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: c3b5432477546c086cd062707f625a76
Content-Type: image/gif

Redirect headers

pragma: no-cache
date: Sat, 09 Oct 2021 11:16:03 GMT
via: 1.1 varnish
server: Varnish
x-timer: S1633778163.361755,VS0,VE0
x-served-by: cache-hhn4042-HHN
x-cache: HIT
location: https://pixel.rubiconproject.com/tap.php?v=191940&nid=3778&put=YWF58wAHxJdfEQAT&_test=YWF58wAHxJdfEQAT
cache-control: no-cache
accept-ranges: bytes
content-length: 0
retry-after: 0
x-cache-hits: 0

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 6092 41 KB
15 KB 15ms
14ms Script
text/javascript 172.217.16.129
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.129 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s06-in-f129.1e100.net

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Fri, 08 Oct 2021 11:42:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 84826
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
expires: Sat, 08 Oct 2022 11:42:17 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame DD20 1 KB
749 B 20ms
20ms Document
text/html 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: pagead2.googlesyndication.com
:scheme: https
:path: /pagead/s/cookie_push_onload.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Sat, 09 Oct 2021 08:58:57 GMT
expires: Sun, 10 Oct 2021 08:58:57 GMT
content-type: text/html; charset=ISO-8859-1
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
age: 8226
cache-control: public, max-age=86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 6092 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6d3b26e1f0c1d869c7b565806bf3bbd28e2c8d526c6ef51ba6cc63dd398429e3

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 728x090.html Show response
s0.2mdn.net/ads/richmedia/studio/pv2/61693036/20210611045033582/ Frame 3000 47 KB
11 KB 58ms
30ms Document
text/html 142.250.185.70
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/61693036/20210611045033582/728x090.html?e=69&leftOffset=0&topOffset=0&c=WpEtDZxH9t&t=1&renderingType=2

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_273.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.70 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f6.1e100.net

Software

sffe /

Resource Hash

9436a862c370b6f85a3d716eabb2f3dd4d5b146d107ee68c7dc20ac10d8898b4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: s0.2mdn.net
:scheme: https
:path: /ads/richmedia/studio/pv2/61693036/20210611045033582/728x090.html?e=69&leftOffset=0&topOffset=0&c=WpEtDZxH9t&t=1&renderingType=2
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
timing-allow-origin: *
content-length: 10983
date: Sat, 09 Oct 2021 11:16:03 GMT
expires: Sun, 10 Oct 2021 11:16:03 GMT
cache-control: public, max-age=86400
last-modified: Fri, 11 Jun 2021 11:50:33 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 6092 0
592 B 122ms
67ms Ping
image/gif 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsuZhs6wmzhmMbpV6l_6D8bxkbPmfvr7AZ2oe8BYzoHLcjR_AQLELvgY1eZjRkP_L-KYtCBbrRFQHrmrCcUqFiPd2culSoJiCKF6UerneKvVdIZXunuuPobR7QQNdb_3sUsFznnuuBG7Yq8YWO-Pic8e6RatnAeY9nVJuckYi_V6ih88FGN4xdy8EgmVj-jLSVhMv6YrBiv7mbRkDf83lp4qVxuqrvGTQu6MIjl4yJeWHFAOMkU0QskdXL0m1o_9gP9_jRejfL8qjTIXxXtOtP4ZeyqhfXnjwHSR4kbNptN_ZFvJSLRssWmhPswbJFA-SJGB5p_eQo8Yufoijcq2KdjSVe5S43wWG6HLb4flM16ep0VRdWFE_bjQoGdi3lAos7mtlSSxUshZLGKrRIGODyNeFHtH-18GhK6UzsXlY1JxZ4uNHCfwrDGpXL5tSY6m2QhH8kKmrGZN3Z7zMIVnBtZape37V1GSYwy4kpEQ71x9NLT9vFwaSTqzCBuyfju1g17i_Rl9Z6cpM2Bg03MSEQZWCfjHDGpGkT6G9sPE3mVzb_dcdF7ao0ahU-vP52Z09zetvnCwABuNqWagd9C3QDEb_JH1tOY0557Q5bmWlrMRYfUzWYwTEa63_5tghTeYbX0PTd2q8uZllnh_eN7OZreff3J_nk9lnYwHQU_-UKJdOj5Wcc9W_EI-k7zAovwbv9MEW7B1a5JfUkxK985yH3zaOQtFyvTz5h4QbIBHEhD9nNR8p5BisWwDiwdpbfT5I5TnU53qE-ZRrpxJ9OctFLXXhvOszqTdgdttMKOhZUd6nilRUfVTbmqeB6KENDPLr4H4COl-5-f8wQSQVf6SROS3SSZN_iOfh7W4-FKSad77JPc-UznZoTjt8sbB3wAw61A16KaET24IwdZJCtmcZpM69yPPhghGHh2mAioXQ1u9tWasJ4VnOsf3H8-YTycjBUDAbGatg_jCzKrn9Eb9sBRLX3COOqN51ewrZAx6RJajhAHoRKNb9rfj2p-seaIhaV--G9PmXjF-f3Ckd9N5GERWoiVdGtVck-scJPWIG4VTvUfEa6nimaR36LX82tpewZa7Iw8XgFeLVl-ZYZEGWOaAlG0MlREQc0-cQ1j3Ttv4dzPZgWwviwXSQ9DDhbFJrcAeqB6YnuHhkf8otIF9NUXqowolnmurp38ZD8yttZtwK-gJe3DfH7jb0C3MAWuYffGmLEAKl1IIG9y9u7h7R7VC&sai=AMfl-YTKoD5lokDUQNROpUaIkk9qQPJBuwjf4sdH9jqBhlrOxzWSaRWhRtN60r2xYXLiJQ1WmLOrqgV0OELO3w5_LJQHMKPBcK4IYKGe1uzwdGFXv1mRJndlzHRXUnf0L1cbB8K-od2b_awpOgZquGOB8GaObCyMMg&sig=Cg0ArKJSzKofS5lEWwJ-EAE&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=233&cbvp=1&cstd=227&cisv=r20211006.68442&adurl=

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
date: Sat, 09 Oct 2021 11:16:03 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 8167 22 KB
8 KB 13ms
13ms Document
text/html 172.217.16.129
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.129 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s06-in-f129.1e100.net

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/Enqz_20U.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
timing-allow-origin: *
content-length: 8395
date: Fri, 08 Oct 2021 11:42:17 GMT
expires: Sat, 08 Oct 2022 11:42:17 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 84826
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 i.match
a.tribalfusion.com/ Frame DD20 43 B
708 B 180ms
166ms Image
image/gif 104.18.12.5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://a.tribalfusion.com/i.match?p=b6&u=CAESEDIJ_pKA0QB0WffBRd3hn3c&google_cver=1&google_push=AYg5qPI2gVm-OKS6axLy8Jg8Lb6WYrYmw-aTsTpChegNqrGBnLAMR7cBvtXIovKH-94UAPA-OXZ20wDbtM5uw_PE9d9paNnq5F4&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAYg5qPI2gVm-OKS6axLy8Jg8Lb6WYrYmw-aTsTpChegNqrGBnLAMR7cBvtXIovKH-94UAPA-OXZ20wDbtM5uw_PE9d9paNnq5F4%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=90&slotname=Internal_728x90_0.10&adk=1194620937&adf=1174745092&pi=t.ma~as.Internal_728x90_0.10&w=728&lmt=1633778162&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F123136%2Fmalware%2Fcox-media-group-ransomware.html&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1633778162262&bpp=8&bdt=109&idt=78&shv=r20211006&mjsv=m202110040101&ptt=5&saldr=sa&cookie=ID%3Df9f437f666c7ffce-22b4ae64eeca0094%3AT%3D1633778162%3ART%3D1633778162%3AS%3DALNI_MY9UAQjQQYm-0JVXJ6tr5HmuXY-PA&correlator=1204277754316&frm=21&ife=1&pv=1&ga_vid=1856466030.1633778161&ga_sid=1633778163&ga_hid=778416054&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=320&ady=518&biw=1600&bih=1200&isw=728&ish=90&ifk=2765223853&scr_x=0&scr_y=0&eid=31062949&oid=2&pvsid=824065045266497&pem=643&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.4txy29lqthuf&fsb=1&xpc=asoepayFyQ&p=https%3A//securityaffairs.co&dtd=263
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.18.12.5 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 09 Oct 2021 11:16:03 GMT
cf-cache-status: DYNAMIC
x-function: 302
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
cf-ray: 69b731d18c51fadc-DUS
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
content-type: image/gif; charset=utf-8
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 43
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame DD20
Redirect Chain

https://um.simpli.fi/gp_match?google_gid=CAESECV85y5KXEqMPyHhIKiUqRo&google_cver=1&google_push=AYg5qPJJzw-feCMOfCFveWEsn2W7GPrChWKb3Cz4KlBciGk787vVAMOnf6pEy1W6KolUnWby4aEmJMnpDzI_BFW03f44d07RzO0
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=12D10C4A30C8472EA17F3188AE806124&google_push=AYg5qPJJzw-feCMOfCFveWEsn2W7GPrChWKb3Cz4KlBciGk787vVAMOnf6pEy1W6KolUnWby4aEmJMnpDzI_BFW...

170 B
188 B

35ms
34ms

Image
image/png

142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=12D10C4A30C8472EA17F3188AE806124&google_push=AYg5qPJJzw-feCMOfCFveWEsn2W7GPrChWKb3Cz4KlBciGk787vVAMOnf6pEy1W6KolUnWby4aEmJMnpDzI_BFW03f44d07RzO0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 09 Oct 2021 11:16:03 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Sat, 09 Oct 2021 11:16:03 GMT
x-content-type-options: nosniff
server: openresty
location: https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=12D10C4A30C8472EA17F3188AE806124&google_push=AYg5qPJJzw-feCMOfCFveWEsn2W7GPrChWKb3Cz4KlBciGk787vVAMOnf6pEy1W6KolUnWby4aEmJMnpDzI_BFW03f44d07RzO0
strict-transport-security: max-age=63072000; includeSubdomains; preload
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 142
expires: Fri, 08 Oct 2021 11:16:03 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame DD20
Redirect Chain

https://match.adsby.bidtheatre.com/adxcookie?id=&google_gid=CAESENeME6KRPVTvlmLmm1SYdeo&google_cver=1&google_push=AYg5qPLgm9Zf_BPHYBJstIblul5TPQ6qf93sClkS7ArglMRV3QT0eeD0KQXweUXPgo1f87-eJxlR2JG1J-a...
https://cm.g.doubleclick.net/pixel?google_nid=bt&google_push=AYg5qPLgm9Zf_BPHYBJstIblul5TPQ6qf93sClkS7ArglMRV3QT0eeD0KQXweUXPgo1f87-eJxlR2JG1J-aCi8V7XOYpiEKGpNs

170 B
188 B

35ms
34ms

Image
image/png

142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=bt&google_push=AYg5qPLgm9Zf_BPHYBJstIblul5TPQ6qf93sClkS7ArglMRV3QT0eeD0KQXweUXPgo1f87-eJxlR2JG1J-aCi8V7XOYpiEKGpNs

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 09 Oct 2021 11:16:03 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=bt&google_push=AYg5qPLgm9Zf_BPHYBJstIblul5TPQ6qf93sClkS7ArglMRV3QT0eeD0KQXweUXPgo1f87-eJxlR2JG1J-aCi8V7XOYpiEKGpNs
Date: Sat, 09 Oct 2021 11:16:03 GMT
Server: Apache/2.4.41 (Ubuntu)
Connection: Keep-Alive
Keep-Alive: timeout=5, max=2999
Content-Length: 0
P3P: policyref="/w3c/p3p.xml", CP="DSP NON LAW OUR CUR DEVo PSAo PSDo IND STA NAV COM INT"

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame DD20
Redirect Chain

https://b1sync.zemanta.com/usersync/googleadx/?google_gid=CAESEEKNkqfqCC28Dr2jbDETxXQ&google_cver=1&google_push=AYg5qPJJlqBzj6xNOSBUqH0F-EXArPp8r4-C74II6kMcOI_Sl6Eo-RFpMZoh8phX3yOd4V9mdo7oxJkVR3PJh...
https://b1sync.zemanta.com/usersync/googleadx/?google_cver=1&google_gid=CAESEEKNkqfqCC28Dr2jbDETxXQ&google_push=AYg5qPJJlqBzj6xNOSBUqH0F-EXArPp8r4-C74II6kMcOI_Sl6Eo-RFpMZoh8phX3yOd4V9mdo7oxJkVR3PJh...
https://cm.g.doubleclick.net/pixel?google_nid=zemanta&google_push=AYg5qPJJlqBzj6xNOSBUqH0F-EXArPp8r4-C74II6kMcOI_Sl6Eo-RFpMZoh8phX3yOd4V9mdo7oxJkVR3PJhxwF83fZSKwtQ2k&google_hm=Y0tGWVJybDVpTnlpQndFV...

170 B
188 B

33ms
33ms

Image
image/png

142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=zemanta&google_push=AYg5qPJJlqBzj6xNOSBUqH0F-EXArPp8r4-C74II6kMcOI_Sl6Eo-RFpMZoh8phX3yOd4V9mdo7oxJkVR3PJhxwF83fZSKwtQ2k&google_hm=Y0tGWVJybDVpTnlpQndFVjhmV3g=

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 09 Oct 2021 11:16:03 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Sat, 09 Oct 2021 11:16:03 GMT
P3p: CP="We do not support P3P header."
Location: https://cm.g.doubleclick.net/pixel?google_nid=zemanta&google_push=AYg5qPJJlqBzj6xNOSBUqH0F-EXArPp8r4-C74II6kMcOI_Sl6Eo-RFpMZoh8phX3yOd4V9mdo7oxJkVR3PJhxwF83fZSKwtQ2k&google_hm=Y0tGWVJybDVpTnlpQndFVjhmV3g=
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=utf-8
Content-Length: 235
Expires: Thu, 01 Dec 1994 16:00:00 GMT

GET

pixel
cm.g.doubleclick.net/ Frame DD20
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEGU3tEPg1WBw1WFgeD1wcYA&google_cver=1&googl...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWF586vTKbaTQr25os40xAAABJ8AAAAB&google_cver=1&google_push=AYg5qPKCpjknaIQCi169xPYfKwjIJUszPvuo8ERESsfBZF6QVDSwQnotzb9U5oeFYHc0DNJgqANg...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWF586vTKbaTQr25os40xAAABJ8AAAAB&google_cver=1&google_push=AYg5qPKCpjknaIQCi169xPYfKwjIJUszPvuo8ERESsfBZF6QVDSwQnotzb9U5oeFYHc0DNJgqANg...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWF586vTKbaTQr25os40xAAABJ8AAAAB&google_cver=1&google_push=AYg5qPKCpjknaIQCi169xPYfKwjIJUszPvuo8ERESsfBZF6QVDSwQnotzb9U5oeFYHc0DNJgqANg...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWF586vTKbaTQr25os40xAAABJ8AAAAB&google_cver=1&google_push=AYg5qPKCpjknaIQCi169xPYfKwjIJUszPvuo8ERESsfBZF6QVDSwQnotzb9U5oeFYHc0DNJgqANg...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWF586vTKbaTQr25os40xAAABJ8AAAAB&google_cver=1&google_push=AYg5qPKCpjknaIQCi169xPYfKwjIJUszPvuo8ERESsfBZF6QVDSwQnotzb9U5oeFYHc0DNJgqANg...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWF586vTKbaTQr25os40xAAABJ8AAAAB&google_cver=1&google_push=AYg5qPKCpjknaIQCi169xPYfKwjIJUszPvuo8ERESsfBZF6QVDSwQnotzb9U5oeFYHc0DNJgqANg...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWF586vTKbaTQr25os40xAAABJ8AAAAB&google_cver=1&google_push=AYg5qPKCpjknaIQCi169xPYfKwjIJUszPvuo8ERESsfBZF6QVDSwQnotzb9U5oeFYHc0DNJgqANg...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWF586vTKbaTQr25os40xAAABJ8AAAAB&google_cver=1&google_push=AYg5qPKCpjknaIQCi169xPYfKwjIJUszPvuo8ERESsfBZF6QVDSwQnotzb9U5oeFYHc0DNJgqANg...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWF586vTKbaTQr25os40xAAABJ8AAAAB&google_cver=1&google_push=AYg5qPKCpjknaIQCi169xPYfKwjIJUszPvuo8ERESsfBZF6QVDSwQnotzb9U5oeFYHc0DNJgqANg...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWF586vTKbaTQr25os40xAAABJ8AAAAB&google_cver=1&google_push=AYg5qPKCpjknaIQCi169xPYfKwjIJUszPvuo8ERESsfBZF6QVDSwQnotzb9U5oeFYHc0DNJgqANg...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWF586vTKbaTQr25os40xAAABJ8AAAAB&google_cver=1&google_push=AYg5qPKCpjknaIQCi169xPYfKwjIJUszPvuo8ERESsfBZF6QVDSwQnotzb9U5oeFYHc0DNJgqANg...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWF586vTKbaTQr25os40xAAABJ8AAAAB&google_cver=1&google_push=AYg5qPKCpjknaIQCi169xPYfKwjIJUszPvuo8ERESsfBZF6QVDSwQnotzb9U5oeFYHc0DNJgqANg...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWF586vTKbaTQr25os40xAAABJ8AAAAB&google_cver=1&google_push=AYg5qPKCpjknaIQCi169xPYfKwjIJUszPvuo8ERESsfBZF6QVDSwQnotzb9U5oeFYHc0DNJgqANg...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWF586vTKbaTQr25os40xAAABJ8AAAAB&google_cver=1&google_push=AYg5qPKCpjknaIQCi169xPYfKwjIJUszPvuo8ERESsfBZF6QVDSwQnotzb9U5oeFYHc0DNJgqANg...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWF586vTKbaTQr25os40xAAABJ8AAAAB&google_cver=1&google_push=AYg5qPKCpjknaIQCi169xPYfKwjIJUszPvuo8ERESsfBZF6QVDSwQnotzb9U5oeFYHc0DNJgqANg...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWF586vTKbaTQr25os40xAAABJ8AAAAB&google_cver=1&google_push=AYg5qPKCpjknaIQCi169xPYfKwjIJUszPvuo8ERESsfBZF6QVDSwQnotzb9U5oeFYHc0DNJgqANg...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWF586vTKbaTQr25os40xAAABJ8AAAAB&google_cver=1&google_push=AYg5qPKCpjknaIQCi169xPYfKwjIJUszPvuo8ERESsfBZF6QVDSwQnotzb9U5oeFYHc0DNJgqANg...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWF586vTKbaTQr25os40xAAABJ8AAAAB&google_cver=1&google_push=AYg5qPKCpjknaIQCi169xPYfKwjIJUszPvuo8ERESsfBZF6QVDSwQnotzb9U5oeFYHc0DNJgqANg...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWF586vTKbaTQr25os40xAAABJ8AAAAB&google_cver=1&google_push=AYg5qPKCpjknaIQCi169xPYfKwjIJUszPvuo8ERESsfBZF6QVDSwQnotzb9U5oeFYHc0DNJgqANg...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWF586vTKbaTQr25os40xAAABJ8AAAAB&google_cver=1&google_push=AYg5qPKCpjknaIQCi169xPYfKwjIJUszPvuo8ERESsfBZF6QVDSwQnotzb9U5oeFYHc0DNJgqANg...

0
0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame DD20
Redirect Chain

https://a.rfihub.com/cm?pub=445&in=1&google_gid=CAESEMcO3kCLh43j0lnYvABmyiQ&google_cver=1&google_push=AYg5qPKEKqAIrcbqOHZzvu5xaPeRIRkiXBcu_bJ9lc3m0tOJHnx2SWSXttWj8NPBXHVyS1sawWHHXsMe_m2unQ89hmf8JSp...
https://cm.g.doubleclick.net/pixel?google_nid=zeta_interactive&google_push=AYg5qPKEKqAIrcbqOHZzvu5xaPeRIRkiXBcu_bJ9lc3m0tOJHnx2SWSXttWj8NPBXHVyS1sawWHHXsMe_m2unQ89hmf8JSpHxD_h&google_hm=MTk4NDM2Njk...

170 B
188 B

33ms
33ms

Image
image/png

142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=zeta_interactive&google_push=AYg5qPKEKqAIrcbqOHZzvu5xaPeRIRkiXBcu_bJ9lc3m0tOJHnx2SWSXttWj8NPBXHVyS1sawWHHXsMe_m2unQ89hmf8JSpHxD_h&google_hm=MTk4NDM2Njk1MDM4NDQ2Mjk2OQ==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 09 Oct 2021 11:16:03 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=zeta_interactive&google_push=AYg5qPKEKqAIrcbqOHZzvu5xaPeRIRkiXBcu_bJ9lc3m0tOJHnx2SWSXttWj8NPBXHVyS1sawWHHXsMe_m2unQ89hmf8JSpHxD_h&google_hm=MTk4NDM2Njk1MDM4NDQ2Mjk2OQ==
Date: Sat, 09 Oct 2021 11:16:03 GMT
Server: Jetty(9.3.29.v20201019)
Content-Length: 0
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame DD20
Redirect Chain

https://ads.avads.net/sync/ggl?google_gid=CAESEMpN20RJbWj6GgFmKcIjouY&google_cver=1&google_push=AYg5qPJ8vN7Lld5BhP1-tLlOPJLHg8hUiE4oUs67g-Dpqf8MC-QBz4XSB-QQQ2KFiaoHo0u5Mt0mWUavwFDjrPL7pKrLQ6aH2V1e
https://ads.avads.net/sync/ggl?google_gid=CAESEMpN20RJbWj6GgFmKcIjouY&google_cver=1&google_push=AYg5qPJ8vN7Lld5BhP1-tLlOPJLHg8hUiE4oUs67g-Dpqf8MC-QBz4XSB-QQQ2KFiaoHo0u5Mt0mWUavwFDjrPL7pKrLQ6aH2V1e&...
https://ads.avads.net/sync/ggl?google_gid=CAESEMpN20RJbWj6GgFmKcIjouY&google_cver=1&google_push=AYg5qPJ8vN7Lld5BhP1-tLlOPJLHg8hUiE4oUs67g-Dpqf8MC-QBz4XSB-QQQ2KFiaoHo0u5Mt0mWUavwFDjrPL7pKrLQ6aH2V1e
https://cm.g.doubleclick.net/pixel?google_nid=antvoice&google_hm=NGI3MDk5NjYtM2M3NS00MDhjLTk0N2UtNTE2N2RlZmVmYTY4&google_push=AYg5qPJ8vN7Lld5BhP1-tLlOPJLHg8hUiE4oUs67g-Dpqf8MC-QBz4XSB-QQQ2KFiaoHo0u...

170 B
188 B

34ms
33ms

Image
image/png

142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=antvoice&google_hm=NGI3MDk5NjYtM2M3NS00MDhjLTk0N2UtNTE2N2RlZmVmYTY4&google_push=AYg5qPJ8vN7Lld5BhP1-tLlOPJLHg8hUiE4oUs67g-Dpqf8MC-QBz4XSB-QQQ2KFiaoHo0u5Mt0mWUavwFDjrPL7pKrLQ6aH2V1e

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 09 Oct 2021 11:16:03 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=antvoice&google_hm=NGI3MDk5NjYtM2M3NS00MDhjLTk0N2UtNTE2N2RlZmVmYTY4&google_push=AYg5qPJ8vN7Lld5BhP1-tLlOPJLHg8hUiE4oUs67g-Dpqf8MC-QBz4XSB-QQQ2KFiaoHo0u5Mt0mWUavwFDjrPL7pKrLQ6aH2V1e
date: Sat, 09 Oct 2021 11:16:03 GMT
x-envoy-upstream-service-time: 4
server: istio-envoy
content-length: 0

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame DD20 0
12 B 31ms
30ms Image
text/html 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13LwhJPpWa5Nk86H3KIQsoM8YN8l0CjKZBtd2D9dfBIe3e14dyehcmNmJ6MLiMvTIBGWNRcOX4k

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 09 Oct 2021 11:16:03 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 Enabler_01_245.js Show response
s0.2mdn.net/879366/ Frame 3000 110 KB
38 KB 22ms
21ms Script
text/javascript 142.250.185.70
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_245.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61693036/20210611045033582/728x090.html?e=69&leftOffset=0&topOffset=0&c=WpEtDZxH9t&t=1&renderingType=2

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.70 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f6.1e100.net

Software

sffe /

Resource Hash

4642568b405b3750fb18df621889e27def95e8162c1cdd256a21b319c9a4e24b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61693036/20210611045033582/728x090.html?e=69&leftOffset=0&topOffset=0&c=WpEtDZxH9t&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 09 Oct 2021 06:37:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 16703
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38568
x-xss-protection: 0
last-modified: Wed, 14 Oct 2020 19:32:54 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 10 Oct 2021 06:37:40 GMT

GET
H3 200 gsap_3.5.1_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame 3000 60 KB
24 KB 40ms
39ms Script
text/javascript 142.250.185.70
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61693036/20210611045033582/728x090.html?e=69&leftOffset=0&topOffset=0&c=WpEtDZxH9t&t=1&renderingType=2

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.70 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f6.1e100.net

Software

sffe /

Resource Hash

341e0d761251ee538d0cad6322c66abdbf78dc7d6f3ca62f3459fab822a2103f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61693036/20210611045033582/728x090.html?e=69&leftOffset=0&topOffset=0&c=WpEtDZxH9t&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 09 Oct 2021 11:16:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 24155
x-xss-protection: 0
last-modified: Mon, 31 Aug 2020 21:23:17 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 09 Oct 2021 11:16:03 GMT

GET
H3 200 Op0h1o4bLATv4Gekw87wLIhuIhk3mUgQ1PXLVSVUXpk.js Show response
pagead2.googlesyndication.com/bg/ Frame 8167 35 KB
13 KB 21ms
20ms Script
text/javascript 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Op0h1o4bLATv4Gekw87wLIhuIhk3mUgQ1PXLVSVUXpk.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

sffe /

Resource Hash

3a9d21d68e1b2c04efe067a4c3cef02c886e221937994810d4f5cb5525545e99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 09 Oct 2021 08:48:37 GMT
content-encoding: br
x-content-type-options: nosniff
age: 8846
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13306
x-xss-protection: 0
last-modified: Tue, 05 Oct 2021 11:38:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="botguard-scs"
expires: Sun, 09 Oct 2022 08:48:37 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 462E 0
20 B 55ms
55ms Image
image/gif 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=224&t=2&li=gda_r20211006&jk=1664643238917587&bg=!2tml2Z3NAAbGFvHlxhY7ACkAdvg8WlDQLLC6nXkRnt6xUJ8BxEnFswvkz44-bbxZY4IJn6Lidrl1ZwIAAAFjUgAAAA1oAQcKACjE3LbBy3KpsOdqdsd-KFG1viYrG8eHHpcec3EriTI_JjePiuAEmNtimQLDkbtX4MMjzrvNgcRzQULwRAyqpKfW1DNQpMSgbV8lck9bl-MQ5QtffOAQOcWQ9R_iQWHOoa8hjL_Bj5b5OFhPfJ-ZSv0T1A8AnOKz7zOrXIWyXkvtwiimnsZxrMSNaowCLh6OUeUy1UitwWp8Fi5KNDTlM40sgqIijQGWX_p-KiSQt7dgvCCY-vJzHBO9JDDl2nvbN1Oz6iQI1TbnPPBJPAGOO4nVyq_8veaTvjgMqRx2vx0FkhbB1-1a-1_kYRgWsprySjHhmbL2MqaU5U89AzYqKJsBOzRahIaHdlaxmRW9_pY394N_16VmhQNcPjzuJgHORrbyvliCU7NKqouN_tvWbFIIwHUJXUpD61GrkDOzaDtGpQtAkywmNogfUPs5iCpg_QMl4sFg6EChcCtFwqzztNf4l1f54EKvkTyOefTbiSe_0xetp6_Fm4ulJeFoy_wYLao-8HUebRm2zDQEFF5txzHJjd4HWrmASTpFM3C3rLtFpdjjjIpq0C98FwCwhNGqzJlaLqTuqthVgeM1RGaLPpnYJL7AceynzGRyLzZSLDT_FaIpe9Ezq0kkkyvxrvhDk52EJxWfZ0TU0cL5_TBavSSZg4yRC1JY8cppTdCywStUpfNz3t8lSAaBAkZg70m4QstTbUW7jbAshkK2FuGgE4MDSsF4ZQVd41qBA6manUTLqfr_l37FBYaspb0Xh4iWhT38mbRrXYmvQTGgVQ20FKyulJKP6Wode6V-N6M-fuH6AMjnoR3JGIy5vPcssxJ9HoRrd8mTscQIuVq0HKOHeK7ZVuezSl_GrUJ10I3tk73O8maOHuy51R1JlLgfSwbSQFCltAqfM9S8v2UTgfTPbVbvSYf_o2IdmCidJ8KHLUc4dxDCEGfyAMsX4sL8ueKpZwHnEYlrHocISG41jADErTop8GN7gxj5pX2y4tD2gOI

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 09 Oct 2021 11:16:03 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 239C 0
20 B 57ms
57ms Image
image/gif 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=224&t=2&li=gda_r20211006&jk=3654491880084665&bg=!SEulSw_NAAbGFvHlxhY7ACkAdvg8WoHogFqfb0N5sXp99bN0aO2bBQO-AMYPR93x_9CCfeG9VAQ6OwIAAAFeUgAAABBoAQcKAMd-5Zp65QPcHg5tuqQM4p_dQnWtW4q3e4eam_LbNSS5ljy7fGBSf-Cz0BP6aUQqQIvQQK6k3ND3mHg9Z2m0AvDAAcNx2Gpb0Ufvx3pemqCqPuD6S_gM0In0k6TzQq6OnJ3FiSJxD5V-VgLgxDAVroHwWcPJvD3ZEX90ym7rXo411Z5keo2Iq6nhNInogecvriWS3COg7YA3j6fLp3pjdFYHXXSiIs-mY-XU3BmhwuzHPbfqJryeDQXv9Iwzvb_uOMhBSZKV0O8hmQLQnPL-pafTLGWhGaLb_FX0b-uGIn3729HM28LFqYiSKd2pweRn8cZSpqCTcn-43YE_6Z-7f0jaP2P3bIl8N8HgXHWnrXx_0A-QpPSXkYKOEKQz90PPSslQbJ6lfrlJnzawqSLOXWftWFMHBSojVOLEbq7AJjEZ47MHnNl8TP4ZXmmHfHl9NAwFgwDHVuin9qKJ4lLqZ2NFdBzIwAhYPKWHJTGtdQrMWSddXM92p9BZVljjqj04gHxLARAn9hL9bE_7zaYCUxwJDwq9BybjFCsycrKOdiJgS_cCqk98U7aKygrbl9LOj0wA0O1FcdCfsH15-GdxKlcs9uohDIFk8QOlzYyPoBDClAKVr0D_fbK1e_jUpDP2nSqBpB0WkX4qvUnUGT-5N4e2K8gqVO4YzYggATiA1X2NZn5NefEDwiXnT6vF1Hjns31Te4A88dPLDZ1pqzfU37QqwQ3FJShjJ_RIN40YTQLUguGXly3CruSCAmWXHYUxcgW72qeyUlbE6aD3LgJ3xaFWVnGNuucLKRxPElfA5Wxe06QdEb9n_pBcZTaIphjyLra-P1F3Wa7pMtE-XlU6GHJry0Hd7rXYLTyje_yNURqiQIlguAMvN8Opq8hMcGij5o52rTB1Km_dZXXg9a3vBeg46VARW-b0NeX9WpPPgfjJ5U9BQrflpJbFvgaKQ3MnfJoYn3kfWSSA4Mv9qRnhRiLlxZ_tF0ICgP_7bggmtNwPrB6sShgk3Yv2nmDiyKSOJoKBhv1TNhu8k9qYuSAi5MdFlpZajBbkwn6BgTJtBMMgI42pTvJM5oGHXZcuEl_1kRAxnMVpNCwOnRtV94-pgYuXcNoL7A46gFkD2nkQ88ulXV3-mWiv75cek8ykLN1F3zF4aZnmAnbPXiD-ykvK7KNldC1FBPzoYtfO5FAGxlsqLb8ARdIcVOhBY5a_3rr60Wq0U6tn-BbK7W3e

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 09 Oct 2021 11:16:03 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 6092 0
23 B 86ms
58ms Ping
image/gif 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Sat, 09 Oct 2021 11:16:03 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 00A4 11 KB
8 KB 37ms
37ms XHR
application/json 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20211006&st=env

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

d4d32d96f0ebebf00626b1fb3684edb8223280ea20e850a8acf95c6bae8a41f2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 09 Oct 2021 11:16:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8442
x-xss-protection: 0

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 3000 6 KB
4 KB 34ms
34ms XHR
application/json 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_245&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_245.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

76a1b6b69922308748952b7b30611ba69613888f1e036d4a85bca0159e52e6ec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 09 Oct 2021 11:16:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4536
x-xss-protection: 0

GET
H3 200 60005582_20210429075504704_728x090_LOOK-01.png
s0.2mdn.net/ads/richmedia/studio/60005582/ Frame 3000 25 KB
25 KB 23ms
22ms Image
image/png 142.250.185.70
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/60005582/60005582_20210429075504704_728x090_LOOK-01.png

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.70 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f6.1e100.net

Software

sffe /

Resource Hash

0aab1878c7638611910cf289234895d55dae2d89977cc4ae0e5d96c5534f0fcf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61693036/20210611045033582/728x090.html?e=69&leftOffset=0&topOffset=0&c=WpEtDZxH9t&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Fri, 08 Oct 2021 15:13:54 GMT
x-content-type-options: nosniff
age: 72129
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 25106
x-xss-protection: 0
last-modified: Thu, 29 Apr 2021 14:55:04 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 09 Oct 2021 15:13:54 GMT

GET
H3 200 60005582_20210429075507695_728x090_LOOK-02.png
s0.2mdn.net/ads/richmedia/studio/60005582/ Frame 3000 25 KB
25 KB 25ms
25ms Image
image/png 142.250.185.70
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/60005582/60005582_20210429075507695_728x090_LOOK-02.png

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.70 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f6.1e100.net

Software

sffe /

Resource Hash

bd4fbf8e342a1cdf1ecbbe9414c39b60fce43216e8e906c0722f59b6377e1276

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61693036/20210611045033582/728x090.html?e=69&leftOffset=0&topOffset=0&c=WpEtDZxH9t&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 09 Oct 2021 03:59:17 GMT
x-content-type-options: nosniff
last-modified: Thu, 29 Apr 2021 14:55:07 GMT
server: sffe
age: 26206
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 25204
x-xss-protection: 0
expires: Sun, 10 Oct 2021 03:59:17 GMT

GET
H/1.1 200
OK postview.gif
portal.o2online.de/nws/img/ Frame 3000 43 B
609 B 30ms
8ms Image
image/gif 82.113.101.132
TDDE-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://portal.o2online.de/nws/img/postview.gif?partnerId=O2_DSP_TRA_HAV_14112_PV&mediacode=25667676_4307561_303197231_146032381_-0&ref=25667676_4307561_303197231_146032381_-0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 82.113.101.132 Hanau, Germany, ASN6805 (TDDE-ASN1, DE),
Reverse DNS: portal.o2online.de
Software: Apache /
Resource Hash: e46eb58f99814c32c849b97a268129ddb14ca88e9070964ee75a2cd987c66839

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Sat, 09 Oct 2021 11:16:03 GMT
Last-Modified: Wed, 26 Aug 2020 10:11:24 GMT
Server: Apache
ETag: "2b-5adc50abeeb00"
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Connection: close
Accept-Ranges: bytes
Content-Type: image/gif
Content-Length: 43

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 00A4 17 KB
6 KB 31ms
30ms Script
text/javascript 172.217.16.129
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.129 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s06-in-f129.1e100.net

Software

sffe /

Resource Hash

a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 09 Oct 2021 11:16:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1624308425655142"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6467
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
expires: Sat, 09 Oct 2021 11:16:03 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 3000 17 KB
6 KB 24ms
24ms Script
text/javascript 172.217.16.129
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_245.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.129 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s06-in-f129.1e100.net

Software

sffe /

Resource Hash

a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 09 Oct 2021 11:16:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1624308425655142"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6467
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
expires: Sat, 09 Oct 2021 11:16:03 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/224/ Frame 5745 12 KB
5 KB 14ms
14ms Document
text/html 172.217.16.129
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.129 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s06-in-f129.1e100.net

Software

sffe /

Resource Hash

4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/224/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://securityaffairs.co/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5029
date: Sat, 09 Oct 2021 11:11:31 GMT
expires: Sun, 09 Oct 2022 11:11:31 GMT
last-modified: Wed, 02 Jun 2021 17:09:45 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 272
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame DB66 783 B
535 B 82ms
33ms Document
text/html 142.250.185.68
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.68 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f4.1e100.net

Software

GSE /

Resource Hash

ec1454f2bb4a6beaaee0540de119dcbef69e91042c60228f69d7f928cb264865

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-GNmtLyX5t6EyvyW3YTIsHQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/aframe
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://securityaffairs.co/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy-report-only: require-corp; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Sat, 09 Oct 2021 11:16:03 GMT
date: Sat, 09 Oct 2021 11:16:03 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-GNmtLyX5t6EyvyW3YTIsHQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 513
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 Op0h1o4bLATv4Gekw87wLIhuIhk3mUgQ1PXLVSVUXpk.js Show response
pagead2.googlesyndication.com/bg/ Frame E108 35 KB
13 KB 20ms
20ms Script
text/javascript 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Op0h1o4bLATv4Gekw87wLIhuIhk3mUgQ1PXLVSVUXpk.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

sffe /

Resource Hash

3a9d21d68e1b2c04efe067a4c3cef02c886e221937994810d4f5cb5525545e99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 09 Oct 2021 08:48:37 GMT
content-encoding: br
x-content-type-options: nosniff
age: 8846
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13306
x-xss-protection: 0
last-modified: Tue, 05 Oct 2021 11:38:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="botguard-scs"
expires: Sun, 09 Oct 2022 08:48:37 GMT

GET
H3 200 Op0h1o4bLATv4Gekw87wLIhuIhk3mUgQ1PXLVSVUXpk.js Show response
pagead2.googlesyndication.com/bg/ Frame 5745 35 KB
13 KB 20ms
20ms Script
text/javascript 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Op0h1o4bLATv4Gekw87wLIhuIhk3mUgQ1PXLVSVUXpk.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

sffe /

Resource Hash

3a9d21d68e1b2c04efe067a4c3cef02c886e221937994810d4f5cb5525545e99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 09 Oct 2021 08:48:37 GMT
content-encoding: br
x-content-type-options: nosniff
age: 8846
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13306
x-xss-protection: 0
last-modified: Tue, 05 Oct 2021 11:38:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="botguard-scs"
expires: Sun, 09 Oct 2022 08:48:37 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 8167 0
20 B 55ms
55ms Image
image/gif 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BVwip83lhYbDQAYvM7_UP5r-GsAoAAAAAOAHgBAI&bg=!1dal1pLNAAbGFvHlxhY7ACkAdvg8Wk-R6wuYYiNUzKi7bPy-XfmN3vy0nrbdllQPhKu0m6hXk7_XNAIAAACaUgAAAAtoAQcKADeiaFOSpdj7Wz77PKUsenYzhvsiP0IjKsnpXnM0gwfE6sMGYuWShU-ZF2CSpvX35aCNLUER6g18mQMBlJFTOi5qmTMrGORHU8FVuXqHUBh5cFIXzUiCV0Cgh3DJtzuewiIt-sIdrhjkHGvOwJMGjGx6frcK8hL2z0A5nmLP3LpuoDpnr3BNzx3vtCdWorx-5yzPp79XL_biFYpRWnV0xwQBTKKEv9_yXZPXYNSKEt3OAZXDaNkgHva8hk4bz6qZNxvIpT1pxzlBCVIVCVK4IvzwfVfijLQUFTuOFUxSpWGcax8ejrqAtNTXLUXxMqEXVl84GLlNxU6JIMl16_Y-P_7YaRu3Ez-bbOCiUC3FvjdDyiAKif68rtTjud-lb1wmHFuHUFJos_01C-Wu8hvr6WkPJpWj2FrRe78NsEt2IQIZ7QnQAqYZ5cQnyaLfeZrjutlfgwJoU0Ez87JOIeP8SgiFCSRjzE6EgNif2TLHt8EzlZKXQQ3yS-iNY41KuVTkrZBZaLt51p81WYtMBuvxQlx6KeUR5f5JolXdd9x9ZQQzYO5YkAFW5lKCRYmW4gI1uX8zy3fii_s2waFCBkJOdBhctVLIed1YYXEsb7OpevXFaqKoisLlPaQ7UnkgvrPc5-pAyVMjEZMVcbjweQUZW38PxFCB2w422SGXj3qOfmYjqf4gGzK45JGoSwh2II2Qh4f9ta3s0TCUbX65BrP5mp1KxVtraW5Wcm2Zh5o83VF8tjmJYl5XO_-z88ELzPqvac1mHVVLi_TU9GfOgMu2RdMqPlw3nlMEPU5ogiXGccx_lvtOfajE6izQkMOm0TTPOkqgG4Jn66TL78VVt9YDcSNSgFYffylHJv5tIYpiLVqtKPXfyyYJtXeZa0OUxxXAFR8l-Qj-mjxosahyjno7J6b-w8N4qs2g43kMgFSf6RnagVISEJL9XzvfTvSEBCQBo_11h-wFcNKWO5SvoYcl2_g-mBWQH_WIlxoHytrKxOqPe8XXmFlHkKHO6uZlrmrgMqLj4LNh3eTOfFmfKhfTfQbgJTrILOetJWEhzjzy9Adr_6Y7Td_0VfvfE1mb65U-Zujs88D5hkN5c74KeQ

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 09 Oct 2021 11:16:03 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK j7ljeqx6jfhz Show response
hal9000.redintelligence.net/zone/ Frame 165F 10 KB
3 KB 42ms
12ms Script
text/html 116.202.48.214
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal9000.redintelligence.net/zone/j7ljeqx6jfhz?subid=&gdpr=%5BBID_ATTR.gdpr_flag%5D&gdpr_consent=%5BBID_ATTR.gdpr_str%5D&rnd=8512998400995185129&extVar[]=DOUBLEBORDER:1&extVar[]=MMA_SSP:apn&redirectClick=http%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fmt_aid%3D8512998400995185129%26mt_id%3D6622395%26mt_adid%3D216536%26redirect%3D
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 116.202.48.214 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.214.48.202.116.clients.your-server.de
Software: Apache /
Resource Hash: 1c858c2ec4b3b24e4d97d07c098b88ae49da19112bc79e97206b747e070b20fd

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Sat, 09 Oct 2021 11:16:03 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 2800
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8

GET
H/1.1

200
OK

img
sync.mathtag.com/sync/ Frame 165F
Redirect Chain

https://tags.mathtag.com/notify/img?exch=apn&s_exch=apn&id=5aW95q2jLzIzLyAvTWpCbVlXRTFaR1F0TkRVMFlpMWhZVFZoTFRBd01EQXRNREF3TURBd01EQXdNREF3Lzg1MTI5OTg0MDA5OTUxODUxMjkvNjYyMjM5NS80NTYyMzEyLzEzL2NJUz...
https://sync.mathtag.com/sync/img?sync=auto&source=bidder&mt_lim=1&type=1,2

43 B
398 B

22ms
21ms

Image
image/gif

185.29.134.248
MEDIAMATH-INC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.mathtag.com/sync/img?sync=auto&source=bidder&mt_lim=1&type=1,2
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.29.134.248 , United Kingdom, ASN30419 (MEDIAMATH-INC, US),
Reverse DNS
Software: MT3 4033 f73cd20 master cdg-pixel-x28 config:1.0.0 /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Sat, 09 Oct 2021 11:16:03 GMT
Server: MT3 4033 f73cd20 master cdg-pixel-x28 config:1.0.0
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 43
Expires: Sat, 09 Oct 2021 11:16:02 GMT

Redirect headers

Date: Sat, 09 Oct 2021 11:16:03 GMT
x-mm-bid-request-time: 1633778161
Last-Modified: Sat, 09 Oct 2021 11:16:01 GMT
Server: MMBD/3.206.3
x-mm-latency: 17 (12)
Content-Type: text/html; charset=utf-8
Location: https://sync.mathtag.com/sync/img?sync=auto&source=bidder&mt_lim=1&type=1,2
x-mm-dbg: Invalid
Cache-Control: no-cache
x-mm-host: cdg-router-x54, cdg-bidder-x138
Connection: keep-alive
Keep-Alive: timeout=360
Content-Length: 75
Expires: Sat, 09 Oct 2021 11:16:02 GMT

GET
H/1.1 200
OK img
pixel.mathtag.com/event/ Frame 165F 43 B
372 B 93ms
61ms Image
image/gif 2.18.233.201
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.mathtag.com/event/img?mt_id=1368875&mt_adid=216764&v1=13&v2=8512998400995185129&v3=651871&v4=4562312&v5=6622395&mt_nsync=1&no_attr=1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.201 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-201.deploy.static.akamaitechnologies.com
Software: MT3 3984 0e3af3b master cdg-pixel-x2 config:1.0.0 /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Sat, 09 Oct 2021 11:16:03 GMT
Server: MT3 3984 0e3af3b master cdg-pixel-x2 config:1.0.0
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Sat, 09 Oct 2021 11:16:02 GMT

GET
H/1.1 200
OK img
tags.mathtag.com/event/ Frame 165F 49 B
330 B 47ms
14ms Image
image/gif 185.29.134.249
MEDIAMATH-INC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tags.mathtag.com/event/img?type=mmImpTrack&exch=apn&bid=8512998400995185129&st=4562312&time=[IMP_ATTR.time]&nodeid=1610
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.29.134.249 , United Kingdom, ASN30419 (MEDIAMATH-INC, US),
Reverse DNS
Software: MMBD/3.206.3 /
Resource Hash: 1cd58a827318c4a29b32a0db15c8c39d5651b42d8cad227519ad81bce4adb944

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Sat, 09 Oct 2021 11:16:03 GMT
Server: MMBD/3.206.3
Content-Type: image/gif
Cache-Control: no-cache
x-mm-host: cdg-router-x90, cdg-bidder-x138
Connection: keep-alive
Keep-Alive: timeout=360
Content-Length: 49
Expires: Sat, 09 Oct 2021 11:16:02 GMT

GET
H/1.1 200
OK trk.js Show response
cdn.adnxs.com/v/s/217/ Frame 165F 85 KB
29 KB 30ms
6ms Script
application/x-javascript 151.101.193.108
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.adnxs.com/v/s/217/trk.js
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.193.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: d450cb09bfdfb2712a08158c7afd6863c616dadfb632023199c75b75782c23d6

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Sat, 09 Oct 2021 11:16:03 GMT
Content-Encoding: gzip
Age: 959944
X-Cache: HIT, HIT
Connection: keep-alive
Content-Length: 29380
X-Served-By: cache-lga21949-LGA, cache-hhn4032-HHN
Access-Control-Allow-Origin: *, *
Last-Modified: Tue, 28 Sep 2021 08:36:54 GMT
Server: AkamaiNetStorage
X-Timer: S1633778164.849496,VS0,VE0
ETag: "68277f83cbab253ca48962032df81624:1632818214.66988"
Vary: Accept-Encoding
Content-Type: application/x-javascript
Via: 1.1 varnish, 1.1 varnish
Expires: Wed, 28 Sep 2022 08:36:59 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes
X-Cache-Hits: 1, 732443

GET
H/1.1 200
OK it
fra1-ib.adnxs.com/ Frame 165F 0
806 B 29ms
7ms Image
text/html 37.252.172.37
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://fra1-ib.adnxs.com/it?an_audit=0&referrer=https%253A%252F%252Fsecurityaffairs.co%252Fwordpress%252F123136%252Fmalware%252Fcox-media-group-ransomware.html&e=wqT_3QKhC_BMoQUAAAMA1gAFAQjx84WLBhDs3ujR94GdunUYzOLMx4_247VNKjYJN1K2SNqNxD8RSqkHqTSSvz8ZAAAA4KNw8T8hSqkHqTSSvz8pN1IJJNAxAAAAgD0Kxz8wrKbuCTj-TUAdSAhQltqohgFYg51sYABo8NeqAXizygWAAQGKAQNVU0SSAQEG8HmYAawCoAH6AagBAbABALgBAcABBcgBAtABANgBAOABAPABANgCx4oC4ALiqUvqAlNodHRwczovL3NlY3VyaXR5YWZmYWlycy5jby93b3JkcHJlc3MvMTIzMTM2L21hbHdhcmUvY294LW1lZGlhLWdyb3VwLXJhbnNvbQEb8EkuaHRtbIADAIgDAZADAJgDF6ADAaoDpwYK3gVodHRwOi8vdGFncy5tYXRodGFnLmNvbS9ub3RpZnkvaW1nP2V4Y2g9YXBuJnNfZREL8EZpZD01YVc5NXEyakx6SXpMeUF2VFdwQ2JWbFhSVEZhUjFGMFRrUlZNRmxwTVdoWlZGWm9URlJCZDAxRVFYUk5SRUYzVFVSQgkQBGROARDwyUx6ZzFNVEk1T1RnME1EQTVPVFV4T0RVeE1qa3ZOall5TWpNNU5TODBOVFl5TXpFeUx6RXpMMk5KVXpWak5tRnZaaTEwVXkxUlZHVkJWbUZpVlZkdlZreHVWM0JXTlRKTE0yRlRSMmg0VGxvdGJYY3ZNUzh4TXk4d0x6QXZPVFUyT0RBekx6TTJNekkwT1RJME5qSXZNakUyTlRNMkx6WTFNVGczTVM4eEx6QXZNQzlOUkVGM1RVUkJkMDFFUVhSTlJFRjNUVU13ZDAB5AhkTVYRIABFBRAF5ABUFfQMY3ZNQwl8CQhm_ADwvFlXMXpMekF2TVRBMU55ODFOUzg1T1Rrdk16SXlMekl4Tmk0eE16RXVNVEV4TGpBdk1DNHdNREF2TVRZek16YzNPREUyTVM4eE5qTXpOemt3TnpZeEx6RXpMems1T0RJdi9Yei1HbHRUNjJWNHJzSDZQLU5FYVVLQmg2a2cmbm9kZWlkPTE2MTAmZ3JvdXA9Y2RnJmF1Y3Rpb25pZD04NTEyOTk4NDAwOTk1MTg1MTI5JnNoYXJka2V5PTg1MUIdAPB9cHJpY2U9JHtBVUNUSU9OX1BSSUNFfSZuZnlfYWN0PUxENXdmM1UmYmZpcD0xODUuMjkuMTMyLjk4JnNpZD00NTYyMzEyJmNpZD02NjIyMzk1JnNyYz1hcGkmdHlwZT1idXJsJmNsaWVudD1zMnMSEzg1MTI5OTg0MDA5OTUxBaGwGhM4NDYzNTE3MjA5NTU5OTY5NjQ0IgkyODE2ODUyNzAqBjEwMTkzNjoHNjYyAWPwZcADrALIAwDYA_PfwgHgAwDoAwD4AwGABACSBA0vdXQvdjMvcHJlYmlkmAQAogQPMjE2LjEzMS4xMTEuMTc0qAQAsgQOCAAQARisAiD6ATAAOAK4BADABADIBADaBAIIAeAEAfAEloFFWIgFAZgFAKAFrYiWgNvklNd9wAUAyQUABQEU8D_SBQkJBQt8AAAA2AUB4AUB8AX5yyH6BQQIABAAkAYAmAYAuAYAwQYBITQAAPA_0Ab5qwHaBhYKEAkSGQGAEAAYAOAGAfIGAggAgAcBiAcAoAcBqgcGNjUxODcxugcPAVJIGAAgADAAOL0GQADIB7PKBdIHDRWAAUEI2gcGCSc84AcA6gcCCADwB4fjAvoHEhUmABERcgSCCEoVAA..&s=2c48064669933088940b0b1fa4cfc462a3963915

Requested by

Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.172.37 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

691.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 09 Oct 2021 11:16:03 GMT
X-Proxy-Origin: 216.131.111.174; 216.131.111.174; 691.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid: 7600fe35-2f70-4ed9-9ce3-4d192bac961f
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 204 tracking.php Show response
served-by.pixfuture.com/www/headerbid/library/tracking/ 0
309 B 91ms
91ms XHR
text/plain 68.183.31.14
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://served-by.pixfuture.com/www/headerbid/library/tracking/tracking.php
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.10.3 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

pragma: no-cache
date: Sat, 09 Oct 2021 11:16:03 GMT
server: nginx/1.10.3 (Ubuntu)
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: max-age=172800
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
expires: Mon, 11 Oct 2021 11:16:03 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame DB66 0
0 72ms
72ms Image
text/html 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=224&li=gda_r20211006&jk=824065045266497&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.186.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra24s06-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

POST
H2 204 tracking.php Show response
served-by.pixfuture.com/www/headerbid/library/tracking/ 0
309 B 93ms
93ms XHR
text/plain 68.183.31.14
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://served-by.pixfuture.com/www/headerbid/library/tracking/tracking.php
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.10.3 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

pragma: no-cache
date: Sat, 09 Oct 2021 11:16:03 GMT
server: nginx/1.10.3 (Ubuntu)
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: max-age=172800
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
expires: Mon, 11 Oct 2021 11:16:03 GMT

GET
H2 200 320x50.png
cdn.pixfuture.com/banners/ Frame D5FD 20 KB
21 KB 27ms
27ms Image
image/png 172.67.70.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.pixfuture.com/banners/320x50.png
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.70.113 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6f83d6d161d5d98ac0a6305e882cbf211c330178f30bac4095f967b5475c0e92

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 09 Oct 2021 11:16:03 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 60046
content-length: 20836
last-modified: Tue, 02 Feb 2021 21:40:24 GMT
server: cloudflare
etag: "6019c6c8-5164"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wiz6CD%2FcOhJWjCEqQJuSZRrDKVJJI6cVP6qNIiDfvpNYRfAjxTmkk%2BNppkiZBmPjD6lbjQ8Jori69DHzcYEOSMuc9y%2By9%2FC1wBffK66GLfDOHGcxz7yFCFg8WFQMGDcamsD0"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=2678400, no-transform
accept-ranges: bytes
cf-ray: 69b731d44dc83b43-CDG
expires: Sun, 10 Oct 2021 18:31:28 GMT

GET
H/1.1

200
OK

request.php Show response
hal900014.redintelligence.net/ Frame 165F
Redirect Chain

https://hal900014.redintelligence.net/request.php?zone=j7ljeqx6jfhz&nw=20&renderingType=javascript&namespace=689ff1ad6d&subid=&uid=cbe92eb6d0a4c440&screenSize=1600x1200&screenSizeAvail=1600x1200&cl...
https://hal900014.redintelligence.net/request.php?zone=j7ljeqx6jfhz&nw=20&renderingType=javascript&namespace=689ff1ad6d&subid=&uid=cbe92eb6d0a4c440&screenSize=1600x1200&screenSizeAvail=1600x1200&cl...

4 KB
2 KB

134ms
111ms

Script
application/x-javascript

176.9.26.250
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900014.redintelligence.net/request.php?zone=j7ljeqx6jfhz&nw=20&renderingType=javascript&namespace=689ff1ad6d&subid=&uid=cbe92eb6d0a4c440&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&extVar[]=MMA_SSP%3Aapn&envData=&gdpr=%5BBID_ATTR.gdpr_flag%5D&gdpr_consent=%5BBID_ATTR.gdpr_str%5D&ud=&redirectClick=http%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fmt_aid%3D8512998400995185129%26mt_id%3D6622395%26mt_adid%3D216536%26redirect%3D&documentReferer=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F123136%2Fmalware%2Fcox-media-group-ransomware.html&ancestorOrigins=https%3A%2F%2Fsecurityaffairs.co&random=7691552050377&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 176.9.26.250 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.250.26.9.176.clients.your-server.de
Software: Apache /
Resource Hash: b57ec732286261601e9f930718c80d6375bc246cbb9e7d5590123f0c03767c63

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 09 Oct 2021 11:16:03 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
X-NEORY-SubId: 58020000051987000951425011742014
Connection: close
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 1301
Expires: Sat, 09 Oct 2021 12:16:03 +0200

Redirect headers

Pragma: no-cache
Date: Sat, 09 Oct 2021 11:16:03 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Location: request.php?zone=j7ljeqx6jfhz&nw=20&renderingType=javascript&namespace=689ff1ad6d&subid=&uid=cbe92eb6d0a4c440&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&extVar[]=MMA_SSP%3Aapn&envData=&gdpr=%5BBID_ATTR.gdpr_flag%5D&gdpr_consent=%5BBID_ATTR.gdpr_str%5D&ud=&redirectClick=http%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fmt_aid%3D8512998400995185129%26mt_id%3D6622395%26mt_adid%3D216536%26redirect%3D&documentReferer=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F123136%2Fmalware%2Fcox-media-group-ransomware.html&ancestorOrigins=https%3A%2F%2Fsecurityaffairs.co&random=7691552050377&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Expires: Sat, 09 Oct 2021 12:16:03 +0200

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 00A4 0
20 B 56ms
56ms Image
image/gif 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=224&t=2&li=gda_r20211006&jk=824065045266497&bg=!QUKlQgbNAAbGFvHlxhY7ACkAdvg8WtnUA4A5tMfmCuhCLIqlPQbuhfT3LiD7D4sp_vMjUAUwQhLXuwIAAAChUgAAAApoAQcKAHnwMNg8GOkiZSy6RL7DQGEzXG0akWew0cuwEVaafPcQ8w27rnJaMjGmSQ14QSEvPjVxL5riCqvOPlpfmylJLaLDIIlZlSk32W2qtMKt0XtJPn-K72aP5S18ZgXp8uUfJn87GqqDFO8cUQazcFTy-CvCr9Z9ndbNroitmQLQ2g9tvjaoy4REy02xUMkVPmmAcGJP0FYn_M9lMFSrlgVshdDb2lCdoqEB5xQ9cCP8XVGTl7Q4Idy8fp7-bSNqjDnStyVUt9CrYt6gAMVwA9jrzOkVU12y0XQo4AjVwhD8gEIWnJ1iOD9ib8rsB1_0MeJa0865LVd7h018EQqm7QdfNsUIJqe0JcunSLD3lmuenqUuHmfrLMrj32qpikAr9nSC1yLheyjk8IRwC9st5eApiVnQrkx9W_s2eOqfz0E55yt-77ZnjbWsZOy-HQudwUCA82vJoNp4e589U32RhOj2yqGRi4gWSodWifIauruG-sSMwcKx9iigxAjn_HYe9pSB9EzukcW_smxygDpz2S6MQBD9kQnzTg1RbfFsE3jvjLgycag4RDs6Sg1VVUbmYoxP-PFo_p9ISd52ei0vdq-YsRqhQFEy1r3dQiLHZribKzJtoI6ES3ORXbAKR3oZz-gLjuPj9N2eDOjRcmP8uP1bLQ7FN7134vyBG4Xh8qN4SpPqt2tfmzxOizccxXHvC7gXwCXNmSNlvyvydS2Njpw0Gr7LvTkwU7gncm-d7KxwrMUZolTEztyEvvi-cOJj5GELcLYnWxfJj7xuGqMEJq9CgJRtvuJbsvxxDENtfvG7kwkrZD1Rog3JmN5Zu10CqqLzs0T5EbhKTzS95WaWwoNQwDTaOHIzeNmGMPnkXMihaAXvkQ6NOMgGrIsr3MWP1LG-SKPrxgQtzVmvkQcxEpvpIK0xBhV3wqCfEha0k6eK4fUpWtFj0SEcMk5bTw3WxVJ8emSpApJLSsdIoxOUNuVlC8Nc_kzn78z0nbqalI7_BE4tF2-U0558rq_a8LRktMEmxhYoNPtVsgLvtLwxfRk2VNH5ygps0txUZtNm8Dag46T6j_LZZ1XUCTwCJK66_offF4FWFrA_FgVsoU0R-1nnDV_GE270hUSnKlHkKMcd

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 09 Oct 2021 11:16:03 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame D870 0
580 B 7ms
7ms Script
text/html 37.252.172.45
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.172.45 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

693.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 09 Oct 2021 11:16:03 GMT
X-Proxy-Origin: 216.131.111.174; 216.131.111.174; 693.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid: cce11048-e1ac-4a23-a31b-6d5462120f13
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame BA9E 0
580 B 7ms
7ms Script
text/html 37.252.172.45
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.172.45 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

693.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 09 Oct 2021 11:16:03 GMT
X-Proxy-Origin: 216.131.111.174; 216.131.111.174; 693.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid: db3ac702-caab-4b6e-8077-52735f89dc3f
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame 0337 0
580 B 7ms
6ms Script
text/html 37.252.172.45
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.172.45 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

693.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 09 Oct 2021 11:16:03 GMT
X-Proxy-Origin: 216.131.111.174; 216.131.111.174; 693.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid: 643209a5-7011-433c-8ff9-585430460112
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame 9DC1 0
580 B 7ms
6ms Script
text/html 37.252.172.45
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.172.45 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

693.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 09 Oct 2021 11:16:03 GMT
X-Proxy-Origin: 216.131.111.174; 216.131.111.174; 693.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid: e6754ffa-d0b4-488d-8cf7-1cc1f93040d0
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

view.aspx Show response
pb.media01.eu/ Frame 185B
Redirect Chain

https://pv.medialead.de/trck/epv/e99aace94e6e5873830a7df8deda4aa6?subid=58020000051987000951425011742014&t=htlp
https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=58020000051987000951425011742014&actionid=731824&produktid=businessgiro&dt_url=

0
629 B

74ms
39ms

Document
text/html

88.198.250.30
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=58020000051987000951425011742014&actionid=731824&produktid=businessgiro&dt_url=

Requested by

Host: hal900014.redintelligence.net
URL: https://hal900014.redintelligence.net/request.php?zone=j7ljeqx6jfhz&nw=20&renderingType=javascript&namespace=689ff1ad6d&subid=&uid=cbe92eb6d0a4c440&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&extVar[]=MMA_SSP%3Aapn&envData=&gdpr=%5BBID_ATTR.gdpr_flag%5D&gdpr_consent=%5BBID_ATTR.gdpr_str%5D&ud=&redirectClick=http%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fmt_aid%3D8512998400995185129%26mt_id%3D6622395%26mt_adid%3D216536%26redirect%3D&documentReferer=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F123136%2Fmalware%2Fcox-media-group-ransomware.html&ancestorOrigins=https%3A%2F%2Fsecurityaffairs.co&random=7691552050377&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

88.198.250.30 Schwaig, Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

static.88-198-250-30.clients.your-server.de

Software

Microsoft-IIS/10.0 / ASP.NET

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: pb.media01.eu
:scheme: https
:path: /view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=58020000051987000951425011742014&actionid=731824&produktid=businessgiro&dt_url=
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://securityaffairs.co/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/

Response headers

cache-control: no-cache, must-revalidate
pragma: no-cache
content-type: text/html; charset=UTF-8
expires: Mon, 26 Jul 1997 05:00:00 GMT
last-modified: Sat, 09 Oct 2021 01:16:05 GMT
server: Microsoft-IIS/10.0
set-cookie: ASP.NET_SessionId=fgyzkpev321h2aquhdqunefw; path=/; secure; HttpOnly; SameSite=None DTU=78C91970356CE73F476A9903B5479E79; expires=Mon, 09-Oct-2023 11:16:05 GMT; path=/; SameSite=None; secure; HttpOnly; SameSite=None
p3p: policyref="https://pb.media01.eu/pb.media01.eu/p3p.xml", CP="NOI NID PSA OUR BUS NAV STA"
access-control-allow-origin: *
access-control-allow-credentials: true
x-xss-protection: 1; mode=block
access-control-allow-methods: GET,POST
access-control-allow-headers: Content-Type, Content-Range, Content-Disposition, Content-Description, X-XSRF-TOKEN, X-Location
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
date: Sat, 09 Oct 2021 11:16:05 GMT
content-length: 0

Redirect headers

Server: nginx/1.19.7
Date: Sat, 09 Oct 2021 11:16:05 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Keep-Alive: timeout=20
X-Powered-By: PHP/7.2.34
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,PUT,POST,DELETE,OPTIONS
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Range, Content-Disposition, Content-Type, Authorization
Access-Control-Allow-Credentials: true
Set-Cookie: trscj=MTYzMzc3ODE2NXxMM1J5WTJzdlpYQjJMMlU1T1dGaFkyVTVOR1UyWlRVNE56TTRNekJoTjJSbU9HUmxaR0UwWVdFMlAzTjFZbWxrUFRVNE1ESXdNREF3TURVeE9UZzNNREF3T1RVeE5ESTFNREV4TnpReU1ERTBKblE5YUhSc2NBPT18YUhSMGNITTZMeTl6WldOMWNtbDBlV0ZtWm1GcGNuTXVZMjh2; expires=Sun, 09-Oct-2022 11:16:05 GMT; Max-Age=31536000; path=/; samesite=none; domain=.medialead.de; secure SERVERID177589=2|YWF5+|YWF5+; path=/; HttpOnly
Location: https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=58020000051987000951425011742014&actionid=731824&produktid=businessgiro&dt_url=
Strict-Transport-Security: max-age=63072000;includeSubdomains;preload max-age=15768000
X-IPLB-Request-ID: D8836FAE:98BC_91EFC182:01BB_616179F4_101D9A17:396C
X-IPLB-Instance: 40027
Cache-control: private

GET
H2 200 / Show response
adv.office-partner.de/ Frame 5627 930 B
1 KB 35ms
6ms Document
text/html 185.172.148.128
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains
Requested by: Host: hal900014.redintelligence.net
URL: https://hal900014.redintelligence.net/request.php?zone=j7ljeqx6jfhz&nw=20&renderingType=javascript&namespace=689ff1ad6d&subid=&uid=cbe92eb6d0a4c440&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&extVar[]=MMA_SSP%3Aapn&envData=&gdpr=%5BBID_ATTR.gdpr_flag%5D&gdpr_consent=%5BBID_ATTR.gdpr_str%5D&ud=&redirectClick=http%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fmt_aid%3D8512998400995185129%26mt_id%3D6622395%26mt_adid%3D216536%26redirect%3D&documentReferer=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F123136%2Fmalware%2Fcox-media-group-ransomware.html&ancestorOrigins=https%3A%2F%2Fsecurityaffairs.co&random=7691552050377&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.172.148.128 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: keycdn-engine /
Resource Hash: 384179ee8fb1fd393558e28ea811532ea776e8cd69f9e94f379ddefb78948bd7

Request headers

:method: GET
:authority: adv.office-partner.de
:scheme: https
:path: /?utm_source=webgains&utm_campaign=webgains
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://securityaffairs.co/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/

Response headers

server: keycdn-engine
date: Sat, 09 Oct 2021 11:16:04 GMT
content-type: text/html
content-length: 930
last-modified: Thu, 06 May 2021 15:37:28 GMT
etag: "3a2-5c1ab16ba8ac4"
expires: Sat, 16 Oct 2021 11:16:04 GMT
cache-control: max-age=604800
link: <http://adv-srv.office-partner.de/?utm_source=webgains&utm_campaign=webgains>; rel="canonical"
x-cache: HIT
x-edge-location: defr
access-control-allow-origin: *
accept-ranges: bytes

GET
H/1.1 200
OK link.html Show response
track.webgains.com/ Frame 165F 1 KB
2 KB 223ms
99ms Script
text/html 46.236.13.147
PULSANT-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://track.webgains.com/link.html?wglinkid=2513145&wgcampaignid=99582&js=1&viewref=58020000051987000951425011742014&nw=1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_CBC
Server: 46.236.13.147 , United Kingdom, ASN12703 (PULSANT-AS, GB),
Reverse DNS: 46-236-13-147.servers.dedipower.net
Software: Apache /
Resource Hash: 3a38ec59e7ce9bd3f11ef46d0723a20e5c047a967e205b26e766216269fc9f81

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 09 Oct 2021 11:16:04 GMT
Last-Modified: Sat, 09 Oct 2021 11:16:04 GMT
Server: Apache
P3P: policyref="http://www.webgains.com/w3c/p3p.xml", CP="NON DSP COR NID ADM DEV CURi OUR NOR COM NAV"
X-WG-cache: hit
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Content-Type: text/html;charset=utf-8
Content-Length: 1233
Expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H/1.1 200
OK link.html Show response
track.webgains.com/ Frame 165F 1 KB
2 KB 228ms
105ms Script
text/html 46.236.13.147
PULSANT-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://track.webgains.com/link.html?wglinkid=3392365&wgcampaignid=99582&js=1&nw=1&viewref=58020000051987000951425011742014
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_CBC
Server: 46.236.13.147 , United Kingdom, ASN12703 (PULSANT-AS, GB),
Reverse DNS: 46-236-13-147.servers.dedipower.net
Software: Apache /
Resource Hash: 95f8f6a9b70c7e1ab7bfc32df523a49ef9fa2a5f84ede9371195f64a5e32ba2b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 09 Oct 2021 11:16:04 GMT
Last-Modified: Sat, 09 Oct 2021 11:16:04 GMT
Server: Apache
P3P: policyref="http://www.webgains.com/w3c/p3p.xml", CP="NON DSP COR NID ADM DEV CURi OUR NOR COM NAV"
X-WG-cache: hit
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Content-Type: text/html;charset=utf-8
Content-Length: 1239
Expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H3

200

activityi;dc_pre=CLLv9_iZvfMCFQ2IUQodBDEGzQ;src=5994599;type=invmedia;cat=wieh99wc;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=4456980229706.606 Show response
5994599.fls.doubleclick.net/ Frame A29F
Redirect Chain

https://5994599.fls.doubleclick.net/activityi;src=5994599;type=invmedia;cat=wieh99wc;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=4456980229706.606?
https://5994599.fls.doubleclick.net/activityi;dc_pre=CLLv9_iZvfMCFQ2IUQodBDEGzQ;src=5994599;type=invmedia;cat=wieh99wc;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=4456980229706.606?

391 B
346 B

74ms
43ms

Document
text/html

142.250.185.198
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://5994599.fls.doubleclick.net/activityi;dc_pre=CLLv9_iZvfMCFQ2IUQodBDEGzQ;src=5994599;type=invmedia;cat=wieh99wc;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=4456980229706.606?

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.198 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f6.1e100.net

Software

cafe /

Resource Hash

b61de45de6cbc24151e862978598ae46b163d8ad939073f0fe1eb14912d5eba8

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 5994599.fls.doubleclick.net
:scheme: https
:path: /activityi;dc_pre=CLLv9_iZvfMCFQ2IUQodBDEGzQ;src=5994599;type=invmedia;cat=wieh99wc;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=4456980229706.606?
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://securityaffairs.co/
accept-encoding: gzip, deflate, br
cookie: IDE=AHWqTUnvNDi8pOBDnvFZXHgvXGGNB6-J9zEmeimt1bkykhqjXatjopfOLc8JFQrabb8
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sat, 09 Oct 2021 11:16:04 GMT
expires: Sat, 09 Oct 2021 11:16:04 GMT
cache-control: private, max-age=0
strict-transport-security: max-age=21600
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 323
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

Redirect headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sat, 09 Oct 2021 11:16:04 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
follow-only-when-prerender-shown: 1
strict-transport-security: max-age=21600
location: https://5994599.fls.doubleclick.net/activityi;dc_pre=CLLv9_iZvfMCFQ2IUQodBDEGzQ;src=5994599;type=invmedia;cat=wieh99wc;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=4456980229706.606?
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H/1.1 200
OK request_content.php Show response
hal900014.redintelligence.net/ Frame C02C 7 KB
2 KB 34ms
12ms Document
text/html 176.9.26.250
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900014.redintelligence.net/request_content.php?s=58020000051987000951425011742014&a=5114acf7
Requested by: Host: hal900014.redintelligence.net
URL: https://hal900014.redintelligence.net/request.php?zone=j7ljeqx6jfhz&nw=20&renderingType=javascript&namespace=689ff1ad6d&subid=&uid=cbe92eb6d0a4c440&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&extVar[]=MMA_SSP%3Aapn&envData=&gdpr=%5BBID_ATTR.gdpr_flag%5D&gdpr_consent=%5BBID_ATTR.gdpr_str%5D&ud=&redirectClick=http%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fmt_aid%3D8512998400995185129%26mt_id%3D6622395%26mt_adid%3D216536%26redirect%3D&documentReferer=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F123136%2Fmalware%2Fcox-media-group-ransomware.html&ancestorOrigins=https%3A%2F%2Fsecurityaffairs.co&random=7691552050377&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 176.9.26.250 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.250.26.9.176.clients.your-server.de
Software: Apache /
Resource Hash: 8bf3d20138e6b613ef5e35e46ea06dba1d59d1bd5f96bf48990af39c46d0d842

Request headers

Host: hal900014.redintelligence.net
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://securityaffairs.co/
Accept-Encoding: gzip, deflate, br
Cookie: 8lcfmzhxc8d6_uid=1473ae595da85326
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/

Response headers

Date: Sat, 09 Oct 2021 11:16:04 GMT
Server: Apache
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Expires: Sat, 09 Oct 2021 12:16:04 +0200
Pragma: no-cache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 2062
Connection: close
Content-Type: text/html; charset=utf-8

GET
H/1.1

200
OK

native.png
ad-server.eu/wm/pb/ Frame 165F
Redirect Chain

https://pv.medialead.de/trck/eview/e99aace94e6e5873830a7df8deda4aa6?subid=58020000051987000951425011742014
https://ad-server.eu/wm/pb/native.png

68 B
312 B

167ms
31ms

Image
image/png

54.76.176.197
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ad-server.eu/wm/pb/native.png
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.76.176.197 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-76-176-197.eu-west-1.compute.amazonaws.com
Software: nginx/1.4.6 (Ubuntu) /
Resource Hash: 93ae7d494fad0fb30cbf3ae746a39c4bc7a0f8bbf87fbb587a3f3c01f3c5ce20

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Sat, 09 Oct 2021 11:19:45 GMT
Last-Modified: Sat, 21 Dec 2019 23:06:59 GMT
Server: nginx/1.4.6 (Ubuntu)
ETag: "5dfea593-44"
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 68

Redirect headers

Date: Sat, 09 Oct 2021 11:16:05 GMT
Server: nginx/1.19.7
X-IPLB-Request-ID: D8836FAE:98BA_91EFC182:01BB_616179F4_101C8869:396D
X-Powered-By: PHP/7.2.34
X-IPLB-Instance: 40027
Strict-Transport-Security: max-age=63072000;includeSubdomains;preload, max-age=15768000
Content-Type: text/html; charset=UTF-8
Location: https://ad-server.eu/wm/pb/native.png
Cache-control: private
Transfer-Encoding: chunked
Keep-Alive: timeout=20

GET
H/1.1 200
OK async_usersync.html Show response
acdn.adnxs.com/dmp/ Frame 2F43 52 KB
17 KB 8ms
7ms Document
text/html 2.18.232.130
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html?gdpr=0&seller_id=9982&pub_id=1433950
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.232.130 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-232-130.deploy.static.akamaitechnologies.com
Software: nginx/1.13.10 /
Resource Hash: 3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Host: acdn.adnxs.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://securityaffairs.co/
Accept-Encoding: gzip, deflate, br
Cookie: anj=dTM7k!M4/8CxrEQF']wIg2In9L4x0>!@wnf-Te9(>wL5L!!'RC$g4pu; icu=ChgI3sJXEAoYASABKAEw8fOFiwY4AUABSAEQ8fOFiwYYAA..; uuid2=361885755173608966
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/

Response headers

Last-Modified: Wed, 02 Dec 2020 20:56:47 GMT
ETag: "5fc7ff8f-cf34"
Server: nginx/1.13.10
Access-Control-Allow-Origin: *
Content-Type: text/html
Content-Encoding: gzip
Content-Length: 17053
Cache-Control: max-age=86402
Expires: Sun, 10 Oct 2021 11:16:06 GMT
Date: Sat, 09 Oct 2021 11:16:04 GMT
Connection: keep-alive
Vary: Accept-Encoding

GET
H/1.1 200
OK rd_log Show response
fra1-ib.adnxs.com/ Frame 165F 0
806 B 7ms
7ms Script
text/html 37.252.172.37
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://fra1-ib.adnxs.com/rd_log?an_audit=0&referrer=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F123136%2Fmalware%2Fcox-media-group-ransomware.html&e=wqT_3QLZE_BM2QkAAAMA1gAFAQjx84WLBhDs3ujR94GdunUYzOLMx4_247VNKjYJN1K2SNqNxD8RSqkHqTSSvz8ZAAAA4KNw8T8hSqkHqTSSvz8pN1IJJNAxAAAAgD0Kxz8wrKbuCTj-TUAdSAhQltqohgFYg51sYABo8NeqAXizygWAAQGKAQNVU0SSAQEG8HmYAawCoAH6AagBAbABALgBAcABBcgBAtABANgBAOABAPABANgCx4oC4ALiqUvqAlNodHRwczovL3NlY3VyaXR5YWZmYWlycy5jby93b3JkcHJlc3MvMTIzMTM2L21hbHdhcmUvY294LW1lZGlhLWdyb3VwLXJhbnNvbQEboC5odG1s8gKwAQoaW1VORU5DT0RFRF9DTElDS19SRURJUkVDVF0SkQFoDXbAcGl4ZWwubWF0aHRhZy5jb20vY2xpY2svaW1nP210X2FpZD04NTEyOTk4NDAwOTk1MQUONCZtdF9pZD02NjIyMzk1AQ4oYWRpZD0yMTY1MzYBDyhzaWQ9NDU2MjMxMgEPGGV4aWQ9MTMBCxhpbmFwcD0wAQvAb3M9JnJlZGlyZWN0PfICGQoUW0JJRF9BVFRSLmdkcHJfZmxhZ10SATDyAh4KFFtBRAkbMGFkdmVydGlzZXJdEgYJcxDyAhcKEzo9ACxzdHJdEgDyAh0KElsROyxjcmVhdGl2ZV0SBzYJvBDyAigKERk6IGJpZF9pZF0SEwXnADky9QAI8gIaLmUAgGV4Y2hhbmdlXRIDYXBu8gImCg9bUkFORE9NX05VTUJFUl5GAIiDCgoSW05PVElGSUNBVElPTl9VUkldEuwJPGltZyBzcmM9aC2dDHRhZ3MynAEUbm90aWZ5JZ0Bfxg9YXBuJnNfFQvwRmlkPTVhVzk1cTJqTHpJekx5QXZUV3BDYlZsWFJURmFSMUYwVGtSVk1GbHBNV2haVkZab1RGUkJkMDFFUVhSTlJFRjNUVVJCCRAEZE4BEPDJTHpnMU1USTVPVGcwTURBNU9UVXhPRFV4TWprdk5qWXlNak01TlM4ME5UWXlNekV5THpFekwyTkpVelZqTm1GdlppMTBVeTFSVkdWQlZtRmlWVlZTYlVoZlVubEtkR0ZGVFVKMWEzazVTbTF6TlZrdk1TOHhNeTh3THpBdk9UVTJPREF6THpNMk16STBPVEkwTmpJdk1qRTJOVE0yTHpZMU1UZzNNUzh4THpBdk1DOU5SRUYzVFVSQmQwMUVRWFJOUkVGM1RVTXdkMAHkCGRNVhEgAEUFEAXkAFQV9Axjdk1DCXwJCGb8APCaWVcxekx6QXZNVEExTnk4MU5TODVPVGt2TXpJeUx6SXhOaTR4TXpFdU1URXhMakF2TUM0d01EQXZNVFl6TXpjM09ERTJNUzh4TmpNek56a3dOell4THpFekx6azVPREl2L2x1cFgzaXJTbVAyM2JoM0QwZ2NtS25BVXZtOCZub2RlaWQ9MTYxMCZncm91cD1jZGcmYXVjdGlvbmlWsgMoc2hhcmRrZXk9ODVGzwMurwMAY33Z8JVicD1hX2JnYWZoaiZuZnlfYWN0PUxENXdldyZiZmlwPTE4NS4yOS4xMzIuOTgmdHlwZT1pbXAmY2xpZW50PWMycyB3aWR0aD0xIGhlaWdodD0xPlx4M0NkaXYgd2lkdGg9JzEnIGhlaWdodD0nMScgc3R5bGU9J2Rpc3BsYXk6bm9uZTsgb3ZlcmZsb3c6aGlkZGVuJz4BQ2UrAHQFLjRsZWZ0Oi0xMHB4O3RvcA0KECBwb3NpIQ8kOmFic29sdXRlJ2VbBCdobVwAcEL5BBBldmVudGVcid4YMTM2ODg3NYGqkd4UNzY0JnYxgcoEdjJSSQEsdjM9NjUxODcxJnY0tQEEdjUuKgVEbnN5bmM9MSZub19hdHRyPTEnLSUAJzYMAQQvPlLoAAA5EecBCYLmAEJCBBnlAHQhrihtbUltcFRyYWNrJpVGAGJa9AUEc3QV0ih0aW1lPVtJTVBfQaGtAQ8IXSZuWZZy0wDw7S9kaXY-gAMAiAMBkAMAmAMXoAMBqgMAwAOsAsgDANgD89_CAeADAOgDAPgDAYAEAJIEDS91dC92My9wcmViaWSYBACiBA8yMTYuMTMxLjExMS4xNzSoBACyBA4IABABGKwCIPoBMAA4ArgEAMAEAMgEANoEAggB4AQB8ASW2qiGAYgFAZgFAKAFrYiWgNvklNd9wAUAyQUAAAAAAADwP9IFCQkAAAAAAAAAANgFAeAFAeoFWQoJbXlLZXl3b3JkEkxjb3gsbWVkaWEsZ3JvdXAsdG9vayxkb3duLGJyb2FkY2FzdHMsYWZ0ZXIscmHxmRwsYXR0YWNrc-3mBCxh6edA6gVeCg5teU90aGVyS2V5d2_-YQA-YQBY8AX5yyH6BQQIABAAkAYAmAYAuAYAwQYJ4CzwP9AG-asB2gYWChAJEhkBXBAAGADgBgHyBgIIAIAHAYgHAKAHAaoHBkngCLoHDwFSTBgAIAAwADi9BkAAyAezygXSBw0JEUMBQQjaBwYJJzzgBwDqBwIIAPAHh-MC-gcSFSYAEREvBIIIShUA&s=8b68952b5f12646744591c43cc8326bef22b5d31&bdref=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F123136%2Fmalware%2Fcox-media-group-ransomware.html&bdtop=true&bdifs=1&bstk=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F123136%2Fmalware%2Fcox-media-group-ransomware.html,https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F123136%2Fmalware%2Fcox-media-group-ransomware.html&

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.172.37 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

691.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 09 Oct 2021 11:16:04 GMT
X-Proxy-Origin: 216.131.111.174; 216.131.111.174; 691.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid: ac088196-3aeb-459d-bb22-61f78f48e131
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H/1.1 200
OK vevent
fra1-ib.adnxs.com/ Frame 165F 0
831 B 7ms
6ms Ping
text/html 37.252.172.37
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://fra1-ib.adnxs.com/vevent?an_audit=0&referrer=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F123136%2Fmalware%2Fcox-media-group-ransomware.html&e=wqT_3QKhC_BMoQUAAAMA1gAFAQjx84WLBhDs3ujR94GdunUYzOLMx4_247VNKjYJN1K2SNqNxD8RSqkHqTSSvz8ZAAAA4KNw8T8hSqkHqTSSvz8pN1IJJNAxAAAAgD0Kxz8wrKbuCTj-TUAdSAhQltqohgFYg51sYABo8NeqAXizygWAAQGKAQNVU0SSAQEG8HmYAawCoAH6AagBAbABALgBAcABBcgBAtABANgBAOABAPABANgCx4oC4ALiqUvqAlNodHRwczovL3NlY3VyaXR5YWZmYWlycy5jby93b3JkcHJlc3MvMTIzMTM2L21hbHdhcmUvY294LW1lZGlhLWdyb3VwLXJhbnNvbQEb8EkuaHRtbIADAIgDAZADAJgDF6ADAaoDpwYK3gVodHRwOi8vdGFncy5tYXRodGFnLmNvbS9ub3RpZnkvaW1nP2V4Y2g9YXBuJnNfZREL8EZpZD01YVc5NXEyakx6SXpMeUF2VFdwQ2JWbFhSVEZhUjFGMFRrUlZNRmxwTVdoWlZGWm9URlJCZDAxRVFYUk5SRUYzVFVSQgkQBGROARDwyUx6ZzFNVEk1T1RnME1EQTVPVFV4T0RVeE1qa3ZOall5TWpNNU5TODBOVFl5TXpFeUx6RXpMMk5KVXpWak5tRnZaaTEwVXkxUlZHVkJWbUZpVlZkdlZreHVWM0JXTlRKTE0yRlRSMmg0VGxvdGJYY3ZNUzh4TXk4d0x6QXZPVFUyT0RBekx6TTJNekkwT1RJME5qSXZNakUyTlRNMkx6WTFNVGczTVM4eEx6QXZNQzlOUkVGM1RVUkJkMDFFUVhSTlJFRjNUVU13ZDAB5AhkTVYRIABFBRAF5ABUFfQMY3ZNQwl8CQhm_ADwvFlXMXpMekF2TVRBMU55ODFOUzg1T1Rrdk16SXlMekl4Tmk0eE16RXVNVEV4TGpBdk1DNHdNREF2TVRZek16YzNPREUyTVM4eE5qTXpOemt3TnpZeEx6RXpMems1T0RJdi9Yei1HbHRUNjJWNHJzSDZQLU5FYVVLQmg2a2cmbm9kZWlkPTE2MTAmZ3JvdXA9Y2RnJmF1Y3Rpb25pZD04NTEyOTk4NDAwOTk1MTg1MTI5JnNoYXJka2V5PTg1MUIdAPB9cHJpY2U9JHtBVUNUSU9OX1BSSUNFfSZuZnlfYWN0PUxENXdmM1UmYmZpcD0xODUuMjkuMTMyLjk4JnNpZD00NTYyMzEyJmNpZD02NjIyMzk1JnNyYz1hcGkmdHlwZT1idXJsJmNsaWVudD1zMnMSEzg1MTI5OTg0MDA5OTUxBaGwGhM4NDYzNTE3MjA5NTU5OTY5NjQ0IgkyODE2ODUyNzAqBjEwMTkzNjoHNjYyAWPwZcADrALIAwDYA_PfwgHgAwDoAwD4AwGABACSBA0vdXQvdjMvcHJlYmlkmAQAogQPMjE2LjEzMS4xMTEuMTc0qAQAsgQOCAAQARisAiD6ATAAOAK4BADABADIBADaBAIIAeAEAfAEloFFWIgFAZgFAKAFrYiWgNvklNd9wAUAyQUABQEU8D_SBQkJBQt8AAAA2AUB4AUB8AX5yyH6BQQIABAAkAYAmAYAuAYAwQYBITQAAPA_0Ab5qwHaBhYKEAkSGQGAEAAYAOAGAfIGAggAgAcBiAcAoAcBqgcGNjUxODcxugcPAVJIGAAgADAAOL0GQADIB7PKBdIHDRWAAUEI2gcGCSc84AcA6gcCCADwB4fjAvoHEhUmABERcgSCCEoVAA..&s=2c48064669933088940b0b1fa4cfc462a3963915&type=nv&nvt=5&jm=1003&px=320&py=2414&bw=300&bh=250&sid=3069374091331342387&vd=ct~0|rr~0&sv=217&tv=view7-1hs&ua=chrome52&pl=win&x=v&tag_id=20681516&sw=1600&sh=1200&pw=1600&ph=3975&ww=1600&wh=1200&ft=2

Requested by

Host: cdn.adnxs.com
URL: https://cdn.adnxs.com/v/s/217/trk.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.172.37 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

691.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Pragma: no-cache
Date: Sat, 09 Oct 2021 11:16:04 GMT
X-Proxy-Origin: 216.131.111.174; 216.131.111.174; 691.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid: 15eb594a-0b84-48ae-b4ed-5e169b1e0e53
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://securityaffairs.co
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame 2F43 0
580 B 7ms
7ms Script
text/html 37.252.172.45
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels&seller_id=9982&pub_id=1433950&gdpr=0

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html?gdpr=0&seller_id=9982&pub_id=1433950

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.172.45 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

693.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 09 Oct 2021 11:16:04 GMT
X-Proxy-Origin: 216.131.111.174; 216.131.111.174; 693.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid: 126c738c-c5e4-414e-b568-07dc0f61ef01
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 gtm.js Show response
www.googletagmanager.com/ Frame 5627 86 KB
33 KB 63ms
32ms Script
application/javascript 142.250.74.200
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-TBMT2SF

Requested by

Host: adv.office-partner.de
URL: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.74.200 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s02-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

87ea580232055d9097bbac3e089f2aa1204dd91298463de05ca2882986f360e7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://adv.office-partner.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 09 Oct 2021 11:16:04 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 34268
x-xss-protection: 0
last-modified: Sat, 09 Oct 2021 09:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sat, 09 Oct 2021 11:16:04 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame C02C 4 KB
1 KB 60ms
22ms Stylesheet
text/css 172.217.18.106
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600

Requested by

Host: hal900014.redintelligence.net
URL: https://hal900014.redintelligence.net/request_content.php?s=58020000051987000951425011742014&a=5114acf7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.106 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s05-in-f106.1e100.net

Software

ESF /

Resource Hash

932060b34fe451f1cb994f3da257f6d2d0f281e1e286e9f3f0e2da63e862fec6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900014.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sat, 09 Oct 2021 10:17:03 GMT
server: ESF
date: Sat, 09 Oct 2021 11:16:04 GMT
x-frame-options: SAMEORIGIN
report-to: {"group":"AZM8iraMxxUfRnRum-EGst9UuHcPNVSf9Kp1_90wIgU","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/encsid_AZM8iraMxxUfRnRum-EGst9UuHcPNVSf9Kp1_90wIgU"}]}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
cross-origin-opener-policy-report-only: same-origin; report-to="AZM8iraMxxUfRnRum-EGst9UuHcPNVSf9Kp1_90wIgU"
expires: Sat, 09 Oct 2021 11:16:04 GMT

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame C02C 15 KB
15 KB 36ms
12ms Image
image/png 116.202.48.214
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=120&height=60&url=https://cdn.contentspread.net/24i/advertiser/6383/creativesup/laptop_1200x627.jpg
Requested by: Host: hal900014.redintelligence.net
URL: https://hal900014.redintelligence.net/request_content.php?s=58020000051987000951425011742014&a=5114acf7
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 116.202.48.214 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.214.48.202.116.clients.your-server.de
Software: Apache /
Resource Hash: 7cf838864bfdfad2eeaa59beb7584834664de53ce9ef35bd36a259cf74d4eedb

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900014.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Sat, 09 Oct 2021 11:16:04 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 15250
Vary: Accept-Encoding
Content-Type: image/png

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame C02C 16 KB
16 KB 35ms
12ms Image
image/png 116.202.48.214
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=120&height=60&url=https://cdn.contentspread.net/24i/advertiser/30229/creativesup/1200x627_Office-Partner.jpg
Requested by: Host: hal900014.redintelligence.net
URL: https://hal900014.redintelligence.net/request_content.php?s=58020000051987000951425011742014&a=5114acf7
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 116.202.48.214 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.214.48.202.116.clients.your-server.de
Software: Apache /
Resource Hash: f095f42b00697425df415c2906f4868b77accfdf281be1811058b2d8e9c87536

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900014.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Sat, 09 Oct 2021 11:16:04 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 16531
Vary: Accept-Encoding
Content-Type: image/png

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame C02C 15 KB
15 KB 36ms
13ms Image
image/png 116.202.48.214
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=120&height=60&url=https://cdn.contentspread.net/24i/advertiser/52113/creativesup/paninishop-fussball-1200x627.jpg
Requested by: Host: hal900014.redintelligence.net
URL: https://hal900014.redintelligence.net/request_content.php?s=58020000051987000951425011742014&a=5114acf7
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 116.202.48.214 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.214.48.202.116.clients.your-server.de
Software: Apache /
Resource Hash: 2a951a0ee150ef0e409195fe3630ba0b62c86c9f25ee272ac59c8a74191a7b7a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900014.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Sat, 09 Oct 2021 11:16:04 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 15289
Vary: Accept-Encoding
Content-Type: image/png

GET
H/1.1 200
OK viewability Show response
hal900014.redintelligence.net/ Frame C02C 0
150 B 36ms
14ms Script
text/html 176.9.26.250
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900014.redintelligence.net/viewability?s=58020000051987000951425011742014&a=21e5e093&vb=m
Requested by: Host: hal900014.redintelligence.net
URL: https://hal900014.redintelligence.net/request_content.php?s=58020000051987000951425011742014&a=5114acf7
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 176.9.26.250 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.250.26.9.176.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900014.redintelligence.net/request_content.php?s=58020000051987000951425011742014&a=5114acf7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Sat, 09 Oct 2021 11:16:04 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H2 200 6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu.woff2
fonts.gstatic.com/s/sourcesanspro/v14/ Frame C02C 16 KB
16 KB 70ms
21ms Font
font/woff2 142.250.186.35
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/sourcesanspro/v14/6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.35 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f3.1e100.net

Software

sffe /

Resource Hash

efb3cdc5e4582fd67dffab6fc6e5062074ce3f8c51747346af944e97749dc309

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://hal900014.redintelligence.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 05 Oct 2021 01:22:16 GMT
x-content-type-options: nosniff
age: 381228
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15948
x-xss-protection: 0
last-modified: Tue, 15 Sep 2020 18:10:32 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 05 Oct 2022 01:22:16 GMT

GET
H2 200 6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2
fonts.gstatic.com/s/sourcesanspro/v14/ Frame C02C 16 KB
16 KB 88ms
39ms Font
font/woff2 142.250.186.35
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/sourcesanspro/v14/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.35 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f3.1e100.net

Software

sffe /

Resource Hash

a9950fa5ca9cf47072770900d259bcf6778aa1119652d2e706d5eb92df254199

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://hal900014.redintelligence.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 05 Oct 2021 01:22:16 GMT
x-content-type-options: nosniff
age: 381228
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16112
x-xss-protection: 0
last-modified: Tue, 15 Sep 2020 18:10:09 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 05 Oct 2022 01:22:16 GMT

GET
H3 200 dc_pre=CLLv9_iZvfMCFQ2IUQodBDEGzQ;src=5994599;type=invmedia;cat=wieh99wc;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=4456980229706.606
adservice.google.com/ddm/fls/z/ Frame A29F 42 B
63 B 55ms
55ms Image
image/gif 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=CLLv9_iZvfMCFQ2IUQodBDEGzQ;src=5994599;type=invmedia;cat=wieh99wc;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=4456980229706.606

Requested by

Host: 5994599.fls.doubleclick.net
URL: https://5994599.fls.doubleclick.net/activityi;dc_pre=CLLv9_iZvfMCFQ2IUQodBDEGzQ;src=5994599;type=invmedia;cat=wieh99wc;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=4456980229706.606?

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://5994599.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 09 Oct 2021 11:16:04 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pvClk.min.js Show response
analytics.webgains.io/ Frame 165F 51 KB
51 KB 44ms
8ms Script
application/javascript 13.225.87.68
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.webgains.io/pvClk.min.js
Requested by: Host: track.webgains.com
URL: https://track.webgains.com/link.html?wglinkid=2513145&wgcampaignid=99582&js=1&viewref=58020000051987000951425011742014&nw=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.87.68 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-87-68.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: c6ce2b47cde7cf913a3c34ddce355fa9c75012577dd34c35928add8676cb7fa0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-amz-version-id: ESJ1m.JcTMC7xiA46tdzcog3eD2HGNO9
via: 1.1 882f747f39885162595630c95dd0012d.cloudfront.net (CloudFront)
last-modified: Mon, 13 Sep 2021 10:14:21 GMT
server: AmazonS3
age: 21114
etag: "ec0ced40cbb5211db06b8a36f209e442"
x-edge-origin-shield-skipped: 0
content-type: application/javascript
date: Sat, 09 Oct 2021 05:24:11 GMT
x-cache: Hit from cloudfront
x-amz-cf-pop: FRA2-C2
accept-ranges: bytes
content-length: 51794
x-amz-cf-id: NQpcUoe-SzJMfxsmxWy3t4CUJNbfpJRbOeBU_Ye2PvGeVNEvc2VjzA==

GET
H/1.1 200
OK link.html
track.webgains.com/ Frame 165F 3 KB
3 KB 87ms
32ms Image
image/png 46.236.13.147
PULSANT-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track.webgains.com/link.html?wgcampaignid=99582&viewref=60622200068240300710616011742003&wglinkid=2513145
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_CBC
Server: 46.236.13.147 , United Kingdom, ASN12703 (PULSANT-AS, GB),
Reverse DNS: 46-236-13-147.servers.dedipower.net
Software: Apache /
Resource Hash: 232d3fbf590a584138bb563319747dbef0c9e41db91f19ff45d41e785a5f4f98

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 09 Oct 2021 11:16:04 GMT
Last-Modified: Sat, 09 Oct 2021 11:16:04 GMT
Server: Apache
P3P: policyref="http://www.webgains.com/w3c/p3p.xml", CP="NON DSP COR NID ADM DEV CURi OUR NOR COM NAV"
X-WG-cache: hit
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Content-Type: image/png
Content-Length: 2808
Expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H/1.1 200
OK link.html
track.webgains.com/ Frame 165F 160 B
618 B 87ms
32ms Image
image/jpeg 46.236.13.147
PULSANT-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track.webgains.com/link.html?wgcampaignid=99582&viewref=71241500053310101051022011742020&wglinkid=3392365
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_CBC
Server: 46.236.13.147 , United Kingdom, ASN12703 (PULSANT-AS, GB),
Reverse DNS: 46-236-13-147.servers.dedipower.net
Software: Apache /
Resource Hash: 6b71d2bd27010cbb01e505314423d9c903230bf4182019eb1ca8016bd2b624a0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 09 Oct 2021 11:16:04 GMT
Last-Modified: Sat, 09 Oct 2021 11:16:04 GMT
Server: Apache
P3P: policyref="http://www.webgains.com/w3c/p3p.xml", CP="NON DSP COR NID ADM DEV CURi OUR NOR COM NAV"
X-WG-cache: hit
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Content-Type: image/jpeg
Content-Length: 160
Expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 6092 42 B
64 B 63ms
62ms Fetch
image/gif 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvloTd-Xqwm9W517Gm7LL-m5tA8XOpZ5tIiUE8Oy-iD-RDnRLk7gIprSBneq8j_y6nLMEBSDBPZfL01ghRSW2hTJymUrM6oQ_-iqOX93YA7E9nB_Mt2LA&sai=AMfl-YTaJ7F-rMj2SnZw2pybAxH2yZQyCDCSYMaV5tbGtIaUnmgniQYJ6hMneIk5b36Y0_XNFbCsvvR5V70ytX4XKemiBaHA55253V9_zoa-OaNXNqy45sl1XuSj5JQU&sig=Cg0ArKJSzJ3zFJZQNR4PEAE&cid=CAASEuRoMWyizej-9YF-zPo157sYgA&id=lidar2&mcvt=1001&p=0,0,90,728&mtos=1001,1001,1001,1001,1001&tos=1001,0,0,0,0&v=20211006&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=20&adk=1194620937&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0%3D&vs=4&r=v&rst=1633778162526&rpt=855&met=mue&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 09 Oct 2021 11:16:04 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 SPug Show response
simage4.pubmatic.com/AdServer/ Frame E8BE 0
128 B 19ms
18ms Script
text/plain 185.64.190.81
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage4.pubmatic.com/AdServer/SPug?partnerID=158127&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.81 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 09 Oct 2021 11:16:04 GMT
cache-control: no-store, no-cache, private
server: nginx
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame 2F43 0
580 B 7ms
6ms Script
text/html 37.252.172.45
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels&seller_id=9982&pub_id=1433950&gdpr=0

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html?gdpr=0&seller_id=9982&pub_id=1433950

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.172.45 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

693.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 09 Oct 2021 11:16:05 GMT
X-Proxy-Origin: 216.131.111.174; 216.131.111.174; 693.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid: a518e444-9a0e-4c90-8928-fc6627e8ccd7
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 200 tracking-event Show response
api.webgains.io/ Frame 165F 16 B
232 B 85ms
85ms Fetch
application/json 52.215.101.139
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api.webgains.io/tracking-event

Requested by

Host: analytics.webgains.io
URL: https://analytics.webgains.io/pvClk.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.215.101.139 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-215-101-139.eu-west-1.compute.amazonaws.com

Software

nginx / PHP/7.4.21

Resource Hash

c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: application/json

Response headers

date: Sat, 09 Oct 2021 11:16:05 GMT
x-content-type-options: nosniff
server: nginx
x-powered-by: PHP/7.4.21
x-frame-options: SAMEORIGIN
content-type: application/json
access-control-allow-origin: *
cache-control: no-cache, private
x-xss-protection: 1; mode=block

OPTIONS
H2 204 tracking-event
api.webgains.io/ Frame 0
0 100ms
29ms Preflight 52.215.101.139
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.webgains.io/tracking-event
Protocol: H2
Server: 52.215.101.139 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-215-101-139.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://securityaffairs.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Sat, 09 Oct 2021 11:16:05 GMT
server: nginx
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS

POST
H2 200 tracking-event Show response
api.webgains.io/ Frame 165F 16 B
232 B 84ms
83ms Fetch
application/json 52.215.101.139
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api.webgains.io/tracking-event

Requested by

Host: analytics.webgains.io
URL: https://analytics.webgains.io/pvClk.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.215.101.139 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-215-101-139.eu-west-1.compute.amazonaws.com

Software

nginx / PHP/7.4.21

Resource Hash

c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: application/json

Response headers

date: Sat, 09 Oct 2021 11:16:05 GMT
x-content-type-options: nosniff
server: nginx
x-powered-by: PHP/7.4.21
x-frame-options: SAMEORIGIN
content-type: application/json
access-control-allow-origin: *
cache-control: no-cache, private
x-xss-protection: 1; mode=block

OPTIONS
H2 204 tracking-event
api.webgains.io/ Frame 0
0 86ms
28ms Preflight 52.215.101.139
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.webgains.io/tracking-event
Protocol: H2
Server: 52.215.101.139 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-215-101-139.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://securityaffairs.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Sat, 09 Oct 2021 11:16:05 GMT
server: nginx
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: fonts.googleapis.com
URL: http://fonts.googleapis.com/css?family=Roboto+Condensed%3A400italic%2C700italic%2C400%2C700&subset=latin%2Ccyrillic-ext%2Cgreek-ext%2Cgreek%2Ccyrillic%2Clatin-ext%2Cvietnamese&ver=4e9fb397a60a1f94ccb51524dee6bbf2

Domain: fonts.googleapis.com
URL: http://fonts.googleapis.com/css?family=Lato%3A400%2C700%2C400italic%2C700italic&ver=4e9fb397a60a1f94ccb51524dee6bbf2

Domain: fonts.googleapis.com
URL: http://fonts.googleapis.com/css?family=Playfair+Display%3A400%2C700%2C400italic&subset=latin%2Ccyrillic-ext%2Cgreek-ext%2Ccyrillic&ver=4e9fb397a60a1f94ccb51524dee6bbf2

Domain: fonts.googleapis.com
URL: http://fonts.googleapis.com/css?family=Oswald%3A400%2C700%2C400italic&subset=latin%2Ccyrillic-ext%2Cgreek-ext%2Ccyrillic&ver=4e9fb397a60a1f94ccb51524dee6bbf2

Domain: api.rlcdn.com
URL: https://api.rlcdn.com/api/identity/envelope?pid=c2d18b01-4905-4aba-a83e-e41eac932694

Domain: cm.g.doubleclick.net
URL: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWF586vTKbaTQr25os40xAAABJ8AAAAB&google_cver=1&google_push=AYg5qPKCpjknaIQCi169xPYfKwjIJUszPvuo8ERESsfBZF6QVDSwQnotzb9U5oeFYHc0DNJgqANg0IiXW9vQBF-V8NVktkoQ3A&google_gid=CAESEGU3tEPg1WBw1WFgeD1wcYA

Verdicts & Comments Add Verdict or Comment

140 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

114 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.media.net/	1970-01-20 02:16:02	Name: gdpr_status Value: 1
securityaffairs.co/	1970-01-19 21:49:39	Name: session_depth Value: securityaffairs.co%3D1%7C816788371%3D2%7C184323154%3D1%7C647633027%3D1
.securityaffairs.co/	1970-01-20 15:20:50	Name: _ga Value: GA1.2.1856466030.1633778161
.securityaffairs.co/	1970-01-19 21:51:04	Name: _gid Value: GA1.2.1899131108.1633778161
.securityaffairs.co/	1970-01-19 21:49:38	Name: _gat_gtag_UA_59069958_1 Value: 1
.securityaffairs.co/	1970-01-19 21:49:38	Name: _gat Value: 1
securityaffairs.co/	1970-01-20 06:35:14	Name: cookielawinfo-checkbox-necessary Value: yes
securityaffairs.co/	1970-01-20 06:35:14	Name: cookielawinfo-checkbox-non-necessary Value: yes
securityaffairs.co/	1970-01-19 22:32:50	Name: _pbjs_userid_consent_data Value: 3524755945110770
securityaffairs.co/	1970-01-19 21:49:41	Name: _lr_retry_request Value: true
securityaffairs.co/	1970-01-19 22:32:50	Name: _lr_env_src_ats Value: false
.adnxs.com/	1970-01-19 23:59:14	Name: anj Value: dTM7k!M4/8CxrEQF']wIg2In9L4x0>!@wnf-Te9(>wL5L!!'RC$g4pu
.openx.net/	1970-01-20 06:35:14	Name: i Value: 42ee46b4-a353-4941-86cb-eb97c0e98720\|1633778161
securityaffairs.co/	1970-01-20 07:11:14	Name: cto_bidid Value: HMJ9Vl9BaGpMUkR6czRsclMlMkZqQXRFSFpFS01pUnBheXZRMG5JakNJdTJiMm1oJTJCZzdSc3hFSXMzQ2ZuaUtQcFhKb0hoYlhjd3FycUxkYUl1cXNqTjJEbDZ6RkElM0QlM0Q
securityaffairs.co/	1970-01-20 07:11:14	Name: cto_bundle Value: ZJv6WF9ITUQ4eXZ4JTJCOTN1YSUyRmRrc0psMnY5RGIwSm8zdVpZT1RnbTVCUWslMkJaV0RaUHNWVTRTTFNRUm1VVDBOJTJGUDklMkZmbjhPUVhkb0ZCWXd6ZlhxVFV1ZDhFZFZhdHF2MW14RzJBYlZVdmdXMGpWaFJjYTc4dHU2SFk3bURsRGtpcTlMazE
.adsrvr.org/	1970-01-20 06:35:14	Name: TDID Value: 82274d85-387b-48ad-b835-767006364a0c
securityaffairs.co/	1970-01-19 23:16:02	Name: pbjs-unifiedid Value: %7B%22TDID%22%3A%2282274d85-387b-48ad-b835-767006364a0c%22%2C%22TDID_LOOKUP%22%3A%22FALSE%22%2C%22TDID_CREATED_AT%22%3A%222021-10-09T11%3A16%3A01%22%7D
.rubiconproject.com/	1969-12-31 23:59:59	Name: rsid Value: 1\|HsGqLFsFr/vVSy6g0MQzNQWiuYBcZJvAvCF6IsCkVVYgwYaQOmrhQqqdY7qJ5+fKRB+v2jLGFGeoFyjBXEn+RTT+pWw62G0J5h4qb83eS0hKp2u2D6IxNbX7Tc/cWQrERdSf+hE=
.adnxs.com/	1970-01-19 23:59:14	Name: icu Value: ChgI3sJXEAoYASABKAEw8fOFiwY4AUABSAEQ8fOFiwYYAA..
.go.sonobi.com/	1969-12-31 23:59:59	Name: HAPLB5A Value: s56128\|YWF59
.rubiconproject.com/	1970-01-20 06:35:14	Name: khaos Value: KUJPC1DN-1M-AH3Q
.rubiconproject.com/	1970-01-20 06:35:14	Name: audit Value: 1\|hLZGFuTafB26qsuPnHyO6H9gGwySY5IoBkZriXr0d3lICQF5fjPUgwqbF9i1EU5J751PgjmsPd3gcRgjl6EitQhJSJ8nY+hF3OlDu/ORdD8=
.adnxs.com/	1970-01-19 23:59:14	Name: uuid2 Value: 361885755173608966
.securityaffairs.co/	1970-01-20 07:11:14	Name: __gads Value: ID=f9f437f666c7ffce-22b4ae64eeca0094:T=1633778162:RT=1633778162:S=ALNI_MY9UAQjQQYm-0JVXJ6tr5HmuXY-PA
.openx.net/	1970-01-19 22:11:14	Name: pd Value: v2\|1633778162\|gekin0vNiygu
.doubleclick.net/	1970-01-20 07:11:14	Name: IDE Value: AHWqTUnvNDi8pOBDnvFZXHgvXGGNB6-J9zEmeimt1bkykhqjXatjopfOLc8JFQrabb8
.quantserve.com/	1970-01-20 07:19:52	Name: mc Value: 616179f2-ebd2f-625ad-adb5c
.adform.net/	1970-01-19 22:34:16	Name: C Value: 1
.pubmatic.com/	1970-01-19 23:59:14	Name: KADUSERCOOKIE Value: 1AA3EFCE-E4AC-4781-97A6-48DDABCFC96F
.pubmatic.com/	1970-01-19 23:59:14	Name: chkChromeAb67Sec Value: 1
.pubmatic.com/	1970-01-19 23:59:14	Name: DPSync3 Value: 1634947200%3A201_197_219%7C1633824000%3A174
.pubmatic.com/	1970-01-19 23:59:14	Name: SyncRTB3 Value: 1635033600%3A35%7C1634342400%3A223_15_2%7C1634601600%3A63%7C1636329600%3A203%7C1634947200%3A22_21_222_234_71_99_88_230_220_165_189_231_13_166_55_204_7_81_3_161_56_8_176_54
.mathtag.com/	1970-01-20 07:15:33	Name: uuid Value: 19456161-79f2-4100-bb55-9f4b376f8410
.adform.net/	1970-01-19 23:16:02	Name: uid Value: 4937380131954696192
eus.rubiconproject.com/	1970-01-19 23:59:14	Name: pux Value: 1512%3D103187%262249%3D103187%262307%3D103187%262974%3D103187%263778%3D103187%26goog%3D103187%26brx%3D103187%26idl%3D103187%26
.quantserve.com/	1970-01-19 23:59:14	Name: d Value: EMUBEQG4JPijCJiTAA
.adfarm1.adition.com/	1970-01-19 23:59:14	Name: UserID1 Value: 7017023779005855887
.taboola.com/	1970-01-20 06:35:14	Name: t_gid Value: ba4bdfc4-d0d9-4bba-b6e7-037579143302-tuct85aff73
.bidswitch.net/	1970-01-20 06:35:14	Name: tuuid Value: caa73cde-4789-4340-af13-3e28019b1b82
.bidswitch.net/	1970-01-20 06:35:14	Name: c Value: 1633778163
.bidswitch.net/	1970-01-20 06:35:14	Name: tuuid_lu Value: 1633778163
.casalemedia.com/	1970-01-20 06:35:14	Name: CMID Value: YWF586vTKbaTQr25os40xAAA
.casalemedia.com/	1970-01-19 23:59:14	Name: CMPS Value: 3240
.simpli.fi/	1970-01-20 06:36:40	Name: suid Value: 12D10C4A30C8472EA17F3188AE806124
.erne.co/	1970-01-20 06:35:14	Name: u Value: WaIEHjm6hM6lSEKGqJqvXniE
.onaudience.com/	1970-01-20 06:35:14	Name: cookie Value: da94984a679036bf
.onaudience.com/	1970-01-19 21:51:04	Name: done_redirects147 Value: 1
.analytics.yahoo.com/	1970-01-20 06:36:40	Name: IDSYNC Value: 18z8~20uz
.de17a.com/	1970-01-20 06:28:02	Name: guid2 Value: 1.7140338647569015128
.casalemedia.com/	1970-01-19 23:59:14	Name: CMPRO Value: 1183
.casalemedia.com/	1970-01-19 21:51:04	Name: CMST Value: YWF582FhefMA
.pubmatic.com/	1970-01-19 22:32:50	Name: KRTBCOOKIE_1101 Value: 23040-7017023779005855887
.pubmatic.com/	1970-01-19 23:59:14	Name: PUBMDCID Value: 3
.pubmatic.com/	1970-01-19 22:32:50	Name: KRTBCOOKIE_391 Value: 22924-4937380131954696192&KRTB&23263-4937380131954696192
.pubmatic.com/	1970-01-19 22:32:50	Name: KRTBCOOKIE_377 Value: 6810-82274d85-387b-48ad-b835-767006364a0c&KRTB&22918-82274d85-387b-48ad-b835-767006364a0c&KRTB&23031-82274d85-387b-48ad-b835-767006364a0c
.pubmatic.com/	1970-01-19 22:32:50	Name: KRTBCOOKIE_27 Value: 16735-uid:19456161-79f2-4100-bb55-9f4b376f8410&KRTB&16736-uid:19456161-79f2-4100-bb55-9f4b376f8410&KRTB&23019-uid:19456161-79f2-4100-bb55-9f4b376f8410&KRTB&23114-uid:19456161-79f2-4100-bb55-9f4b376f8410
.pubmatic.com/	1970-01-19 22:32:50	Name: KRTBCOOKIE_57 Value: 22776-361885755173608966
.pubmatic.com/	1970-01-19 22:32:50	Name: KRTBCOOKIE_409 Value: 22966-WaIEHjm6hM6lSEKGqJqvXniE
.pubmatic.com/	1970-01-19 22:32:50	Name: KRTBCOOKIE_153 Value: 19420-KKL4ZSmqqGYz9qwwLPXjYiymrzAz8qo2K_DcmwV1&KRTB&22979-KKL4ZSmqqGYz9qwwLPXjYiymrzAz8qo2K_DcmwV1
.1rx.io/	1970-01-20 06:35:14	Name: _rxuuid Value: %7B%22rx_uuid%22%3A%22RX-f6363479-2ca0-4c56-9532-fc8569775f81-003%22%7D
.pubmatic.com/	1970-01-19 22:32:50	Name: KRTBCOOKIE_80 Value: 22987-CAESEEWbvGxHY5Gu6U_3mYHC-OM&KRTB&16514-CAESEEWbvGxHY5Gu6U_3mYHC-OM&KRTB&23025-CAESEEWbvGxHY5Gu6U_3mYHC-OM
.turn.com/	1970-01-20 02:08:50	Name: uid Value: 3249253400770129919
.casalemedia.com/	1970-01-20 06:35:14	Name: CMRUM3 Value: 2d616179f32760CAESEDoI-s2w-yfuoKWyejv3_88
.pubmatic.com/	1970-01-19 22:32:50	Name: KRTBCOOKIE_336 Value: 5844-7140338647569015128
.adsrvr.org/	1970-01-20 06:35:14	Name: TDCPM Value: CAESFwoIcHVibWF0aWMSCwj0o7johsiFOhAFGAEgASgCMgsI-sGQlp3IhToQBTgBWgd4a3N3OWxhYAI.
.sitescout.com/	1970-01-20 06:35:14	Name: ssi Value: cd29895b-fe88-4c5e-bcc5-026a88f946c6#1633778163212
.mathtag.com/	1970-01-19 22:32:50	Name: mt_mop Value: 9:1633778163
.targeting.unrulymedia.com/	1970-01-20 06:35:14	Name: _rxuuid Value: %7B%22rx_uuid%22%3A%22RX-f6363479-2ca0-4c56-9532-fc8569775f81-003%22%7D
ads.playground.xyz/	1970-01-19 21:59:30	Name: connect.sid Value: s%3ACeNyVcjMzPSY_0UZSopAYTImUqvpxY4i.VvsbMGvkrPl0u2gzbHmtjxx7hTNiyXDr%2FcUjHXOFInY
.pubmatic.com/	1970-01-19 22:32:50	Name: KRTBCOOKIE_594 Value: 17105-RX-f6363479-2ca0-4c56-9532-fc8569775f81-003&KRTB&17107-RX-f6363479-2ca0-4c56-9532-fc8569775f81-003
.adsby.bidtheatre.com/	1970-01-19 21:59:42	Name: __kuid Value: 38dfeb8f-709e-4b05-a52e-55c96511e93f.402992163
.pubmatic.com/	1970-01-19 22:32:50	Name: KRTBCOOKIE_22 Value: 14911-3249253400770129919
.everesttech.net/	1970-01-20 06:35:14	Name: everest_g_v2 Value: g_surferid~YWF58wAHxJdfEQAT
.onaudience.com/	1970-01-19 21:51:04	Name: done_redirects104 Value: 1
.sitescout.com/	1970-01-19 22:32:50	Name: _ssuma Value: eyI0NSI6MTYzMzc3ODE2MzMxOX0
.pubmatic.com/	1970-01-19 22:32:50	Name: KRTBCOOKIE_218 Value: 22978-YWF58wAHu0g07wAR&KRTB&23194-YWF58wAHu0g07wAR&KRTB&23209-YWF58wAHu0g07wAR&KRTB&23244-YWF58wAHu0g07wAR
.mfadsrvr.com/	1970-01-20 15:20:50	Name: tuuid Value: 307a5f5c-3cd9-4de8-ae76-f909dcc642bd
.mfadsrvr.com/	1970-01-20 15:20:50	Name: c Value: 1633778163
.mfadsrvr.com/	1970-01-20 15:20:50	Name: tuuid_lu Value: 1633778163
.pubmatic.com/	1970-01-19 22:32:50	Name: KRTBCOOKIE_188 Value: 3189-cd29895b-fe88-4c5e-bcc5-026a88f946c6-616179f3-5553
.mfadsrvr.com/	1970-01-20 15:20:50	Name: ssh Value: !bidswitch,1633778163
.mfadsrvr.com/	1970-01-20 15:20:50	Name: bsw_uid Value: caa73cde-4789-4340-af13-3e28019b1b82
.pubmatic.com/	1970-01-19 22:32:50	Name: KRTBCOOKIE_466 Value: 16530-caa73cde-4789-4340-af13-3e28019b1b82
.bidr.io/	1970-01-20 07:18:11	Name: bito Value: AADxZE7CwvQAABTBqaEewA
.bidr.io/	1970-01-20 07:18:11	Name: bitoIsSecure Value: ok
.crwdcntrl.net/	1970-01-20 04:18:25	Name: _cc_dc Value: 1
.crwdcntrl.net/	1970-01-20 04:18:25	Name: _cc_id Value: e41660fc5e3b215ca4490ca56b31a7ce
.crwdcntrl.net/	1970-01-20 04:18:26	Name: _cc_cc Value: "ACZ4XmNQSDUxNDMzSEs2TTVOMjI0TU40MbE0SE40NUsyNkw0T05lAILExMrPIBoKAFraCy8%3D"
.crwdcntrl.net/	1970-01-20 04:18:26	Name: _cc_aud Value: "ABR4XmNgYGBITKz8DKSgAAAaagIv"
.ads.avads.net/	1970-01-20 07:29:57	Name: av-mid Value: 4b709966-3c75-408c-947e-5167defefa68
.ads.avads.net/	1970-01-19 22:09:47	Name: av-tp-gadx Value: 1
.rfihub.com/	1970-01-20 07:11:14	Name: rud Value: H4sIAAAAAAAAAOMSNrS0MDE2M7M0NTC2MDExM7I0sxTiM9Q19vKKzAs3TXT0cquU4jU0MzY2N7cAUqZGhgCIG8W3NAAAAA
.rfihub.com/	1970-01-20 07:11:14	Name: eud Value: H4sIAAAAAAAAAOOSMXR2dA129U32N8529skwMc4yyMmLLHN0yq3MDAziNTQzNjY3twBSpkYGrxhR-IYANrStTD0AAAA
.rfihub.com/	1969-12-31 23:59:59	Name: ruds Value: H4sIAAAAAAAAAOMSNrS0MDE2M7M0NTC2MDExM7I0sxTiM9Q19vKKzAs3TXT0cqsEAF7puCQlAAAA
.rfihub.com/	1969-12-31 23:59:59	Name: euds Value: H4sIAAAAAAAAAOOSMXR2dA129U32N8529skwMc4yyMmLLHN0yq3MDAQAMTgxEB4AAAA
.onaudience.com/	1970-01-19 21:51:04	Name: done_redirects219 Value: 1
.tribalfusion.com/	1970-01-19 23:59:14	Name: ANON_ID Value: aAnseFqO2c9U2OqnvebJl9Zdi3CrId8Qmd1AFYZbXc0J5qEHSCBuM1gfGu2YRDKmoEU5LvJbSJRZa0NnVFbqG2f
.zeotap.com/	1970-01-20 06:35:14	Name: zc Value: c5c0b978-1dd9-440e-5381-fbdb67b5647a
.zeotap.com/	1970-01-19 21:51:04	Name: zsc Value: %DAy%A3l%86%90%B9%C0%0E%E9%9A%FD%5D%A5%93%F1%DA%ED%92%B6%A7fN%BB%1B%08%04%DB%B6%DAbS%3D%04%FB%B9%7B%0E%DA%92v%2A%09QM%09%FB%F19%93%07%E7%13%A3%18%94%0A%E5%ED%91%B2h%93%A3%A1U8%C2%8B%2AFV%EA_%E4%9B%F9%8BO%0E%BD%C1%AC
.o2online.de/	1970-01-19 21:59:42	Name: webShopPV Value: ?partnerId=O2_DSP_TRA_HAV_14112_PV&mediacode=25667676_4307561_303197231_146032381_-0&ref=25667676_4307561_303197231_146032381_-0
.yahoo.com/	1970-01-20 06:35:35	Name: A3 Value: d=AQABBPN5YWECEISdLbsWCZLzgNZWznn-IjMFEgEBAQHLYmFrYQAAAAAA_eMAAA&S=AQAAAi57_fREXMOsQVKHoolF0wQ
.zemanta.com/	1970-01-20 06:35:14	Name: zuid Value: cKFYRrl5iNyiBwEV8fWx
.redintelligence.net/	1970-01-19 23:59:14	Name: 8lcfmzhxc8d6_uid Value: 1473ae595da85326
bh.contextweb.com/	1969-12-31 23:59:59	Name: INGRESSCOOKIE Value: c5c51210bb7f0156
.smartadserver.com/	1970-01-20 07:18:26	Name: pid Value: 182685407676859629
.smartadserver.com/	1970-01-20 07:18:26	Name: TestIfCookieP Value: ok
.smartadserver.com/	1970-01-20 07:18:26	Name: csync Value: 127:AADxZE7CwvQAABTBqaEewA
.pubmatic.com/	1970-01-19 22:32:50	Name: KRTBCOOKIE_699 Value: 22727-AADxZE7CwvQAABTBqaEewA
.pubmatic.com/	1970-01-19 22:32:50	Name: PugT Value: 1633778164
.office-partner.de/	1970-01-20 21:49:38	Name: source Value: {"webgains_webgains":{"timestamp":1633778164262,"clickCookie":false}}
.pubmatic.com/	1970-01-19 22:32:50	Name: SPugT Value: 1633778164
.medialead.de/	1970-01-20 06:35:14	Name: trscj Value: MTYzMzc3ODE2NXxMM1J5WTJzdlpYQjJMMlU1T1dGaFkyVTVOR1UyWlRVNE56TTRNekJoTjJSbU9HUmxaR0UwWVdFMlAzTjFZbWxrUFRVNE1ESXdNREF3TURVeE9UZzNNREF3T1RVeE5ESTFNREV4TnpReU1ERTBKblE5YUhSc2NBPT18YUhSMGNITTZMeTl6WldOMWNtbDBlV0ZtWm1GcGNuTXVZMjh2
pb.media01.eu/	1969-12-31 23:59:59	Name: ASP.NET_SessionId Value: fgyzkpev321h2aquhdqunefw
pb.media01.eu/	1970-01-20 15:20:50	Name: DTU Value: 78C91970356CE73F476A9903B5479E79

9 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html(Line 511) Message: Mixed Content: The page at 'https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html' was loaded over HTTPS, but requested an insecure stylesheet 'http://fonts.googleapis.com/css?family=Roboto+Condensed%3A400italic%2C700italic%2C400%2C700&subset=latin%2Ccyrillic-ext%2Cgreek-ext%2Cgreek%2Ccyrillic%2Clatin-ext%2Cvietnamese&ver=4e9fb397a60a1f94ccb51524dee6bbf2'. This request has been blocked; the content must be served over HTTPS.
security	error	URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html(Line 512) Message: Mixed Content: The page at 'https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html' was loaded over HTTPS, but requested an insecure stylesheet 'http://fonts.googleapis.com/css?family=Lato%3A400%2C700%2C400italic%2C700italic&ver=4e9fb397a60a1f94ccb51524dee6bbf2'. This request has been blocked; the content must be served over HTTPS.
security	error	URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html(Line 513) Message: Mixed Content: The page at 'https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html' was loaded over HTTPS, but requested an insecure stylesheet 'http://fonts.googleapis.com/css?family=Playfair+Display%3A400%2C700%2C400italic&subset=latin%2Ccyrillic-ext%2Cgreek-ext%2Ccyrillic&ver=4e9fb397a60a1f94ccb51524dee6bbf2'. This request has been blocked; the content must be served over HTTPS.
security	error	URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html(Line 514) Message: Mixed Content: The page at 'https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html' was loaded over HTTPS, but requested an insecure stylesheet 'http://fonts.googleapis.com/css?family=Oswald%3A400%2C700%2C400italic&subset=latin%2Ccyrillic-ext%2Cgreek-ext%2Ccyrillic&ver=4e9fb397a60a1f94ccb51524dee6bbf2'. This request has been blocked; the content must be served over HTTPS.
network	error	URL: https://aa.agkn.com/adscores/r.js?sid=9112309848 Message: Failed to load resource: the server responded with a status of 400 ()
javascript	error	URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html Message: Access to XMLHttpRequest at 'https://api.rlcdn.com/api/identity/envelope?pid=c2d18b01-4905-4aba-a83e-e41eac932694' from origin 'https://securityaffairs.co' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://api.rlcdn.com/api/identity/envelope?pid=c2d18b01-4905-4aba-a83e-e41eac932694 Message: Failed to load resource: net::ERR_FAILED
network	error	URL: https://id.rlcdn.com/709414.gif Message: Failed to load resource: the server responded with a status of 451 ()
network	error	URL: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWF586vTKbaTQr25os40xAAABJ8AAAAB&google_cver=1&google_push=AYg5qPKCpjknaIQCi169xPYfKwjIJUszPvuo8ERESsfBZF6QVDSwQnotzb9U5oeFYHc0DNJgqANg0IiXW9vQBF-V8NVktkoQ3A&google_gid=CAESEGU3tEPg1WBw1WFgeD1wcYA Message: Failed to load resource: net::ERR_TOO_MANY_REDIRECTS

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

5994599.fls.doubleclick.net
a.rfihub.com
a.tribalfusion.com
aa.agkn.com
acdn.adnxs.com
ad-server.eu
ad.turn.com
ad4m.at
ads.avads.net
ads.playground.xyz
ads.pubmatic.com
ads.us.e-planning.net
ads.yahoo.com
adservice.google.com
adservice.google.de
adv.office-partner.de
analytics.webgains.io
ap.lijit.com
apex.go.sonobi.com
api.rlcdn.com
api.webgains.io
b1sync.zemanta.com
bh.contextweb.com
btlr.sharethrough.com
buttons-config.sharethis.com
c1.adform.net
c2shb.ssp.yahoo.com
cdn.adnxs.com
cdn.pixfuture.com
cm.adgrx.com
cm.g.doubleclick.net
connect.facebook.net
contextual.media.net
csync.loopme.me
d5p.de17a.com
dis.criteo.com
dsp.adfarm1.adition.com
dsum-sec.casalemedia.com
eu-u.openx.net
eus.rubiconproject.com
fastlane.rubiconproject.com
fonts.googleapis.com
fonts.gstatic.com
fra1-ib.adnxs.com
google-analytics.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
graph.facebook.com
green.erne.co
gum.criteo.com
hal9000.redintelligence.net
hal900014.redintelligence.net
hblg.media.net
hbopenbid.pubmatic.com
i0.wp.com
i1.wp.com
i2.wp.com
ib.adnxs.com
id.rlcdn.com
id5-sync.com
image2.pubmatic.com
image4.pubmatic.com
image6.pubmatic.com
l.sharethis.com
lg3.media.net
match.adsby.bidtheatre.com
match.adsrvr.org
match.deepintent.com
match.prod.bidr.io
match.taboola.com
maxcdn.bootstrapcdn.com
mwzeom.zeotap.com
navvy.media.net
pagead2.googlesyndication.com
partner.googleadservices.com
pb.media01.eu
pixel-sync.sitescout.com
pixel.mathtag.com
pixel.onaudience.com
pixel.quantserve.com
pixel.rubiconproject.com
pixel.wp.com
pixfuture2-d.openx.net
platform-api.sharethis.com
portal.o2online.de
pr-bh.ybp.yahoo.com
prebid.media.net
prebidserver.pixfuture.com
pubmatic-match.dotomi.com
pv.medialead.de
rtb-csync.smartadserver.com
rtb.gumgum.com
rtb.mfadsrvr.com
s.tribalfusion.com
s0.2mdn.net
secure.adnxs.com
secure.gravatar.com
securityaffairs.co
served-by.pixfuture.com
simage2.pubmatic.com
simage4.pubmatic.com
spl.zeotap.com
ssc-cms.33across.com
ssc.33across.com
stats.wp.com
sync-tm.everesttech.net
sync.1rx.io
sync.crwdcntrl.net
sync.mathtag.com
sync.targeting.unrulymedia.com
tags.mathtag.com
token.rubiconproject.com
tpc.googlesyndication.com
track.webgains.com
trc.taboola.com
um.simpli.fi
ups.analytics.yahoo.com
us-u.openx.net
ws.sharethis.com
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.googletagservices.com
x.bidswitch.net
api.rlcdn.com
cm.g.doubleclick.net
fonts.googleapis.com
104.18.11.207
104.18.12.5
104.22.25.87
104.26.10.209
116.202.48.214
13.224.193.25
13.224.193.69
13.224.193.81
13.225.87.68
13.248.242.197
142.250.184.194
142.250.184.196
142.250.184.226
142.250.185.174
142.250.185.194
142.250.185.198
142.250.185.68
142.250.185.70
142.250.185.98
142.250.186.130
142.250.186.35
142.250.186.66
142.250.186.98
142.250.74.194
142.250.74.200
145.239.193.130
151.101.129.44
151.101.193.108
151.101.66.49
157.240.236.1
157.240.236.15
157.245.94.128
159.253.128.188
159.65.197.210
162.55.6.213
172.217.16.129
172.217.18.106
172.67.70.113
176.9.26.250
178.162.133.150
178.250.0.163
178.250.2.146
18.156.195.47
18.169.90.17
18.194.128.57
18.194.231.4
185.172.148.128
185.29.134.248
185.29.134.249
185.64.189.110
185.64.189.112
185.64.189.115
185.64.190.80
185.64.190.81
185.86.137.131
192.0.73.2
192.0.76.3
192.0.77.2
193.0.160.128
2.18.232.130
2.18.233.180
2.18.233.201
2.18.234.21
2.18.235.93
208.100.17.178
212.82.100.176
213.155.156.169
213.19.147.44
217.160.0.146
23.37.42.132
3.124.181.115
3.126.56.137
34.102.149.62
34.107.148.139
34.149.20.76
34.98.107.212
34.98.64.218
35.157.16.220
35.205.207.25
35.244.174.68
37.157.2.238
37.252.172.37
37.252.172.38
37.252.172.45
38.91.45.7
46.228.164.11
46.236.13.147
5.178.65.246
51.210.112.63
51.89.7.110
52.215.101.139
52.215.67.233
52.48.137.92
54.194.104.251
54.76.176.197
63.215.202.140
63.251.14.14
63.251.232.170
64.202.112.63
66.155.71.25
68.183.31.14
69.173.144.143
69.173.151.90
74.214.196.140
82.113.101.132
85.114.159.93
87.248.118.23
87.98.128.108
88.198.250.30
91.228.74.226
00d534b6d1d7adf2faa7861ce9557403c3c08304e2791fd4301029b0e142c286
00f28fdb987ce0f9edc935ffe381123a2e1f79fcc0f55759a7bb4a83b4a88584
0188dad421209cf114490d5707942b740bfb080f80412435ce9eb1e5b798dbfb
0757f7ff6e5f6a581922a5e2d42c5e0cf7475d880885a9802e8bdd5e4188dd34
0915fad60bc9b61b6dcd82d05da7ec4bc0232a647e75b8507c3cba6d4d6602f9
0aab1878c7638611910cf289234895d55dae2d89977cc4ae0e5d96c5534f0fcf
0b4cc12ccd09adacbf7695b7ae68d146a6b9bfa7a2058dbd4e58f31c14ec5e7e
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0bf3f6e79af33723b0c1a822f59a484a35583303ab76fa9227b694b1e719364f
0c27a9c1aee9eacb73655f930a6bbf9ec721006695e5c38405296081cdbcb878
0d5ec876ef1ea640143663087ce31ac9ef725fe2dad968e1b4602331af0a73b1
0e53466218d7ff174e0a083ecce89b1c090c67ccbe55775eddca03e930ff9e35
0ebbc7fba9a50d36ef5422345f624431710db4528f25749d1d438c2c10bb69f2
0ef5d0e6b6304d16341eeb8b1e418cb9541aa10b3415ec7e1593753baf6b6591
0fd28fece9ebd606b8b071460ebd3fc2ed7bc7a66ef91c8834f11dfacab4a849
1179651121207094233fc04893419bdbc6b92c1bd01939772d5cb4fe9ac74ca4
11d1a2e9664a8e39637c4c6b5576d5b75f1721b8195c1a5378b00979110ab3cd
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
133a7caae9bf65879965c923cdc7de628263d65c7312d61d078f13c4de676fce
13b61826fde5b78966364a0bfe1f2309da1f0ccd75923528a5014978b7276742
13d0e1dd4f7c5edd26e3ff420ef4ea62954a33c88db4371829d91ceb76958ac4
14627da2b98b4778be3e9b5a8f88024df648c23be8565001726af6ad0d97991a
1523ddaa632d195a1240668fb5c6870519e3cdfeabd5a346141bcbb03222e2e7
163a8b5849ab57c8d73527839fa9a10457c47fa14df4be89742e1f729d42c20b
175437ab2d5703d39c01d0f479b19f9b1569bfb2cf43dca8cbf30ff962f0f48b
1832a6ee34745b08b1fcae42c24468086358b43071d7679a738951aa7dc243ea
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002
18d61b5ee68a57bd7a4733f776f9f8aa5c353e7f35a420881523b6edbf7c6b19
1aaab3c3d6f974416ae34893cebe3a544aea17931439b2449ec392061d11ec82
1c745d92d28ca29bd6f7d8ddeb320fcbbf975e57f640fe39d75df6cad4e6359f
1c858c2ec4b3b24e4d97d07c098b88ae49da19112bc79e97206b747e070b20fd
1cc4f4c92b087dcaf73fae7b25faeb55c5b3399e5ccf1d8ac5dbc01231fdb61a
1cd58a827318c4a29b32a0db15c8c39d5651b42d8cad227519ad81bce4adb944
2195c22fcc88cf1182fcc92704ee62f6558c79387b007cb61e7ac8914522302f
2199990352edbb7ec586e01d26e2f6a7010a2fce1517711019b614dcec353ba3
2295c7a89c8ac4a19e2641283109be472d8f58bd78e42a38a0d16e34203e4bba
232d3fbf590a584138bb563319747dbef0c9e41db91f19ff45d41e785a5f4f98
2333802e4a0c86b4cc4c71b376fc0aedc3b03039bfc777d96105f82231215732
2709b0fbb2769245b0c10e8ecc73146c20a2dc63fb1ec2c3e752cc133770ea8d
273282a153ded9e3bf56932b20e17408048ddd0d3edf359ebc52e1312a927c4e
2a951a0ee150ef0e409195fe3630ba0b62c86c9f25ee272ac59c8a74191a7b7a
2c29defe29114d0e8b948e78d50ebb281035df53a9167089deb1e77e801bbd2f
2cff7ab03cb4e476b49ea05511c6cfcc71af6d5ed20d40e9b40ee31062149e77
2db485570fc77a7d1553e2422a810f100bfcd0edec9eff9e950ccd60871c8c4f
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
313c42445d902991c696177cf17f4720b65166723b35b898f665f0a1e18c3c9f
326c32d7ffbd04762a10cf5bb37441d418397959381d3893c9e9a48217aa5347
341e0d761251ee538d0cad6322c66abdbf78dc7d6f3ca62f3459fab822a2103f
35b68a4a6b135e744e7eb4808a90da92cefff01e96c9e78b83b1268fd578e40a
37d925559381e9d5388c4a096fe1383570546b7b11548d7d6a7e560adcc24e5d
384179ee8fb1fd393558e28ea811532ea776e8cd69f9e94f379ddefb78948bd7
38f06dd6ba47f72f294d49d7f183816c544812d9ea2eaabeac47fb9248f4740a
3920733615a2937b99295783734d99a7a3d1a8b824a19f8e09a2b9ec85c820dd
3a38ec59e7ce9bd3f11ef46d0723a20e5c047a967e205b26e766216269fc9f81
3a9d21d68e1b2c04efe067a4c3cef02c886e221937994810d4f5cb5525545e99
3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd
3da60cad690052dfd9be535b7a5db8d6a791090acd1d7bf7a966c7bc1ac373e2
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390
40bc46248d8f8d5fbea7678bd0c0031327e206daaf99f3bf6723b9a70f665f7f
4197f3d1b5e63b9a4de73e357e0631c0fb1777d4a81e4c96cc6f2d52e20866b3
45185c8f6cd2f9b42e3a02b78af40edc7d61328fac3167a0490c9c69bbecaaa6
457a26545c0daff606eef16c32b04da69d389a7d94eec68d86dd10a1e2d91560
45df10c585e01c07a3602ed16c1c6842d2572d6b15bceff9cb1f58256d330e31
4642568b405b3750fb18df621889e27def95e8162c1cdd256a21b319c9a4e24b
475aced7cfbc2ecfeb311a3a89e8565678b7704c5228b2b716dade8e649244ab
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
4a7fc41d3a93b893035ad7c9fde8beefd1ba77a7cd79de000d1555e86e2272dc
4ad6ae36b0eea3069ef5e85dcf59966781624c70222a3f8475c969b2d116f153
4c6b4ef22f4c5dd8fd6e17ab6706d8c55d236824c20b3d8dcd310f7de744def6
4cdecc62f5b2c8e9f7cf7b14b9fd42e0c4787d912c1b71426cdfbe0144cede46
4d9bfe5ae41b72e251f8cc8ce961cb76cf67142be8bc650fdec8fd371cb08112
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4f49e616d278a16d9cd55a6d5fe19c99ebd37d7d3848d14422190618b67011e0
4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
5120f35e394e169ac0839405dbd6e680163a4e02f060f5a6a833ebfacf35d966
51896cb4e932803b983cf59d85b20c705f42a891fa0c9c408e3cb267b5bb949c
536386f4e5a08dcde004ad0d24c4ea816a2054ba53f5da25ebb12fa4493f693f
541ac58217a8ade1a5e292a65a0661dc9db7a49ae13654943817a4fbc6761afd
5525d57ced576560de8777ea78e4bc0c9d55396c0b668a7563b354de9c165aee
5c8bd0c2f891239145b9a187e6490a89c8af9f6b5224cea83884f6c5662d1b48
5cbf31f01d7d1ce4853bcd6cc64dbfd103d412ec14d8bcc4ebca3b35dc3f3b74
5d0074cbdb9785fbf7a269393a3466e1f2764ebf191469851f1dcee6b4eb0885
6139b4d0af528ec1d0e26ae865c1ca04ac061d844ffa6ccc9e4adaa3af93a2f7
64c41a6752147d6209ab9377bd28d1970be83a0a8d8617dfa4ea8dddf0516194
650868ebc4c00b2ea4ea72747f655f8a0552ba53c9b5b55defd9457be75f1aa9
65cfa6801a0886fab249b224e8a6982b4740fe7879fce99ff13ddaac9aaca01a
67cf5c21bfc71ee46210832792237e4a6ccd99e5c7bc198b046a38c9167fd0ab
6a230091f2c37d71c0612029ca0f64a9667ff62afe3c49ac32a35104e1ad93cb
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6b71d2bd27010cbb01e505314423d9c903230bf4182019eb1ca8016bd2b624a0
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6c567f5f0ea4a8f2b5ef941a4b6b4d4d616e8198a96b6fab88df74a5bc3b5dce
6d3b26e1f0c1d869c7b565806bf3bbd28e2c8d526c6ef51ba6cc63dd398429e3
6d9f061cba81145d9bab0964192d66cb2e13a71591482cdfaf5b718341171da1
6f36b69df2c08c4d47f210ca0d258120c359821f7ba751bd8461eef481e902ba
6f83d6d161d5d98ac0a6305e882cbf211c330178f30bac4095f967b5475c0e92
72dfb9789b78ac9ad84abfc6c4ed9cc91cc18b1b9cd1a66bd0b230f7f2a56a62
731ede6ad20c2ba4fdca4a75fffa85e43d67174fd67167356bfbd969b478e52e
73cadf4725483d9a9290b8ea3ad87fe2afc746de5f70e89f088a3df9996bd8dd
7478123ab457a28ecf9df78f2832fbdbefc205eaef0930b4f6666903e756be46
759949fb0ffaa47eb3755d704adfee7be3ab4fd3d3fa2f37381ca6ea8b9506b1
76a18f5f0637e0d73ce1afece898ce8b0fa75bb6b1c1990ae4a7ac6b083045ce
76a1b6b69922308748952b7b30611ba69613888f1e036d4a85bca0159e52e6ec
7739eefcdee8afcb00fbe9a35cc795fff0cff7092b10d56c4190484d42892433
796c46ec10bc9105545f6f90d51593921b69956bd9087eb72bee83f40ad86f90
7aad7acc2e32d25e741477b07414433730fc445d02bd3760bc78a8dbb0cb2d43
7afaa70cd390947aa9a7cbc9381a4cae87445da63d1af057998f60f606863e91
7cea7dbd2bc506bba6519b6faa5ea9bc523c7b023cf1da951185571512c6f517
7cf838864bfdfad2eeaa59beb7584834664de53ce9ef35bd36a259cf74d4eedb
7db640a19af372b98387a4dd7e775f82e7d8a628600a5f51cc657f45195b8f69
7e71af7270901cc03b17ab3ad5382e669f1a65ca19a13f3224e5f474ebeb0bc7
7f56dd811a561fa2a2e54a3e5481d218365ae000cf7efce0de2761d749840fc7
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
843f77ef599ca3177f3b2750a31e08e3d2e3eddfcc535756cfde8f6016724d90
87ea580232055d9097bbac3e089f2aa1204dd91298463de05ca2882986f360e7
88c00fe3c54c2f411ba5adb5f3916514e1589403f8a0b6f2300bc563d8c175a6
890104920faf086fe9218e738c8e6778754b99e541be90e355288d0564e93ccc
8ba3dea1787caa48ddce2eb19b7db92e6cddb0dd4c547763775d3fbcb98c22e2
8bf3d20138e6b613ef5e35e46ea06dba1d59d1bd5f96bf48990af39c46d0d842
8c3010509fc7480b59413a90d69e9fafcb3d5aa202faf7862466f6bb8be1a335
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8d732b3483eb44546a848a82cc9d6a584c81860aae7255f7ac589dcb3f130535
8e6479cd4913a87170eb62978960f57a2966a67fe1ce10ece3cbf9ee4097aa70
8f6e645d8cfd2330848cac2ca5c0ce84d2a4940b7c00ef559076bc71148063c3
8fa99b2f80aa1e7ca2287fbc2881371e5fa59e00b62893c8a91a9f159aa8e54d
932060b34fe451f1cb994f3da257f6d2d0f281e1e286e9f3f0e2da63e862fec6
93ae7d494fad0fb30cbf3ae746a39c4bc7a0f8bbf87fbb587a3f3c01f3c5ce20
9436a862c370b6f85a3d716eabb2f3dd4d5b146d107ee68c7dc20ac10d8898b4
95726387adff132b92b204994b55ae2bf3697e85c11b1118b7b1f5cd49f127e3
95f8f6a9b70c7e1ab7bfc32df523a49ef9fa2a5f84ede9371195f64a5e32ba2b
9a47abcc220084cd32dd51bd76f84ff7839e2dbf1a132fb970e8a1437f03726b
9a77ca5e8c19cfb4cb2d17938084ceea2917151c4aee3cfbd4950d026fe08d67
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9c062d10663416484b5a59bb47a0308526bec56cc69e9f3499fa087d8eae5c7a
9e4ccd704e2071c0e1ba212934540af4ec8c36975d1127349b760bde99c8c7bb
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f
a0fded691aed767f851011cd3185b928619298a21a0fbdad4808a9e88b490833
a2f3c118bd591281d5d16ba63d77ab8c6ab5fb10cf4d24a8f8f6522df6174318
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a4e85e908fe8110b176a4a10ba645d9ae99bd07a4759ac26005eb08c380de403
a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db
a67342b4b62fa902745ca8919de8545ea4f0e7276941902ea33c1845de9bd6fd
a9950fa5ca9cf47072770900d259bcf6778aa1119652d2e706d5eb92df254199
afa7a0fd1240256862b4a27153fba691db8f15cb53b8c517cd4ed03985f24f36
b00af338864761a37a208806e2e8815b46327a5e7e47bf141f4fbdf6d1fd3bcc
b0534210815c3c9ee7e1df828e0916d2997bf39db55466c2cb7353e423db4499
b079d821f5ef57e7af92940191b9bd35b4c019a0c26c9ad865cf07ff8e456f54
b09dc328cea60d0eaf04754ae9acf4f233289d3389c8e0b3861f866775dbb14f
b12c1cd811f54d11bfdcb5e235e73934a8b8a7a85eafb8529117f9a5bb64ccf8
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b1fe2e60726a8ac60f323eb91604d2075d4d73f419ac542a35d52960d3a07523
b3dca6992b4f8770bc3dba5f82f6325a82d2adabf685da88d950f6fe87b16716
b4fa3f78fd5de15328ba71f880dc61f00fb0b26013deeb115cf2865347be1851
b57ec732286261601e9f930718c80d6375bc246cbb9e7d5590123f0c03767c63
b61de45de6cbc24151e862978598ae46b163d8ad939073f0fe1eb14912d5eba8
b633a587c652d02386c4f16f8c6f6aab7352d97f16367c3c40576214372dd628
b7550b81db2af20587eec40614b9fa25b3aa00cb368e173d4d6e2daddc4e944d
b7908a015a567ec2363011df2475368dbff34360e9da3fdff50604d6395fb646
b7b1bdf29b8aed3a55ec59523e0209aea62bac649e20289d902c774004d00f1c
b7c2309c6e08de495b618ca1d7325a767ce1f1921447efad9eb29fb42824d611
b84ddaf19d3b0119177885ed3dc6b4437d400dd0255aa9d76288070beb3a9041
b8fa20af264fcdd99621fc4e3a770927452b0fe382599e0d890a3bfa31152f80
b97d80b9eedfeb29936f0d7f89afbdd425ef8d930d09fa1f98030ceb8b26cabd
b9829a3a6d56d1ea1ded4c5d3afb5417560d59e69e8e292ea70864c1b35002d2
ba716187f8cc8c54806f5b9de46d1d94bec574ddf31c82f68532cd181e242b7f
bb21755bd14ce34bcb9ef440e59e48aed5d442ff889787e8061be82b1122ac90
bc29c34d0738c5cb3f96585219667566799d9e142699e982f9406d5b04fa9794
bd4fbf8e342a1cdf1ecbbe9414c39b60fce43216e8e906c0722f59b6377e1276
c6ce2b47cde7cf913a3c34ddce355fa9c75012577dd34c35928add8676cb7fa0
c787e9dd6dc8ea3c935f5f0f30e3b9e4a3e066b4619bb244f569883f8e318a24
c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97
cdebd1e02f876608de43594c404dd01c6c3be9f08e0e09da23503ceb4bddb35c
cf25c80a4a645fec21d7172574f492a6569e833c853298d3de9887f08829a47c
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
cf55a0918df240c8622a21e40a5ee1c34f59bf622d72c2abfe7f5b6d3d9b0cc7
d4508c1b731b876250e8eeca005948d415eb2453d92213d89aef775c153b3f3a
d450cb09bfdfb2712a08158c7afd6863c616dadfb632023199c75b75782c23d6
d490f2efc64637640a21c5282a89dd22344e58974641bc7bbbfa4c7e4dc8648e
d4d32d96f0ebebf00626b1fb3684edb8223280ea20e850a8acf95c6bae8a41f2
d5516f9486f45cfc8dbb22499478302f84c1098928700297f31d7bdc1397c6e6
d72374132784a29267811313b03e07a7482761d0f654fe22befa169a467ab40d
d931ba2089021a1357761939c18bcc09aa856d39be2a707ea450333f5b3443c4
d99ea9db1da8549489666d36c9e3fb717842550eed1554e96860af8d30c3b008
daa795332e5dbcf893adf2d5f3349f02b8c1cb957ff3b5f4c11b742e33c3376f
dc80f51f58c62e1c322629569a1b55c702c3b4f0529ddecb1d1d9f30256e6586
e116609c20b9b93216ad0a073d9aa20251d1cf5983ef60a92cd00a11f6d647f7
e2dc35b0dbaa16b45d96eb3691927df48e091f4983ed2cc079568b789f9559da
e2f4d7cb2be08948d819d7b061cd08bc38dc8ba003715d1ff88d31e29143b7ba
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e46eb58f99814c32c849b97a268129ddb14ca88e9070964ee75a2cd987c66839
e503c59c36fc19803b2e9572b10e7c06236bda692aebd97f29e2a5a96f9aa5b6
e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e
e89bbc7723c5114f9cf138c6019bbca4e4f5e13f6b9febaa38c92c4c3584a964
e8bd28b00231d308d2bb5f188cad157efb996fe34767aa67c4691e414b889bdf
e8caad51a19c5667e4fc7ae6a3b9bf8a23559bb64b09b0c6e90cad6d24083ea6
e96cb07afdac92a8c77fbd5b9bb721e548070f4657f4f1e71329d2fd9032be47
ec1454f2bb4a6beaaee0540de119dcbef69e91042c60228f69d7f928cb264865
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
efb3cdc5e4582fd67dffab6fc6e5062074ce3f8c51747346af944e97749dc309
f095f42b00697425df415c2906f4868b77accfdf281be1811058b2d8e9c87536
f0c6d2d27de284102b03e30cd74be808801ec53ca49f30b4d15620ee84ea39f5
f1d5c3c3460d4656b5a8d6c42a1f4351a508274e35b0ba2f2876790ffe43b514
f21fba159ea10f7f44c7eee2dfa58ddcb8383529dd0def5dc14bc5495b64dad7
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1
f6aab3dccaf9faefc9fa1f665de243f21a27ba55bbe74eeabeab8dccd6d3b707
f7a761c71e69933698cdf0bbe387fbeebeb3de97c36e692f1f924cdeadce993b
f8ca822d90df0cbfce05340cc7ee92fd65e4d1bc2cce345524d493b6f8a5d8dd
f9fae20d30474c95bf8745df26cfa5c62803462a9ee57dd710c8266d7ece3f3e
fd222137f245c06ddb4c4d44db41f12138dad6cf8ef5d4d4a5e500f38f0c8c62

securityaffairs.co Open in urlscan Pro 217.160.0.146 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

387 Requests

98 %HTTPS

0 %IPv6

77 Domains

124 Subdomains

88 IPs

11 Countries

3987 kBTransfer

7114 kBSize

114 Cookies

15 Outgoing links

Page URL History

Redirected requests

387 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 9 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

securityaffairs.co Open in urlscan Pro
217.160.0.146 Public Scan

Screenshot
Live screenshot

Full Image

387
Requests

98 %
HTTPS

0 %
IPv6

77
Domains

124
Subdomains

88
IPs

11
Countries

3987 kB
Transfer

7114 kB
Size

114
Cookies

387 HTTP transactions
9 data transactions